On March 15, 2023, the SEC proposed a new rule that would require certain regulated Market Entities to provide immediate written notification to the SEC of a “significant cybersecurity incident,” followed by certain supplemental updates. The proposed rule would also require most Market Entities to publicly disclose cybersecurity risks and significant cybersecurity incidents. Additionally, the SEC proposed amendments to Regulation SCI, including to require covered entities to maintain cybersecurity policies and procedures, and amendments to Regulation S-P, including to require notification to customers within 30 days of a compromise of their personal information. The 60-day notice and comment period for these proposals will begin upon their publication in the Federal Register. The SEC also reopened the notice-and-comment period for its proposed cybersecurity risk management rule for investment advisers and investment companies, which will remain open until May 22, 2023.