Council Foundation Logo Leaders Edge

November 11, 2022

On Wednesday, November 9, 2022, NYDFS officially published a proposed amendment to its Part 500 Cybersecurity Rules, following a prior informal release of a draft version on July 29, 2022. The proposed amendment included a few revisions to definitions created by the initial draft. If adopted, the amendment would impose heightened cybersecurity obligations on large financial institutions—dubbed “Class A Companies” —and would impose some new requirements on all entities subject to DFS’ cybersecurity rules.

The public comment period for the proposed amendment began on November 9, 2022 and extends for 60 days until January 9, 2023. The Council is considering filing comments and member input is necessary to inform any such comments. We have included Council summaries of earlier versions of the Part 500 rules for reference.

Download this write-up from The Council’s legal firm, Steptoe & Johnson, to review the proposed changes to the Part 500 Cybersecurity Rules.

Please contact Steptoe’s Ashelen Vicuña to provide input on The Council’s comments.