How to Get Ready for the U.S. Coast Guard’s Cybersecurity Rule

On January 17, the US Coast Guard released its much-anticipated final rule on cybersecurity in the US Marine Transportation System, which establishes mandatory minimum cybersecurity requirements for the maritime sector. The new regulations are effective July 16, 2025 and represent the most significant maritime cybersecurity regulations to date. Affected entities should review their existing policies, identify any gaps or deficiencies, and implement compliance procedures.

I. Scope and Applicability

The primary goal of the final rule is to enhance the cybersecurity of the US Marine Transportation System. The new regulations establish minimum mandatory requirements for US flag vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to the Maritime Transportation Security Act of 2002. The rule aims to address the increasing risks posed by cyber threats due to the growing reliance on interconnected digital systems within the maritime industry. It emphasizes both preventing cyber incidents and preparing to respond to them effectively.

The rule applies to:

a. US flag vessels subject to 33 CFR part 104:

• Cargo vessels greater than 100 gross tons
• Commercial passenger vessels certified to carry more than 150 passengers
• Offshore Supply Vessels (OSVs)
• Mobile Offshore Drilling Units (MODUs)
• Towing vessels more than 26 feet long engaged in towing certain dangerous cargo barges
• Cruise ships and passenger vessels carrying more than 12 passengers on international voyages

b. Facilities subject to 33 CFR part 105:

• Container terminals
• Chemical facilities with waterfront access
• Petroleum terminals
• Cruise ship terminals
• Bulk liquid transfer facilities
• LNG/LPG terminals
• Barge fleeting facilities handling dangerous cargo
• Facilitie…