NSE issues circular regarding submission of half-yearly Cyber Security and Cyber Resilience Audit Report by 31.12.2025

November 18, 2025
Central, CORP
1 min read

The National Stock Exchange (“NSE”) has issued a circular regarding the submission of the half-yearly Cyber Security and Cyber Resilience Audit (“Cyber Audit”) Report under SEBI’s ‘Cybersecurity and Cyber Resilience Framework (“CSCRF Framework”) for Audit Period ending September 30, 2025 by Trading Members who are Qualified Regulated Entities and Mid-size/Small-size Regulated Entities providing Internet Based Trading or Algorithmic Trading facility (“TMs”).

Key Highlights

With regards to the Cyber Audit Period ending September 30, 2025

  • TMs are mandated to conduct Cyber Audit through CERT-In auditor and submit the Cyber Audit Report to the NSE after approval from the respective IT Committee by December 31, 2025.
  • TMs are also mandated to submit Action Taken Report/Revalidation report through CERT-In auditor after approval from the respective IT Committee by March 31, 2026.
  • The NSE will enable the link for submission of Cyber Audit Report/Compliance submissions, Summary Findings and Auditor Declaration on ENIT from November 17, 2025.
  • TMs are required to determine their categorization as per the CSCRF Framework, which should be reviewed and approved annually by the Board of Directors /Designated Director or the Proprietor, or the Partner or Technical Advisory Committee and auditors will validate the determined categorization during the audit.
  • The auditor selection norms and guidelines to be adhered by auditors and Regulated Entities for conduct of cyber audit as per the provisions of CSCRF has been given in Annexure A of the circular.
  • The detailed Terms of Reference applicable for Cyber Audit as per CSCRF Framework has been given in Annexure B of the circular.
  • The updated formats of Cyber Audit report, Executive Summary, Auditor Declaration, Scope of Audit, Methodology/ Audit approach, Summary of findings, Control-wise compliance status of the CSCRF Framework and Conclusion of cyber audit is provided in Annexure C of the circular.

For regulatory updates and update-related services, drop a mail at inquiries@lexplosion.in.

Source: NSE

https://lexplosion.in/

Lexplosion Solutions Private Limited is a pioneering Indian Legal-Tech company that provides legal risk and compliance management solutions through cloud-based software and expert services.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us