United States of America: Implemented obligation to submit reports based on Item 1.05 of Form 8-K and in Form 6-K for non-smaller reporting company

On 18 December 2023, the obligation to submit reports based on Item 1.05 of Form 8-K and Form 6-K for a "non-smaller reporting company" entered into force. The Forms are part of the Rule Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The "non-smaller reporting company" include companies with a public float of over USD 250 million or with annual revenues of over USD 100 million. The Form 8-K Item 1.05 concerns material cybersecurity incidents and requires a "non-smaller reporting company" to report any cybersecurity incident that resulted in a material impact. In their reports, the nature, timing, scope and impact of the cybersecurity incident has to be specified. The report can be filed later if the Attorney General determines that the reporting would pose a threat to public safety or national security. The Form 6-K should include information regarding material cybersecurity incidents that were reported in foreign jurisdictions.