04-09-25 NYSDFS Annual Compliance Notice Due by April 15, 2025
As reported in our previous client alerts, Amended NYSDFS Cybersecurity Regulations and Update on NYSDFS Cybersecurity Regulations, the New York State Department of Financial Services (NYSDFS) amended its cybersecurity regulations[1] in 2023 requiring DFS-regulated businesses to comply with numerous obligations.
While not a new requirement, DFS-regulated businesses must file an annual compliance notice through the DFS portal. This year's compliance notice is due on April 15, 2025.
Since the recent amendments went into effect on November 1, 2024, DFS-regulated businesses now have the option of submitting either a:
- Certificate of Material Compliance certifying that the business materially complied with all applicable sections of the cybersecurity regulations during the previous calendar year; or
- Acknowledgment of Noncompliance stating that the business was unable to achieve material compliance, the details leading to its noncompliance, and a timeline for remediation.
We are prepared to help your business comply with the April 15 filing deadline. If you have any questions, please reach out to your Woods Oviatt Gilman attorney or an attorney in our Financial Services or Cybersecurity practice groups at Woods Oviatt Gilman LLP.
[1] N.Y. Comp. Codes R. & Regs. tit. 23, § 500.0-500.24.
