The Cyber Incident Reporting for Critical Infrastructure Act of 2022: An Overview

15
Stuart Miles | Shutterstock

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of the companies’ reasonable belief that a cyber incident has occurred and report ransom payments within 24 hours after a payment is made. The CIRCIA reporting requirements have garnered significant attention in the press and among those in critical infrastructure sectors, but they may not go into effect for several years.

Source: