Reminder: New York Cybersecurity Reporting Deadline April 15, 2025
The deadline for submitting compliance certifications or acknowledgements of non-compliance under the NYDFS cybersecurity regulation for companies with limited exemptions is April 15, 2025. This applies to companies that meet certain criteria outlined in the regulation, such as having fewer than 20 employees, less than $7.5 million in gross annual revenue, or less than $15 million in total assets.
CHECKLIST FOR DFS-REGULATION ENTITIES
Key Points:
Limited Exemptions:
Companies that qualify for the limited exemption are not required to comply with all the regulation's requirements, but they still need to file a compliance certification or an acknowledgement of non-compliance by April 15, 2025.
Full Exemptions:
Companies that qualify for full exemptions do not need to submit any notifications to the NY DFS.
Annual Filing:
This is an annual requirement, and the deadline is April 15th of each year.
Compliance or Acknowledgement:
Companies must either certify their compliance with the regulation or file an acknowledgement of non-compliance, along with a remediation timeline or confirmation that remediation has been completed, if they are not compliant.