SEBI extends Cybersecurity Framework Compliance Deadline for Regulated Entities [Read Circular]
SEBI has extended the cybersecurity framework compliance deadline for regulated entities to August 31, 2025, giving them more time to strengthen their systems.
![SEBI extends Cybersecurity Framework Compliance Deadline for Regulated Entities [Read Circular]](https://images.taxscan.in/h-upload/2025/07/01/2057540-sebi-1.webp "SEBI extends Cybersecurity Framework Compliance Deadline for Regulated Entities [Read Circular]")
The Securities and Exchange Board of India (SEBI) issued a Circular dated June 30, 2025, extending the compliance deadline for adopting and implementing its Cybersecurity and Cyber Resilience Framework (CSCRF) to August 31, 2025, providing relief to several regulated entities preparing for stricter cybersecurity norms.
SEBI is extending the timeline by two months following multiple requests from regulated entities for additional time to ensure effective compliance with the CSCRF requirements.
Want a deeper insight into the Income Tax Bill, 2025? Click here
The extension applies to all SEBI-regulated entities, including alternative investment funds, mutual funds, portfolio managers, credit rating agencies, depositories, merchant bankers, and stock brokers, among others. However, Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs) are excluded from this extension and will need to adhere to the previously announced compliance deadlines.
SEBI had initially rolled out the CSCRF framework on August 20, 2024, emphasizing the need for robust cybersecurity measures to protect IT infrastructure and safeguard investor data in India’s rapidly growing securities market. The framework outlines requirements for risk assessments, system monitoring, incident response, and reporting structures that regulated entities must implement to strengthen their cybersecurity posture.
In its circular, SEBI directed stock exchanges and depositories to inform their members and participants about the extension and to display the circular on their websites to ensure broad awareness across the market ecosystem.
How to Audit Public Charitable Trusts under the Income Tax Act Click Here
The circular comes into force with immediate effect and has been issued under Section 11(1) of the SEBI Act, 1992, empowering SEBI to take steps to protect investor interests and promote the orderly development of the securities market.
Impact: This extension offers regulated entities additional time to complete their cybersecurity assessments, procure necessary tools, conduct employee training, and align internal processes with CSCRF guidelines, ensuring smoother compliance and stronger market resilience. Entities are advised to utilize this period effectively to avoid last-minute challenges and penalties for non-compliance.
Support our journalism by subscribing to Taxscanpremium. Follow us on Telegram for quick updates
