Sebi’s two-month grace period until August 2025 aids firms in fortifying cyber resilience

On June 30, 2025, India’s markets regulator, the Securities and Exchange Board of India (Sebi), granted a two-month extension for its Cybersecurity and Cyber Resilience Framework, pushing the compliance deadline to August 31, 2025. This marks the second extension, responding to requests from regulated entities needing more time to strengthen their cybersecurity measures. The framework, launched in August 2024, equips financial firms to combat cyber threats, ensuring they can withstand, respond to, and recover from attacks effectively.

The extension applies to most regulated entities, excluding key infrastructure like Market Infrastructure Institutions, KYC Registration Agencies, and Qualified Registrars. Sebi’s decision reflects its commitment to balancing robust security with practical implementation, fostering a resilient financial ecosystem. In December 2024, Sebi clarified framework details to address queries, emphasizing proactive risk management.

Sebi has directed stock exchanges and depositories to spread the word about the new deadline through their networks and websites, ensuring all entities are informed. This move highlights the critical need to safeguard data and IT systems in today’s digital age, where cyber threats are ever-evolving. By prioritizing cybersecurity, Sebi not only protects financial markets but also boosts investor confidence, reinforcing the sector’s stability. The framework is set to drive a culture of vigilance, preparing firms to tackle sophisticated cyber challenges and solidifying India’s financial defenses for the future.