CISA narrows CIRCIA town halls to four final June sessions
Four afternoon sessions are the last formal chance for critical infrastructure to shape mandatory cyber incident reporting rules before they lock in May 2026.
TL;DR
CISA compressed its postponed CIRCIA town hall series into four afternoon sessions running June 15 to 18, per a Federal Register notice set for May 26 publication. The 16 critical infrastructure sectors are split across two sector-specific sessions on June 16 and 18, with general sessions on June 15 and 17. This is the last formal input gate before the final rule, already delayed six months to May 2026, locks mandatory reporting windows of four days for cyber incidents and 24 hours for ransom payments. Register; if you miss these, you are commenting after the rule is written.
CISA announced the original eight-session town hall series on February 13, then cancelled it when the DHS shutdown hit. The rescheduled series is leaner: four sessions instead of seven or eight, all in a single week, all in a four-hour afternoon block. That compression is not incidental. The agency confirmed in September 2025 that the final rule would slip six months past its statutory deadline, to May 2026, but it has not signaled any further delay. The June town halls are the last structured input opportunity before the rule text is finalized. The NPRM, all 447 pages of it, drew significant industry pushback when it dropped in April 2024. The four-day incident reporting window and 24-hour ransom payment clock have been the two most contested provisions. CISA's notice says the agency reserves the right to revise, reschedule, or cancel any town hall for any reason, but the practical message is: if you have something to say on CIRCIA, you say it between June 15 and June 18, or you live with what publishes in May 2026.
Published ·Updated ·Deep Fathom