On February 20, 2025, the SEC announced the creation of the Cyber and Emerging Technologies Unit (“CETU”) to focus on “combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.” In this blog post, we provide an overview of the announcement, which illustrates that the Trump administration will continue to prioritize SEC cybersecurity and artificial intelligence examinations and enforcement, with a particular emphasis on fraudulent conduct impacting retail investors.

The CETU and Its Responsibilities. The CETU will “utilize the staff’s substantial fintech and cyber-related experience to combat misconduct as it relates to securities transactions” in seven priority areas:

• Fraud committed using emerging technologies, such as artificial intelligence and machine learning, which we’ve discussed here.

• Use of social media, the dark web, or false websites to perpetrate fraud.

• Hacking to obtain material nonpublic information.

• Takeovers of retail brokerage accounts, which we’ve discussed here.

• Fraud involving blockchain technology and crypto assets, which we’ve discussed here.

• Regulated entities’ compliance with cybersecurity rules and regulations, which we’ve discussed here, here, and here.

• Public issuer fraudulent disclosure relating to cybersecurity, which we’ve discussed here.

The CETU replaces the Division of Enforcement’s Crypto Assets and Cyber Unit, which was founded in 2017, and will be staffed by 30 fraud specialists and attorneys nationwide. The CETU will “complement” the work of the Commission’s recently announced Crypto Task Force, which will be led by Commissioner Hester Peirce and will aim to develop a “comprehensive and clear regulatory framework for crypto assets.”

• A version of this article also appeared in Compliance & Enforcement on March 4, 2025. Access that version here.

Key Takeaways. The launch of the CETU demonstrates that the Trump SEC will continue to prioritize cybersecurity and artificial intelligence exams and enforcement. We highlight key takeaways for clients:

• CETU will prioritize fighting fraud involving retail investors. Six out of the seven CETU priorities explicitly reference fighting “fraud” involving cybersecurity and artificial intelligence. The specific goals—including fighting online fraud and takeovers of retail brokerage accounts—reflect the Commission’s expected shift to prioritizing retail investor protection as occurred under the first Trump administration. Any market participant that serves retail investors must remain particularly vigilant about disclosures and practices regarding cybersecurity and artificial intelligence.

• Cybersecurity issuer disclosure cases will also narrowly focus on fraud. The SEC under the last administration dedicated significant resources to developing issuer cybersecurity disclosure rules, which we’ve discussed here and here, and to charging cybersecurity issuer disclosure cases, which we’ve discussed here. We expect that the Trump SEC will focus on investigating and charging only egregious issuer misstatements and omissions about cybersecurity-related issues—not second-guessing in hindsight the good-faith judgments of victims of cybersecurity incidents.

• But registrants are not off the hook for compliance violations entirely, particularly when retail investors are involved. The CETU will focus on regulated entities’ “compliance with cybersecurity rules and regulations.” The SEC’s amendments to Reg S-P will serve as a key tool in the Commission’s cybersecurity examination and enforcement arsenal for retail investor protection. Similarly, the SEC’s enforcement of Reg S-ID—another key investor protection tool that we’ve previously written about here—will likely continue under the Trump SEC. For this reason, registrants that serve retail investors should continue to ensure compliance with the policies and procedures requirements of these regulations.

CETU will target AI washing. We expect the SEC’s AI washing cases—which we’ve discussed here and here—to continue under the Trump administration, particularly when the technologies target retail investors through outright fraud. As we’ve previously discussed here, market participants should continue to exercise diligence in ensuring that marketing materials and other communications about AI are accurate and comprehensive.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.