The final cybersecurity disclosure and incident reporting rules (we reported on here), which were published in the Federal Register on Friday, are effective September 5, 2023.
Compliance dates are as follows:
· Item 106 of Regulation S–K and Item 16K of Form 20–F: All registrants must provide such disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023.
· Item 1.05 of Form 8–K and in Form 6–K incident disclosure requirements: All registrants other than smaller reporting companies must begin complying on December 18, 2023. Smaller reporting companies must begin complying on June 15, 2024.
· The compliance dates for XBRL tagging are one year following the initial compliance date for the related disclosure requirement.
Access additional resources on our Cybersecurity/Data Privacy page.