PRIA Logo
Title 6Domestic SecurityRelease 119-73not60

§1505 Protection From Liability

Title 6 › Chapter 6— CYBERSECURITY › Subchapter I— CYBERSECURITY INFORMATION SHARING › § 1505

Last updated Apr 3, 2026|Official source

Summary

Private companies cannot be sued in court for monitoring their information systems and information under section 1503(a) if they follow the rules in this subchapter. They also cannot be sued for sharing or receiving a cyber threat indicator or defensive measure under section 1503(c) if the sharing or receipt follows this subchapter. If the indicator or defensive measure is shared with the Federal Government, it must follow section 1504(c)(1)(B) and happen after the earlier of when interim policies and procedures are sent to Congress under section 1504(a)(1) and guidelines are sent under section 1504(b)(1), or the date that is 60 days after December 18, 2015. Nothing here creates a legal duty to share cyber threat information, to warn others, or to act on received information. It also does not limit other legal defenses that might otherwise apply.

Full Legal Text

Title 6, §1505

Domestic Security — Source: USLM XML via OLRC

(a)No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the monitoring of an information system and information under section 1503(a) of this title that is conducted in accordance with this subchapter.
(b)No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure under section 1503(c) of this title if—
(1)such sharing or receipt is conducted in accordance with this subchapter; and
(2)in a case in which a cyber threat indicator or defensive measure is shared with the Federal Government, the cyber threat indicator or defensive measure is shared in a manner that is consistent with section 1504(c)(1)(B) of this title and the sharing or receipt, as the case may be, occurs after the earlier of—
(A)the date on which the interim policies and procedures are submitted to Congress under section 1504(a)(1) of this title and guidelines are submitted to Congress under section 1504(b)(1) of this title; or
(B)the date that is 60 days after December 18, 2015.
(c)Nothing in this subchapter shall be construed—
(1)to create—
(A)a duty to share a cyber threat indicator or defensive measure; or
(B)a duty to warn or act based on the receipt of a cyber threat indicator or defensive measure; or
(2)to undermine or limit the availability of otherwise applicable common law or statutory defenses.

Reference

Citations & Metadata

Citation

6 U.S.C. § 1505

Title 6Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60