The amendment to the Cybersecurity Information Sharing Act (CISA) would make stealing information from any American company – no matter where it happens – a crime punishable by time in a US prison.
For example, if a Canadian national hacks a Russian national's American Express, the Canadian could be subject to a US prison sentence under laws changed by the bill.
The aim of the amendment, which was proposed by Senator Sheldon Whitehouse, a Democrat from Rhode Island, is to lower the barrier for prosecuting crimes committed abroad.
CISA advanced in the US Senate on Thursday with support from members of both parties and the White House. It is expected to receive a vote next week.
The bill would allow private companies to share their users' information with the Department of Homeland Security, which would be obligated to share data across "relevant government agencies," presumably including the FBI and the NSA.
The bill would also exempt companies from disclosing what information had been shared – even under the Freedom of Information Act.
The law's supporters say it would help encourage companies and the government to share information that might help thwart high-profile cyber attacks.
But many privacy activists have come out against the measure, arguing that it fails to protect user privacy and does too little to prevent cyber attacks.
Republican Senator Rand Paul, of Kentucky, introduced an amendment to the bill disallowing it from breaking user agreements between companies and their users. The amendment failed to pass, 32-65.
The House of Representatives passed its version of CISA in April with strong support from Republicans and Democrats.
Any version of CISA passed by the Senate would have to be reconciled with the House bill before it could be sent to the White House for President Barack Obama to sign into law.