Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

United States

SEC Cybersecurity Disclosure Rules

CybersecurityIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

The SEC requires public companies to disclose material cybersecurity incidents on Form 8-K and to describe cybersecurity risk management, strategy, and governance in annual reports. It affects Exchange Act reporting companies and pushes boards and management to formalize oversight and reporting processes. The rules also require Inline XBRL tagging for the new disclosures.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: Adopted -> In Effect
  1. 1

    Jul 26, 2023

    Adopted

    The SEC adopted final cybersecurity incident and governance disclosure rules for public companies.

  2. 2

    Sep 5, 2023

    In Effect

    The SEC cybersecurity disclosure amendments became effective.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

United States

FTC Safeguards Rule Update

CybersecurityAmended

The FTC Safeguards Rule requires covered non-bank financial institutions to maintain a written information security program with risk assessments, qualified oversight, access controls, encryption, and monitoring. Updated requirements also added mandatory breach reporting to the FTC for certain notification events. The rule affects lenders, mortgage brokers, auto dealers, and other financial institutions under FTC jurisdiction.

Effective
May 13, 2024
View detail

United States

NIST Cybersecurity Framework 2.0

CybersecurityIn Effect

NIST CSF 2.0 updates the widely used cybersecurity framework and broadens it beyond critical infrastructure to organizations of any size or sector. It adds the Govern function and refines guidance for identifying, protecting against, detecting, responding to, and recovering from cyber risk. Although voluntary, it is frequently used in procurement, governance, and regulatory crosswalks.

Effective
Feb 26, 2024
View detail

Texas, United States

Texas Cybersecurity Program

CybersecurityIn Effect

Texas gives certain businesses a safe harbor from exemplary damages after a breach if they implemented and maintained a qualifying cybersecurity program. It affects Texas businesses that handle sensitive personal information and pushes them toward recognized cybersecurity frameworks and scaled security controls.

Effective
Sep 1, 2025
View detail