This is an unofficial, informational resource summarizing key aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) Notice of Proposed Rulemaking (NPRM).
Under the CIRCIA NPRM, a covered entity that experiences a covered cyber incident is required to report. A covered cyber incident is a substantial cyber incident experienced by a covered entity.
Find out what qualifies as a substantial cyber incident, including examples of qualifying incidents and incidents unlikely to qualify.