The Regulation S-P 2024 amendments are now in full effect. The SEC adopted them on May 16, 2024, they became effective on August 2, 2024, and both compliance dates have since passed: December 3, 2025 for larger entities and June 3, 2026 for smaller entities. Every covered institution, including broker-dealers and registered investment advisers, is now expected to operate a written incident response program, notify affected individuals of a qualifying breach of sensitive customer information within 30 days, and oversee the service providers that touch that data. The practical consequence that this guide focuses on: when a broker-dealer or RIA runs AI or generative AI over customer nonpublic personal information, those AI deployments fall squarely inside the safeguards, the incident-response duty, and the service-provider regime that Reg S-P now requires.
Working through this in production? See how we run a financial-services AI governance program.
This is a customer-information safeguarding rule, not an AI rule. But because its scope is defined by the data it protects rather than the technology that processes it, a chatbot trained on client records, a retrieval system that queries customer accounts, or a vendor AI tool that ingests nonpublic personal information sits inside the rule the same way a database or a spreadsheet does. The two readers this matters most to are the Chief Compliance Officer who owns the Reg S-P program and the risk leader deciding whether an AI use case is governed. Below is what changed, who it binds, where AI lands inside it, and a mapping from each obligation to the evidence a reviewer will expect.
What the Regulation S-P 2024 amendments require
The amendments are the most significant overhaul of Regulation S-P in roughly two decades, building on the safeguards rule adopted in 2000 and the disposal-rule additions of the mid-2000s, and they implement the safeguarding and disposal expectations that flow from the Gramm-Leach-Bliley Act for SEC-regulated firms. There are five changes worth knowing in detail.
1. A written incident response program
Covered institutions must develop, implement, and maintain written policies and procedures for an incident response program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. This is the structural core of the amendments. It is no longer enough to have general safeguards: the firm needs a documented program that defines how an incident is detected, who responds, how the breach is contained, and how the firm recovers and notifies.
2. A 30-day customer notification duty
The response program must include procedures to notify affected individuals when their sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. The notice must go out as soon as practicable and no later than 30 days after the firm becomes aware that such an incident has occurred or is reasonably likely to have occurred. The amendments include a documented exception: notice is not required where the firm determines, after a reasonable investigation, that the sensitive customer information has not been and is not reasonably likely to be used in a way that would result in substantial harm or inconvenience. The exception is a documented determination, not a default, so the file has to show the analysis.
3. Service-provider oversight, including a 72-hour notice arrangement
Covered institutions must oversee service providers that receive, maintain, process, or otherwise are permitted access to customer information. Concretely, the firm must take reasonable steps to arrange for the service provider to notify the firm of a breach as soon as possible, and no later than 72 hours after the provider becomes aware that unauthorized access to or use of customer information has occurred. That 72-hour arrangement is a contractual and oversight obligation, and it is exactly where AI vendors enter the picture, a point developed below.
4. Expanded scope of customer information and covered institutions
The amendments broaden the defined term to customer information and extend the safeguards and disposal rules to cover not only a firm’s own customers but also information about customers of other financial institutions that the firm receives, handles, or maintains. The set of covered institutions is also clarified and expanded, notably to include all transfer agents alongside broker-dealers, registered investment advisers, investment companies, and funding portals.
5. Recordkeeping
The amendments add recordkeeping obligations tied to the incident response program. Covered institutions are expected to keep written records documenting their policies and procedures and their compliance, with the incident-response and notification records commonly retained for a period of five years. The recordkeeping requirement is what converts the program from a policy on paper into evidence a reviewer can follow.
