X

SEC Sets Effective and Compliance Dates for Cybersecurity Regs

The SEC set an effective date of September 5, 2023 for final disclosure requirements on cybersecurity risk management, governance, strategy and incident reporting by public companies.

The requirements are intended to (i) inform investors as to an issuer's risk management strategy and governance and (ii) provide prompt notification to investors of material cybersecurity incidents, as well as periodic updates on such incidents (see related coverage.)

All registrants must be in compliance by December 18, 2023, except for smaller reporting companies which have until June 15, 2024. As to compliance with the structured data requirements, the SEC stated that all registrants must tag required disclosures in Inline eXtensible Business Reporting Language ("XBRL") starting one year following the initial compliance date for any issuer.

Primary Sources

  1. SEC Federal Register Filing: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Related Articles

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
Data Protection / Cybersecurity Disclosures Governance
Sub-Activity
Cybersecurity
Body of Law
Securities Law
Jurisdiction
US - Federal
Organization
SEC