SEC Announces Big Changes to EDGAR Access

The SEC has finalized rules that will significantly revamp the process by which EDGAR is accessed for filers and filing agents. If you file Section 16 forms on behalf of company insiders, here's what you need to know about the new rules.

Why Change? Fake EDGAR Filings Are a Thing

The SEC is proposing this change to mitigate the problem of fake EDGAR filings. This is a thing—see the ongoing saga chronicled in TheCorporateCounsel.net blog. These filings can harm investors, so the SEC has determined that action to prevent them is necessary.

Background: The Current Process

Currently, EDGAR filers submit a notarized Form ID to gain access to EDGAR. After the filer’s Form ID is accepted, the SEC issues the filer a Central Index Key (CIK) and passphrase. The filer then uses the CIK and passphrase to generate the rest of the EDGAR codes necessary to submit filings and maintain their EDGAR account. These codes include the CIK Confirmation Code (CCC), password, and password modification authorization code (PMAC).

Anyone who knows an insider’s CIK and CCC numbers can submit filings on behalf of the insider. Thus, currently, CCC numbers should be very carefully guarded (CIK numbers are public). Unfortunately, the SEC has found that filers aren't always as careful as they should be with CCC numbers. 

If you are responsible for submitting filings on behalf of the insiders at your company, you can currently use either of the following approaches to do so:

1. Apply for your own access to EDGAR and submit filings through your own account using insiders’ CIK and CCC numbers. (This is the approach I recommend.)
2. Log into EDGAR using the insiders’ credentials and submit their filings through their accounts. 

​Change #1: Designated Account Administrators and Users

Under the new rules, each filer (i.e., insider, for our purposes) will be required to designate at least one account administrator who will be able to manage their EDGAR account and submit filings on their behalf. Presumably insiders can act as their own filer administrators if they want (who am I kidding—no one wants that). An insider can designate a maximum of 20 administrators. 

The initial account administrator(s) will be designated on the insider's Form ID. Once an insider's EDGAR account is established, the insider will have a "dashboard" in EDGAR that their account administrators can access. The account administrators will be able to designate additional administrators for the insider's account as necessary through the insider's dashboard.

Account administrators can also designate individual users who can submit filings on behalf of the insider, but don’t have the ability to manage the insider’s account.

As a result of this proposed change, only designated individuals/entities will be able to submit filings on behalf of an insider. It will no longer be possible for just anyone who has managed to come across an insider’s CIK and CCC number to submit filings on their behalf.

Personally, I think this is a helpful additional security measure. It means that you no longer need to change all your insiders’ CCC numbers whenever someone on your staff who had access to those numbers leaves. Or, if you weren’t changing their CCC numbers, it means you are no longer relying on the discretion of those former employees to ensure the integrity of your insiders’ EDGAR filings and accounts. Instead, when team members who have been granted access to submit filings on behalf of company insiders leave, their access to insider EDGAR accounts can be easily revoked.

There is, however, a major drawback to this process. If you onboard a new insider who already has an EDGAR account (e.g., a new director who is already a Section 16 insider at another company), you will likely need the insider's existing account administrator to designate you as an administrator or user on the insider's account. Without this access, you won't be able to submit filings on behalf of the insider.  And vice versa: when insiders at your company take on new insider roles at other companies, you'll need to designate individuals at those companies as administrators or users for the insider, so they can submit on the insider's behalf. It's a good thing stock compensation professionals are generally a pretty friendly bunch. 

Change #2: Multifactor Authentication

Once the new rules are in effect, access to EDGAR will be managed through Login.gov. This will enable the SEC to implement multifactor authentication to access EDGAR. Anyone who accesses EDGAR (i.e., to submit filings and manage filer accounts) will have to establish login credentials to EDGAR through Login.gov. This layers on an additional security measure to access a filer's EDGAR account—for example, entering a code that is texted to you in addition to entering your ID and password. There are several authentication methods to choose from.

Anyone serving as an account administrator or a user for Section 16 insiders will need to establish login credentials through Login.gov. It isn't going to be possible for you to log into EDGAR using your insiders' credentials (in fact, logging into EDGAR using someone else's credentials is expressly prohibited under the new rules).

