Contributing Editor: Jarret Cummings, Senior Advisor for Policy and Government Relations, EDUCAUSE
After over a year in limbo, the U.S. Department of Education is taking steps to formally rescind its "Dear Colleague Letter" that attempted to apply its third-party servicer regulations to higher education institutions and their content, software, systems, and services providers.
Host Jenay Robert talks legislative updates with Jarret Cummings, EDUCAUSE Senior Advisor for Policy and Government Relations. They dive into the new web and mobile app accessibility regulations, proposed cyber incident reporting rules, research cybersecurity issues, and what to expect in 2025.
In July and September, the U.S. Senate and House of Representatives moved the Kids Online Safety and Privacy Act through each chamber. Although the bill passed in the Senate and advanced out of the House Energy and Commerce Committee, its future remains uncertain, especially given that Congress will be in session for only a few more days this year.
The Office of Science and Technology Policy has released its final requirements for research security programs, which federal research funding agencies will have to apply to colleges and universities that average $50 million or more per year in federal research grants. The requirements include potentially positive guidelines for research cybersecurity at covered institutions.
The Biden administration released the Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions on July 5. The Regulatory Agenda provides insights on the regulatory activities under development across federal departments and agencies and includes updates on several regulations that EDUCAUSE has been monitoring.
Several higher education associations joined EDUCAUSE in responding to proposed federal regulations mandating cyber incident reporting. Among other key points, the associations argued that the issuing agency, CISA, intends to apply vague requirements to higher education without consulting the higher education community or considering the impacts of the requirements.
The U.S. Department of Justice published its final regulation on web and mobile application accessibility under Title II of the Americans with Disabilities Act in the Federal Register on April 24. The regulation goes into effect for large public entities on April 26, 2026, and for small public entities on April 26, 2027.
Last month, the Federal Communications Commission (FCC) issued the anticipated final rule to reclassify broadband internet access as a telecommunications service under Title II of the Communications Act, thus reestablishing the FCC's 2015 net neutrality regulations. The rule goes into effect on July 22, 2024.
In early 2024, the Senate garnered enough support to potentially pass the Kids Online Safety Act—a major privacy law focused on content moderation for minors. Though the bill does not seem to cover higher education institutions, the EDUCAUSE Policy team will be asking for clarification about whether certain scenarios would create compliance concerns for colleges and universities.
EDUCAUSE responded to three major comment processes in the first quarter of 2024, all of which have significant implications for research cybersecurity.
