Now Sebi updates cybersecurity framework for stockbrokers

The Securities and Exchange Board of India (Sebi) has announced changes to the Cyber ​​Security and Cyber ​​Resilience Framework for Securities Dealers and Custodians under its Investor Protection Scheme.

Sebi said in a circular that securities dealers and depository participants must notify exchanges or depositories as well as Sebi of any cyberattack, threat or breach within six hours of becoming aware of or notifying of the incident.

Incidents should also be reported to Computer Emergency Response Team India (CERT-In) as per the rules or instructions issued by CERT-In.

In addition, the National Critical Information Infrastructure Protection Center (NCIIPC) requires securities dealers and/or depository participants with systems designated as “protected systems” to report such incidents.


The organization also announced that the circular will come into force with immediate effect and that securities dealers and depositary participants must take the necessary measures for the implementation of the circular.

The circular further stated that stock exchanges and depositories should

a) Revise relevant bylaws, rules and regulations for the implementation of the above rules and guidelines, and

b) Bring the provisions of this circular to the attention of their members/participants and make them available on their websites

Cyber ​​security and cyber threat information may be useful to Sebi and other securities brokers or custodians.

According to the circular, information on cyber threats, cyber attacks and incidents must also be mentioned in quarterly reports so that Sebi and other securities brokers or depository participants can take preventive measures to avoid such recurrences. They must be submitted to exchanges or depositories within 15 days of the end of the quarter in June, September, December and March of each year.

The email address to share information with SEBI is [email protected]

Incidentally, the Sebi issued a circular on June 9 on the cybersecurity and cyber resilience framework for asset management companies (SGA), which will however come into force a month later, on July 15, 2022.

Click here to learn more about it

Previously, Sebi issued another circular that discussed the Cybersecurity and Cyber ​​Resilience Framework for Market Infrastructure Institutions (MIIs).

Click here to learn more about it

Dolores W. Simon