{"id":3589,"date":"2025-11-26T06:22:32","date_gmt":"2025-11-26T06:22:32","guid":{"rendered":"http:\/\/69269ca8fd8a399dacc316e4"},"modified":"2025-11-26T06:22:32","modified_gmt":"2025-11-26T06:22:32","slug":"sebi-extends-cybersecurity-and-cyber-resilience-framework-compliance-deadline-for-regulated-entities","status":"publish","type":"post","link":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/2025\/11\/26\/sebi-extends-cybersecurity-and-cyber-resilience-framework-compliance-deadline-for-regulated-entities\/","title":{"rendered":"SEBI Extends Cybersecurity and Cyber Resilience Framework Compliance Deadline for Regulated Entities"},"content":{"rendered":"<div class=\"reader-article-content reader-article-content--content-blocks\" dir=\"ltr\">\n<div class=\"reader-content-blocks-container\" tabindex=\"0\" data-artdeco-is-focused=\"true\">\n<div class=\"reader-article-content reader-article-content--content-blocks\" dir=\"ltr\">\n<div class=\"reader-content-blocks-container\" tabindex=\"0\" data-artdeco-is-focused=\"true\">\n<div class=\"reader-article-content reader-article-content--content-blocks\" dir=\"ltr\">\n<div class=\"reader-content-blocks-container\" tabindex=\"0\" data-artdeco-is-focused=\"true\">\n<div class=\"reader-article-content reader-article-content--legacy-html\" dir=\"ltr\">\n<p id=\"ember939\" class=\"ember-view reader-text-block__paragraph\">In an important development for financial market participants, the Securities and Exchange Board of India (SEBI) has announced a three-month extension for compliance with its Cybersecurity and Cyber Resilience Framework (CSCRF). The updated deadline for implementation is now <strong>June 30, 2025<\/strong>.<\/p>\n<h3 id=\"ember940\" class=\"ember-view reader-text-block__heading-3\">Background: What is the SEBI Cybersecurity and Cyber Resilience Framework (CSCRF)?<\/h3>\n<p id=\"ember941\" class=\"ember-view reader-text-block__paragraph\">On <strong>August 20, 2024<\/strong>, SEBI introduced the <a class=\"dgePcUVTyZcmWIuOySyndWdGoBMukAZsio \" tabindex=\"0\" href=\"https:\/\/www.sebi.gov.in\/legal\/circulars\/aug-2024\/cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_85964.html\" target=\"_self\" rel=\"noopener\" data-test-app-aware-link=\"\"><strong>Cybersecurity and Cyber Resilience Framework (CSCRF) through circular SEBI\/HO\/ITD-1\/ITD_CSC_EXT\/P\/CIR\/2024\/113<\/strong><\/a>. This framework is a significant step aimed at fortifying the cybersecurity posture of SEBI-regulated entities (REs), given the growing threats to IT infrastructure and sensitive data in the financial sector.<\/p>\n<p id=\"ember942\" class=\"ember-view reader-text-block__paragraph\">The Cybersecurity and Cyber Resilience Framework (CSCRF) mandates comprehensive security measures, including risk assessments, monitoring, incident response, recovery mechanisms, and governance structures. It aims to ensure that entities not only defend against cyber threats but also have the resilience to recover quickly in the event of a breach.<\/p>\n<p id=\"ember943\" class=\"ember-view reader-text-block__paragraph\">SEBI followed this with a clarification circular on <strong><a class=\"dgePcUVTyZcmWIuOySyndWdGoBMukAZsio \" tabindex=\"0\" href=\"https:\/\/www.sebi.gov.in\/legal\/circulars\/dec-2024\/clarifications-to-cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_90401.html\" target=\"_self\" rel=\"noopener\" data-test-app-aware-link=\"\">December 31, 2024 (Circular No. SEBI\/HO\/ITD-1\/ITD_CSC_EXT\/P\/CIR\/2024\/184)<\/a><\/strong>to address implementation queries from stakeholders.<\/p>\n<h3 id=\"ember944\" class=\"ember-view reader-text-block__heading-3\">Whom is the Cybersecurity and Cyber Resilience Framework (CSCRF) Applicable To?