In a move aimed at providing relief and readiness to market participants, the Securities and Exchange Board of India (SEBI) has announced a two-month extension in the deadline for compliance with its enhanced cybersecurity and cyber resilience framework. This decision comes as several financial institutions and intermediaries sought additional time to implement the revised guidelines amid operational and integration challenges.
Strengthening Cybersecurity in Capital Markets
SEBI’s updated framework, initially announced in March 2024, is part of the regulator’s broader effort to strengthen the cybersecurity posture of market infrastructure institutions (MIIs), stockbrokers, portfolio managers, and other intermediaries. The framework lays down detailed guidelines for:
- Governance structures for cybersecurity
- Risk assessments and vulnerability management
- Incident detection and response
- Regular audits and compliance reporting
- Mandatory appointment of Chief Information Security Officers (CISOs)
The objective is to ensure that all registered entities implement robust cyber risk management systems, especially in light of the increasing sophistication of cyber threats targeting the financial ecosystem.
New Compliance Timeline
With the two-month extension, the new deadline is now pushed to September 30, 2025, from the earlier July 31, 2025. This gives market entities more time to:
- Conduct internal assessments
- Deploy necessary IT infrastructure
- Align with third-party vendors for compliance tools
- Train their teams and CISOs for new reporting mandates
Industry Reaction
Industry participants have largely welcomed the move. Many intermediaries—especially smaller firms—had expressed concerns over meeting the original deadline due to cost, staffing, and integration challenges. The extension allows for a more phased and secure implementation, reducing the risk of rushed deployments that could lead to compliance errors or security lapses.
Cybersecurity experts have also praised SEBI for maintaining a balanced approach—being firm on the need for stronger defenses while remaining realistic about implementation timelines.
The Bigger Picture
This extension reflects SEBI’s continued commitment to securing India’s financial markets in the digital era. As trading systems, investor data, and financial transactions become increasingly digitized, the risk of cyberattacks, data leaks, and fraud grows exponentially. A resilient cyber framework is no longer optional—it is essential.
