SEC adopts changes to access procedures for EDGAR system

The U.S. Securities and Exchange Commission (SEC) says it’s adopting changes to the login, password, and other account-access procedures for those using its Electronic Data Gathering, Analysis, and Retrieval system (EDGAR). That’s according to The Trusted Professional, a publication of the New York State Society of Certified Public Accountants on the society’s website. The new version of EDGAR, known as EDGAR Next, will upgrade the system in three ways. They include improving EDGAR’s security; enhancing filers’ ability to manage their EDGAR accounts; and modernizing connections to EDGAR. Most notably, it will transition from one login account per company to one account for every individual who files documents into EDGAR. “A lot has changed in the three decades since the Commission first required mandatory EDGAR filings in 1993. EDGAR has lived through the rise of the internet, social media, and streaming content. We also have learned a great deal about data security and password protection in that time,” Gary Gensler, chairman of the SEC, said in a statement. “To keep pace with ever-evolving markets, technology, and business models, we’ve updated EDGAR over the years. Our most recent meaningful update, though, to EDGAR login, password, and other account access protocols was more than a decade ago. Today’s amendments are an important next step for EDGAR account access protocols.” Gensler explained that under previous requirements, registrants had one login per company, which is akin to having a family passing around one shared login and password for a movie streaming app. “That’s simply not the most secure system — for filers and the Commission alike —when it comes to information relating to financial disclosure. By contrast, today’s amendments further secure login protocols by requiring every person filing something into EDGAR to login with individual credentials and to use multi-factor authentication,” Gensler said. The amendments require electronic filers to authorize and maintain designated individuals as their account administrators. The changes also require filers to take certain actions, through their account administrators, to manage their accounts on EDGAR, per the Oct. 3 announcement. Additionally, under the amendments, filers may authorize individuals as account administrators only if they get individual account credentials in the way laid out by the EDGAR filer manual. As part of the EDGAR Next changes, optional application programming interfaces (APIs) will be provided to filers for machine-to-machine communication with EDGAR. The SEC is also amending volume I of the EDGAR filer manual to be in accordance with these changes. APIs are a machine-to-machine way of making submissions, retrieving information and performing account management tasks that will enhance filers’ EDGAR interactions’ efficiency and accuracy. These APIs also let filers manage their EDGAR accounts with minimal manual interaction with EDGAR. The SEC opened a beta software environment for filer testing and feedback, reflecting the adopted rule and form amendments and the related technical changes. Information about signing up for beta testing and other information regarding the rule’s adoption can be found on the EDGAR Next webpage. Those asking for access to EDGAR must complete a form known as the Uniform Application for Access Codes or Form ID. Compliance with amended Form ID is required on March 24, 2025. All rule and form amendments will take effect on that date, and filers will be required to comply with all rule and form amendments by Sept. 15, 2025.