TheCorporateCounsel.net

That was fast. On Friday, the SEC’s cybersecurity disclosures were published in the Federal Register. Here’s an excerpt from the release that explains what that means for the effective date & compliance dates:

The final rules are effective September 5, 2023. With respect to Item 106 of Regulation S–K and item 16K of Form 20–F, all registrants must provide such disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023. With respect to compliance with the incident disclosure requirements in Item 1.05 of Form 8–K and in Form 6–K, all registrants other than smaller reporting companies must begin complying on DECEMBER 18, 2023. As discussed above, smaller reporting companies are being given an additional 180 days from the non-smaller reporting company compliance date before they must begin complying with Item 1.05 of Form 8–K, on June 15, 2024.

With respect to compliance with the structured data requirements, as noted above, all registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after the initial compliance date for any issuer for the related disclosure requirement. Specifically:

– For Item 106 of Regulation S–K and item 16K of Form 20–F, all registrants must begin tagging responsive disclosure in Inline XBRL beginning with annual reports for fiscal years ending on or after December 15, 2024; and

– For Item 1.05 of Form 8–K and Form 6–K all registrants must begin tagging responsive disclosure in Inline XBRL beginning on DECEMBER 18, 2024.

Don’t forget that we will be giving practical action items for these new rules at our “Proxy Disclosure & 20th Annual Executive Compensation Conferences” – coming up virtually September 20-22nd. Register online today through our membership center or by emailing sales@ccrcorp.com. Or, you can call us at 800-737-1271.

– Liz Dunshee