Who is covered, and which compliance date applied
Reg S-P covers broker-dealers (including funding portals), registered investment advisers, investment companies, and transfer agents, collectively the covered institutions. The amendments split compliance timing between larger and smaller entities, and both windows have now closed, so the larger-versus-smaller distinction is now historical rather than a planning question. It still matters for one reason: it tells you which compliance date your firm was held to, and therefore how long your program has been expected to be live.
| Entity class | Threshold | Compliance date (now passed) |
|---|---|---|
| Larger RIA | $1.5B or more in assets under management | December 3, 2025 |
| Larger investment company | $1B or more in net assets | December 3, 2025 |
| Larger broker-dealer / transfer agent | Above the Exchange Act small-entity thresholds | December 3, 2025 |
| All smaller entities | Below the larger-entity thresholds | June 3, 2026 |
If your firm is a registered investment adviser with $1.5B or more in AUM, or a broker-dealer above the relevant net-capital and asset thresholds, the program was due in December 2025. Everyone else was due in June 2026. As of today, both dates are behind us, and an SEC examination can reasonably expect a functioning incident response program, a defined notification process, and service-provider arrangements already in place.
Where AI deployments fall inside Reg S-P
Here is the connection that puts this rule on an AI-governance site. Reg S-P does not mention AI, and we are not going to pretend it is an AI regulation. What it does is define its protection around customer information, and any system that accesses or uses that information is in scope regardless of whether it is a model. So when a broker-dealer or RIA deploys AI on customer nonpublic personal information, the deployment inherits the full weight of the rule.
Three deployment patterns are the most common and the most exposed:
- Customer-facing chatbots and virtual assistants that read account data to answer questions. The model is now a path to customer information, so it is inside the safeguards rule and inside the incident-response program. A prompt-injection or data-leakage failure that exposes sensitive customer information is a Reg S-P incident, and the 30-day notification clock can start on it.
- Retrieval-augmented generation over client records. A RAG system that indexes customer documents into a vector store has created another copy of customer information in another system. That store is in scope, its access controls are in scope, and a breach of it triggers the same response and notification duties.
- Vendor AI tools that ingest customer data. A third-party AI product that processes nonpublic personal information is a service provider under the amendments. The firm must arrange for that vendor to provide the 72-hour breach notice, and the firm remains responsible for overseeing it.
That third pattern is why the service-provider regime is the sharpest AI pressure point. AI vendors are frequently onboarded by a business line for speed, with little of the diligence a core processor would get, yet they often receive exactly the sensitive customer information the rule protects. Bringing those vendors under the 72-hour notice arrangement and into ongoing oversight is the same discipline we describe in our third-party AI vendor risk assessment checklist, applied to the specific obligation Reg S-P now imposes. For the firm-type specifics, broker-dealers can see how this fits their FINRA and examination posture on our broker-dealer AI compliance page, and advisers can see the adviser-specific view on our RIA AI governance page.
Reg S-P obligation, what to implement, and the evidence
The most useful thing a compliance team can do is turn each obligation into an implementation and an artifact. When an AI system is in scope, the right-hand column is what shows a reviewer that the AI deployment is actually governed, not just acknowledged. This mapping is the unique asset of this guide.
| Reg S-P obligation | What to implement (AI in scope) | Evidence to retain |
|---|---|---|
| Written incident response program | A documented IR program whose scope explicitly names AI systems (chatbots, RAG stores, vendor AI) as covered assets that access customer information | The written IR policy, the AI-asset inventory it references, and dated revision history |
| Detection and response | Logging and monitoring on AI systems that touch customer data, with alerting for anomalous access, data-leakage, and prompt-injection indicators | Log retention records, alert configurations, and incident tickets showing detection-to-response timing |
| 30-day customer notification | A notification procedure with a defined trigger, an owner, drafted notice templates, and the substantial-harm exception analysis built in | The procedure, notification templates, and a documented harm-assessment record for each incident or exception decision |
| Service-provider oversight (72-hour notice) | Contract language and an onboarding gate that obligate every AI vendor handling customer data to report a breach within 72 hours, plus periodic review | Executed vendor agreements with the 72-hour clause, a vendor inventory, and dated oversight or review records |
| Expanded customer-information scope | A data map that identifies every system, including AI systems, holding customer information, your own customers and customers of other institutions | The data inventory and classification, with AI systems and their data stores tagged |
| Recordkeeping | A retention schedule covering IR-program records, notifications, and oversight evidence, commonly five years | The retention schedule and the retained records themselves, retrievable on request |
A firm that can produce the right-hand column for its AI systems is in materially better shape than one whose program exists only for traditional infrastructure. The gap we see most often is precisely that the IR program, the data map, and the vendor inventory all silently exclude the AI footprint, because the AI was procured outside the channel that feeds those documents.
