The Securities and Exchange Commission approved a proposal from
"Under previous requirements, registrants had one login per company. This is like having a family passing around one shared login and password for a movie streaming app. You know where that can lead. That's simply not the most secure system — for filers and the commission alike — when it comes to information relating to financial disclosure. By contrast, today's amendments further secure login protocols by requiring every person filing something into EDGAR to login with individual credentials and to use multifactor authentication," said SEC Chair Gary Gensler in a statement.
The SEC
The SEC said it would also address certain security vulnerabilities among filers themselves, such as companies actually losing track of who does and does not have access. This is particularly problematic when considering that many entities use third parties, like law firms or software providers, to make EDGAR filings for them.
"Today's EDGAR Next rulemaking facilitates an important modernization of EDGAR. I hope — to quote the raven in Edgar Allen Poe's famous poem — that now we will be able to say 'Nevermore' to unauthorized filings and, in the process, make life easier for authorized filers," said Commissioner Hester Peirce in a statement.
The SEC noted that some commenters expressed concern about individuals sharing their login information, thus defeating the purpose of individual accounts, so the SEC added a provision that says they're not allowed to do that, which presumably was felt to be an effective measure against that.
Under the new system, each filer must authorize and maintain at least two individuals with individual account credentials as administrators to manage the filer's account and to make submissions on EDGAR, unless the filer is an individual or single-member company, in which case the filer will be required to authorize and maintain at least one individual with individual account credentials as an account administrator. Account administrators acting on behalf of the filer may authorize and de-authorize individuals with individual account credentials as users, additional account administrators, or technical administrators for the filer, as needed.
Accounts will be managed via a dashboard with all the filers' information on it. Each year, all filers (through the account administrator) are required to confirm that all account administrators, users, technical administrators and delegated entities are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate; to maintain accurate and current information on EDGAR concerning the filer's account; and to securely maintain information relevant to the ability to access the filer's EDGAR account. These accounts will also be equipped with multifactor authentication, which the current system lacks.
The SEC conceded that the annual confirmation requirement will impose additional compliance costs on filers. It estimated that, in the first year, there will be a one-time cost of approximately $200 per filer, on average, to set up the filer's account on the EDGAR Next dashboard. It also estimates that there will be a recurring cost, including in the first year, of approximately $200 per filer, on average, to manage the filer's dashboard. This cost, though, will likely vary with the number of users and personnel turnover.
The new rules also allow for the optional use of application programming interfaces — software that allows computer systems to communicate with each other — that connect directly with the EDGAR system. Specifically, the SEC plans to make available:
- A submission API to allow filers to make both live and test submissions;
- A submission status API to allow filers to check the status of a submission;
- An operational status API to allow filers to check EDGAR operational status;
- A credential verification API to confirm the validity of all credentials involved in an API-based filing;
- APIs to view individuals, add individuals, remove individuals, and change roles;
- APIs to send delegation invitations, request delegation invitations, and view delegations;
- APIs to view filer account information, generate CCC, and create custom CCC; and,
- APIs to automate the enrollment process.
These rule changes, plus the new API functionality, will require technical changes to the system, which will itself require user testing. To this end, the SEC will open a beta software environment that will reflect the adopted rule and form amendments and the related technical changes. Information about signing up for beta testing and extensive additional information about the rule adoption and related technical changes can be found on
"While the commission is adopting EDGAR Next today, the agency's work is only beginning. Changes to EDGAR must be workable and operationally practical. Over the next 15 months, the commission staff will need to work with filers, filing agents, and the rest of the filing community to carry out — and implement changes from — additional beta testing of EDGAR Next functionalities. Commission staff will also need to ensure that filers are aware of EDGAR Next, including the requirement to enroll by no later than Dec. 19, 2025, and ideally by Sept. 12, 2025. I will be following the staff's progress on ensuring a smooth transition to, and the implementation of, EDGAR Next," said Commissioner Mark Uyeda in a statement.
