Sebi Extends Cybersecurity Framework Deadline to June

New Delhi, Mar 28 (PTI) Markets regulator Sebi on Friday extended the timeline by three months till June for regulated entities to adopt and implement cybersecurity and cyber resilience framework.

The framework is designed to ensure that Sebi-regulated entities (REs) maintain a robust cybersecurity posture, remain equipped with adequate cyber resiliency measures and can withstand, respond to, and recover from cyber threats, effectively.

The move came after Sebi received multiple requests for extension of timelines to ensure ease of compliance for them.

"Therefore, it has been decided to extend the compliance timelines by three (3) months, i.e., till June 30, 2025, to all REs, except Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs)," Sebi said in a circular.

Recognising the need for robust cybersecurity measures and protection of data and IT infrastructure, the Securities and Exchange Board of India (Sebi) issued the Cybersecurity and Cyber Resilience Framework (CSCRF) for its regulated entities in August 2024.

After receiving various queries from REs seeking clarification on the framework, Sebi issued a clarification in December.

The CSCRF is a significant step in adapting towards evolving cyber risks and technological advancements.

The regulator emphasised that the framework aims to enhance the resilience of regulated entities, enabling them to withstand and recover from cyber incidents effectively.