United States of America: Adopted SEC Rules on Cybersecurity Disclosure by Public Companies requiring registrants to disclose incidents and information regarding risk management
Compare with different regulatory event:
Description
Adopted SEC Rules on Cybersecurity Disclosure by Public Companies requiring registrants to disclose incidents and information regarding risk management
On 26 July 2023, the Securities and Exchange Commission (SEC) adopted Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. Registrants would have to disclose cybersecurity incidents they determine to be material and provide a description of the incident. Furthermore, an annual report with a description of processes for assessing, identifying, and managing material risks from cybersecurity threats, as well as the effects of risks from cybersecurity threats and previous cybersecurity incidents, must be provided to the SEC. The Rules will be effective 30 days following their publication in the Federal Register.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body
Complete timeline of this policy change
Hide details
2022-03-09
in consultation
2022-05-09
processing consultation
2023-07-26
adopted
2023-09-05
in force
2023-12-19
in force