<\/h3>\n<p id=\"ember945\" class=\"ember-view reader-text-block__paragraph\">The original Cybersecurity and Cyber Resilience Framework (CSCRF) framework is applicable to a wide range of SEBI-regulated entities, including:<\/p>\n<ul>\n<li>Alternative Investment Funds (AIFs)<\/li>\n<li>Mutual Funds \/ AMCs<\/li>\n<li>Credit Rating Agencies (CRAs)<\/li>\n<li>Venture Capital Funds (VCFs)<\/li>\n<li>Stock Brokers<\/li>\n<li>Portfolio Managers<\/li>\n<li>Investment Advisors \/ Research Analysts<\/li>\n<li>Depositories and Depository Participants<\/li>\n<li>Merchant Bankers, Custodians, and more<\/li>\n<\/ul>\n<p id=\"ember947\" class=\"ember-view reader-text-block__paragraph\">This wide net ensures a consistent and robust cybersecurity approach across India\u2019s capital markets ecosystem.<\/p>\n<h3 id=\"ember948\" class=\"ember-view reader-text-block__heading-3\">What\u2019s New in the March 2025 Circular?<\/h3>\n<p id=\"ember949\" class=\"ember-view reader-text-block__paragraph\">The latest circular, issued on <a class=\"dgePcUVTyZcmWIuOySyndWdGoBMukAZsio \" tabindex=\"0\" href=\"https:\/\/www.sebi.gov.in\/legal\/circulars\/mar-2025\/extension-towards-adoption-and-implementation-of-cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_93146.html\" target=\"_self\" rel=\"noopener\" data-test-app-aware-link=\"\">March 28, 2025 | Circular No.: SEBI\/HO\/ ITD-1\/ITD_CSC_EXT\/P\/CIR\/2025\/45 <\/a>responds to several requests from entities seeking more time to comply with the framework.<\/p>\n<p id=\"ember950\" class=\"ember-view reader-text-block__paragraph\">Acknowledging the need for smooth implementation, SEBI has <strong>extended the compliance deadline by three months<\/strong>, up to <strong>June 30, 2025<\/strong>.<\/p>\n<p id=\"ember951\" class=\"ember-view reader-text-block__paragraph\">However, this extension does <strong>not apply<\/strong> to:<\/p>\n<ul>\n<li><strong>Market Infrastructure Institutions (MIIs)<\/strong> such as stock exchanges and clearing corporations<\/li>\n<li><strong>KYC Registration Agencies (KRAs)<\/strong><\/li>\n<li><strong>Qualified Registrars to an Issue and Share Transfer Agents (QRTAs)<\/strong><\/li>\n<\/ul>\n<p id=\"ember953\" class=\"ember-view reader-text-block__paragraph\">These entities are expected to adhere to the original deadlines, likely due to their critical roles in market operations and data integrity.<\/p>\n<h3 id=\"ember954\" class=\"ember-view reader-text-block__heading-3\">What Should Regulated Entities Do Now?<\/h3>\n<p id=\"ember955\" class=\"ember-view reader-text-block__paragraph\">Entities benefiting from the extension must use this additional time wisely. They should:<\/p>\n<ul>\n<li>Complete risk assessments and gap analyses<\/li>\n<li>Finalize and operationalize their cybersecurity frameworks<\/li>\n<li>Ensure training, awareness, and internal controls are in place<\/li>\n<li>Prepare to submit compliance status to SEBI and relevant exchanges or depositories<\/li>\n<\/ul>\n<h3 id=\"ember957\" class=\"ember-view reader-text-block__heading-3\">Final Thoughts<\/h3>\n<p id=\"ember958\" class=\"ember-view reader-text-block__paragraph\">SEBI\u2019s Cybersecurity and Cyber Resilience Framework (CSCRF) initiative is a timely and essential move to protect the integrity of India\u2019s financial markets from increasing cyber threats. The recent extension is a recognition of practical challenges but should not be mistaken for leniency. The June 30, 2025 deadline gives entities a final window to align with best-in-class cybersecurity practices.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In an important development for financial market participants, the Securities and Exchange Board of India (SEBI) has announced a three-month extension for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/posts\/3589"}],"collection":[{"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/comments?post=3589"}],"version-history":[{"count":0,"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/posts\/3589\/revisions"}],"wp:attachment":[{"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/media?parent=3589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/categories?post=3589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/wp-json\/wp\/v2\/tags?post=3589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}