A Limited Exemption From
DFS 23 NYCRR Part 500
Need help navigating NYS DFS 23 NYCRR Part 500?
Exemption Criteria Include:

Fewer than 10 employees
(including independent contractors)

Less than $10 million
in year-end total assets

Less than $5 million
in annual gross revenue
There are a number of ways businesses may be exempt from parts of the NYS DFS regulation. If an organization meets any of the criteria, it qualifies for a limited exemption.
While it’s important to take this cyber security regulation seriously, smaller companies have flexibility in implementing the full scope of requirements.
This doesn't eliminate ALL of your compliance obligations.
Are We Exempt?