{"abstract":"The Securities and Exchange Commission (\"Commission\") is proposing rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are proposing amendments to require current reporting about material cybersecurity incidents. We are also proposing to require periodic disclosures about a registrant's policies and procedures to identify and manage cybersecurity risks, management's role in implementing cybersecurity policies and procedures, and the board of directors' cybersecurity expertise, if any, and its oversight of cybersecurity risk. Additionally, the proposed rules would require registrants to provide updates about previously reported cybersecurity incidents in their periodic reports. Further, the proposed rules would require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (\"Inline XBRL\"). The proposed amendments are intended to better inform investors about a registrant's risk management, strategy, and governance and to provide timely notification of material cybersecurity incidents.","action":"Proposed rule.","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"body_html_url":"https://www.federalregister.gov/documents/full_text/html/2022/03/23/2022-05480.html","cfr_references":[{"chapter":null,"citation_url":null,"part":229,"title":17},{"chapter":null,"citation_url":null,"part":232,"title":17},{"chapter":null,"citation_url":null,"part":239,"title":17},{"chapter":null,"citation_url":null,"part":240,"title":17},{"chapter":null,"citation_url":null,"part":249,"title":17}],"citation":"87 FR 16590","comment_url":null,"comments_close_on":"2022-05-09","correction_of":null,"corrections":[],"dates":"Comments should be received on or before May 9, 2022.","disposition_notes":null,"docket_ids":["Release Nos. 33-11038","34-94382","IC-34529","File No. S7-09-22"],"dockets":[],"document_number":"2022-05480","effective_on":null,"end_page":16624,"executive_order_notes":null,"executive_order_number":null,"explanation":null,"full_text_xml_url":"https://www.federalregister.gov/documents/full_text/xml/2022/03/23/2022-05480.xml","html_url":"https://www.federalregister.gov/documents/2022/03/23/2022-05480/cybersecurity-risk-management-strategy-governance-and-incident-disclosure","images":{},"images_metadata":{},"json_url":"https://www.federalregister.gov/api/v1/documents/2022-05480?publication_date=2022-03-23","mods_url":"https://www.govinfo.gov/metadata/granule/FR-2022-03-23/2022-05480/mods.xml","not_received_for_publication":null,"page_length":35,"page_views":{"count":12415,"last_updated":"2026-04-04 12:15:04 -0400"},"pdf_url":"https://www.govinfo.gov/content/pkg/FR-2022-03-23/pdf/2022-05480.pdf","presidential_document_number":null,"proclamation_number":null,"public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2022-05480.pdf?1647953112","publication_date":"2022-03-23","raw_text_url":"https://www.federalregister.gov/documents/full_text/text/2022/03/23/2022-05480.txt","regulation_id_number_info":{"3235-AM89":{"issue":"202304","html_url":"https://www.federalregister.gov/regulations/3235-AM89/cybersecurity-risk-governance","title":"Cybersecurity Risk Governance","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202304&RIN=3235-AM89&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"}},"regulation_id_numbers":["3235-AM89"],"regulations_dot_gov_info":{"comments_count":0,"agency_id":"SEC","document_id":"SEC-2022-0389-0001","checked_regulationsdotgov_at":"2023-02-28T17:22:39Z"},"regulations_dot_gov_url":null,"significant":false,"signing_date":null,"start_page":16590,"subtype":null,"title":"Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure","toc_doc":"Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure","toc_subject":null,"topics":["Reporting and recordkeeping requirements","Reporting and recordkeeping requirements","Securities"],"type":"Proposed Rule","volume":87}