The Cybersecurity Act of 2015, formally known as the Cybersecurity Information Sharing Act (CISA), is a United States federal law enacted as Division N of the National Defense Authorization Act for Fiscal Year 2016. It is designed to improve cybersecurity by enhancing information sharing between the government and the private sector on cyber threats. The law facilitates the voluntary sharing of cyber threat information between private sector entities (including technology and manufacturing companies) and the federal government to enhance national cybersecurity defenses. It establishes a framework for anonymizing and sharing Internet traffic data related to cybersecurity threats, allowing designated government agencies to receive and disseminate this information to improve threat detection and response. The act provides liability protections for participants. While intended to address information-sharing gaps following major cyber incidents, CISA has faced significant criticism for potentially undermining privacy rights by enabling broad surveillance, dispersing personal data across agencies like the NSA, DHS, and local law enforcement, and shifting cybersecurity responsibilities from private entities to the government, thereby increasing risks to individual privacy.