Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

The U.S. Supreme Court ruling Friday to overturn the Chevron doctrine could have major implications on the cybersecurity regulatory landscape at a time when federal agencies have enacted significant requirements designed to strengthen incident reporting and meet baseline security standards.

The ruling will likely lead to new legal challenges against recent cybersecurity regulatory measures, including the 2023 cyber incident reporting requirements from the Securities and Exchange Commission, according to the Center for Cybersecurity Policy and Law.

The Supreme Court ruling could impact rulemaking on the Cyber Incident Reporting for Critical Infrastructure Act, too, according to the CCPL. Officials see the potential for the ruling to impact baseline requirements for the healthcare industry or future efforts by the Environmental Protection Agency to mandate cybersecurity rules for drinking and wastewater treatment utilities.

The Chevron doctrine stems from a 1984 case, Chevron U.S.A. v. the Natural Resources Defense Council, which set the precedent for courts to yield to the expertise of federal agencies to interpret ambiguities in a statute.

The Supreme Court ruling involved Loper Bright Enterprises v. Raimondo and alongside a second case, Relentless v. Department of Commerce.

The U.S. Chamber of Commerce called the Supreme Court ruling an “important course correction” that will help create a more stable and predictable business environment.

To read the complete article, visit Utility Dive.