SEBI Guidelines: Market regulator SEBI had issued guidelines in August this year to further improve cyber security for stock exchanges and other market infrastructure institutions (MIIs). Now the deadline to follow them has been extended.

SEBI had said in its guidelines that all MIIs will have to undergo cyber audit at least twice in a financial year, maintain encrypted and offline backup of data, so that both their privacy and availability can be ensured. SEBI had also said that MIIs will also have to be prepared to counter ransomware attacks. For this, the effectiveness of security measures present at the ground level will have to be continuously checked. 

What is MII

The job of MII is to provide the necessary infrastructure for the securities market so that its operations can run smoothly without any interruption. Securities market means the financial market where trading of companies' stocks and other financial securities takes place. 

SEBI will give the organization a chance before taking action

The Securities and Exchange Board of India (SEBI) has extended the deadline for implementation and compliance of its guidelines in a circular issued on December 31. It has been extended till March 31, 2025. The circular states that if the guidelines are not followed during this period, no action will be taken by SEBI. Provided that the MII is able to show meaningful steps or developments taken towards implementing the cyber security and cyber resilience framework. 

This means that the organization will have to show whether they have taken concrete steps to identify or remove vulnerabilities in the information technology system. SEBI will give MII an opportunity to show this development before taking action. Apart from this, the deadline for KYC registration agencies (KRAs) and depository participants (DPs) has also been extended from January 1, 2025 to April 1, 2025.