SEBI issues revised framework for Cybersecurity and Cyber resilience to be implemented by Regulated Entities

Securities and Exchange Board of India (“SEBI”) has issued framework for Cybersecurity and Cyber Resilience (“CSCR”) to be implemented by the Regulated Entities (RE). This framework supersedes the existing framework for CSCR as previously issued.

Key highlights of the Circular are mentioned below:

  1. The objective of CSCR framework is to address evolving cyber threats, to align with the industry standards, to encourage efficient audits, and to ensure compliance by SEBI REs.
  2. It follows a graded approach and classifies the REs in the five categories as mentioned below based on their span of operations and certain thresholds like number of clients, trade volumes, asset under management etc.
    1. Market Infrastructure Institutions (MIIs)
    2. Qualified REs
    3. Mid-size REs
    4. Small-size REs
    5. Self-certification REs
  3. It provides a structured methodology to implement various solutions for CSCR.
  4. It is to be adopted by six categories of REs where CSCR framework already exists by 01.01.2025 for other REs CSCR framework is issued for the first time by 01.04.2025.
  5. REs to put in place appropriate systems and procedures to ensure compliance with the provisions (i.e., applicable standards and guidelines) of CSCR framework, and conduct cyber audit.

Detailed framework is mentioned below in the hyperlink for ease of reference.

SourceSecurities and Exchange Board of India (SEBI)

Share this:

Sign up for our

Newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Lexplosion will use the information you provide on this form to be in touch with you and to provide updates and marketing.