United States of America: Consultation closed on SEC rules on enhancing and standardising cybersecurity risk management
Compare with different regulatory event:
Description
Consultation closed on SEC rules on enhancing and standardising cybersecurity risk management
On 9 May 2022, the Securities and Exchange Commission (SEC) has closed the consultation on its proposed rules on enhancing and standardising cybersecurity risk management. The proposed rules would apply to companies subject to SEC reporting requirements. They would require companies to report material cybersecurity incidents within four days, as well as to provide periodic updates on their cybersecurity risk management strategy and on incidents previously reported.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body
Complete timeline of this policy change
Hide details
2022-03-23
in consultation
2022-05-09
processing consultation
2022-10-07
in consultation
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
Firm-specific
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Regulator reporting requirement
Preventive security requirement
Regulator notification requirement
Sanctions
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
Regulator reporting requirement
Preventive security requirement
Regulator notification requirement
Sanctions
Regulated subjects
1