Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2016 · Sec. 1641

Sec. 1641. CODIFICATION AND ADDITION OF LIABILITY PROTECTIONS RELATING TO REPORTING ON CYBER INCIDENTS OR PENETRATIONS OF NETWORKS AND INFORMATION SYSTEMS OF CERTAIN CONTRACTORS

978 words·~4 min read·/statute-compilations/comps-11831/sec-1641

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1641 CODIFICATION AND ADDITION OF LIABILITY PROTECTIONS RELATING TO REPORTING ON CYBER INCIDENTS OR PENETRATIONS OF NETWORKS AND INFORMATION SYSTEMS OF CERTAIN CONTRACTORS **[**[10 U.S.C. 393](/us/usc/t10/s393)**]** ###
(a)Codification and Amendment Section 941 of the National Defense Authorization Act for Fiscal Year 2013 (Public Law 112-239; 126 Stat. 1889; 10 U.S.C. 2224 note) is transferred to chapter 19 of title 10, United States Code, inserted so as to appear after section 392, redesignated as section 393, and amended— ####
(1)by amending the section heading to read as follows: > > ## “SEC. 393 Reporting on penetrations of networks and information systems of certain contractors” > ; ####
(2)by striking paragraph
(3)of subsection
(c)and inserting the following new paragraph (3): > > #### “(3) Dissemination of information > > The procedures established pursuant to subsection
(a)shall limit the dissemination of information obtained or derived through such procedures to entities— > > > ##### “(A) > > with missions that may be affected by such information; > > > ##### “(B) > > that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents; > > > ##### “(C) > > that conduct counterintelligence or law enforcement investigations; or > > > ##### “(D) > > for national security purposes, including cyber situational awareness and defense purposes.” > ; and ####
(3)by striking subsection
(d)and inserting the following new subsection (d): > > ### “(d) Protection From Liability of Cleared Defense Contractors > > > ####
(1)> > No cause of action shall lie or be maintained in any court against any cleared defense contractor, and such action shall be promptly dismissed, for compliance with this section that is conducted in accordance with the procedures established pursuant to subsection (a). > > > #### “(2) > > > #####
(A)> > Nothing in this section shall be construed— > > > ###### “(i) > > to require dismissal of a cause of action against a cleared defense contractor that has engaged in willful misconduct in the course of complying with the procedures established pursuant to subsection (a); or > > > ###### “(ii) > > to undermine or limit the availability of otherwise applicable common law or statutory defenses. > > > ##### “(B) > > In any action claiming that paragraph
(1)does not apply due to willful misconduct described in subparagraph (A), the plaintiff shall have the burden of proving by clear and convincing evidence the willful misconduct by each cleared defense contractor subject to such claim and that such willful misconduct proximately caused injury to the plaintiff. > > > ##### “(C) > > In this subsection, the term ‘willful misconduct’ means an act or omission that is taken— > > > ###### “(i) > > intentionally to achieve a wrongful purpose; > > > ###### “(ii) > > knowingly without legal or factual justification; and > > > ###### “(iii) > > in disregard of a known or obvious risk that is so great as to make it highly probable that the harm will outweigh the benefit.” > . ###
(b)Addition of Liability Protections for Reporting on Cyber Incidents Section 391 of title 10, United States Code, is amended— ####
(1)by redesignating subsection
(d)as subsection (e); and ####
(2)by inserting after subsection
(c)the following new subsection (d): > > ### “(d) Protection From Liability of Operationally Critical Contractors > > > ####
(1)> > No cause of action shall lie or be maintained in any court against any operationally critical contractor, and such action shall be promptly dismissed, for compliance with this section that is conducted in accordance with procedures established pursuant to subsection (b). > > > #### “(2) > > > #####
(A)> > Nothing in this section shall be construed— > > > ###### “(i) > > to require dismissal of a cause of action against an operationally critical contractor that has engaged in willful misconduct in the course of complying with the procedures established pursuant to subsection (b); or > > > ###### “(ii) > > to undermine or limit the availability of otherwise applicable common law or statutory defenses. > > > ##### “(B) > > In any action claiming that paragraph
(1)does not apply due to willful misconduct described in subparagraph (A), the plaintiff shall have the burden of proving by clear and convincing evidence the willful misconduct by each operationally critical contractor subject to such claim and that such willful misconduct proximately caused injury to the plaintiff. > > > ##### “(C) > > In this subsection, the term ‘willful misconduct’ means an act or omission that is taken— > > > ###### “(i) > > intentionally to achieve a wrongful purpose; > > > ###### “(ii) > > knowingly without legal or factual justification; and > > > ###### “(iii) > > in disregard of a known or obvious risk that is so great as to make it highly probable that the harm will outweigh the benefit.” > . ###
(c)Conforming and Technical Amendments ####
(1)Section 391 of title 10, United States Code, is amended in subsection
(a)by striking “and with section 941 of the National Defense Authorization Act for Fiscal Year 2013 (10 U.S.C. 2224 note)” and inserting “and section 393 of this title”. ####
(2)**[**[10 U.S.C. 391](/us/usc/t10/s391)**]** The table of sections at the beginning of chapter 19 of such title is amended— #####
(A)by amending the item relating to section 391 to read as follows:“391. Reporting on cyber incidents with respect to networks and information systems of operationally critical contractors and certain other contractors.”; and #####
(B)by adding at the end the following new item:“393. Reporting on penetrations of networks and information systems of certain contractors.”.
Connectionstraces to 3
2 references not yet in our index
  • Pub. L. 112-239
  • 126 Stat. 1889
Citation graph
cites case law
Sec. 1641
CODIFICATION AND ADDITION OF LIABILITY PROTECTIONS RELATING TO REPORTING ON CYBER INCIDENTS OR PENETRATIONS OF NETWORKS AND INFORMATION SYSTEMS OF CERTAIN CONTRACTORS
U.S.C.§ 393
U.S.C.§ 2224
U.S.C.§ 391
Pub. L.Pub. L. 112-239
Stat.126 Stat. 1889
Cites 5Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.