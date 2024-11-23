The Biden administration is considering legal and regulatory changes that would outlaw cybersecurity producers from shielding themselves from the consequences of cyber breaches using industry standard contracts clauses. These clauses, ubiquitous in the industry, limit damages with very narrow warranty remedies and outright damage caps. The reaction by most of industry to this idea has been mostly crickets.

The thinking behind this approach, under consideration by the Cybersecurity and Infrastructure Security Agency and the White House’s Office of the National Cyber Director (ONCD), is that market forces would strongly motivate cybersecurity companies to raise the bar in terms of safe cybersecurity design practices. The approach is unusual but not unprecedented — in 1975 the government outlawed what was viewed as abusive sales tactics by the automotive industry by creating so-called “lemon laws” that gave new rights to car buyers stuck with inherently defective automobiles.