The Cybersecurity Act of 2015 became law on December 18, 2015, as part of a last-minute omnibus spending plan passed by Congress to avert a government shutdown. Prior to the act’s passage, we summarized its key components and discussed the hot debate surrounding the measure. Among other things, the act created a voluntary information-sharing process with protection from unfounded litigation and provided for reporting and strategies on matters related to the cybersecurity industry. Following its passage, opponents have questioned the act’s legitimacy, denouncing the hasty, closed-door negotiations that resulted in it being tacked onto the 2,009-page spending bill. Now the act is on the chopping block, with a bipartisan bill threatening to repeal it in its entirety.

On January 8, 2016, less than a month after the act was passed, H.R. 4350 was introduced in the U.S. House of Representatives to repeal it. Justin Amash, a Republican representative from Michigan, introduced the bill, stating that he has already garnered bipartisan support in both the House and the Senate. In a statement released shortly after the bill’s introduction, Mr. Amash called the act “the worst anti-privacy law since the USA PATRIOT Act,” calling for its repeal as soon as possible. The bill was referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations on February 3, 2016.

More information on the effort to repeal the Cybersecurity Act of 2015 is available here and here. We will continue to follow this issue and provide relevant updates. In the meantime, the bill’s progress can be tracked here.