The market regulator has relaxed the compliance deadlines for regulated entities (REs) to implement the Cybersecurity and Cyber Resilience Framework (CSCRF).
The framework had been announced through a circular issued on August 20, 2024. Under that, deadline for six categories of REs where cybersecurity and cyber resilience circular already exists was January 01, 2025; and that for other REs where CSCRF was being issued for the first time was April 01, 2025.
With the latest circular dated December 31, the Securities and Exchange Board of India (SEBI) has extended these deadlines.
The latest circular from the regulator has said that "regulatory forebearance" will be extended till March 31, 2025, for REs who had to otherwise comply with the new norms by January 1, 2025.
The circular said, " For any non-compliance during this period that comes to the notice of the regulator, no regulatory action shall be taken provided the REs are able to demonstrate meaningful steps taken / progress made in implementation of CSCRF. An opportunity shall be given to the REs to demonstrate the same before any regulatory action is considered by SEBI".
Further, the deadlines for the same for KYC Registration Agencies (KRAs) and Depository Participants (DPs) have been extended from January 1, 2025, to April 1, 2025.
The SEBI circular also said that the data localisation requirements has been kept in abeyance.
The circular said, " Based on the feedback received on the provisions of Data Localisation, a need is felt for further consultations. Accordingly, the guidelines and provisions with regard to Data Localisation [Data Security standard (PR.DS.S2)] has been kept in abeyance until further notification."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
