Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 6 - DOMESTIC SECURITY · CHAPTER 1— HOMELAND SECURITY ORGANIZATION · SUBCHAPTER XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY · § 681d

§ 681d. Noncompliance with required reporting

1,039 words·~5 min read·/usc/title-6/section-681d

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)Purpose In the event that a covered entity that is required to submit a report under section 681b(a) of this title fails to comply with the requirement to report, the Director may obtain information about the cyber incident or ransom payment by engaging the covered entity directly to request information about the cyber incident or ransom payment, and if the Director is unable to obtain information through such engagement, by issuing a subpoena to the covered entity, pursuant to subsection (c), to gather information sufficient to determine whether a covered cyber incident or ransom payment has occurred.
(b)Initial request for information
(1)In general If the Director has reason to believe, whether through public reporting or other information in the possession of the Federal Government, including through analysis performed pursuant to paragraph
(1)or
(2)of section 681a(a) of this title, that a covered entity has experienced a covered cyber incident or made a ransom payment but failed to report such cyber incident or payment to the Agency in accordance with section 681b(a) of this title, the Director may request additional information from the covered entity to confirm whether or not a covered cyber incident or ransom payment has occurred.
(2)Treatment Information provided to the Agency in response to a request under paragraph
(1)shall be treated as if it was submitted through the reporting procedures established in section 681b of this title1 including that section 681e of this title shall apply to such information in the same manner and to the same extent to information submitted in response to requests under paragraph
(1)as it applies to information submitted under section 681b of this title.
(c)Enforcement
(1)In general If, after the date that is 72 hours from the date on which the Director made the request for information in subsection (b), the Director has received no response from the covered entity from which such information was requested, or received an inadequate response, the Director may issue to such covered entity a subpoena to compel disclosure of information the Director deems necessary to determine whether a covered cyber incident or ransom payment has occurred and obtain the information required to be reported pursuant to section 681b of this title and any implementing regulations, and assess potential impacts to national security, economic security, or public health and safety.
(2)Civil action
(A)In general If a covered entity fails to comply with a subpoena, the Director may refer the matter to the Attorney General to bring a civil action in a district court of the United States to enforce such subpoena.
(B)Venue An action under this paragraph may be brought in the judicial district in which the covered entity against which the action is brought resides, is found, or does business.
(C)Contempt of court A court may punish a failure to comply with a subpoena issued under this subsection as contempt of court.
(3)Non-delegation The authority of the Director to issue a subpoena under this subsection may not be delegated.
(4)Authentication
(A)In general Any subpoena issued electronically pursuant to this subsection shall be authenticated with a cryptographic digital signature of an authorized representative of the Agency, or other comparable successor technology, that allows the Agency to demonstrate that such subpoena was issued by the Agency and has not been altered or modified since such issuance.
(B)Invalid if not authenticated Any subpoena issued electronically pursuant to this subsection that is not authenticated in accordance with subparagraph
(A)shall not be considered to be valid by the recipient of such subpoena.
(d)Provision of certain information to Attorney General
(1)In general Notwithstanding section 681e(a)(5) of this title and paragraph (b)(2) of this section, if the Director determines, based on the information provided in response to a subpoena issued pursuant to subsection (c), that the facts relating to the cyber incident or ransom payment at issue may constitute grounds for a regulatory enforcement action or criminal prosecution, the Director may provide such information to the Attorney General or the head of the appropriate Federal regulatory agency, who may use such information for a regulatory enforcement action or criminal prosecution.
(2)Consultation The Director may consult with the Attorney General or the head of the appropriate Federal regulatory agency when making the determination under paragraph (1).
(e)Considerations When determining whether to exercise the authorities provided under this section, the Director shall take into consideration—
(1)the complexity in determining if a covered cyber incident has occurred; and
(2)prior interaction with the Agency or awareness of the covered entity of the policies and procedures of the Agency for reporting covered cyber incidents and ransom payments.
(f)Exclusions This section shall not apply to a State, local, Tribal, or territorial government entity.
(g)Report to Congress The Director shall submit to Congress an annual report on the number of times the Director—
(1)issued an initial request for information pursuant to subsection (b);
(2)issued a subpoena pursuant to subsection (c); or
(3)referred a matter to the Attorney General for a civil action pursuant to subsection (c)(2).
(h)Publication of the annual report The Director shall publish a version of the annual report required under subsection
(g)on the website of the Agency, which shall include, at a minimum, the number of times the Director—
(1)issued an initial request for information pursuant to subsection (b); or
(2)issued a subpoena pursuant to subsection (c).
(i)Anonymization of reports The Director shall ensure any victim information contained in a report required to be published under subsection
(h)be anonymized before the report is published.
(Pub. L. 107–296, title XXII, § 2244, as added Pub. L. 117–103, div. Y, § 103(a)(2), Mar. 15, 2022, 136 Stat. 1049; amended Pub. L. 117–263, div. G, title LXXI, § 7143(e)(2), Dec. 23, 2022, 136 Stat. 3664.)
Connections41 cite this · traces to 5
Cited by 41 sections · top 12
4 references not yet in our index
  • 1
  • Pub. L. 107–296, title XXII, § 2244
  • 136 Stat. 1049
  • 136 Stat. 3664
Citation graph
cites case law
§ 681d
Noncompliance with required reporting
Fed. Reg.×29
U.S.C.×4
Bills×2
Pub. L.×2
Stat. Comp.×2
Stat.×2
U.S.C.§ 681b
U.S.C.§ 681a
U.S.C.§ 681e
Pub. L.Public Law 117-103
Pub. L.Public Law 117-263
Cite1
Pub. L.Pub. L. 107–296, title XXII, § 2244
Stat.136 Stat. 1049
Stat.136 Stat. 3664
Cites 9Cited by 41 across 6 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.