(a) Otherwise lawful disclosuresNothing in this subchapter shall be construed-
(1) to limit or prohibit otherwise lawful disclosures of communications, records, or other information, including reporting of known or suspected criminal activity, by a non-Federal entity to any other non-Federal entity or the Federal Government under this subchapter; or(2) to limit or prohibit otherwise lawful use of such disclosures by any Federal entity, even when such otherwise lawful disclosures duplicate or replicate disclosures made under this subchapter.(b) Whistle blower protectionsNothing in this subchapter shall be construed to prohibit or limit the disclosure of information protected under section 2302(b)(8) of title 5 (governing disclosures of illegality, waste, fraud, abuse, or public health or safety threats), section 7211 of title 5 (governing disclosures to Congress), section 1034 of title 10 (governing disclosure to Congress by members of the military), section 3234 of title 50 (governing disclosure by employees of elements of the intelligence community), or any similar provision of Federal or State law.
(c) Protection of sources and methodsNothing in this subchapter shall be construed-
(1) as creating any immunity against, or otherwise affecting, any action brought by the Federal Government, or any agency or department thereof, to enforce any law, executive order, or procedure governing the appropriate handling, disclosure, or use of classified information;(2) to affect the conduct of authorized law enforcement or intelligence activities; or(3) to modify the authority of a department or agency of the Federal Government to protect classified information and sources and methods and the national security of the United States.(d) Relationship to other lawsNothing in this subchapter shall be construed to affect any requirement under any other provision of law for a non-Federal entity to provide information to the Federal Government.
(e) Prohibited conductNothing in this subchapter shall be construed to permit price-fixing, allocating a market between competitors, monopolizing or attempting to monopolize a market, boycotting, or exchanges of price or cost information, customer lists, or information regarding future competitive planning.
(f) Information sharing relationshipsNothing in this subchapter shall be construed-
(1) to limit or modify an existing information sharing relationship;(2) to prohibit a new information sharing relationship;(3) to require a new information sharing relationship between any non-Federal entity and a Federal entity or another non-Federal entity; or(4) to require the use of the capability and process within the Department of Homeland Security developed under section 1504(c) of this title.(g) Preservation of contractual obligations and rightsNothing in this subchapter shall be construed-
(1) to amend, repeal, or supersede any current or future contractual agreement, terms of service agreement, or other contractual relationship between any non-Federal entities, or between any non-Federal entity and a Federal entity; or(2) to abrogate trade secret or intellectual property rights of any non-Federal entity or Federal entity.(h) Anti-tasking restrictionNothing in this subchapter shall be construed to permit a Federal entity-
(1) to require a non-Federal entity to provide information to a Federal entity or another non-Federal entity;(2) to condition the sharing of cyber threat indicators with a non-Federal entity on such entity's provision of cyber threat indicators to a Federal entity or another non-Federal entity; or(3) to condition the award of any Federal grant, contract, or purchase on the provision of a cyber threat indicator to a Federal entity or another non-Federal entity.(i) No liability for non-participationNothing in this subchapter shall be construed to subject any entity to liability for choosing not to engage in the voluntary activities authorized in this subchapter.
(j) Use and retention of informationNothing in this subchapter shall be construed to authorize, or to modify any existing authority of, a department or agency of the Federal Government to retain or use any information shared under this subchapter for any use other than permitted in this subchapter.
(k) Federal preemption(1) In generalThis subchapter supersedes any statute or other provision of law of a State or political subdivision of a State that restricts or otherwise expressly regulates an activity authorized under this subchapter.
(2) State law enforcementNothing in this subchapter shall be construed to supersede any statute or other provision of law of a State or political subdivision of a State concerning the use of authorized law enforcement practices and procedures.
(l) Regulatory authorityNothing in this subchapter shall be construed-
(1) to authorize the promulgation of any regulations not specifically authorized to be issued under this subchapter;(2) to establish or limit any regulatory authority not specifically established or limited under this subchapter; or(3) to authorize regulatory actions that would duplicate or conflict with regulatory requirements, mandatory standards, or related processes under another provision of Federal law.(m) Authority of Secretary of Defense to respond to malicious cyber activity carried out by foreign powersNothing in this subchapter shall be construed to limit the authority of the Secretary of Defense under section 394 of title 10.
(n) Criminal prosecutionNothing in this subchapter shall be construed to prevent the disclosure of a cyber threat indicator or defensive measure shared under this subchapter in a case of criminal prosecution, when an applicable provision of Federal, State, tribal, or local law requires disclosure in such case.
Pub. L. 114-113, div. N, title I, §108, Dec. 18, 2015, 129 Stat. 2953; Pub. L. 115-232, div. A, title XVI, §1631(b), Aug. 13, 2018, 132 Stat. 2123.EDITORIAL NOTES
AMENDMENTS2018-Subsec. (m). Pub. L. 115-232 substituted "section 394" for "section 130g".