Key Takeaways:

• As the year draws to a close, public companies with a calendar year-end are once again turning their focus to the upcoming annual reporting season.
• In this In Depth, we outline key considerations for public companies when preparing their annual reports on Form 10-K or Form 20-F.

---

As the year draws to a close, public companies with a calendar year-end are once again turning their focus to the upcoming annual reporting season. In this In Depth, we outline key considerations for public companies when preparing their annual reports on Form 10-K or Form 20-F.

Key Takeaways

• Although the U.S. Securities and Exchange Commission (“SEC”) has not been particularly active in advancing new rulemaking in 2025, public companies must still navigate a range of developing disclosure considerations, particularly in the areas of AI, insider trading, cybersecurity, tariffs, geopolitical developments, human capital, crypto and climate.

• The SEC is expected to continue its focus on AI disclosures, as part of a broader effort by the current federal administration to promote the development and advancement of legitimate AI ventures.

• The SEC’s Spring 2025 Regulatory Agenda outlines several notable initiatives on the horizon, such as potential changes to foreign private issuer eligibility, a shift to semiannual reporting and efforts to streamline reporting obligations—areas that could affect disclosure and compliance practices in future years.

Disclosure Highlights

Artificial Intelligence

We expect the SEC to continue to focus on AI, particularly on “AI-washing”—hyperbolic or inaccurate AI disclosures—which may lead to fraud claims under the federal securities laws. Public companies should closely scrutinize all public- and investor-facing materials to ensure that any representations about the use of technology, automation or AI are accurate and substantiated.

In April 2025, the SEC and the Department of Justice (“DOJ”) filed parallel actions against Albert Saniger, the former CEO of Nate, Inc., a privately held technology startup, for fraudulently raising over $42 million from investors by falsely claiming that Nate’s mobile shopping software used AI to complete users’ purchases across a variety of retail platforms. The majority of the alleged misrepresentations about Nate’s technology platform were made in presentations, marketing materials and emails to venture capital firms for the purpose of raising private capital. As discussed on our Debevoise Data Blog, these were the first AI-washing enforcement actions brought by the SEC and the DOJ under the current administration.

AI is a top priority in the SEC’s Division of Examinations 2026 Examination Priorities, released in November 2025. In its statement, the Division signaled that it will closely examine companies’ use of AI and other automated technologies, scrutinizing whether related disclosures, supervisory frameworks and controls align with actual practices.

Recent SEC comment letters underscore the SEC’s view that companies should avoid suggesting that their AI technologies are more autonomous, scalable or commercially mature than they actually are. The Staff has emphasized that accurate AI disclosure requires not only describing current uses, but also addressing material risks—including data quality issues, model limitations, cybersecurity considerations and potential bias or compliance concerns.

At a meeting of the SEC’s Investor Advisory Committee (“IAC”) in December, the IAC considered a discussion draft of recommendations regarding the disclosure of the impact of AI on operations. In remarks delivered at the meeting, SEC Chairman Paul Atkins and Commissioner Pierce both signaled they don’t believe new, mandated AI-related disclosures are necessary. Instead, in his remarks, Chairman Atkins stated that the “principles-based rules were intentionally designed to allow companies to inform investors of material impacts of any new development, including how AI affects their financial results, how AI can be a material risk factor to an investment, and how AI is a material aspect of their business model.” As always, public companies should carefully evaluate whether their AI practices, including decisions on whether to adopt AI, may implicate current disclosure requirements. For updates on developments relating to artificial intelligence, see our Debevoise Data Blog | Artificial Intelligence.

Insider Trading Policies

For public companies with a calendar year end, compliance with disclosure requirements relating to insider trading policies and procedures began with the 2024 Form 10-K or Form 20-F or related proxy statement.

Item 601 of Regulation S-K requires public companies to file any insider trading policy as an exhibit to their annual report on Form 10-K or Form 20-F. In addition, Item 408(b) of Regulation S-K and Item 16J of Form 20-F require public companies to disclose whether they have adopted insider trading policies and procedures governing trading in the company’s securities by employees, officers or directors, or by the company itself, that are reasonably designed to promote compliance with insider trading laws, rules and regulations and any applicable listing standards (and if not, why not). A company can incorporate by reference in its Form 10-K the information required under Item 408(b) from a definitive proxy statement if the proxy statement is filed within 120 days of the end of the fiscal year.

