The framework is designed to make sure that Sebi-regulated entities (REs) preserve a sturdy cybersecurity posture, stay geared up with sufficient cyber resiliency measures and may stand up to, reply to, and get better from cyber threats, successfully.
The transfer got here after Sebi acquired a number of requests for extension of timelines to make sure ease of compliance for them.
“Due to this fact, it has been determined to increase the compliance timelines by two months, i.e., until August 31, 2025 to all REs, besides Market Infrastructure Establishments (MIIs), KYC Registration Companies (KRAs), and Certified Registrars to an Challenge and Share Switch Brokers (QRTAs),” Sebi stated in a round.
This marks the second extension granted by the regulator.
Recognising the necessity for sturdy cybersecurity measures and safety of knowledge and IT infrastructure, Sebi issued the Cybersecurity and Cyber Resilience Framework (CSCRF) for its regulated entities in August 2024. After receiving numerous queries from REs searching for clarification on the framework, the Securities and Trade Board of India (Sebi) issued a clarification in December. The CSCRF is a big step in adapting in the direction of evolving cyber dangers and technological developments.
The regulator emphasised that the framework goals to reinforce the resilience of regulated entities, enabling them to resist and get better from cyber incidents successfully.
The regulator stated the inventory exchanges and depositories have been directed to tell their members and members of the up to date compliance deadline and disseminate the round on their respective web sites.
