Final Rule on E-Disclosures: The DOL Provides Retirement Plans with an Additional Safe Harbor for Electronic Disclosure of Required Plan Notices Under ERISA

YATINDRA PANDYA, July 9, 2020  


On May 27, 2020, the Department of Labor (DOL) published its final rule on electronic disclosures, creating an additional voluntary fiduciary safe harbor for electronically providing participant disclosures required under the Employee Retirement Income Security Act of 1974, as amended (ERISA). The effective date of this final rule is July 27, 2020, but the DOL stated it will not take enforcement action against plan administrators that rely on the safe harbor prior to that date. The DOL anticipates the new safe harbor will reduce plan costs by an estimated $3.2 billion over the next decade, while making disclosures more readily accessible and useful to plan participants.

The new, additional safe harbor does not supersede the 2002 safe harbor.1 It goes beyond the 2002 safe harbor by covering all retirement plan participants and beneficiaries who have not opted-out, not just those who are “wired at work” or who affirmatively consent to electronic delivery. The final rule only applies to required retirement plan disclosures that are within the jurisdiction of the DOL and is fundamentally similar to the proposed rule, published on October 23, 2019. For background discussion of the proposed rule, see DOL Proposes New E Disclosure Regulations by Craig P. Hoffman, October 2019. For a webinar to compliment the subject matter of this article, see E-Disclosures —The DOL Regulations are Finally Final!, presented by Freeman Levinrad and Nick White.

Final Rule

The final rule amends Subpart F of 29 C.F.R. Section 2520 to create a new section 2520.104b-31 entitled Alternative method for disclosure through electronic media. The  final rule creates a safe harbor for plan administrators to furnish “covered documents” to “covered individuals” (these terms are explained later in this article) through a two-step process:

  1. An initial paper notice is furnished to covered individuals whom the plan administrator intends to cover under the safe harbor. If the individual does not globally opt-out of electronic disclosure, the plan administrator may commence with either a “Notice and Access” approach to e-disclosure, or “direct delivery” via email.
  2. Notice and Access or Direct Delivery:

a. Notice and Access. The Plan provides an electronic communication called a Notice of Internet Availability (NOIA) for each covered document, or once annually in a combined notice (for certain covered documents), to covered individuals. The NOIA directs covered individuals to the “electronic-based information repository” address (e.g., a website, intranet, or mobile app) where they can access the covered documents.

b. Direct Delivery. Alternatively, administrators may provide covered documents via direct delivery, by sending an electronic copy of the covered document to the covered individual’s email address. Notably, unlike the Notice and Access approach, the safe harbor does not apply for direct delivery to smartphone numbers or any other non-email based electronic addresses. Under this approach, an NOIA and a website for hosting covered documents are not required.

Global Right to Opt-Out of Electronic Delivery; Per-Document Right to Request a Paper Copy

At any time, a participant may opt-out, free of charge, of all e-disclosure globally and receive paper copies of covered documents. Plan administrators are not required to offer the ability to opt-out of electronic delivery on a per- document basis. However, covered individuals have a right to receive, upon request, one free-of-charge paper copy of each covered document that is provided electronically.

Initial Notification of Default Electronic Delivery and Right to Opt-Out

The final rule requires, as the threshold step, that plan administrators furnish covered individuals with an initial paper notice informing them that some or all covered documents may be furnished electronically. The final rule expressly states that administrators may not rely on prior compliance with the 2002 safe harbor to furnish the initial notice electronically. Accordingly, participants receiving electronic disclosure under the 2002 safe harbor are subject to the same paper notice requirement under the new safe harbor.

The content requirements of the initial notice are not as restrictive as those of the NOIA. Specifically, the NOIA is limited to content specified in the final rule, whereas administrators may personalize the initial notice as they see fit, so long as content is relevant and not inaccurate or misleading. At a minimum, the initial notice must include the following:

  • The electronic address (or addresses) that will be used for the individual;
  • A statement of the participants’ right to obtain paper copies of covered documents, and the right to opt-out of electronic delivery for all covered documents, free of charge, with a statement explaining how to exercise those rights;
  • A cautionary statement saying that covered documents are not required to be available on the website for more than one year or, if later, after it is superseded by a subsequent version of the document; and
  • If applicable, the steps necessary to access the website or other electronic address, such as needing a password or downloading an application.

