The Cybersecurity Exception and safe Harbor also set out the requirements that the cybersecurity donation must meet to qualify for the corresponding exception or safe harbor. The conditions are largely consistent, but vary between the CMS and OIG proposals. We will discuss the following conditions. CMS recalls that, although the parties are not required to document the agreement in a written contract, there are concerns that such a requirement would result in an accidental violation of the Stark Act, but that the written documentation of the agreement identifies the recipient of the gift. Those documents shall contain a general description of the cybersecurity technology and related services provided to the consignee during the agreement; the timing of donations made under the agreement; an appropriate estimate of the value of the donation(s); and, where applicable, any financial responsibility for the costs of cybersecurity technology and related services, shared by the recipient. Contrary to the corresponding EHR and Safe Harbor conditions, the agencies are not proposing to include a provision identifying certain selection criteria that would automatically be determined to comply with the condition.