Navigating NY DFS Part 500

Disclaimer: The following information is generalized, not necessarily up-to-date with current laws and/or rulings, and should not be relied upon for legal purposes. The following information is not intended to be legal advice; individuals should consult an attorney in their respective jurisdiction(s) to obtain legal advice tailored to their specific needs and applicable law(s).


* Italicized terms used throughout this article refer to terms defined in 23 NYCRR § 500 (NY DFS 500). A copy of 23 NYCRR § 500 can be found here.

NY DFS 500’s Requirements

The requirements set forth by NY DFS 500 have varying dates by which they are required to be complied with by covered entities (a discussion of covered entities and exemptions can be found here). This information can be found in 23 NYCRR § 500.22, where it is referred to as Transitional Periods. These dates can also be found on the New York Department of Financial Services’ website, found here. Finally, there is a published list of frequently asked questions by the Department, found here.

The following is a general overview of the transitional periods and their respective requirements as provided in NY DFS 500.

Transitional Period 1 (Deadline: August 28, 2017)

Transitional Period 2 (Deadline: February 15, 2018)

Transitional Period 3 (Deadline: September 3, 2018)

Transitional Period 4 (Deadline: March 1, 2019)

  • Section 500.11: Third Party Service Provider Security Policy