News & Analysis as of May 5, 2025

Regulatory Requirements

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect

Alston & Bird on 5/5/2025

On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more

Effective Dates Draw Near for Insurance Industry to Comply with NYDFS's Cybersecurity Rules

Husch Blackwell LLP on 4/25/2025

As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more

Cybersecurity Controls: What Do Regulators Expect Nowadays?

Alston & Bird on 4/18/2025

Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more

Are Your Cybersecurity Controls Ready for the New York State Department of Financial Services' Deadlines?

Hinshaw & Culbertson - Privacy, Cyber & AI... on 4/15/2025

In November 2023, New York State's Department of Financial Services (NYDFS) amended its cybersecurity regulation, Part 500. This legal alert provides an update for Covered Entities and Class A Businesses on the current NYDFS...more

New York Cybersecurity Regulation Requires Submission of Compliance Certification or Acknowledgement of Noncompliance Next Week

Quarles & Brady LLP on 4/10/2025

On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more

Deadline Approaching: Covered Entities Must File Certifications of Compliance With Amended NYDFS Cyber Regulation by April 15

Davis Wright Tremaine LLP on 4/10/2025

In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more

Deadline Ahead: NYDFS Compliance Notifications are due by April 15

Husch Blackwell LLP on 3/19/2025

Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more

2024 Year in Review: Data Privacy and Cybersecurity

Goodwin on 3/17/2025

Welcome to the “Data Privacy and Cybersecurity” chapter of our annual report, Consumer Financial Services: 2024 Year in Review. Consumer financial services regulators are taking a keen interest in artificial intelligence...more

NYDFS Annual Compliance Submissions Due April 15, 2025 and New Compliance Requirements Effective on May 1, 2025

Katten Muchin Rosenman LLP on 3/6/2025

As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). As of November 1, 2024, Class A Companies and Covered Entities...more

NYDFS Updates Regulated Firms on Upcoming Cyber Requirements

Kramer Levin Naftalis & Frankel LLP on 3/4/2025

Financial firms doing business in New York should be mindful of a recent e-blast sent by the state’s financial regulator concerning cybersecurity requirements that become effective in less than two months. The New York...more

NYDFS reminds covered entities to submit notifications by April 15

Orrick, Herrington & Sutcliffe LLP on 3/3/2025

On February 27, NYDFS reminded covered entities subject to the Cybersecurity Regulation to submit their annual compliance notifications for the 2024 calendar year. Covered entities must submit the compliance filing by April...more

New York State amends law on data breach notifications

Orrick, Herrington & Sutcliffe LLP on 2/24/2025

On February 14, the Governor of New York signed into law SB 804 (the “Act”), which amends the general business law concerning when and how notifications for data breaches are provided to the New York Department of Financial...more

Lessons from PayPal’s $2 Million Cybersecurity Settlement with the New York State Department of Financial Services

Faegre Drinker Biddle & Reath LLP on 2/14/2025

On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more

NYDFS Releases Artificial Intelligence Cybersecurity Guidance For Covered Entities

White & Case LLP on 11/26/2024

On October 16, 2024, the New York State Department of Financial Services (the "DFS"), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence...more

New York Department of Financial Services’ New Enhanced Cybersecurity Requirements Effective November 1, 2024

Pillsbury Winthrop Shaw Pittman LLP on 10/30/2024

On November 1, 2024, the next phase of several significant amendments to the New York Department of Financial Services’ (NYDFS) cybersecurity regulation take effect. These specific amendments, enacted in 2023, impact the...more

AI at the gate: NYDFS issues guidance on addressing new AI-driven cybersecurity risks under existing cybersecurity requirements

Eversheds Sutherland (US) LLP on 10/30/2024

On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letter providing guidance on how DFS-regulated entities (covered entities) should be evaluating and responding to artificial...more

Cyber and AI: NYDFS has entered the chat

A&O Shearman on 10/22/2024

On October 16, 2024, the New York Department of Financial Services (“NYDFS”) released an Industry Letter—entitled Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Letter”)....more

NYDFS Issues Letter Highlighting Cybersecurity Risks of AI

McDermott Will & Emery on 10/21/2024

On October 16, 2024, the New York State Department of Financial Services (NYDFS) published a letter to covered entities that calls attention to the risks posed by artificial intelligence (AI). This non-binding guidance letter...more

NYDFS Amended Cybersecurity Rules: Overview of Upcoming Deadlines

Akin Gump Strauss Hauer & Feld LLP on 12/20/2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more

NYDFS Finalizes Amendments to Cybersecurity Regulation Impacting Financial Services Companies

McDermott Will & Emery on 11/10/2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) amended Part 500, the cybersecurity regulation. These updates follow numerous NYDFS enforcement actions and other new cybersecurity rules, such as the...more

Client Alert: New York Issues Significant Amendments to its Forward-Leaning Cyber Regulations

Jenner & Block on 11/8/2023

In 2017, the New York Department of Financial Services (“NYDFS”) enacted a landmark regulation requiring financial services institutions such as banks and insurance companies in the state to meet substantial cybersecurity...more

Privacy & Cybersecurity Update - July 2023

Skadden, Arps, Slate, Meagher & Flom LLP on 8/2/2023

In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more

New York Department of Financial Services Levies $1.2 Million Fine on Cryptocurrency Platform for Violations of Cybersecurity...

Faegre Drinker Biddle & Reath LLP on 6/21/2023

A recent consent order between the New York State Department of Financial Services (“NYDFS”) and cryptocurrency trading platform, bitFlyer USA (“bitFlyer”), shows that the NYDFS continues to utilize an aggressive enforcement...more

Louisiana Adopts Virtual Currency License

Shipkevich PLLC on 1/18/2023

Louisiana has become the first state to follow New York's lead in issuing a crypto-specific license, accepting Louisiana Virtual Currency Business Activity (VCBA) license applications as of January 1, 2023. All entities...more

A Cybersecurity Storm and Winds of Change: NY DFS requires all New York financial institutions to report effects of SolarWinds...

Eversheds Sutherland (US) LLP on 12/23/2020

The massive SolarWinds security breach, which affected not only the private sector, but federal, state and local governments, has caused some to question whether to share data with the government. On Friday, December 18, the...more

29 Results

View per page

Page: of 2

Cybersecurity › NYDFS › Regulatory Requirements

"My best business intelligence, in one easy email…"