PRIA Logo
Take the PRIA Score
Title 6Domestic SecurityRelease 119-73

§1505 Protection from liability

Title 6 › Chapter CHAPTER 6— - CYBERSECURITY › Subchapter SUBCHAPTER I— - CYBERSECURITY INFORMATION SHARING › § 1505

Last updated Apr 6, 2026|Official source

Summary

Private companies cannot be sued for monitoring their computer systems or for sharing or getting cyber threat information or defensive tools, so long as they do those things under the rules in this part of the law. If a lawsuit is filed anyway, it must be thrown out quickly. If the information is shared with the Federal Government, the sharing must follow the rule in 1504(c)(1)(B) and must happen after either Congress gets the interim policies and procedures and the guidelines under 1504(a)(1) and 1504(b)(1), or 60 days after December 18, 2015—whichever comes first. Nothing in the law creates a requirement to share information or to warn or act when you get a cyber threat indicator or defensive measure. It also does not take away any other legal defenses a company might have.

Full Legal Text

Title 6, §1505

Domestic Security — Source: USLM XML via OLRC

(a)No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the monitoring of an information system and information under section 1503(a) of this title that is conducted in accordance with this subchapter.
(b)No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure under section 1503(c) of this title if—
(1)such sharing or receipt is conducted in accordance with this subchapter; and
(2)in a case in which a cyber threat indicator or defensive measure is shared with the Federal Government, the cyber threat indicator or defensive measure is shared in a manner that is consistent with section 1504(c)(1)(B) of this title and the sharing or receipt, as the case may be, occurs after the earlier of—
(A)the date on which the interim policies and procedures are submitted to Congress under section 1504(a)(1) of this title and guidelines are submitted to Congress under section 1504(b)(1) of this title; or
(B)the date that is 60 days after December 18, 2015.
(c)Nothing in this subchapter shall be construed—
(1)to create—
(A)a duty to share a cyber threat indicator or defensive measure; or
(B)a duty to warn or act based on the receipt of a cyber threat indicator or defensive measure; or
(2)to undermine or limit the availability of otherwise applicable common law or statutory defenses.

Reference

Citations & Metadata

Citation

6 U.S.C. § 1505

Title 6Domestic Security

Last Updated

Apr 6, 2026

Release point: 119-73