United States of America: SEC proposes amendments to its rules on cybersecurity disclosures for public companies

Compare with different regulatory event:

Description

SEC proposes amendments to its rules on cybersecurity disclosures for public companies

On 9 March 2022, the Securities and Exchange Commission (SEC) proposed several amendments to its rules for public companies regarding cybersecurity risk management disclosures and opened a public consultation until 9 May 2022. In particular, the amendments would require companies to report cybersecurity incidents and follow up with periodic reports regarding those incidents. Furthermore, the companies would be required to provide SEC periodic reporting on its policies and procedures regarding the management of cybersecurity risks. Finally, the amendments would require companies to report and disclose the company’s board of directors' expertise on cybersecurity issues.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2022-03-09

in consultation

On 9 March 2022, the Securities and Exchange Commission (SEC) proposed several amendments to its ru…

2022-05-09

processing consultation

On 9 May 2022, the public consultation on the proposed amendments to the rules for public companies…

2023-07-26

adopted

On 26 July 2023, the Securities and Exchange Commission (SEC) adopted Rules on Cybersecurity Risk M…

2023-09-05

in force

On 5 September 2023, the Securities and Exchange Commission (SEC) implemented Rules on Cybersecurit…

2023-12-19

in force

On 18 December 2023, the obligation to submit reports based on Item 1.05 of Form 8-K and Form 6-K f…

2024-06-15

in force

On 15 June 2024, the obligation to submit reports based on Item 1.05 of Form 8-K and Form 6-K for a…