How Reg S-P differs from SR 26-2 and NYDFS Part 500
Compliance teams routinely receive several AI-related obligations at once and blur them together. They are distinct authorities with distinct subjects, and conflating them produces the wrong controls.
Regulation S-P is an SEC rule about safeguarding customer nonpublic personal information. Its subject is data protection, its triggers are unauthorized access and breach, and it binds SEC-regulated firms: broker-dealers, RIAs, investment companies, transfer agents, and funding portals.
SR 26-2, the revised interagency guidance on model risk management issued in April 2026, is a federal banking matter. It governs how a bank manages the risk of its models, it is non-binding supervisory guidance most relevant to larger banking organizations, and it explicitly places generative and agentic AI outside its model-risk scope. It is not a customer-information rule, and for most broker-dealers and RIAs it is not the governing authority at all. The reason to know it is to avoid importing a bank model-risk framework into what is actually a data-safeguarding obligation.
NYDFS Part 500, the New York Department of Financial Services cybersecurity regulation at 23 NYCRR Part 500, is a state cybersecurity regime for entities licensed in New York. It overlaps Reg S-P in spirit, both care about protecting information and responding to incidents, but it is a separate rule with its own risk-assessment, controls, and reporting requirements, and a firm licensed in New York may have to satisfy both. The correct posture is to treat Reg S-P, SR 26-2 where it applies, and Part 500 where it applies as parallel obligations mapped to one control set, not as interchangeable versions of the same rule.
A practical sequence for broker-dealers and RIAs
Because both compliance dates have passed, the right framing is not how to prepare but how to confirm the program is real and covers AI. The sequence we use:
- Inventory the customer-information footprint, including AI. Find every system that holds or accesses customer nonpublic personal information, and make sure chatbots, RAG stores, and vendor AI tools are on the list. Most exposure hides in systems no one classified as in scope.
- Confirm the incident response program names those systems. A program that does not reference the AI footprint does not cover it in practice. Update the scope so detection, response, and notification reach the AI systems.
- Close the service-provider gap. Reconcile your vendor inventory against the AI tools in use, and make sure each AI vendor handling customer data is under the 72-hour notice arrangement and ongoing oversight.
- Pressure-test the notification trigger. Walk a realistic AI data-leakage scenario through the 30-day clock and the substantial-harm exception, and confirm the owner, the templates, and the documentation hold up.
- Verify the records exist and are retrievable. The program is only as good as the evidence behind it, so confirm the IR policy, the data map, the vendor agreements, and the retention schedule are current and can be produced.
This is readiness work, not certification. DSE prepares organizations for examination and assembles the evidence a reviewer expects; we do not certify Reg S-P compliance and we do not guarantee any examination outcome.
What this guide is / What it is not
What it is: A practitioner explanation of the Regulation S-P 2024 amendments for broker-dealers and RIAs, with specific attention to where AI and generative-AI deployments fall inside the rule, and a mapping from each obligation to the evidence a reviewer expects. It is meant to help a CCO or risk leader confirm that an already-required program actually covers the AI footprint.
What it is not: It is not legal advice, and it is not a certification or a guarantee of any examination outcome. Reg S-P is a customer-information safeguarding rule, not an AI regulation, and nothing here interprets the rule for a specific incident, which is the work of your counsel and your facts. DSE prepares organizations for audit and examination; we do not certify, and we do not guarantee passing an examination. The exact application of the substantial-harm exception, the notification timing, and the service-provider terms to a given situation is a legal and factual determination, not a blog conclusion. The primary source is the SEC adopting release and press release on sec.gov.
