House AI draft extends CISA 2015 through fiscal 2035

Inside Cybersecurity reports that Reps. Jay Obernolte and Lori Trahan’s Great American AI Act discussion draft would carry the Cybersecurity Information Sharing Act of 2015 through fiscal 2035, a long-term answer to a law that has been kept alive with shorter extensions. That matters less because it is new than because it is operational: CISA 2015 gives companies liability and antitrust protection when they share cyber threat information with the Department of Homeland Security and with each other.

The AI pieces are broader. The 269-page draft would codify NIST’s Center for AI Standards and Innovation and require large frontier AI developers to publicly post a frontier AI framework covering catastrophic-risk thresholds, assessment procedures, model-weight cybersecurity, and deployment decisions. That is the governance architecture lawmakers want to talk about.

The CISA 2015 extension is the part industry immediately knows how to use. The Information Technology Industry Council and BSA both highlighted the reauthorization in statements on the draft, alongside provisions on standards, research and development, workforce, and international coordination. For practitioners, the bill is still a discussion draft. Nothing changes Monday. But the signal is clear enough: Congress may package AI governance around frontier-model rules, while preserving the older cyber-sharing safe harbor that companies already rely on when the incident is real and the lawyers are in the room.