The Securities and Exchange Board of India (“SEBI”) has issued clarifications regarding the implementation of Cybersecurity and Cyber Resilience Framework (‘CSCRF’) for Regulated Entities (‘REs’).
SEBI has granted a regulatory exemption for compliance with CSCRF requirements, extending the timeline till 31st March, 2025. This exemption, effective from 1st January, 2025, ensures that no regulatory action will be taken for non-compliance during the exemption period, provided REs demonstrate meaningful progress in implementing the framework.
Key Highlights:
- Extended compliance deadlines:
- KYC Registration Agencies (KRAs): Compliance deadline extended till 1st April, 2025.
- Depository Participants (DPs): Compliance deadline extended till 1st April, 2025.
- Data localisation provisions:
Provisions related to Data Security Standards (PR.DS.S2) concerning Data Localisation have been deferred for further consultation. These guidelines will remain in abeyance until a subsequent notification.
The above-mentioned provisions are effective immediately.
Source: Securities and Exchange Board of India (SEBI)
