In a significant move to strengthen cybersecurity in India’s financial sector, the Securities and Exchange Board of India (SEBI) has issued clarifications regarding its Cybersecurity and Cyber Resilience Framework (CSCRF) for regulated entities (REs). The framework, initially introduced in August 2024, aims to enhance the ability of regulated entities to withstand, respond to, and recover from cyber threats. SEBI’s recent circular addresses stakeholder concerns, offering regulatory forbearance and extending compliance deadlines to facilitate smoother implementation.
The Securities and Exchange Board of India (SEBI) has issued detailed clarifications regarding its Cybersecurity and Cyber Resilience Framework (CSCRF) for regulated entities (REs). This follows the framework’s introduction in August, designed to strengthen cybersecurity measures across SEBI-regulated entities. The initiative aims to enhance resilience against evolving cyber threats, ensuring entities can effectively withstand, respond to, and recover from cyber incidents.
Addressing stakeholders’ concerns, SEBI announced regulatory forbearance for compliance requirements effective from 1 January 2025. Entities demonstrating progress in implementing the framework will not face penalties for non-compliance until 31 March 2025. Additionally, compliance deadlines for Know Your Customer (KYC) registration agencies and depository participants have been extended to 1 April 2025, based on feedback about rationalising these categories.
A key aspect of the CSCRF, the data localisation guidelines, has been deferred. These provisions, outlined as part of the framework’s data security standards, are now on hold for further consultations. SEBI stated that updated guidelines on data localisation will be notified in due course, ensuring that stakeholders have clarity and adequate time for implementation.
Disclaimer: This blog has been written exclusively for educational purposes. The securities mentioned are only examples and not recommendations. This does not constitute a personal recommendation/investment advice. It does not aim to influence any individual or entity to make investment decisions. Recipients should conduct their own research and assessments to form an independent opinion about investment decisions.
We're Live on WhatsApp! Join our channel for market insights & updates
Get the link to download the App
