9–8–8 Lifeline Cybersecurity Responsibility Act
Sponsored By: Representative Obernolte
Introduced
Summary
Protecting the 9‑8‑8 Lifeline from cybersecurity incidents would be made an explicit duty of the Lifeline program. The bill would add a required incident and vulnerability reporting process and order a Comptroller General study within 180 days.
Show full summary
- Local and regional crisis centers would have to report identified cybersecurity vulnerabilities and incidents to the program's network administrator within a reasonable time and oversee the technology they use unless oversight is assigned by a network participation agreement.
- The Lifeline program's network administrator that receives federal funding would need to report vulnerabilities and incidents to the Assistant Secretary and take steps to eliminate known cybersecurity weaknesses.
- The Assistant Secretary would receive those reports and the law says these reporting duties supplement other federal reporting requirements, not replace them.
- The Comptroller General must complete a study of 9‑8‑8 cybersecurity risks and submit a report to the Senate Committee on Health, Education, Labor, and Pensions and the House Committee on Energy and Commerce within 180 days.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
2 provisions identified: 2 benefits, 0 costs, 0 mixed.
GAO study on 9-8-8 cybersecurity
This bill would require the Comptroller General (GAO) to study cybersecurity risks and vulnerabilities affecting the 9-8-8 National Suicide Prevention Lifeline. The GAO would complete the study and send a report to the Senate Committee on Health, Education, Labor, and Pensions and the House Committee on Energy and Commerce. The report would be submitted not later than 180 days after the date of enactment.
Stronger cybersecurity rules for 9-8-8
This bill would require the National Suicide Prevention Lifeline program to fix known cybersecurity vulnerabilities and protect the 9-8-8 hotline from cyber incidents. Local and regional crisis centers would need to oversee the technology they use and report identified vulnerabilities and incidents to the program's network administrator within a reasonable time. Network administrators that receive federal funding would report those vulnerabilities and incidents to the Assistant Secretary, while protecting personal privacy and following federal and state privacy laws. The bill would allow a network administrator to oversee a center's technology only if that oversight is written into the center's participation agreement, and the reporting rules would supplement other federal reporting duties.
Sponsors & CoSponsors
Sponsor
Obernolte
CA • R
Cosponsors
Dingell
MI • D
Sponsored 2/4/2025
Lieu
CA • D
Sponsored 5/20/2025
Vindman
VA • D
Sponsored 8/15/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in