Sebi on Tuesday issued clarifications to its Cybersecurity and Cyber Resilience Framework for regulated entities, granting regulatory forbearance and extending compliance deadlines for specific categories.
The clarification followed Sebi's response to queries from stakeholders regarding the framework introduced in August this year.
The framework aims to ensure that Sebi-regulated entities (REs) maintain a robust cybersecurity posture, implement adequate cyber resilience measures, and effectively withstand, respond to, and recover from cyber threats.
"With regard to the compliance requirements effective from 1 January 2025 under the framework, regulatory forbearance is provided until 31 March 2025," Sebi stated in a circular.
During this period, entities will not face penalties for non-compliance, provided they demonstrate progress in implementing the framework, it added.
READ ALSO: https://newsarenaindia.com/economy/sebi-unveils-major-regulatory-changes-for-2025/32336
Furthermore, the compliance deadline for KYC registration agencies and depository participants has been extended to 1 April 2025, following feedback on the rationalisation of these categories, as outlined in the circular.
Additionally, guidelines related to data localisation under the framework have been deferred for further consultations. Sebi noted that these provisions, identified as part of the data security standards, would be notified later.
The CSCRF represents a significant step in adapting to evolving cyber risks and technological advancements.
The regulator emphasised that the framework is designed to enhance the resilience of regulated entities, enabling them to effectively withstand and recover from cyber incidents.
Follow us
