President Biden has signed into law the Consolidated Appropriations Act of 2022 (2022 CAA), which includes the Cyber Incident Reporting for Critical Infrastructure Act (Cyber Incident Reporting Act). The Cyber Incident Reporting Act requires certain critical infrastructure entities to swiftly report certain cyber incidents and ransomware payments to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (Agency). A Notice of Proposed Rulemaking (NPRM) will be issued within two years proposing the final rules to implement the requirements included in the Cyber Incident Reporting Act.