Extension towards Adoption and Implementation of Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)

CIRCULAR

SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2025/96
June 30, 2025

To,
All Alternative Investment Funds (AIFs)
All Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs)
All Clearing Corporations
All Collective Investment Schemes (CIS)
All Credit Rating Agencies (CRAs)
All Custodians
All Debenture Trustees (DTs)
All Depositories
All Designated Depository Participants (DDPs)
All Depository Participants through Depositories
All Investment Advisors (IAs) / Research Analysts (RAs)
All KYC Registration Agencies (KRAs)
All Merchant Bankers (MBs)
All Mutual Funds (MFs)/ Asset Management Companies (AMCs)
All Portfolio Managers
Association of Portfolio Managers in India (APMI)
All Registrar to an Issue and Share Transfer Agents (RTAs)
All Stock Brokers through Exchanges
All Stock Exchanges
All Venture Capital Funds (VCFs)

Dear Sir / Madam,
Subject: Extension towards Adoption and Implementation of Cybersecurity
and Cyber Resilience Framework (CSCRF) for SEBI Regulated
Entities (REs)

1. Recognising the need for robust cybersecurity measures and protection of data
and IT infrastructure, Securities and Exchange Board of India (SEBI) has issued
‘Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated
Entities (REs)’ vide circular SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/113
dated August 20, 2024.

2. SEBI has received multiple requests for CSCRF compliance timelines extension to
ensure ease of compliance for them. Therefore, it has been decided to extend the
compliance timelines by two (2) months, i.e., till August 31, 2025 to all REs, except
Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and
Qualified Registrars to an Issue and Share Transfer Agents (QRTAs).

3. Stock Exchanges/ Depositories are directed to:
3.1.Bring the provisions of this circulars to the notice of their members/ participants
and also disseminate the same on their websites.

4. The provisions of this Circular shall come into force with immediate effect.

5. This circular is being issued in exercise of powers conferred under Section 11 (1)
of the Securities and Exchange of India Act, 1992, to protect the interests of
investors in securities and to promote the development of, and to regulate the
securities market.

6. This circular is issued with the approval of Competent Authority.

7. This circular is available on SEBI website at www.sebi.gov.in under the category
“Legal” and drop “Circulars”.

Yours faithfully,
Mridusmita Goswami
General Manager
Phone: 022-26449504
Email: mridusmitag@sebi.gov.in

Download the original circular at: https://www.sebi.gov.in/legal/circulars/jun-2025/extension-towards-adoption-and-implementation-of-cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_94902.html