Sebi extends cybersecurity framework compliance deadline by two months

New Delhi: Markets regulator Sebi on Monday extended the deadline by two months till August for regulated entities to adopt and implement the cybersecurity and cyber resilience framework.

The framework is designed to ensure that Sebi-regulated entities (REs) maintain a robust cybersecurity posture, remain equipped with adequate cyber resiliency measures and can withstand, respond to, and recover from cyber threats, effectively.

The move came after Sebi received multiple requests for extension of timelines to ensure ease of compliance for them.

“Therefore, it has been decided to extend the compliance timelines by two months, i.e., till August 31, 2025 to all REs, except Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs),” Sebi said in a circular. This marks the second extension granted by the regulator.

Recognising the need for robust cybersecurity measures and protection of data and IT infrastructure, Sebi issued the Cybersecurity and Cyber Resilience Framework for its regulated entities in August 2024.