Despite the requirements specified above, the final rule (unlike the NOIA) does not restrict the design of content and the inclusion of graphics for the initial notice; but the notice must, nevertheless, satisfy the general ERISA standard that it be written in a manner calculated to be understood by the average plan participant. The initial notice can also be furnished with other documents, such as with plan enrollment materials.

Safe Harbor Applies Only with Respect to “Covered Individuals”

A “covered individual” is defined broadly as a person who is entitled to receive a “covered document” under ERISA  — including participants, beneficiaries, and other individuals entitled to covered documents — who, when he or she begins participating in the plan, as a condition of employment or otherwise, provides the employer, plan sponsor or administrator (or appropriate designee of the foregoing) with an electronic address.

An “electronic address” includes an email address and also an “internet-connected mobile-computing device (e.g., smartphone) number.” The final rule defines an electronic address broadly to encompass new technologies, but clarifies that an electronic address must be an “address at which the individual may receive and inspect a written NOIA.” As such, a landline that receives a text-message is not a proper electronic address even if the landline uses a text-to-voice service to convert the text message to voicemail. More generally, it may not be readily apparent that a phone number belongs to either a landline or smartphone; for example, a text-message containing an NOIA sent to a landline may not result in a “bounce back” notification. Therefore, administrators are required to take additional reasonable steps to confirm with participants, or use “other reasonable means” to determine that a provided phone number belongs to a smartphone. An example given in the final rule is to use a phone carrier’s validator service.

Employer-Assigned Electronic Addresses

An employer-assigned electronic address is deemed to have been provided by the employee for purposes of the safe harbor, but only if the electronic address was provided to the employee for an “employment-related purpose other than the delivery of covered documents under the new safe harbor.” Such determination is made under the facts and circumstances of each particular situation, but it is clear that an email address could not be assigned to an employee solely for the purpose of sending covered documents under the safe harbor. Upon severance of an employee, the plan administrator must take measures reasonably calculated to ensure the continued accuracy of the employee’s employer-assigned electronic address, or alternately it must obtain a new electronic address that enables receipt of documents following the employee’s severance. For example, an employer could obtain personal email addresses and/or smartphone numbers at the same time employees are off-boarded. Alternatively, employers could obtain personal electronic addresses when employees are hired; however, steps should be taken to verify any personal electronic addresses are current at the time of severance.

Employers cannot assign electronic addresses to non-employee participants, for example: beneficiaries, spouses, and ex-spouses. Those individuals must affirmatively provide the employer, sponsor, or plan administrator with an electronic address before such individual falls within the safe harbor.

Plan administrators, unlike employers, are not permitted to assign electronic addresses to employees for purposes of this safe harbor. Such restriction is intended, in part, to curtail potential misuse, including the practice of using commercial locator services to obtain participants’ personal electronic address. Additionally, the final rule clarifies that a “covered individual” does not exclude participants in multiemployer plans; and that for multiemployer plan participants, an electronic address assigned by an employer and forwarded to the plan administrator would be considered provided by the employee in compliance with the safe harbor.

Safe Harbor Applies Only to “Covered Documents”

A “covered document” is any document (or information) that ERISA requires be furnished to retirement plan participants and beneficiaries pursuant to Title 1 of ERISA, except for documents that must be furnished only upon request (such as a copy of the plan document or Form 5500).2 On the other hand, documents for which the plan administrator has an affirmative obligation to furnish but that also, for various reasons, may be requested by covered individuals (for example, the Summary Plan Description) are covered documents under the definition of the safe harbor. Examples of covered documents include:

  • Summary Plan Descriptions,
  • Summary of Material Modifications,
  • Summary Annual Reports,
  • Annual Funding Notices,
  • Periodic Benefit Statements,
  • Participant Fee Disclosures,
  • Blackout Notices,
  • 204(h) Notices, and 
  • Suspension of Benefits Notices.

