The Securities and Exchange Board of India (“SEBI”) has extended the timeline for adoption and implementation of Cybersecurity and Cyber Resilience Framework (“CSCRF”) for the specified Regulated Entities (“REs”) by additional 2 months. Regarding the compliance requirements, which are effective from January 01, 2025 under the CSCRF, regulatory forbearance is now provided till August 31, 2025. For any non-compliance during this period that comes to the notice of the regulator, no regulatory action shall be taken, provided the REs are able to demonstrate meaningful steps taken/ progress made in implementation of CSCRF.
The extension applies to all the Regulated Entities except Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs).
The copy of the circular is hyperlinked below for your ease of reference.
Source: SEBI
