US Code

Public Law 119-73 (01/23/2026)

6 U.S.C. § 671

Definitions

In this part:
(1)

Agency

section 551 of title 5The term “agency” has the meaning given it in .

(2)

Covered Federal agency

The term “covered Federal agency” means the Department of Homeland Security.

(3)

Critical infrastructure information

section 650 of this titleThe term “critical infrastructure information” has the meaning given the term in .

(4)

Critical infrastructure protection program

The term “critical infrastructure protection program” means any component or bureau of a covered Federal agency that has been designated by the President or any agency head to receive critical infrastructure information.

(5)

Protected system

The term “protected system”—
(A)
means any service, physical or computer-based system, process, or procedure that directly or indirectly affects the viability of a facility of critical infrastructure; and
(B)
includes any physical or computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, processing instructions, or information or data in transmission or storage therein, irrespective of the medium of transmission or storage.
(6)

Voluntary

(A)

In general

The term “voluntary”, in the case of any submittal of critical infrastructure information to a covered Federal agency, means the submittal thereof in the absence of such agency’s exercise of legal authority to compel access to or submission of such information and may be accomplished by a single entity or an Information Sharing and Analysis Organization on behalf of itself or its members.

(B)

Exclusions

The term “voluntary”—
(i)
section 78c(a)(47) of title 15 in the case of any action brought under the securities laws as is defined in —
(I)
l does not include information or statements contained in any documents or materials filed with the Securities and Exchange Commission, or with Federal banking regulators, pursuant to section 78(i) of title 15; and
(II)
with respect to the submittal of critical infrastructure information, does not include any disclosure or writing that when made accompanied the solicitation of an offer or a sale of securities; and
(ii)
does not include information or statements submitted or relied upon as a basis for making licensing or permitting determinations, or during regulatory proceedings.

Pub. L. 107–296, title XXII, § 2222116 Stat. 2150Pub. L. 114–113, div. N, title II, § 204129 Stat. 2961Pub. L. 115–278, § 2(g)(2)(H)132 Stat. 4178Pub. L. 117–263, div. G, title LXXI, § 7143(b)(2)(M)136 Stat. 3661(, formerly title II, § 212, , ; , , ; renumbered title XXII, § 2222, and amended , (9)(B)(i), , , 4181; , , .)

Editorial Notes

Codification

section 131 of this titlePub. L. 115–278Section was formerly classified to prior to renumbering by .

Amendments

Pub. L. 117–263, § 7143(b)(2)(M)(i)2022—Par. (3). , added par. (3) and struck out former par. (3) which defined critical infrastructure information.

Pub. L. 117–263, § 7143(b)(2)(M)(ii)Pars. (5) to (8). , (iii), redesignated pars. (6) and (7) as (5) and (6), respectively, and struck out former pars. (5) and (8) which defined Information Sharing and Analysis Organization and cybersecurity risk and incident, respectively.

Pub. L. 115–278, § 2(g)(9)(B)(i)section 659 of this titlesection 148 of this title2018—Par. (8). , substituted “” for “”.

Pub. L. 114–113, § 204(1)(A)2015—Par. (5)(A). , inserted “, including information related to cybersecurity risks and incidents,” after “critical infrastructure information” and “, including cybersecurity risks and incidents,” after “related to critical infrastructure”.

Pub. L. 114–113, § 204(1)(B)Par. (5)(B). , inserted “, including cybersecurity risks and incidents,” after “critical infrastructure information” and “, including cybersecurity risks and incidents,” after “related to critical infrastructure”.

Pub. L. 114–113, § 204(1)(C)Par. (5)(C). , inserted “, including cybersecurity risks and incidents,” after “critical infrastructure information”.

Pub. L. 114–113, § 204(2)Par. (8). , added par. (8).

Statutory Notes and Related Subsidiaries

Short Title

section 2221 of Pub. L. 107–296section 101 of this titleFor short title of this part as the “Critical Infrastructure Information Act of 2002”, see , set out as a note under .

Prohibition on New Regulatory Authority

Pub. L. 114–113, div. N, title II, § 210129 Stat. 2962

Pub. L. 114–113section 101 of this title“Nothing in this subtitle [subtitle A (§§ 201–211) of title II of div. N of , see Short Title of 2015 Amendment note set out under ] or the amendments made by this subtitle may be construed to grant the Secretary any authority to promulgate regulations or set standards relating to the cybersecurity of non-Federal entities, not including State, local, and tribal governments, that was not in effect on the day before the date of enactment of this Act [].”
, , , provided that:

Definitions

Pub. L. 114–113, div. N, title II, § 202129 Stat. 2956Pub. L. 115–278, § 2(h)(1)(A)132 Stat. 4181

Pub. L. 114–113section 101 of this title“In this subtitle [subtitle A (§§ 201–211) of title II of div. N of , see Short Title of 2015 Amendment note set out under ]:
“(1)

Appropriate congressional committees .—

The term ‘appropriate congressional committees’ means—
“(A)
the Committee on Homeland Security and Governmental Affairs of the Senate; and
“(B)
the Committee on Homeland Security of the House of Representatives.
“(2)

Cybersecurity risk; incident .—

6 U.S.C. 6596 U.S.C. 650The terms ‘cybersecurity risk’ and ‘incident’ have the meanings given those terms in section 2209 of the Homeland Security Act of 2002 [] [see now ].
“(3)

Cyber threat indicator; defensive measure .—

6 U.S.C. 1501The terms ‘cyber threat indicator’ and ‘defensive measure’ have the meanings given those terms in section 102 [].
“(4)

Department .—

The term ‘Department’ means the Department of Homeland Security.
“(5)

Secretary .—

The term ‘Secretary’ means the Secretary of Homeland Security.”
, , , as amended by , , , provided that: