June 30, 2023
Click for PDF
On June 13, 2023, in its updated rulemaking agenda for Spring 2023, the Securities and Exchange Commission (“SEC”) indicated a goal of October 2023 for the adoption of proposed cybersecurity rules applicable to public companies and registered investment advisers and funds. The two rule proposals were issued by the SEC at the beginning of 2022 to address cybersecurity governance and cybersecurity incident disclosure, and the SEC had previously targeted adoption by no later than April 2023. Although the “Reg Flex” agenda is not binding and target dates frequently are missed or further delayed, the Spring agenda indicates that cybersecurity rulemakings remain a top, near-term priority for the SEC.
The Proposed Rules
Publicly Traded Companies
In March 2022, the SEC proposed new rules under the Securities Exchange Act of 1934 (the “Exchange Act”), titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Exchange Act Proposal”). If adopted in its proposed form, the Exchange Act Proposal would require standardized disclosures regarding specific aspects of a…
