The Securities and Exchange Board of India (SEBI) has announced a two-month extension for the implementation of its Cybersecurity and Cyber Resilience Framework (CSCRF) by regulated entities. The new deadline for compliance is August 31, 2025.
Originally mandated under SEBI Circular dated August 20, 2024, the CSCRF aims to enhance the digital resilience of the Indian securities market by strengthening cybersecurity safeguards among market participants.
The extension, outlined in SEBI’s latest circular issued on June 30, 2025, follows multiple requests from regulated entities seeking more time to ensure smooth and effective implementation.
However, the revised timeline does not apply to Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs), who must continue to adhere to the original compliance schedule.
SEBI has instructed stock exchanges and depositories to promptly notify their members and participants about the updated deadline and to publish the circular on their respective websites.
SEBI has issued the circular in exercise of powers conferred under the Securities and Exchange of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.