US Coast Guard publishes final rule updating cybersecurity requirements for US-flagged vessels

The US Coast Guard has published a final rule in the Federal Register to update cybersecurity requirements for US-flagged vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to Maritime Transportation Security Act of 2002 (MTSA).

This final rule addresses current and emerging cybersecurity threats in the Marine Transportation System (MTS) by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These requirements include developing and maintaining a Cybersecurity Plan, designating a Cybersecurity Officer (CySO), and taking various measures to maintain cybersecurity within the MTS.

This final rule, which is effective July 16, 2025, also includes a solicitation for comments on a potential delay for the implementation periods for US-flagged vessels.

Comments on a potential two- to five-year delay for the implementation periods for US-flagged vessels discussed in Section VII of the final rule preamble must be submitted by March 18, 2025.

For more information, interested parties mat see the final rule in the Federal Register using the eRulemaking Portal at www.regulations.gov under docket number USCG-2022-0802.

Additional guidance on these regulations including a cyber regulations fact sheet, a small entity compliance guide for vessels, a small entity compliance guide for facilities, and information about the waiver and Alternative Security Program process, will be posted on the Coast Guard Maritime Industry Cybersecurity Resource Website.