All covered entities and licensed persons who are not fully exempt from the regulation are
required to submit a Certification of Compliance no later than April 15, 2021, attesting to their compliance for the 2020 calendar year.
Note: Any DFS regulated entity or licensed person who filed a Notice of Exemption previously does not need to refile a Notice of Exemption. However, if your exempt status has changed, then the entity or individual should amend or terminate their filing through the DFS portal.
What is Cybersecurity Regulation?
Cybersecurity Regulations became effective on March 1, 2017 and provide that any individual or nongovernmental partnership, corporation, branch, agency, association or other entity operating under a license under New York insurance laws (among others) (“Covered Entities”) are required to formally assess their cybersecurity risks and maintain a cybersecurity program to address such risks. Under these Regulations, Covered Entities are required to comply with a number of detailed requirements. Smaller entities and individuals are entitled to file for a limited exemption eliminating some of the more complex, costly requirements.
Click here for more information regarding Cybersecurity regulation and instructions on how to file a Certification of Compliance.