Overview

• SEBI announced a two-month extension of its Cybersecurity and Cyber Resilience Framework compliance deadline to August 31, 2025.
• The updated timeline applies to all regulated entities except market infrastructure institutions, KYC registration agencies and qualified registrars to an issue and share transfer agents.
• This marks the regulator’s second extension after receiving multiple requests from regulated entities seeking additional time for implementation.
• Stock exchanges and depositories have been directed to notify their participants and members of the revised deadline and to publish the circular on their websites.
• The framework, introduced in August 2024, outlines guidelines for SEBI-regulated entities to withstand, respond to and recover from evolving cyber threats.