New York, United States
New York SHIELD Act
CybersecurityIn Effect
The SHIELD Act broadened New York breach-notification rules and requires reasonable administrative, technical, and physical safeguards for private information.
Effective
Mar 21, 2020
Regulation dossier
New York, United States
NYDFS Part 500 Cybersecurity Regulation
CybersecurityAmended
A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.
Plain-English summary
What this regulation means
Built for operators
New York requires covered financial entities to maintain a risk-based cybersecurity program, governance controls, incident reporting, and documented policies. The 2023 amendments strengthened board and senior-governance accountability, privileged-access management, asset inventory, vulnerability management, and incident notice requirements. Larger Class A companies face additional controls such as independent audits and enhanced monitoring.
Reading guide
Use the timeline below to see how the rule progressed from enactment to current obligations.
Related regulations surface adjacent requirements in the same jurisdiction or policy lane.
Timeline
Regulatory lifecycle
Sequence: Original Effective -> Amendment Effective -> Second Amendment Adopted -> Final Compliance Deadline
- 1
Mar 1, 2017
Original Effective
The original NYDFS Part 500 cybersecurity regulation became effective for covered financial entities.
- 2
Nov 1, 2023
Amendment Effective
The 2023 NYDFS Part 500 amendments became effective.
- 3
Nov 1, 2023
Second Amendment Adopted
NYDFS adopted the second amendment to Part 500 and started the amended compliance timeline.
- 4
Nov 1, 2025
Final Compliance Deadline
The final major implementation deadline arrived for the 2023 Part 500 amendments.
Pro feature
📊 Stay ahead of this regulation
Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.
- →Email alerts when this regulation is updated or enforced
- →Export to CSV or JSON for compliance reporting
- →API access to integrate regulation tracking into your workflows
Subscribe for regulation alerts
Get alerts for this regulation →
Free weekly digest for compliance professionals following material legal changes.
Related regulations
What else belongs on the watchlist
Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.
View detail
New York, United States
New York Child Data Protection Act
PrivacyIn Effect
New York requires operators of covered online sites, services, and connected devices to provide privacy-by-default protections for minors and to limit data processing unless a statutory exception applies. It affects operators directed to children or that know a user is under 18, with special focus on profiling, data transfers, and persistent identifiers.
Effective
Jun 20, 2025
New York, United States
NYC Automated Employment Decision Tools (Local Law 144)
AI RegulationIn Effect
New York City bars employers and employment agencies from using automated employment decision tools unless they complete a bias audit, publish summary results, and provide required notices. It affects hiring and promotion workflows that rely on algorithmic scoring or recommendations for candidates and employees in the city.
Effective
Jul 5, 2023