Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo
Regulation dossier
A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.
Plain-English summary
The FTC Safeguards Rule requires covered non-bank financial institutions to maintain a written information security program with risk assessments, qualified oversight, access controls, encryption, and monitoring. Updated requirements also added mandatory breach reporting to the FTC for certain notification events. The rule affects lenders, mortgage brokers, auto dealers, and other financial institutions under FTC jurisdiction.
Reading guide
Use the timeline below to see how the rule progressed from enactment to current obligations.
Related regulations surface adjacent requirements in the same jurisdiction or policy lane.
Timeline
May 13, 2024
The FTC's breach notification update to the Safeguards Rule took effect.
Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.
Subscribe for regulation alerts
Free weekly digest for compliance professionals following material legal changes.
Related regulations
Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.
United States
NIST CSF 2.0 updates the widely used cybersecurity framework and broadens it beyond critical infrastructure to organizations of any size or sector. It adds the Govern function and refines guidance for identifying, protecting against, detecting, responding to, and recovering from cyber risk. Although voluntary, it is frequently used in procurement, governance, and regulatory crosswalks.
United States
The SEC requires public companies to disclose material cybersecurity incidents on Form 8-K and to describe cybersecurity risk management, strategy, and governance in annual reports. It affects Exchange Act reporting companies and pushes boards and management to formalize oversight and reporting processes. The rules also require Inline XBRL tagging for the new disclosures.
Texas, United States
Texas gives certain businesses a safe harbor from exemplary damages after a breach if they implemented and maintained a qualifying cybersecurity program. It affects Texas businesses that handle sensitive personal information and pushes them toward recognized cybersecurity frameworks and scaled security controls.