Today's Focus: Cybersecurity, Cloud Security & Data Security — Monday, June 1, 2026
TODAY'S TOP STORY: SEC Regulation S-P — Smaller Entities Must Comply by June 3 (2 Days)
The SEC's amended Regulation S-P compliance deadline hits smaller registered investment advisers (AUM below ~$1.5 billion), broker-dealers, investment companies, transfer agents, and funding portals this Tuesday, June 3. Required as of that date: a board-approved written incident response programme; 30-day individual breach notification procedures; 72-hour downstream service-provider breach-reporting clauses in all vendor contracts; expanded customer-record safeguards; and documented compliance records. Larger entities have been subject to these same requirements since December 3, 2025.
The SEC Division of Examinations has named Reg S-P an explicit 2026 examination priority — enforcement scrutiny begins immediately after the deadline. Firms that have not yet operationally tested their notification workflows face real examination risk starting Wednesday.
Sources: SEC Rule S7-05-23 (https://www.sec.gov/rules-regulations/2024/05/s7-05-23) | FINRA Reg S-P Reminder (https://www.finra.org/rules-guidance/guidance/sec-regulation-s-p-compliance-date-reminder-20251114)
ALSO TODAY
EU Cyber Resilience Act — Member States Must Designate CABs by June 11 (10 Days)
Chapter IV of the EU CRA applies from June 11, requiring each Member State to designate notifying authorities and conformity assessment bodies (CABs). This activates the third-party assessment pathway for Class II and III connected products. The next hard CRA milestone is September 11, when all manufacturers must have 24h/72h/14-day vulnerability and incident reporting workflows ready for the EU Single Reporting Platform. Action: Confirm which national CAB is designated in your relevant member states and begin pre-assessment engagement. EC CRA Implementation: https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation
CIRCIA Rulemaking Town Halls — June 15–18 (14 Days); Final Rule Targeted Q3 2026
CISA confirmed rescheduled CIRCIA town halls on June 15, 16, 17, and 18 — the last substantive comment windows before a Q3 2026 final rule. When in force, CIRCIA will require approximately 300,000 critical infrastructure entities across 16 sectors to report cyber incidents within 72 hours and ransomware payments within 24 hours, with FOIA and civil-litigation protections. Action: Register if your sector has outstanding concerns on scope, safe harbours, or timeline. CISA CIRCIA: https://www.cisa.gov/circia
Vietnam Cybersecurity Law 2025 — Effective July 1 (30 Days)
Vietnam's Law No. 116/2025/QH15 — replacing both the 2015 and 2018 cybersecurity laws — enters full force July 1. Digital platforms face 24-hour content removal obligations upon Ministry of Public Security request (6 hours in urgent cases), mandatory assessments for critical infrastructure operators, and AI deepfake prohibitions. Foreign providers are expressly subject to the law. Action: Implement MPS notification channels and test removal workflows before July 1. Vietnam MPS: https://en.bocongan.gov.vn/article/national-assembly-passes-law-on-cybersecurity-1765507574
DEADLINE ALERT — 10 Days: EU CRA CAB Designation (June 11)
If your organisation manufactures connected hardware or software products for the EU market, confirm which national conformity assessment body is designated for your product class — and initiate pre-assessment contact now. Early-stage CAB queues will form quickly after June 11.
ONE THING TO DO TODAY
Have your Reg S-P incident response programme signed off by the board or a principal today — the SEC deadline is Tuesday, and documented board approval is the first-order check in any examination.
TOMORROW'S FOCUS: Privacy
Tuesday brings CyberEyeQ's weekly privacy briefing, covering personal data protection developments across the US, EU, UK, and Asia-Pacific — including state law updates, DPA enforcement actions, and upcoming consent-management deadlines.
CyberEyeQ — Actionable Regulatory Intelligence | cybereyeq.com | [email protected]