{"abstract":"The Securities and Exchange Commission (\"Commission\") is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are adopting amendments to require current disclosure about material cybersecurity incidents. We are also adopting rules requiring periodic disclosures about a registrant's processes to assess, identify, and manage material cybersecurity risks, management's role in assessing and managing material cybersecurity risks, and the board of directors' oversight of cybersecurity risks. Lastly, the final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (\"Inline XBRL\").","action":"Final rule.","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"body_html_url":"https://www.federalregister.gov/documents/full_text/html/2023/08/04/2023-16194.html","cfr_references":[{"chapter":null,"citation_url":null,"part":"229","title":17},{"chapter":null,"citation_url":null,"part":"232","title":17},{"chapter":null,"citation_url":null,"part":"239","title":17},{"chapter":null,"citation_url":null,"part":"240","title":17},{"chapter":null,"citation_url":null,"part":"249","title":17}],"citation":"88 FR 51896","comment_url":null,"comments_close_on":null,"correction_of":null,"corrections":[],"dates":"Effective date: The amendments are effective September 5, 2023.","disposition_notes":null,"docket_ids":["Release Nos. 33-11216","34-97989","File No. S7-09-22"],"dockets":[],"document_number":"2023-16194","effective_on":"2023-09-05","end_page":51945,"executive_order_notes":null,"executive_order_number":null,"full_text_xml_url":"https://www.federalregister.gov/documents/full_text/xml/2023/08/04/2023-16194.xml","html_url":"https://www.federalregister.gov/documents/2023/08/04/2023-16194/cybersecurity-risk-management-strategy-governance-and-incident-disclosure","images":{},"images_metadata":{},"json_url":"https://www.federalregister.gov/api/v1/documents/2023-16194?publication_date=2023-08-04","mods_url":"https://www.govinfo.gov/metadata/granule/FR-2023-08-04/2023-16194/mods.xml","not_received_for_publication":null,"page_length":50,"page_views":{"count":15818,"last_updated":"2026-06-23 20:15:04 -0400"},"pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-08-04/pdf/2023-16194.pdf","presidential_document_number":null,"proclamation_number":null,"public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-16194.pdf?1691070880","publication_date":"2023-08-04","raw_text_url":"https://www.federalregister.gov/documents/full_text/text/2023/08/04/2023-16194.txt","regulation_id_number_info":{"3235-AM89":{"issue":"202304","html_url":"https://www.federalregister.gov/regulations/3235-AM89/cybersecurity-risk-governance","title":"Cybersecurity Risk Governance","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202304&RIN=3235-AM89&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"}},"regulation_id_numbers":["3235-AM89"],"regulations_dot_gov_info":{"comments_count":0,"agency_id":"SEC","document_id":"SEC-2023-0835-0001","checked_regulationsdotgov_at":"2023-08-05T12:00:07Z"},"regulations_dot_gov_url":null,"significant":false,"signing_date":null,"start_page":51896,"subtype":null,"title":"Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure","toc_doc":"Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure","toc_subject":null,"topics":["Reporting and recordkeeping requirements","Securities"],"type":"Rule","volume":88}