President Biden has signed the REPORT Act into law, requiring websites and social media platforms to report crimes related to online sexual exploitation of children to the National Center for Missing and Exploited Children’s CyberTipline. Companies that fail to report child sex abuse material may face hefty fines, and evidence must be held for a longer period. The new law aims to make the assessment of reports more efficient and protect vulnerable children from online exploitation.
New federal rules from the Equal Employment Opportunity Commission provide stronger protections for transgender and nonbinary employees in American workplaces, prohibiting misgendering and denying access to restrooms based on gender identity. This guidance, the first in 25 years, follows the landmark Supreme Court case Bostock v. Clayton County, establishing LGBTQ+ workers’ protection from workplace discrimination. The new rules also address remote and pregnant workers, and while not legally binding, they inform the EEOC’s interpretation of harassment cases. A 3-2 vote approved the guidelines, significantly impacting an estimated 3.6 million employees.
The Cybersecurity and Infrastructure Security Agency (CISA) has extended the public comment period for the proposed cyber incident reporting rule under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The extension was granted in response to requests from industry leaders, and the comment period will now close on July 3. The regulations aim to enhance the government’s ability to track cybersecurity incidents and ransomware payments. CISA hopes to receive high-quality feedback from critical infrastructure organizations to ensure the final rule is effective and aligns with the program’s intent.
The Small Business Administration’s Office of Advocacy has expressed concerns about the impact of the Cybersecurity Maturity Model Certification (CMMC) requirements on small businesses. While the Pentagon has changed the program to ease the burden on smaller companies, there are still concerns about compliance, costs, and the availability of certified third-party assessment organizations. The Office of Advocacy has called for further clarification and guidance from the Department of Defense to ensure that small businesses can meet the standards and timelines set out in the CMMC program.
A Senate bill sponsored by Sen. Ron Wyden would require online collaboration tools vendors like Zoom and Slack to enhance their security. The bill aims to establish standards through the National Institute of Standards and Technology and ensure compliance through Homeland Security. The bill also seeks to promote interoperability between platforms.
Why do we care?
The headlines are a new law and a new set of federal employment rules. The ruleset likely impacts more of this audience.
Have concerns about cyber incident reporting or CMMC 2.0? This is your time to speak up to the relevant agency. And if you’re not up to speed, now is the time to do so – so you can express your concerns.

