Congress included in the appropriations bill of November 12, 2025, an extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), 6 U.S.C. §§ 1501–10, through January 30, 2026. 

Congress members have proposed legislation that would introduce new measures to enhance the United States’ cybersecurity resilience in the face of advancing quantum computing capabilities.

The U.S. Department of Justice (DOJ) “Data Security Program” (DSP), also known as the “Sensitive Data Rule” or “Bulk Data Rule,” has prompted numerous questions about its scope and application. 

Key Takeaways

• Multiple agencies of the U.S.

The TAKE IT DOWN Act (the Act), enacted on May 19, 2025, is a powerful (and controversial) new tool designed to stop people from sharing “nonconsensual intimate imagery,” or NCII, online.

Can a communications provider be held liable when it reports to the National Center for Missing and Exploited Children (NCMEC) an image the provider believes to be child sexual abuse material based on signals provided by NCMEC? 

CISA has proposed security requirements for certain categories of restricted data transfers. Any U.S. business that transfers its data outside the United States or gives businesses or people outside the United States access to its data should review and work with security and legal professionals to ensure compliance.

The Global Online Safety Regulators Network (Network) issued a position statement on human rights and online safety regulation on September 13, 2023.