Following the 2024 annual reporting season, we surveyed the insider trading policies filed by over 60 public companies, including the 30 largest S&P 100 companies based on market capitalization. Our complete analysis is available here.

Notably, we found that some companies (10%) address the requirement to disclose whether they have trading policies applicable to transactions by the issuer by including a statement within the insider trading policy that it is the policy of the company to comply with all applicable insider trading laws, rules and regulations. Doing so allows the company to disclose that it does have applicable policies, while still allowing flexibility to engage in appropriate transactions in its own securities.

Other companies (13%) subject themselves to their insider trading policy by including the company in the definition of “covered person.” If taking this approach, companies should take care that the insider trading policy does not impose undue constraints on company activities such as securities offerings, repurchase programs or hedging activities.

Cybersecurity

Item 106 of Regulation S-K requires public companies to describe their process for assessing, identifying and managing material risks from cybersecurity threats as well as the board’s oversight of, and management’s role and expertise in, assessing and managing material risks posed by cybersecurity threats.

To date, the SEC has issued a limited number of comment letters addressing Item 1C cybersecurity disclosures in Form 10-K filings. Several of these letters identified the omission of Item 1C disclosure entirely. Others focused on the sufficiency of companies’ descriptions of management expertise, as required by Item 106(c)(2)(i) of Regulation S-K. In particular, where companies discussed the expertise of their Chief Information Security Officer but did not address the qualifications of other members of the information security organization, the SEC requested that future filings be revised to include a description of the relevant expertise of those additional personnel.

Debevoise assisted five leading financial services industry trade associations in preparing a joint rulemaking petition in response to the SEC’s cybersecurity disclosure rule. The petition called for the rescission of Form 8-K Item 1.05 and corresponding Form 6-K requirements. The trade associations’ position is that rescission would restore a principles-based cybersecurity disclosure regime and provide more meaningful, decision-useful information to investors without imposing undue burdens or creating new risks for public companies. The petition did not address Item 106 of Regulation S-K, and the SEC did not indicate an intent to revisit the cybersecurity disclosure rules as part of its Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions (the “Spring 2025 Agenda”). For more information, see our Debevoise Data Blog post.

In addition to AI, cybersecurity is a top priority in the Division of Examinations 2026 Examination Priorities. In the statement, the Division highlighted escalating cybersecurity and operational-resiliency threats—including those amplified by firms’ adoption of AI tools—and underscored the need for robust governance, vendor oversight, access controls and incident-response programs.

Tariffs

Companies should evaluate whether recent and anticipated shifts in federal tariff policy give rise to disclosure obligations. Changes in tariff policy may materially affect supply chains, input costs, pricing strategies, customer demand and market access. As the current federal administration continues to reassess tariff policy, companies should consider whether these developments present known trends or uncertainties requiring discussion in MD&A, including the potential impact on cost of goods sold, gross margins or capital allocation.

Companies should also review and, where appropriate, update risk factors to address exposure to tariff fluctuations, trade restrictions or geopolitical trade tensions, particularly where operations depend on jurisdictions targeted by new trade actions. Likewise, companies that provide financial guidance should evaluate whether changes in tariff policies necessitate updated forward-looking statements, including disclosures regarding potential uncertainty in expected results.

Given the rapid policy shifts in this area, companies should ensure that disclosure controls are calibrated to identify tariff-related developments that may require timely updates to disclosures. For an overview of tariff risks, see our Debevoise In Depth, The U.S. Tariff Turmoil: Navigating the Potential Sources of Risk.

Geopolitical Conflicts

In May 2022, the SEC published a sample comment letter reminding public companies that they may have disclosure obligations related to the direct or indirect impact of Russia’s invasion of Ukraine. The comment letter states that public companies should provide detailed disclosure regarding any direct or indirect exposure to Russia or Ukraine through the company’s supply chains, operations, investments, assets or business relationships.

The Division of Corporation Finance has not published a sample comment letter on the conflict in the Middle East or any other global conflicts; however, it is likely that the SEC’s view regarding disclosure is the same. As such, companies that have direct or indirect exposure to conflicts; operations, investments or assets in a conflict area; or business relationships with companies that do should evaluate any material impacts or risks of future impacts related to such conflicts.

