Jul. 16, 2026
We submit this comment as an organization with extensive experience delivering regulatory communications and shareholder materials throughout the U.S. securities markets. Our comments are based on decades of operational experience managing both physical and electronic delivery systems and observing how investors interact with required disclosures. While we recognize the Commission’s desire to modernize communications, we respectfully oppose the proposed transition to a default electronic delivery framework. We believe the proposal underestimates the importance of resilient, redundant communication systems and the continuing role that physical delivery plays in maintaining investor confidence, cybersecurity, and market continuity. Electronic communications offer speed and efficiency but inherently depend upon complex technological infrastructure that remains vulnerable to failure. Email systems, cloud providers, identity providers, internet service providers, domain name services, mobile networks, and endpoint devices each represent potential points of failure. Increasing reliance upon a single delivery channel concentrates operational risk rather than diversifying it. Physical delivery provides an independent communication channel that is not dependent upon internet connectivity, electrical power, authentication systems, software platforms, or third-party cloud infrastructure. This independence is an important component of operational resilience and should not be viewed merely as a legacy delivery method. Cybersecurity risks continue to evolve rapidly. Phishing campaigns, account compromise, malware, ransomware, credential theft, spoofed domains, business email compromise, and artificial intelligence-generated fraud have significantly increased the difficulty for investors to distinguish legitimate communications from malicious ones. Investors are routinely advised by regulators and cybersecurity professionals to exercise caution before opening unsolicited emails or clicking embedded links. The proposed rule would increase reliance upon precisely those communication channels that have become the primary targets of cybercriminals. Many investors intentionally avoid interacting with financial emails because they fear phishing attacks. Others maintain outdated email addresses, abandon accounts, change employers, migrate internet providers, or experience long periods of inactivity without realizing important regulatory communications are no longer reaching them. Unlike postal mail, electronic delivery failures often occur silently, with neither the sender nor recipient immediately aware that communication has been disrupted. Physical communications also provide an important defense against identity-based attacks. Fraudulent electronic communications can be transmitted globally within minutes, while physical mail requires significantly greater effort to counterfeit at scale and remains substantially more difficult to automate for mass fraud campaigns. The proposal also reduces the diversity of communication infrastructure supporting the securities markets. Sound risk management generally favors multiple independent systems rather than reliance upon a single technological pathway. Maintaining both physical and electronic delivery channels provides redundancy comparable to backup systems employed throughout critical financial infrastructure. Recent years have demonstrated that widespread technology disruptions—including cloud outages, software defects, internet routing failures, ransomware incidents, supply-chain compromises, and nation-state cyber activity—can simultaneously affect millions of users. During such events, physical delivery remains operational even when digital communications become unavailable or unreliable. From an operational standpoint, the proposal assumes that electronic delivery provides durable evidence of successful communication. In practice, delivery confirmation is not equivalent to receipt, review, or comprehension. Messages may be accepted by a mail server but never viewed. They may be diverted by spam filtering, automatically archived, blocked by security software, quarantined by enterprise systems, or deleted without being opened. None of these scenarios necessarily produces meaningful evidence that the investor actually received the required disclosure. The proposal likewise assumes that investors will actively manage their delivery preferences over time. Our experience indicates that investor contact information naturally degrades as email addresses change, accounts become inactive, passwords are forgotten, employers change, domains expire, or service providers discontinue products. Physical mailing addresses generally remain more stable and are routinely updated through established postal forwarding and address maintenance processes. The Commission has long recognized that investor protection depends not only on making disclosures available but also on maximizing the likelihood that investors actually receive them. We believe replacing affirmative consent with presumed electronic delivery weakens this principle by shifting responsibility away from regulated entities and toward investors. We also believe the proposal warrants additional consideration from a national resilience perspective. Financial communications constitute part of the nation’s critical market infrastructure. Public policy in other critical sectors—including banking, utilities, emergency management, and national security—generally favors resilient systems with independent backup capabilities rather than exclusive dependence on networked technologies. Securities regulation should reflect the same philosophy. If the Commission elects to proceed, we respectfully recommend incorporating additional safeguards, including: Retaining affirmative consent for first-time electronic enrollment. Requiring periodic validation of electronic contact information. Automatically reverting investors to physical delivery following repeated electronic delivery failures. Requiring enhanced authentication and anti-spoofing protections for electronic regulatory communications. Conducting periodic resilience testing of electronic delivery systems during simulated cyber and infrastructure disruptions. Preserving physical delivery as a readily available and prominently disclosed option without procedural barriers. Studying the cybersecurity implications of large-scale default electronic delivery before implementation. Modernization and resilience should not be viewed as competing objectives. The strongest communication systems employ layered, redundant delivery mechanisms capable of functioning under a broad range of operational conditions. Analog and physical communications continue to provide unique security, reliability, and resilience characteristics that digital systems cannot fully replicate. For these reasons, we respectfully urge the Commission to reconsider the proposed default electronic delivery framework or, at a minimum, incorporate substantially stronger safeguards that preserve investor protection, cybersecurity, and operational resilience.