Sebi extends cybersecurity framework compliance deadline by two months

Markets regulator Sebi has announced a two-month extension for the compliance deadline of its Cybersecurity and Cyber Resilience Framework, moving it to the end of August 2025. This decision follows multiple requests from regulated entities seeking more time to ensure compliance with the requirements of the framework. This marks the second time the deadline has been extended as Sebi aims to facilitate a smoother transition for these entities.

The Cybersecurity and Cyber Resilience Framework, introduced in August 2024, is a comprehensive guideline aimed at strengthening the cybersecurity posture of Sebi-regulated entities. It is designed to ensure that these entities have robust measures in place to withstand, respond to, and recover from cyber threats effectively. “Therefore, it has been decided to extend the compliance timelines by two months, i.e., till August 31, 2025 to all REs, except Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs),” stated Sebi in a circular.

The extension applies to all regulated entities except certain key infrastructure institutions, allowing them additional time to implement necessary cybersecurity measures. This move underscores the importance of adapting to evolving cyber risks and technological advancements. In December 2024, Sebi issued clarifications regarding the framework following various queries from regulated entities, emphasizing its commitment to facilitating a resilient cyber environment.

Stock exchanges and depositories have been directed to inform their participants and members about the revised compliance deadline. They are also required to disseminate the circular on their respective websites to ensure widespread awareness. This strategic move is part of Sebi’s ongoing efforts to enhance the resilience of the financial market’s infrastructure against potential cyber threats. The regulator’s proactive approach highlights its dedication to maintaining the integrity and security of the financial ecosystem.

The implementation of the Cybersecurity and Cyber Resilience Framework is a significant move towards safeguarding data and IT infrastructure in the financial sector. Sebi’s initiative reflects an understanding of the critical need for cybersecurity and the importance of equipping regulated entities with adequate measures to protect against increasing cyber threats in the current digital landscape. Additionally, this framework is expected to foster a culture of proactive risk management and continuous improvement among the regulated entities, ensuring that they remain vigilant and prepared in the face of ever-evolving cyber challenges.

By prioritising cybersecurity, Sebi is not only protecting the integrity of financial markets but also instilling confidence among investors and stakeholders, thereby contributing to the overall stability and security of the financial ecosystem. Furthermore, Sebi’s efforts to ensure widespread dissemination of the compliance requirements highlight the importance of collective responsibility in fortifying the sector against cyber threats.

Overall, this initiative is expected to usher in a new era of enhanced cybersecurity practices within the regulated entities, further solidifying the sector’s defence against technological vulnerabilities. The increased focus on cybersecurity will likely lead to better-prepared entities, capable of dealing with sophisticated cyber incidents more effectively.