The Securities and Exchange Board of India (SEBI) has once again extended the deadline for registered entities (REs) to comply with the Cybersecurity and Cyber Resilience Framework (CSCRF), pushing the new deadline to June 30, 2025.
The extension applies to most REs, excluding market infrastructure institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to Issue and Share Transfer Agents (QRTAs).
In a circular issued recently, SEBI mentioned that it had received multiple requests from market participants seeking an extension to the CSCRF compliance timeline.
These requests were aimed at ensuring easier and more efficient compliance with the framework, which is crucial for strengthening cybersecurity measures and protecting the data and IT infrastructure of financial entities.
SEBI had initially introduced the CSCRF through a directive issued on August 20, 2024, acknowledging the growing need for robust cybersecurity practices in the financial market.
The initial compliance deadline was set for January 1, 2025, but due to the challenges faced by market participants, SEBI extended this deadline once before. In a December 2024 circular, the regulator moved the compliance date to March 31, 2025, offering a temporary “regulatory forbearance” until then.
Additionally, the deadline for KYC Registration Agencies (KRAs) and Depository Participants (DPs) was rescheduled to April 1, 2025.
With the latest circular, SEBI has again extended the deadline for the majority of REs, now set to June 30, 2025.
However, the new deadline does not apply to MIIs, KRAs, and QRTAs, which remain on their previously assigned timelines.
The latest circular also mandates that Stock Exchanges and Depositories bring the provisions of the circular to the attention of their members and participants.
Additionally, they are instructed to disseminate the updated guidelines on their respective websites to ensure widespread awareness and adherence.
The CSCRF aims to bolster the cybersecurity framework within India’s financial markets, offering stronger protection for critical data and infrastructure against emerging cyber threats.
Disclaimer: This blog has been written exclusively for educational purposes. The securities mentioned are only examples and not recommendations. This does not constitute a personal recommendation/investment advice. It does not aim to influence any individual or entity to make investment decisions. Recipients should conduct their research and assessments to form an independent opinion about investment decisions.
Investments in the securities market are subject to market risks, read all the related documents carefully before investing.
Published on: Apr 2, 2025, 8:31 AM IST
Dev Sethia
Dev is a content writer with over 2 years of experience at Business Today, Times of India, and Financial Express. He has also contributed stories in Hindi for BT Bazaar and Khalsa Bandhan News Paper. A journalism postgraduate from ACJ-Bloomberg, Dev enjoys spending his spare time on the cricket pitch.
Know MoreWe're Live on WhatsApp! Join our channel for market insights & updates