diff --git a/TODO.md b/TODO.md
index 062b082..971f174 100644
--- a/TODO.md
+++ b/TODO.md
@@ -43,6 +43,7 @@
 - [x] Add refresh token rotation consistency across all endpoints
 - [x] Implement multi-factor authentication for admin accounts (SKIPPED - local hosting)
 - [x] Add password expiration and forced reset policies
+- [x] Restrict WS subscriptions for billing batch progress to initiating user or admins
 
 ### **Security Middleware** ✅
 - [x] Implement rate limiting on all API endpoints (especially search)