The U.S. Coast Guard Final Cybersecurity Rule 2025

On January 17, 2025, the U.S. Coast Guard (USCG) published a new final rule (“Final Rule”) that establishes regulations requiring U.S. shipowners and operators, as well as those operating within U.S. jurisdiction to implement cybersecurity measures to protect against cyber threats. The Final Rule mandates the development of cybersecurity risk management programs, the creation and maintenance of a cybersecurity plan, the establishment of a cyber incident response plan and the implementation of protocols for reporting cyber incidents. It also requires operators to align their cybersecurity plans with international standards set by the International Maritime Organization (IMO). This rule aims to enhance the resilience of the marine sector, ensuring the security of critical infra-structure and mitigating risks to safety, operations, and global supply chains in an increasingly digital world.

The Club, in collaboration with its partners BLANKROME and ShorelineHudson (Acrisure), has produced a series of publications to assist its members in addressing legal challenges and navigating the practical aspects of complying with the USCG Final Rule. These resources offer legal and practical guidance for the Club’s members on aligning their compliance efforts with the Final Rule, while utilising existing IMO cybersecurity frameworks, such as the ISM Code and MSC-FAL.1/Circ.3. By harmonising IMO’s cybersecurity management practices with U.S. regulatory requirement and expectations, the Club’s members can reduce operational risk, enhance resilience and avoid potential costly enforcement actions during calls at US ports.

The Club’s publication “Key Legal Issues, Deadlines and FAQS ” offers legal guidance while “Cybersecurity Readiness at Sea” provides practical advice for the Club’s members.

The Club’s members who are actively engaged in trade or are based within U.S. jurisdiction are strongly encouraged to consult these publications for the comprehensive guidance.