Human Capital

Item 101(c)(2)(ii) of Regulation S-K requires public companies to describe, to the extent material to an understanding of the company’s business taken as a whole, any human capital measures or objectives that the company focuses on in managing the business, such as measures or objectives that address the development, attraction and retention of personnel.

In prior years, increased interest from some shareholder groups in ESG-related matters led many companies to voluntarily disclose human capital measures or objectives—particularly relating to diversity, equity and inclusion. In the current political environment, however, most companies have pared back or de-emphasized their DEI-related disclosures and are refocusing on the line-item requirements of Item 101(c)(2)(ii).

Cryptocurrency

In April 2025, the Division of Corporation Finance released guidance that traditional disclosure requirements under federal securities law apply equally to offerings or registrations involving crypto assets and to companies whose business models intersect with blockchain-based networks or applications. Issuers that interact with crypto-focused counterparties should evaluate whether those relationships require additional disclosure.

The Division highlighted several areas where disclosures need to be more robust. Under Item 101 of Regulation S-K, companies must tailor their business descriptions to the material aspects of their crypto-related activities, including the stage of development, technical milestones, revenue generation expectations and whether the crypto asset or security serves any functional role in the business. Companies developing or using crypto networks may need to explain how the network or application operates, including its architecture, consensus mechanism, transaction validation, governance model and any products or services offered through the network. Risk factor disclosures under Item 105 must also address material risks associated with crypto-related operations, including technology and cybersecurity risks, reliance on other networks or applications, volatility and liquidity of related securities, regulatory uncertainty and custody considerations.

Climate

In September 2025, the U.S. Court of Appeals for the Eighth Circuit issued an order holding in abeyance petitions for review of the SEC’s climate disclosure rules. The court stated that the order will remain in place until the SEC decides to rescind or modify the climate disclosure rules through ordinary rulemaking or renews its defense of the rules in the litigation.

Following their adoption in March 2024, the climate disclosure rules faced legal challenges from several states and private entities, with resulting petitions consolidated in the Eighth Circuit under State of Iowa, et al. v. SEC, No. 24-1522 (8th Cir. 2024). In March 2025, the SEC announced that it would stop defending the Biden-era rules. In a status report filed in July, the SEC urged the court to render a decision in the litigation, stating that the SEC did “not intend to review or reconsider the Rules at this time.”

Although the climate disclosure rules are not currently operative, public companies must continue to consider whether climate-related disclosures are required under existing principles-based disclosure requirements. The SEC has previously highlighted the requirements under Regulation S-K for companies to disclose costs of compliance with environmental laws, environmental litigation and government proceedings; material environmental and climate change risks impacting the company; and material trends, demands, commitments and uncertainties relating to climate change in MD&A.

Many companies are also preparing for compliance with California’s climate-related disclosure laws. The January 1, 2026 compliance deadline for SB 261, which requires companies “doing business in California” with over $500 million in revenue to publicly disclose their climate-related financial risks in a biennial report, will not be enforced by the California Air Resources Board as a result of an injunction pending appeal in the matter of U.S. Chamber of Commerce v. Randolph. Covered entities may voluntarily submit their SB 261 reports through CARB’s public docket, which is now open. Public companies that report under California’s disclosure regime, whether voluntary or required, should ensure that any material information is consistent with their SEC disclosures. On December 9, 2025, CARB issued proposed regulatory text for the climate-related disclosure laws, including SB 261, and set a hearing on their final approval in late February 2026. The draft regulatory text is available here. We continue to monitor the status of the laws on our ESG Resource Center.

Housekeeping

EDGAR Next

Most companies that are SEC filers have now enrolled in EDGAR Next. The legacy EDGAR system will be deactivated for all purposes on December 19, 2025. Filers who have not enrolled in EDGAR Next by this time will be required to submit a new Form ID to apply for access to make filings on their EDGAR accounts.

XBRL Tagging

Failure to comply with XBRL tagging requirements can affect a public company’s ability to use short-form registration statements. Companies should therefore understand when tagging is required and ensure that their filing agents are focused on the requirements.

In June 2025, the SEC posted a statement relating to recent errors in tagged public float data reported by companies on their Form 10-Ks and encouraged public companies to carefully review their public float data to ensure accuracy and consistency.

Companies should also review all hyperlinks included in their Form 10-Ks and related filings to confirm they function properly, as broken links are common and impede investors’ access to required information.

