WARRANT
[email protected] Open the demo →
REGULATOR · US-NY · COVERED ENTITIES
REVISED 2026-05-08 · 23 NYCRR § 500 · POST SECOND AMENDMENT

NYDFS Part 500.

Warrant is regulator-grade evidence infrastructure for AI agents in regulated industries: drop an agent's execution trace, get a record mapped to a specific EU AI Act obligation, independently verifiable without contacting Warrant. 23 NYCRR § 500, post Second Amendment · jurisdiction: NY-licensed financial services Covered Entities · AI cybersecurity guidance issued 16 October 2024 (Industry Letter, applies existing Part 500 to AI deployments) · penalty: enforcement under NY Banking Law and Insurance Law. Covered Entities must bring AI components inside the cybersecurity program and report AI-related events within 72 hours.

CLAUSE
§ 500.6 · § 500.17(a)(1)
Audit trail and 72-hour Cybersecurity Event reporting.
DEFINITIONS
§ 500.1(e)/(f)/(k)
Covered Entity § 500.1(e), Cybersecurity Event § 500.1(f), NPI § 500.1(k).
AI GUIDANCE
2024-10-16
Industry Letter applying existing Part 500 to AI deployments.
01 · § 500.6 · AUDIT TRAILS

Audit trails for Cybersecurity Events.

Each Covered Entity shall securely maintain systems that, to the extent applicable and based on its Risk Assessment, include audit trails designed to detect and respond to Cybersecurity Events that have a reasonable likelihood of materially harming any material part of the normal operations of the Covered Entity. 23 NYCRR § 500.6(a)(2)

Note the section number: § 500.6, not § 500.06. The Second Amendment, in force since 1 November 2023, restructured the numbering. § 500.6(a)(2) is the audit-trail clause read against AI deployments under the 16 October 2024 Industry Letter. For why static API logs fall short, see standard logs do not satisfy § 500.6.

"Audit trails designed to detect and respond. The verbs are doing work. Static logs do not satisfy this clause."NYDFS Industry Letter · 16 October 2024 · supervisor reading
02 · § 500.17 · 72-HOUR NOTICE

Notice in 72 hours. Highest-ranking executive.

Each Covered Entity shall notify the superintendent through the Department's online portal as promptly as possible but in no event later than 72 hours after a determination has been made that a Cybersecurity Event has occurred. 23 NYCRR § 500.17(a)(1)

The 72-hour clock starts at determination, not at occurrence. § 500.17(b)(2) requires that the annual program certification be submitted by the Covered Entity's highest-ranking executive (this is verbatim regulator language; the rule does not say "CEO"). The record names the accountable executive's tenant so that authorship is on the certification record.

§ 500.17(a)(1)
72-hour notice to the superintendent on Cybersecurity Event determination. WARRANT · Incident-mode trace ingestion ships v0.5; today: incident traces produce independently verifiable packages by Warrant. 72-hour clock is customer process.
§ 500.17(b)(2)
Annual program certification by the highest-ranking executive. WARRANT · trace.signed_off_by + the record names the accountable executive's tenant. Cross-trace inventory roll-up ships v0.5.
03 · § 500.1 · DEFINED TERMS

The three load-bearing definitions.

Three defined terms in § 500.1 carry the regulation. AI deployments fall in scope where they touch any of the three.

§ 500.1(e)
Covered Entity. Any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law, Insurance Law, or Financial Services Law.
§ 500.1(f)
Cybersecurity Event. Any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System.
§ 500.1(k)
Nonpublic Information (NPI). All electronic information that is not Publicly Available Information, including business information, personally identifiable information, and protected health information as defined.
72hr
NOTICE WINDOW
From determination of a Cybersecurity Event under § 500.1(f) to notice under § 500.17(a)(1).
2024-10-16
AI INDUSTRY LETTER
"Cybersecurity Risks Arising from Artificial Intelligence" · applies the existing Part 500 to AI deployments without amending the regulation.
04 · WHY THIS REGULATOR NOW

Does NYDFS Part 500 apply to AI agents?

The NYDFS AI Industry Letter of 16 October 2024, "Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks," did not amend Part 500. It applied the existing § 500.6, § 500.17, and § 500.1 perimeter to AI deployments. That move expanded the regulation's reach without amending it. The Industry Letter is the operative supervisory document; the regulation is the same. NYDFS examiners began incorporating AI-specific findings into Covered Entity examinations in early 2025; the 2026 cycle is the first to treat unmapped AI agents as a categorical § 500.6 audit-trail finding.

Recent enforcement signal carries the regulation's posture. The NYDFS settlement with PayPal (27 January 2025, USD 2 million civil monetary penalty over a 2022 data breach) cited multiple Part 500 failures including § 500.7 access controls and § 500.14 risk-based authentication. The Geico and Travelers settlements (28 November 2023, USD 11.3 million combined) cited § 500.6 audit-trail and § 500.13 vulnerability gaps in identity-quoting workflows · the same workflow pattern now driven by AI agents at most large insurers. The First American Title settlement (22 November 2023, USD 1 million) was the first NYDFS settlement to cite § 500.17(a)(1) 72-hour notice failure as a standalone violation.

Prosecutorial interest is moving toward AI-driven Cybersecurity Events. Counsel reading this page in May 2026 should expect that the next round of NYDFS Covered Entity referrals will name § 500.6(a)(2) audit-trail failures where the AI agent's decision chain was opaque, and § 500.17(b)(2) annual certification failures where the highest-ranking executive's signature did not bind to the actual operating chain. The regulator's working position: the audit trail must reconstruct the Cybersecurity Event end-to-end, not merely log its detection.

