On February 27, NYDFS reminded covered entities subject to the Cybersecurity Regulation to submit their annual compliance notifications for the 2024 calendar year. Covered entities must submit the compliance filing by April 15 via the DFS portal (found on the NYDFS Cybersecurity Resource Center).

Under Section 500.17(b) of New York’s Cybersecurity Regulation, all covered entities that are not exempt from the requirement, must file certification regarding their compliance during the previous calendar year. Covered entities can choose to file either a Certification of Material Compliance or an Acknowledgement of Noncompliance, detailing any unmet regulatory sections and a remediation timeline. Entities fully exempt from the regulation are not required to file, but those with limited exemptions do retain an obligation to comply and submit a compliance notification. For more information on the April 15 compliance deadline, guidance on which form to file, and step-by-step filing instructions, entities may visit NYDFS Submit a Compliance Filing webpage.