| Company | Value | Change | %Change |
|---|
The CSCRF, which is aimed at strengthening the cybersecurity posture of SEBI-regulated entities, mandates that they adopt adequate cyber resilience measures to effectively withstand, respond to, and recover from cyber threats. The framework is part of SEBI’s efforts to ensure the protection of the Indian securities market against increasing cyber risks.
As per SEBI’s latest circular, the compliance requirements, which were set to come into effect on January 1, 2025, will now receive regulatory forbearance until March 31, 2025. During this period, entities will not face penalties for non-compliance, provided they show progress in implementing the required cybersecurity measures.
The deadline for compliance has also been extended for KYC registration agencies (KRAs) and depository participants, with the new deadline set for April 1, 2025. This extension follows feedback from stakeholders on the rationalisation of these categories.
Additionally, SEBI has decided to temporarily put on hold the guidelines related to data localisation under the framework for further consultation. These guidelines, which are part of the data security standards, will be notified at a later date.
The CSCRF marks a significant step towards adapting to evolving cyber risks and technological advancements in the securities market. SEBI has emphasised that the framework is designed to enhance the resilience of regulated entities, enabling them to recover swiftly from cyber incidents and minimise disruption to market operations.
