The Securities and Exchange Board of India (SEBI) has extended the implementation deadline for its enhanced cybersecurity framework for market infrastructure institutions (MIIs) by three months. The new deadline is now June 30, 2025, instead of the original March 31 cutoff.
Key Details of the Extension
- Who It Affects: Stock exchanges (NSE, BSE), depositories (NSDL, CDSL), and clearing corporations.
- Reason for Delay: MIIs requested more time to comply with stricter cybersecurity requirements.
- Key Requirements Under the Framework:
- Mandatory cybersecurity audits every quarter
- Implementation of advanced threat detection systems
- Data encryption for sensitive investor information
Why This Matters
- Investor Protection: The framework aims to safeguard markets from rising cyber threats like ransomware and data breaches.
- Recent Incidents: In 2024, Indian financial institutions faced over 1.5 million cyberattacks (CERT-In data).
- Global Alignment: SEBI’s rules now match standards like the U.S. SEC’s cybersecurity guidelines.
What’s Next?
MIIs must submit compliance reports by June 30. SEBI warned that failure to meet deadlines could result in penalties.
