SEBI CSCRF Date Extended

The circular issued by the Securities and Exchange Board of India (SEBI) provides important clarifications and updates regarding the Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI-regulated entities.

Key highlights include:

1. Cybersecurity and Cyber Resilience Framework (CSCRF)

• The framework, introduced on August 20, 2024, is aimed at strengthening cybersecurity and ensuring robust cyber resilience for SEBI-regulated entities (REs).
• It addresses the evolving threat landscape and technological advancements, ensuring REs can withstand, respond to, and recover from cyber threats effectively.

2. Clarifications and Updates

• Regulatory Forbearance: Compliance requirements under the CSCRF are effective from January 1, 2025. Regulatory forbearance is granted until March 31, 2025, allowing entities to demonstrate progress without facing regulatory actions during this period.
• Extended Compliance Deadlines: For specific categories of entities:

KYC Registration Agencies (KRAs): Deadline extended to April 1, 2025.

Depository Participants (DPs): Deadline extended to April 1, 2025.

• Data Localisation Standards: Provisions for data localisation under "Data Security Standard (PR.DS.S2)" are deferred for further consultation.

3. Implementation

The circular comes into immediate effect to align regulated entities with these updates.

4. Objective

Issued under Section 11(1) of the SEBI Act, 1992, the circular aims to:

• Protect investor interests.
• Promote market development.
• Regulate the securities market effectively.

5. Further Information

The circular is available on the SEBI website under the "Legal > Circulars" section.

This update underscores SEBI's commitment to fostering a secure and resilient financial ecosystem while addressing stakeholder feedback to streamline compliance processes.