FAQ
What do the Regulation S-P 2024 amendments require? The amendments require covered institutions to maintain a written incident response program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information; to notify affected individuals as soon as practicable and no later than 30 days after becoming aware of unauthorized access to sensitive customer information that is reasonably likely to result in substantial harm or inconvenience; to oversee service providers, including arranging for them to report a breach no later than 72 hours after discovery; an expanded definition of customer information and covered institutions; and related recordkeeping. They were adopted on May 16, 2024.
When did the Reg S-P amendments take effect for broker-dealers and RIAs? The amendments were adopted on May 16, 2024 and became effective on August 2, 2024. Larger entities had to comply by December 3, 2025 and smaller entities by June 3, 2026. Both compliance dates have now passed, so the amendments are in full effect for all covered institutions, including broker-dealers and registered investment advisers. An SEC examination can reasonably expect a functioning program already in place.
Does Regulation S-P apply to our use of AI on customer data? Yes, when the AI touches customer nonpublic personal information. Reg S-P defines its protection around customer information rather than the technology that processes it, so a chatbot reading account data, a retrieval-augmented generation system indexing client records, or a vendor AI tool ingesting customer data falls inside the safeguards rule, the written incident response program, and the 30-day notification duty. A vendor AI handling customer data is a service provider subject to the 72-hour breach-notice arrangement. Reg S-P is a customer-information safeguarding rule, not an AI rule, but it clearly reaches AI deployments that touch customer data.
What is the 30-day breach notification requirement under Reg S-P? Covered institutions must notify affected individuals as soon as practicable and no later than 30 days after becoming aware that sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. There is a documented exception: notice is not required where the firm determines, after a reasonable investigation, that the information has not been and is not reasonably likely to be used in a way that results in substantial harm or inconvenience. That determination must be documented; it is not a default.
How does Reg S-P differ from SR 26-2 and NYDFS Part 500? They are distinct authorities. Regulation S-P is an SEC rule about safeguarding customer nonpublic personal information that binds broker-dealers, RIAs, investment companies, transfer agents, and funding portals. SR 26-2 is non-binding federal banking guidance on model risk management, most relevant to larger banks, and it explicitly excludes generative and agentic AI from its scope; it is not a customer-information rule. NYDFS Part 500 is a New York state cybersecurity regulation for entities licensed in New York. A firm may have to satisfy more than one, so the right approach is to map them to a single control set rather than treat them as the same rule.
The Bottom Line
The Regulation S-P 2024 amendments are not a future deadline for broker-dealers and RIAs; they are a present obligation, in full effect since the smaller-entity date passed in June 2026. The substance is a written incident response program, a 30-day customer notification duty with a documented substantial-harm exception, service-provider oversight anchored by a 72-hour vendor breach-notice arrangement, an expanded definition of customer information, and recordkeeping to prove it all. None of that is AI-specific, and that is exactly the point: because the rule protects customer information wherever it lives, the AI systems that now read, index, and process that information are inside the rule whether or not anyone has updated the program to say so.
The work for most firms is therefore reconciliation rather than construction. Confirm that the incident response program, the data map, and the vendor inventory actually reach the AI footprint, that every AI vendor handling customer data is under the 72-hour notice arrangement, and that the records exist to show it. If you want a structured way to check that your AI systems are governed against the obligations a reviewer will apply, start with the AI Governance Checklist, and when you are ready for a senior team to confirm the program holds, that is what an AI governance readiness engagement delivers.
Key facts
- The SEC adopted the Regulation S-P amendments on May 16, 2024 and they became effective August 2, 2024, with compliance dates of December 3, 2025 for larger entities and June 3, 2026 for smaller entities, so the rule is now in full effect for all covered institutions (DSE, 2026).
- The amendments require covered institutions, including broker-dealers and registered investment advisers, to maintain a written incident response program, to notify affected individuals no later than 30 days after becoming aware of unauthorized access to sensitive customer information, and to arrange for service providers to report a breach no later than 72 hours after discovery (DSE, 2026).