Products Intelligence Pricing Methodology Contact
TECHNOLOGY, AI & COMPETITION

Cybersecurity incident disclosure

Cybersecurity incident disclosure obligations for Technology, AI, and Competition sector firms have tightened considerably, driven by the U.S. Securities and Exchange Commission's 2023 final rule requiring public companies to report material cybersecurity incidents within four business days of determining materiality. The U.S. Cybersecurity and Infrastructure Security Agency and the European Union Agency for Cybersecurity are each advancing parallel notification frameworks that create overlapping timelines compliance teams are now reconciling across jurisdictions. For technology firms operating in AI and data-intensive markets, the gap between a security event and a defensible disclosure is shrinking fast.

Watch

  • SEC 4-business-day materiality clock: how courts are testing the standard
  • EU NIS2 Directive incident reporting thresholds take effect for digital infrastructure operators
  • CISA's proposed mandatory cyber incident reporting rule under CIRCIA, rulemaking still open
  • AI system breaches: whether SEC disclosure duties extend to model compromise events
  • FTC enforcement posture on delayed consumer notification in data breach cases

Recent material activity in Technology, AI & Competition

  • Apr 11, 2026 MATERIAL

    NIST releases updated AI Risk Management Framework companion guide for critical infrastructure

    NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…

    Read a full sample brief →