On April 4, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a proposed rule on Cyber Incident Reporting for Critical Infrastructure Act Reporting Requirements. The rule, in alignment with the CIRCIA Act (signed into law as part of the Consolidated Appropriations Act of 2022), imposes new cyber incident and ransom payment reporting requirements for companies deemed to have responsibility for critical infrastructure.