However, I have some good news. I originally thought this meant that all your insiders would need to create Login.gov accounts, but this isn't the case. Insiders may never need to access their own EDGAR accounts, since you likely manage their accounts for them. If so, they don't need their own EDGAR logins. Only the individuals on your team who will be managing insider accounts or submitting filings for insiders need EDGAR logins; thus, it is only these individuals who will need Login.gov accounts.

Change #3: Annual Confirmation

Account administrators will be required to annually confirm who should have access to insiders' accounts and that the information for all insiders' is accurate. Failure to do so will ultimately result in deactivation of the insider's account. The insider would have to submit a new Form ID to reactivate the account.

Form ID Still Required

You might be hoping that this means Form ID will no longer be necessary. I'm sorry to disappoint you but Form ID isn't going anywhere. EDGAR filers will still be required to submit a notarized Form ID to the SEC. In fact, the form is going to get longer. In addition to requiring filers to designate an account administrator, the form is going to require more specific contact information and ask whether the filer has been subject to civil or criminal enforcement for securities law violations.

CCC Still Required

CCCs also aren't going away, at least for now. To submit filings on behalf of an insider, you will still need both the insider's CIK and CCC. But because of the added security provided by multifactor authentication, insiders' CCCs will now be visible in their EDGAR dashboards, so you won't need whatever system or document you currently use to keep track of them all. Account administrators will be able to update insiders' CCCs in the EDGAR dashboard and via third-party filing tools (if the filing tool provider chooses to offer this functionality). 

Third-Party Filing Tools

The SEC will create application programming interfaces (APIs) that will allow management of EDGAR accounts and submission of filings through third-party systems. This is also good news. The SEC's first EDGAR access proposal (issued back in September 2021) would not have accommodated filing submissions from third-party tools at all. In the second proposal (September 2023), only APIs for filing submissions were offered, not management of EDGAR accounts. Under the final rules, depending on the functionality of your third-party provider, you might never need to log into your EDGAR dashboard. Instead, you could manage your insiders' accounts and submit their filings through the third-party tool (but you will still need a Login.gov account.) 

If you work for a third-party filer, the SEC has provided an API Toolkit and an overview of the APIs. 

Adopting BETA Program

The SEC has launched an EDGAR Next Adopting Beta program that allows you to test out the EDGAR Next platform. This program will run until at least December 19, 2025, so you'll be able to use it to test EDGAR Next even after live filings commence under the EDGAR Next platform. Learn more about the beta program on the EDGAR Next page. If you participate in the beta and would be open to sharing your feedback with me, I am very interested in hearing it.

Transition

There are three key dates to note in your calendar for the transition to EDGAR Next:

• Launch: March 24, 2025, is when the EDGAR Next platform will launch. This is the first date you can start enrolling insiders on the new platform.
• Sunset: September 12, 2025, is the last day you can submit filings via the legacy EDGAR platform. Starting on September 15, 2025, all filings must be submitted via the EDGAR Next platform.
• Enrollment Ends: December 19, 2025, will be the last date that legacy EDGAR filers can be enrolled on the EDGAR Next platform without submitting a new Form ID. After this date, filers will need to submit a new Form ID (which must be notarized) to apply for access to their EDGAR accounts.

I've created a timeline illustrating the transition process:

During the period from March 24, 2025, to September 12, 2025, filings can be submitted via both the legacy EDGAR platform or EDGAR Next.

From March 24, 2025 to December 19, 2025, insiders who have accounts on the legacy EDGAR platform can be enrolled on EDGAR Next without submitting a new Form ID. Enrollment during this period does not require notarization or a power of attorney for the account administrators, so you for sure want to take advantage of this opportunity. Insiders that aren't enrolled in EDGAR Next by December 19, 2025, will lose access to EDGAR and will have to submit a new Form ID to reactivate their accounts. The Form ID will have to be notarized and will have to include a power of attorney for any account administrators designated on the form. 

Warning! When insiders are enrolled in EDGAR Next, their CCC is automatically reset. If your insiders are subject to Section 16 at any other companies, please be courteous and make sure the insiders and the administrators at those companies are aware of the insider's new CCC.

Additional Resources

The SEC has some great resources explaining the new platform, the Adopting Beta program, and the transition on its EDGAR Next page. Here are some resources to start with:

• Checklist of steps to enroll insiders on the EDGAR Next platform.
• Playlist of EDGAR Next videos on YouTube.

Stay tuned! The NASPP will be providing additional resources to help our members understand how to transition to the EDGAR Next platform.