The regulation is a «direct and sweeping attempt at creating a regulatory oversight regime for cybersecurity in an area universally considered critical to New York and the United States.» (rc.com)
«The department needs to weigh this risk carefully in operating a light - touch oversight regime.» (politics.co.uk)
Indeed, to justify inaction on the grounds that we may not have the worst oversight regime is missing the point. (totalpolitics.com)