Progress

Current status
in force
15 Jun 2024 in force
19 Dec 2023 in force
05 Sep 2023 in force
26 Jul 2023 adopted
09 May 2022 processing consultation
09 Mar 2022 in consultation

Scope

Implementers
United States of America
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
executive
Government Body
other regulatory body
Implementation Level
national

Timeline of events

15 Jun 2024
in force

Implemented obligation to submit reports based on Item 1.05 of Form 8-K and in Form 6-K for smaller reporting company

On 15 June 2024, the obligation to submit reports based on Item 1.05 of Form 8-K and Form 6-K for a " smaller reporting company" entered into force. The Forms are part of the Rule Cybersecurity Risk Management, Strategy, Governance, and Incident Dis…

Source
Event type order
Action type implementation
Government branch executive
Government body other regulatory body
19 Dec 2023
in force

Implemented obligation to submit reports based on Item 1.05 of Form 8-K and in Form 6-K for non-smaller reporting company

On 18 December 2023, the obligation to submit reports based on Item 1.05 of Form 8-K and Form 6-K for a "non-smaller reporting company" entered into force. The Forms are part of the Rule Cybersecurity Risk Management, Strategy, Governance, and Incid…

Source
Event type order
Action type implementation
Government branch executive
Government body other regulatory body
05 Sep 2023
in force

Implemented SEC Rules on Cybersecurity Disclosure by Public Companies requiring registrants to disclose incidents and information regarding risk management

On 5 September 2023, the Securities and Exchange Commission (SEC) implemented Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. Registrants would have to disclose cybersecurity incidents they …

Source
Event type order
Action type implementation
Government branch executive
Government body other regulatory body
26 Jul 2023
adopted

Adopted SEC Rules on Cybersecurity Disclosure by Public Companies requiring registrants to disclose incidents and information regarding risk management

On 26 July 2023, the Securities and Exchange Commission (SEC) adopted Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. Registrants would have to disclose cybersecurity incidents they determin…

Source
Event type order
Action type adoption
Government branch executive
Government body other regulatory body
09 May 2022
processing consultation

Consultation on proposed amendments to SEC rules on cybersecurity disclosures for public companies closes

On 9 May 2022, the public consultation on the proposed amendments to the rules for public companies regarding cybersecurity risk management disclosures closes. The Securities and Exchange Commission (SEC) opened the consultation on the amendments on…

Source
Event type order
Action type consultation closed
Government branch executive
Government body other regulatory body
09 Mar 2022
in consultation

SEC proposes amendments to its rules on cybersecurity disclosures for public companies

On 9 March 2022, the Securities and Exchange Commission (SEC) proposed several amendments to its rules for public companies regarding cybersecurity risk management disclosures and opened a public consultation until 9 May 2022. In particular, the ame…

Source
Event type order
Action type consultation opened
Government branch executive
Government body other regulatory body