SEBI Updates Cybersecurity Framework for Regulated Entities
SEBI has clarified that its cybersecurity and cyber resilience framework applies only to systems used for regulated activities. Shared infrastructure will be audited if not covered by another regulator. Guidelines for mobile apps are advisory, while zero-trust principles are encouraged but not mandatory for regulated entities.
- Country:
- India
The Securities and Exchange Board of India (SEBI) issued new clarifications regarding its Cybersecurity and Cyber Resilience Framework (CSCRF), specifying that the framework applies solely to systems involved in regulated activities.
In a detailed circular, SEBI outlined that shared infrastructure will also undergo audits unless already supervised by the Reserve Bank of India (RBI) or another recognized authority.
Furthermore, SEBI will accept compliance with RBI or similar cybersecurity regulations if they are equivalent to its standards, a move aimed at simplifying protocols for regulated entities.
(With inputs from agencies.)
Google News