SEBI Issues Clarifications On Cybersecurity And Resilience Norms

  • Blog|News|Company Law|
  • 2 Min Read
  • By Taxmann
  • |
  • Last Updated on 30 August, 2025

Latest from Taxmann

SEBI cybersecurity and resilience norms

Circular No. SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2025/119, Dated: 28.08.2025

1. Introduction

The Securities and Exchange Board of India (SEBI) has issued a circular providing technical clarifications to the Cybersecurity and Cyber Resilience Framework (CSCRF) applicable to regulated entities. The framework is aimed at strengthening the resilience of market intermediaries and ensuring consistency in implementation across various categories of participants. These clarifications are expected to bring greater transparency, alignment, and efficiency in compliance with cybersecurity requirements.

2. Key Clarifications Issued

The circular introduces the principles of exclusivity and equivalence to address cases where entities operate under the jurisdiction of multiple regulators. SEBI has also refined the definitions of critical and non-critical systems, ensuring that regulated entities can correctly categorise their IT infrastructure. Additionally, timelines for asset inventory updates have been prescribed to improve monitoring, while detailed guidance has been provided for Vulnerability Assessment and Penetration Testing (VAPT) and audit submissions to ensure consistent application of standards.

3. Operational Controls and SOC Onboarding

Another important aspect of the clarification is the emphasis on Security Operations Centre (SOC) onboarding, which must be carried out in a timely manner by regulated entities. The circular highlights the need for robust incident detection, reporting, and resolution mechanisms. It also reiterates the importance of implementing adequate controls across various systems, thereby strengthening operational resilience and safeguarding sensitive investor data from cyber threats.

4. Revised Categorisation Thresholds

In addition to the technical updates, SEBI has revised the categorisation thresholds for Portfolio Managers and Merchant Bankers, ensuring that the cybersecurity framework remains proportionate to the scale and complexity of operations. This risk-based categorisation will help in allocating compliance responsibilities appropriately, while also providing smaller entities with practical and implementable cybersecurity measures. Overall, these clarifications reaffirm SEBI’s commitment to enhancing the security, stability, and trustworthiness of India’s capital markets.

Click Here To Read The Full Circular

Disclaimer: The content/information published on the website is only for general information of the user and shall not be construed as legal advice. While the Taxmann has exercised reasonable efforts to ensure the veracity of information/content published, Taxmann shall be under no liability in any manner whatsoever for incorrect information, if any.

Taxmann editorial team

Taxmann Publications has a dedicated in-house Research & Editorial Team. This team consists of a team of Chartered Accountants, Company Secretaries, and Lawyers. This team works under the guidance and supervision of editor-in-chief Mr Rakesh Bhargava.

The Research and Editorial Team is responsible for developing reliable and accurate content for the readers. The team follows the six-sigma approach to achieve the benchmark of zero error in its publications and research platforms. The team ensures that the following publication guidelines are thoroughly followed while developing the content:

  • The statutory material is obtained only from the authorized and reliable sources
  • All the latest developments in the judicial and legislative fields are covered
  • Prepare the analytical write-ups on current, controversial, and important issues to help the readers to understand the concept and its implications
  • Every content published by Taxmann is complete, accurate and lucid
  • All evidence-based statements are supported with proper reference to Section, Circular No., Notification No. or citations
  • The golden rules of grammar, style and consistency are thoroughly followed
  • Font and size that’s easy to read and remain consistent across all imprint and digital publications are applied

Leave a Reply

Your email address will not be published. Required fields are marked *

«
»

Everything on Tax and Corporate Laws of India

To subscribe to our weekly newsletter please log in/register on Taxmann.com

Author: Taxmann

Taxmann Publications has a dedicated in-house Research & Editorial Team. This team consists of a team of Chartered Accountants, Company Secretaries, and Lawyers. This team works under the guidance and supervision of editor-in-chief Mr Rakesh Bhargava.

The Research and Editorial Team is responsible for developing reliable and accurate content for the readers. The team follows the six-sigma approach to achieve the benchmark of zero error in its publications and research platforms. The team ensures that the following publication guidelines are thoroughly followed while developing the content:

  • The statutory material is obtained only from the authorized and reliable sources
  • All the latest developments in the judicial and legislative fields are covered
  • Prepare the analytical write-ups on current, controversial, and important issues to help the readers to understand the concept and its implications
  • Every content published by Taxmann is complete, accurate and lucid
  • All evidence-based statements are supported with proper reference to Section, Circular No., Notification No. or citations
  • The golden rules of grammar, style and consistency are thoroughly followed
  • Font and size that's easy to read and remain consistent across all imprint and digital publications are applied