Covered documents do not include documents that fall within the jurisdiction of the Internal Revenue Service (IRS), such as Safe Harbor Notices, QACA/EACA Notices, EPCRS Notices, Notices to Interested Parties, Distribution Notices, QJSA Notices, and Notices of Funding Related Benefit Limitations. The electronic disclosure of these documents is covered by IRS regulations at 26 C.F.R. Section 1.401(a)-21.

Importantly, the safe harbor also does not apply to health and welfare plan documents under ERISA.

Notice and Access Approach

Once an initial paper notice has been furnished to a covered individual, plan administrators may use a Notice and Access approach. Key to this approach is the Notice of Internet Availability (NOIA), which the administrator must furnish to covered individuals for each covered document required under the safe harbor, except if the administrator opts to use a combined annual NOIA. The “Access” component of the Notice and Access approach requires administrators to host the covered document on a website or “other internet or electronic-based information repository,” such as a mobile application, and provide participants access to such covered document for a specified time.

Plans may choose to furnish one combined NOIA each year for certain covered documents, no more than fourteen months following the date the prior plan year’s NOIA was furnished. Essentially, the final rule built in a two-month grace period to provide administrators with sufficient flexibility without compromising participants’ receipt of an NOIA on a periodic basis. A combined annual NOIA may include only the Summary Plan Description and any covered document or information that must be furnished annually, rather than upon the occurrence of a particular event, and does not require action by a covered individual by a particular deadline. Examples of documents that could be covered by a combined annual NOIA are the: Summary Annual Report, Annual Funding Notice, QDIA Notice, annual pension benefit statement, and annual 404(a)(5) disclosure. Examples of documents that would require separate NOIAs are: quarterly benefit statements, blackout notices, QDRO determinations, and notices of failure to meet ERISA minimum funding standards.

Additionally, the following requirements apply:

  • The covered document must be made available on a website on the date specified under ERISA, regardless of whether the plan furnishes a combined NOIA.
  • The NOIA must be sent to the electronic address of the covered individual specified in the initial paper notice.
  • The NOIA must be sent separately from any other document (except in cases of a combined NOIA).
  • Plan administrators are responsible for the establishment and maintenance of the website to the extent required by plan terms and ERISA’s general fiduciary obligation, including the obligation to prudently select and monitor third-party vendors.
  • The final rule provides reasonable procedures for compliance with the safe harbor. For example, temporarily downed websites are contemplated by the final rule and would not, typically, cause compliance or fiduciary issues.
  • The covered document must be available in widely used formats, or formats that are suitable to be read online and printed clearly on paper, searched electronically by numbers, letters or words, and capable of being permanently retained in an electronic format (e.g., PDF).

Notice of Internet Availability Content Requirements

The proposed rule set forth specific requirements for the content of the NOIA to ensure it is a “very concise and clear” communication, as described below:

  •  A Prominent Statement (for example, as a title, legend, or subject line) that reads: “Disclosure About Your Retirement Plan.”
  • An Important Information statement that reads: “Important information about your retirement plan is now available. Please review this information.”
  • A brief description of the covered document that would reasonably covey its nature to the reader — but only if the such information is not reasonably discernible from the name of the document.
  • The internet address of the website; hyperlinks are optional. Both must be sufficiently specific enough to provide ready access to the covered document.
  • A statement of the right to request and obtain a paper version free of charge and a statement of the right to globally opt-out of electronic disclosures altogether, with explanations of how to exercise such rights.
  • A statement that plan administrators are only required to host covered documents on their website for one year, or, if later, when such documents are superseded.
  • The administrator’s, or other designated representative’s, telephone number.
  • Administrators may, but are not required to, include a statement as to whether action by the covered individual is invited or required with respect to the covered document (as long as such a statement is not misleading).
  • Pictures, logos, and other design elements are permitted, so long as the design is not inaccurate or misleading and the required content is clear, but information contained within the NOIA must not be obscured by commercial advertisements or other documents required under ERISA (not covered by the safe harbor).
  • The final rule does not include any of the specific readability standards3 mentioned in the proposed rule, and merely requires the standard measure for readability for ERISA disclosures.

