Market Regulator Extends Deadline for Cybersecurity Framework Implementation

The capital markets regulator has extended the deadline for implementing its Cybersecurity and Cyber Resilience Framework (CSCRF) by three months. Regulated entities, such as depositories, credit rating agencies, and Alternative Investment Funds (AIFs), will now have until June 30 to comply with the framework.

The decision follows multiple requests from market participants who sought additional time to align their systems with the regulator’s security standards. The extension is intended to protect investors and maintain market integrity, the regulator noted.

However, the extension does not apply to certain entities, including market infrastructure institutions (MIIs), Know Your Customer (KYC) registration agencies (KRAs), and qualified registrars. These entities must still adhere to the original deadline of March 30.

Background and Importance of Cybersecurity Framework

The regulator introduced the cybersecurity framework in August last year to strengthen the financial sector’s defense against cyber threats. After concerns were raised by stakeholders regarding the feasibility of implementation, the regulator provided clarifications in December 2024.

In its latest circular, the regulator emphasized the importance of cybersecurity in ensuring investor protection and market integrity. "Cybersecurity and cyber resilience are crucial to safeguarding financial markets, and we expect regulated entities to take necessary steps to comply within the revised timeline," the regulator stated.

Compliance and Requirements

Stock exchanges and depositories have been instructed to notify their members and ensure widespread awareness of the revised compliance timelines. All regulated entities must make arrangements to adhere to the framework by the extended deadline and report compliance accordingly.

The cybersecurity framework outlines strict guidelines for data protection, incident response, and IT infrastructure security. It requires market participants to implement robust cybersecurity governance structures, conduct regular audits, and maintain strong defense mechanisms against cyber threats.

Disclaimer and Publication Details

Disclaimer: The views and opinions expressed by experts are their own and do not represent the views of The Economic Times.

Published On: Mar 29, 2025, at 08:55 AM IST

Join the Community and Stay Updated

Join the community of 2M+ industry professionals by subscribing to our newsletter to get the latest insights and analysis.

Download the ETCISO App to get real-time updates and save your favorite articles.

Note: The content has been rewritten to maintain the original length and meaning, while improving readability and structure. Proper headings and titles have been retained as required.