Skip to main content

Heading into the second half of 2024, it feels like it’s been a busy year for cybersecurity regulations and legislative initiatives—both new and revised. 

This increased focus on cybersecurity regulations and legislation is partially due to it being an election year. As the election cycle kicks into overdrive, candidates roll out their plans for cybersecurity policy and legislative changes and incumbents take action on proposals that they want to see through before election day. 

Political climate aside, data security is a hot topic, and it’s only getting hotter as AI gives malicious actors the tools they need to intensify the number and the severity of attacks on businesses and critical infrastructure providers. As a result, it’s no surprise that regulatory agencies and legislative bodies have ramped up efforts to mandate cybersecurity policies and protocols in both private and public sector industries.  

To help you keep your business compliant, we did a roundup of 2024 regulatory updates and legislation that are either already active or are quickly approaching.

Cybersecurity Awareness Month is here! Stay safe from cyber threats with  Logically's full list of proven tips.

Regulatory Updates

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0

Effective date: January 2024

Summary: The NIST CSF 2.0 updates guidelines for how industry, government agencies, and other organizations manage cybersecurity risks, incorporating lessons learned from the past decade and emphasizing governance, supply chain security, and continuous improvement.

NIST SP 800-53 Rev.5

Effective date: December 2020 (Reaffirmed July 2024)

Summary: This revision of the security and privacy (SP) controls for federal information systems and organizations introduces controls for third-party risk, supply chain security, cyber resiliency, and secure systems design.

PCI DSS 4.0

Effective date: March 31, 2024

Summary: The latest version of the Payment Card Industry Data Security Standard (PCI DSS) includes 13 new requirements designed to improve payment data security, ensure secure software development, and enhance monitoring capabilities. The first set of new requirements went into effect on 3/31/2024, but remaining new requirements go into effect in 2025.

Federal Trade Commission (FTC) amended Safeguards Rule

Effective date: May 13, 2024

Summary: Non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders,are required to report data breaches involving at least 500 consumers to the FTC within 30 days of discovery.

Securities and Exchange Commission (SEC) cybersecurity incident reporting rules

Effective date: June 15, 2024

Summary: Smaller reporting companies must report material cybersecurity incidents within four business days and submit annual disclosures on the companies’ cybersecurity risk management, strategy, and governance.

New Data Privacy Laws—Florida, Oregon, Texas

Effective date: July 1, 2024

Summary: The Florida Digital Bill of Rights (FDBR), Texas Data Privacy and Security Act (TDPSA), and Oregon Consumer Privacy Act (OCPA) introduce new data privacy regulations, mandating stricter data handling practices and giving consumers greater control over their personal information.

U.S. federal government zero trust goals

Effective date: September 30, 2024

Summary: Federal agencies must implement a zero trust architecture, which sets a standard for consistently applied access controls.

NIS2 directive

Effective date: October 17, 2024

Summary: The EU’s NIS2 Directive mandates enhanced cybersecurity measures for critical infrastructure, with fines for non-compliance reaching up to €10,000,000 or 2% of global revenue.

Digital Operational Resilience Act (DORA)

Effective date: January 2025

Summary: This EU regulation focuses on strengthening the digital operational resilience of financial institutions and critical information and communications technology (ICT) third-party service providers, ensuring they can withstand, respond to, and recover from all types of ICT-related disruptions.

Legislative Developments

Cybersecurity Information Sharing Act (CISA Law)

Effective date: Ongoing

Summary: Facilitates the sharing of cybersecurity threat information between private companies and the government, promoting collective defense and improving the overall cybersecurity posture of the nation.

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)

Effective date: Rulemaking expected 2024

Summary: Requires critical infrastructure entities to report significant cyber incidents and ransomware payments to federal authorities, helping to coordinate national response efforts and mitigate impacts.

With even more cybersecurity regulations on the horizon for 2025, achieving and maintaining compliance can feel like a never-ending battle. Logically’s team of cybersecurity specialists can help you stay in compliance with the latest regulations so you can stay focused on running your business.

Speak with an Expert


Relevant Resources

A banner promoting Cybersecurity Awareness Month with text and a tech professional looking at digital code.