Skip to Content

Key Dates under New York's Cybersecurity Regulation (23 NYCRR Part 500)

The Department has extended the initial period for making the filing of the Notice of Exemption required by 23 NYCRR 500.19(e) until October 30, 2017.  Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) before October 1, 2017, are now required to file a Notice of Exemption on or prior to this date.

The Department reminds Covered Entities that Notices of Exemption should be filed electronically via the DFS Web Portal (accessible by clicking the orange box marked “Cybersecurity Filing” at the top of this page). You will first be prompted to create an account and log in to the DFS Web Portal, then directed to the filing interface.  That website also contains a copy of the Cybersecurity Regulation and a set of Frequently Asked Questions.


Additional Resources

Updated 09/27/2017


Link to DFS Portal

About DFS

Contact DFS

Reports & Publications


Laws and Regs

Connect With DFS

DFS Facebook page

Follow NYDFS on Twitter