SEBI Extends CSCRF Compliance Deadline for Regulatory Forbearance, KYC Registration Agencies, Depository Participants [Read Circular]

On December 31, 2024, the Securities and Exchange Board of India (SEBI) issued important clarifications regarding the Cybersecurity and Cyber Resilience Framework (CSCRF) for entities regulated by the board. This framework, introduced on August 20, 2024, aims to strengthen the cybersecurity measures and resiliency of SEBI-regulated entities in the face of evolving technological threats.

Important Clarifications

Regulatory Forbearance Period: SEBI has provided a regulatory forbearance period for compliance with CSCRF. The framework is effective from January 1, 2025, and non-compliance until March 31, 2025, will not result in regulatory actions if entities show meaningful progress in implementation.

Extended Compliance Deadlines: In response to industry feedback, compliance deadlines for specific categories of regulated entities have been extended:

Take Your SME to the Next Level with IPO Insights - Click here to Register

• KYC Registration Agencies (KRAs): Deadline extended to April 1, 2025.
• Depository Participants (DPs): Deadline extended to April 1, 2025.

Data Localisation Standards Put on Hold: SEBI has temporarily suspended provisions related to Data Localisation under the framework citing the need for further consultations.

The provisions of this circular are effective immediately, as SEBI seeks to balance robust regulatory oversight with practical implementation timelines for the industry.

The framework and its guidelines are part of SEBI's ongoing efforts to protect investors, promote market development, and ensure resilience against cyber threats. Full details are available on the SEBI website under the "Circulars" section. This circular was issued under the approval of the competent authority.

To Read the full text of the Circular CLICK HERE

Support our journalism by subscribing to Taxscan premium. Follow us on Telegram for quick updates