The DOL clarified that plan administrators are encouraged to include hyperlinks in the NOIA, leading covered individuals directly to the website containing the covered document or a login page, but it did not make hyperlinks mandatory. The internet information or the hyperlink should be sufficiently specific enough to provide ready access to the covered document. The final rule states that an internet address is sufficiently specific “if the address leads the covered individual to a login page that provides, or immediately after a covered individual logs on provides, a prominent link to the covered document.”

The system for delivering an NOIA must be designed to alert the plan administrator if an individual’s electronic address is invalid or inoperable. If the administrator is alerted to such a problem, reasonable steps must be taken promptly to correct the problem (such as using a secondary email address or obtaining a new electronic address for the individual). If the problem cannot be promptly resolved, the individual must be treated as having globally opted-out and must be provided a paper version of the undelivered covered document as soon as reasonably practicable. The timeframe afforded to a plan administrator to “promptly resolve” an invalid or inoperable electronic address was not addressed in the final rule. Nevertheless, plan administrators should put in place policies and procedures specifying a set of steps for such circumstances, including a timeframe after which they will deem an individual has globally opted-out of electronic delivery.

Alternative Method for Compliance with the Safe Harbor: Direct Delivery of Covered Documents to an Email Address

In lieu of taking a Notice and Access approach, the administrator can directly deliver covered documents as an alternative method under the safe harbor. For covered individuals that provided an email address for their electronic address, the plan may directly deliver covered documents to that email address. Notably, sending covered documents to non-email electronic addresses, like smartphone numbers, would not apply under the safe harbor. To avoid confusion, the final rule clarified that administrators do not need to furnish an NOIA with respect to documents directly delivered, and so also do not need to establish and maintain a website to host such documents.

The email containing the covered document is subject to most of the same content requirements as the NOIA. However, statements concerning the website’s internet address and the timeframe a covered document is available on a website are obviously not required since the document is being sent directly to the individual. With respect to directly delivering more than one covered document in an email, the final rule clarifies that administrators should use the same standard as if paper documents were furnished, analogizing the email to an envelope and directing administrators to consider the “same envelope” standard under ERISA. Administrators must also take measures reasonably calculated to protect the confidentiality of personal information relating to the covered individual.

Final Thoughts

The new safe harbor requires plan administrators to have procedures in place to identify and cure invalid electronic addresses, ensure that an electronic address that is a phone number is able to receive texts, promptly fix any issues that cause documents to become temporarily unavailable, and protect the confidentiality of personal information of covered individuals (among other requirements). It seems that many plan administrators and service providers with systems in place tailored to comply with the 2002 safe harbor will have to re-design and update their processes and procedures in order to comply with all of the requirements of the new safe harbor. Since plans currently have “good faith” reliance on the electronic delivery methods described in EBSA Disaster Relief Notice 2020-01 during the COVID-19 national emergency (including e-mail, text message, and continuous access websites), we anticipate that many plans and providers will be turning their attention to the new safe harbor once the national emergency is over.


1  Under the existing 2002 safe harbor, electronic delivery is permissible as the default method of delivery only if the participant is required to access the electronic delivery system as an integral part of their job duties. Participants must be able to effectively access the system at any workplace location from which they are reasonably expected to perform services.

2   For documents not covered under the final rule, the DOL notes that the 2002 safe harbor remains available.

3  The proposed rule elaborated that NOIAs should use “short sentences without double negatives, everyday words rather than technical legal terminology, active voice, and language that results in a Flesch Reading Ease test score of at least 60.”