MEMBER ALERT Shipowners Claims Bureau, Inc., Manager One Battery Park Plaza 31 st Fl., New York, NY 10004 USA Tel: +1 212 847 4500 Fax: +1 212 847 4599 https://www.american-club.com American Club Member Alert – August 1 3 , 20 25 1 AUGUST 13, 2025 UNITED STATES COAST GUARD (USCG) FINAL RULE ON CYBERSECURITY IN THE MARINE TRANSPORTATION SYSTEM (MTS) On January 17, 2025, the USCG published a final rule, Cybersecurity in the Marine Transportation System (MTS), in the Federal Register (90 FR 6298). This final rule became effective on July 16, 2025 for all U.S.-flagged vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to Maritime Transportation Security Act of 2002 (MTSA). This final rule was executed in continuation of updates to Captain of the Port authority that definitively designated cybersecurity vulnerabilities as a potential threat to the security and safety of United States ports. Requirements in the final rule include developing and maintaining a Cybersecurity Plan, designating a Cybersecurity Officer (CySO), and taking various measures to maintain cybersecurity within the MTS. The regulation contains a phased implementation schedule: • As of July 16, 2025, all reportable cyber incidents must be reported to the National Response Center. • By January 12, 2026, and annually thereafter, all personnel must complete the training specified in 33 CFR 101.650. • By July 16, 2027, owners and operators must designate the Cybersecurity Officer, conduct the Cybersecurity Assessment, and submit the Cybersecurity Plan for approval. Recognizing the escalating cyber threat from adversarial actors targeting the US Marine Transportation System, the USCG, leveraging the post-9/11 alignment of domestic MTSA authorities with international SOLAS and ISPS Code regimes, will intensify Port State Control (PSC) scrutiny on indicators of poor cybersecurity practices, specifically those impacting International Safety Management (ISM) Code compliance on foreign flagged vessels. This elevated focus may lead to the issuance of deficiencies requiring correction, or, if circumstances warrant, result in vessel detention, denial of entry or Captain of the Port (COTP) action to control vessel movements. Further guidance on these regulations can be found at the USCG Maritime Industry Cybersecurity Resource Website by clicking here. It is recommended that Members take note of this information and be guided accordingly.