Vinay Vohra & Co.

SEBI Issues Clarifications On Cybersecurity And Resilience Norms

Best Taxation Service

We are a thriving firm of Chartered Accountants with the goal of providing a one-stop shop for all financial services.

Business Strategy & Growth

We believe integrity is the quintessential value that is the engine behind getting things done in the organization.

Highly Dedicated Worker

You can put your trust in the economic realm and expect the best outcome. With a strong team that possesses the necessary skill set .

SEBI cybersecurity and resilience norms

Circular No. SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2025/119, Dated: 28.08.2025

1. Introduction

The Securities and Exchange Board of India (SEBI) has issued a circular providing technical clarifications to the Cybersecurity and Cyber Resilience Framework (CSCRF) applicable to regulated entities. The framework is aimed at strengthening the resilience of market intermediaries and ensuring consistency in implementation across various categories of participants. These clarifications are expected to bring greater transparency, alignment, and efficiency in compliance with cybersecurity requirements.

2. Key Clarifications Issued

The circular introduces the principles of exclusivity and equivalence to address cases where entities operate under the jurisdiction of multiple regulators. SEBI has also refined the definitions of critical and non-critical systems, ensuring that regulated entities can correctly categorise their IT infrastructure. Additionally, timelines for asset inventory updates have been prescribed to improve monitoring, while detailed guidance has been provided for Vulnerability Assessment and Penetration Testing (VAPT) and audit submissions to ensure consistent application of standards.

3. Operational Controls and SOC Onboarding

Another important aspect of the clarification is the emphasis on Security Operations Centre (SOC) onboarding, which must be carried out in a timely manner by regulated entities. The circular highlights the need for robust incident detection, reporting, and resolution mechanisms. It also reiterates the importance of implementing adequate controls across various systems, thereby strengthening operational resilience and safeguarding sensitive investor data from cyber threats.

4. Revised Categorisation Thresholds

In addition to the technical updates, SEBI has revised the categorisation thresholds for Portfolio Managers and Merchant Bankers, ensuring that the cybersecurity framework remains proportionate to the scale and complexity of operations. This risk-based categorisation will help in allocating compliance responsibilities appropriately, while also providing smaller entities with practical and implementable cybersecurity measures. Overall, these clarifications reaffirm SEBI’s commitment to enhancing the security, stability, and trustworthiness of India’s capital markets.

Click Here To Read The Full Circular

The post SEBI Issues Clarifications On Cybersecurity And Resilience Norms appeared first on Taxmann Blog.

source

1

Auditing - Assurance

2

Goods & Services Tax

3

Investment in India by Foreign Nationals & NRI's

4

Accounting & Bookkeeping

5

International Taxation

6

Startup Services

7

Mergers & Acquisition Advisory

8

Income Tax

9

Corporate Financial Services

10

Indian Business Advisory Service
Have Any Question?

Always willing to lend a hand and answer any questions you may have. It would be great if you could contact us.

Newsletter

Signup our newsletter to get update information, insight or news