05 · DECISION TREE · NPI

Does the AI deployment touch NPI.

Five clauses to walk in order. The structure mirrors how an NYDFS examiner reads a Covered Entity's AI exposure on examination.

Q1
Is the firm a Covered Entity under § 500.1(e) (any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law, Insurance Law, or Financial Services Law). NO → Part 500 does not attach. YES → continue.
Q2
Does the AI deployment touch Nonpublic Information under § 500.1(k) (electronic information that is not Publicly Available, including business information, personally identifiable information, and protected health information). YES → § 500.6(a)(2) audit-trail rule attaches; § 500.17 reporting and certification carries forward; § 500.14 risk-based authentication and § 500.7 access privileges read against AI tooling.
Q3
Could a successful or unsuccessful act against the AI system constitute a Cybersecurity Event under § 500.1(f) (any act or attempt to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System). YES → § 500.6(a)(2) audit trails must be designed to detect and respond to such Events; § 500.17(a)(1) 72-hour notice clock starts at determination.
Q4
Is the audit trail designed to detect and respond to Cybersecurity Events that have a reasonable likelihood of materially harming any material part of normal operations. YES → trace.actions[*] per-action subject, inputs, outputs, ts, decision_rationale bound into a record independently verifiable without contacting Warrant satisfies § 500.6(a)(2). Rotating application logs do not.
Q5
Is the annual certification under § 500.17(b)(2) signed by the Covered Entity's highest-ranking executive (verbatim regulator language; the rule does not say "CEO"). YES → trace.signed_off_by + the record names the accountable executive's tenant. Cross-trace inventory roll-up ships v0.5.
06 · MAPPING · § 500 OBLIGATIONS

Per-section field map.

Each Covered Entity shall implement and maintain a written cybersecurity policy or policies, approved by a Senior Officer or the Covered Entity's Senior Governing Body, setting forth the Covered Entity's policies and procedures for the protection of its Information Systems and Nonpublic Information stored on those Information Systems. 23 NYCRR § 500.3 · cybersecurity policy requirement

The mapping below carries each Part 500 obligation Warrant attaches to. Each row names the section cite, the operative duty, and the Warrant evidence field that satisfies it. This is the table an NYDFS examiner reads against the evidence package on a Covered Entity examination.

§ 500.3
Cybersecurity policy approved by Senior Officer or Senior Governing Body. WARRANT · trace.policy_version_id + trace.signed_off_by. Policy approval bound to the specific deployment named on the record.
§ 500.4
Chief Information Security Officer (CISO) responsibility. WARRANT · trace.signed_off_by (when CISO is named accountable officer) + the record names the CISO's tenant as its issuing author.
§ 500.6(a)(2)
Audit trails designed to detect and respond to Cybersecurity Events. WARRANT · trace.actions[*] + trace.actions[*].decision_rationale + trace.actions[*].rag_retrieval[].chunk_id, bound into a record independently verifiable without contacting Warrant. Reconstructable end-to-end.
§ 500.7
Access privileges based on Risk Assessment. WARRANT · trace.actions[*].actor (with role binding when supplied) + authorization_envelope.preconditions_met. Privileged-user actions surfaced separately.
§ 500.14
Risk-based authentication for access to NPI. WARRANT · trace.actions[*].inputs.auth_context (when supplied) + per-action authorization_envelope. Authentication outcome carried into the chain.
§ 500.16
Incident response plan and business continuity. WARRANT · Incident-mode trace ingestion ships v0.5; today, incident traces produce independently verifiable packages by Warrant. Incident-response chain auditable.
§ 500.17(a)(1)
72-hour notice to superintendent on Cybersecurity Event determination. WARRANT · trace.actions[*].ts (decision time) + Warrant Cloud receipt store. The 72-hour clock starts at determination, not at occurrence; clock is customer process.
§ 500.17(b)(1)
Annual program assessment and report to Senior Governing Body. WARRANT · cross-trace inventory roll-up ships v0.5; per-trace evidence today supports the underlying assessment.
§ 500.17(b)(2)
Annual certification by highest-ranking executive (verbatim). WARRANT · trace.signed_off_by + the record names the accountable executive's tenant (not "CEO" because the rule does not say CEO).
§ 500.1(e)
Covered Entity definition. WARRANT · trace.regulated_entity (NY-licensed FS entity registration). Covered Entity status carried into chain.
§ 500.1(f)
Cybersecurity Event definition · act or attempt against Information System. WARRANT · trace.event_type (when AI agent flags potential Event) + risk_assessment.deviation_from_intended_purpose.
§ 500.1(k)
Nonpublic Information definition. WARRANT · trace.actions[*].inputs.npi_scope (when classified) pulls NPI handling decisions for examiner review.
07 · READ THE SOURCE

Primary citations.

The Second Amendment text sits at dfs.ny.gov · 23 NYCRR § 500 Second Amendment PDF. The AI Industry Letter is at il20241016-cyber-risks-ai. The full Cybersecurity Resource Center is at dfs.ny.gov/industry_guidance/cybersecurity.

W
Sample US evidence package · NYDFS Covered Entity small-business underwritingINDEPENDENTLY VERIFIABLE · ID 041f2335488dd56f
→ us-fintech.pdf
Verify a package → Open the demo All regulators
FILED ALONGSIDE
REGULATOR · US
SR 11-7 / SR 26-2.
Federal Reserve model risk management. Same US package satisfies both.
REGULATOR · EU
EU AI Act.
Articles 12 + 13. Different supervisor, same evidence shape.
INDEX · 9 FRAMEWORKS
All regulators.
Per-article obligation mapping across EU, UK, US, India, and Singapore.