Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation
Monday, July 8, 2024
The courts need no longer defer to the Chevron Doctrine in cases that involve agency rulings on agencies’ own rules. Since much US cybersecurity regulation is delivered through different federal agencies (such as the FDA, the SEC, and the DHS) rather than directly from acts of Congress, this will have a major effect on the determination and enforcement of cyber regulation in the US.
“This landmark decision from the US Supreme Court will likely have tectonic and long-lasting consequences for administrative rulemaking in the US,” comments Ilia Kolochenko, attorney-at-law with Platt Law LLP and CEO at Immuniweb. “By overruling the 40-year-old Chevron doctrine, the Supreme Court gave significantly more judicial power and leeway to courts in the interpretation of federal law that may be (and often is) vague, unclear or just silent on certain elements, such as cybersecurity, privacy or data breach disclosure.”
Cutting to the chase, if a business appeals an agency decision, the courts need no longer defer to the agency’s opinion on the matter. This could lead more companies to appeal agency decisions, and well-funded companies to treat US regulations in the same way they treat EU regulations: masses of paperwork, dozens of lawyers, and appeal after appeal.
Kolochenko goes further: “If a court believes that an administrative rule is inconsistent with an implied purpose of the statute… the court may now simply invalidate the rule. SEC rules on cybersecurity and breach disclosure, or the proposed CISA’s rules relating to critical national infrastructure drafted under CIRCIA, and many other rules and regulations, may possibly be invalidated by court.” Read Full Article
SC Media: OpenAI breach in 2023 raises national security concerns
The Independent: OpenAI breached by hacker in 2023 – report