What's coming but not yet binding — proposed rules, enacted-but-not-in-force rules, and phase-in deadlines. Forward-looking dates move; confirm against the primary source before acting.
| Date | When | In | Regulator | Rule / milestone | Type |
|---|---|---|---|---|---|
| 2021-04-06 | 1920d ago | US | FERC | Cybersecurity Incentives Proposed rule (NPRM) — not yet final. | Proposed |
| 2021-12-06 | 1676d ago | US | FCC | Resilient Networks; Disruptions to Communications; Disruptions to Communications Proposed rule (NPRM) — not yet final. | Proposed |
| 2022-11-07 | 1340d ago | US | FERC | Incentives for Advanced Cybersecurity Investment; Cybersecurity Incentives Proposed rule (NPRM) — not yet final. | Proposed |
| 2022-12-09 | 1308d ago | US | FCC | The Uniendo a Puerto Rico Fund and the Connect USVI Fund, Connect America Fund Proposed rule (NPRM) — not yet final. | Proposed |
| 2022-12-23 | 1294d ago | US | FCC | Emergency Alert System; Wireless Emergency Alerts; Protecting the Nation's Communications Systems From Cybersecurity Thr Proposed rule (NPRM) — not yet final. | Proposed |
| 2024-04-29 | 801d ago | US | FCC | Amendments to Resilient Networks Disruptions to Communications; New Considerations Concerning Disruptions to Communicati Proposed rule (NPRM) — not yet final. | Proposed |
| 2024-06-03 | 766d ago | US | CISA | Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements Proposed rule (NPRM) — not yet final. | Proposed |
| 2025-02-05 | 519d ago | US | TSA | Enhancing Surface Cyber Risk Management Proposed rule (NPRM) — not yet final. | Proposed |
| 2025-11-24 | 227d ago | US | FERC | Virtualization Reliability Standards Proposed rule (NPRM) — not yet final. | Proposed |
| 2025-11-24 | 227d ago | US | FERC | Critical Infrastructure Protection Reliability Standard CIP-003-11-Cyber Security-Security Management Controls Proposed rule (NPRM) — not yet final. | Proposed |
| 2026-06-30 | 9d ago | UK | UK_TELECOM | Revised UK Telecommunications Security Code of Practice (draft 2026) FORTHCOMING (proposed): a draft revision of the 2022 Telecommunications Security Code of Practice, published June 2026, updating the technical guidance public telecoms providers follow to meet their d | Proposed |
| 2026-09-11 | in 64d | EU | EU_CRA | Regulation (EU) 2024/2847 — Cyber Resilience Act (products with digital elements) Reporting obligations apply — actively-exploited-vulnerability & severe-incident reporting to ENISA. | Phase-in |
| 2026-12-31 | in 175d | UK | UK_NIS | UK Cyber Security and Resilience Bill — expansion of the NIS regime FORTHCOMING (proposed): the most significant reform of the UK NIS regime since 2018. Broadens scope to data centres and managed service providers, tightens incident reporting (notify within 24h, full | Proposed |
| 2027-12-11 | in 520d | EU | EU_CRA | Regulation (EU) 2024/2847 — Cyber Resilience Act (products with digital elements) Main obligations apply — secure-by-design, conformity assessment, CE marking. | Phase-in |
Knowing which rules bind you is step one. WSquare Advisory builds the operating capability behind compliance — the continuity, third-party, and recovery disciplines these regimes expect. If that's your challenge, let's talk.
Start a Conversation →