Peak Filing Volume Dates

The SEC expects to receive the highest volume of EDGAR filings in calendar year 2026 on the dates listed on the EDGAR Calendar webpage. To accommodate potentially longer processing times on high filing volume dates, public companies should submit any test or applicable live filings as early as possible prior to the due date of a filing.

Rulemaking on the Horizon

In September 2025, the SEC published the Spring 2025 Agenda, which provides an overview of the SEC’s rulemaking priorities for the upcoming fiscal year. Chairman Atkins noted the Agenda’s central themes of a “renewed focus on supporting innovation, capital formation, market efficiency, and investor protection.” In particular, Chairman Atkins highlighted the SEC’s focus on providing “a number of envisioned deregulatory rule proposals to reduce compliance burdens and facilitate capital formation.”

Foreign Private Issuer Eligibility

On June 4, 2025, the SEC issued a concept release on potential changes to the definition of “foreign private issuer” (“FPI”) for purposes of federal securities laws, soliciting public comments on whether the current eligibility criteria for FPI status should be modified in light of significant changes to the FPI population since the SEC’s last review of the FPI framework in 2008.

The concept release received unanimous support by all four SEC commissioners and is consistent with the current administration’s increased focus on addressing perceived competitive disadvantages for U.S. companies. The public comment period for the concept release closed on September 8, 2025. The SEC’s Concept Release on FPI Eligibility is available here, and public comments on the Concept Release are available here.

Semiannual Reporting

On September 19, 2025, Chairman Atkins announced that the SEC will propose a rule change that would allow U.S. public companies to report earnings on a semiannual basis, rather than quarterly. The announcement follows a petition from the Long-Term Stock Exchange and echoes prior endorsements from President Trump, including one on September 15, 2025. If adopted, the change would mark a significant departure from the quarterly reporting regime that has governed U.S. public company disclosure since 1970.

A shift to semiannual reporting could have broad implications. Proponents argue it would allow companies to focus more on long-term strategy, reduce compliance costs and bring the United States into alignment with jurisdictions such as the United Kingdom and the European Union. However, others have raised concerns about decreased transparency, less frequent cleansing of material nonpublic information and the potential for inconsistent voluntary disclosures absent Form 10-Q standards. The potential rule change is expected to proceed through the regular rulemaking process, including a public comment period. For more information, please see our Debevoise Update.

The Spring 2025 Agenda also included proposals relating to:

• Enhancement of EGC Accommodations and Simplification of Filer Status for Reporting Companies—proposing rule amendments to expand accommodations that are available for Emerging Growth Companies (defined generally to include new issuers with total annual gross revenues of less than $1.235 billion) and to rationalize filer statuses to simplify the categorization of registrants and reduce their compliance burdens.

• Shareholder Proposal Modernization—proposing rule amendments to modernize the requirements of Rule 14a-8 of the Securities Exchange Act of 1934, as amended, to reduce compliance burdens for registrants and account for developments since the rule was last amended.

• Shelf Registration Modernization—proposing rule amendments to modernize the shelf registration process to reduce compliance burdens and further facilitate capital formation. 

• Updating the Exempt Offering Pathways—proposing rule amendments to facilitate capital formation and simplify the pathways for raising capital for, and investor access to, private businesses.

• Rule 144 Safe Harbor—reproposing amendments to Rule 144 of the Securities Act of 1933, as amended, a non-exclusive safe harbor that permits the public resale of restricted or control securities if the conditions of the rule are met, to increase instances in which the safe harbor would be available. 

• Crypto Assets—proposing rules relating to the offer and sale of crypto assets, potentially to include certain exemptions and safe harbors, to help clarify the regulatory framework for crypto assets and provide greater certainty to the market.

• Rationalization of Disclosure Practices—the Staff continues to solicit feedback, through the SEC’s Subcommittee on Disclosure, on whether Regulation S-K disclosure requirements, particularly executive compensation disclosure, impose unnecessary burdens on public companies.

Form 10-K Filing Deadlines

• Large Accelerated Filer: March 2, 2026 (or 60 days after fiscal year end).

• Accelerated Filer: March 16, 2026 (or 75 days after fiscal year end).

• Non-Accelerated Filers: March 31, 2026 (or 90 days after fiscal year end).

 

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.