On March 9, 2022, the Securities and Exchange Commission proposed new rules (the “Proposed Rules”) for registrants regarding disclosure of material cybersecurity incidents, as well as cybersecurity risk management, strategy and governance. The Proposed Rules would require (1) disclosure in Form 8-K of information about a cybersecurity incident within four business days of determining that the incident is material, (2) updated disclosure in Forms 10-K and 10-Q of previously disclosed cybersecurity incidents, and disclosure of previously undisclosed, inpidually immaterial incidents when a determination is made that they have become material on an aggregated basis, (3) disclosure in Form 10-K of cybersecurity policies and procedures and governance practices, including at the board and management levels, and (4) disclosure of the board of directors’ cybersecurity expertise. The Proposed Rules would subject foreign private issuers to the same disclosure requirements in their Form 20-Fs, and would amend Form 6-K to add “cybersecurity incidents” as a reporting topic.