🔹 SEBI Introduces Relief for Smaller Firms in Cybersecurity Rules

9/4/2025

"Cybersecurity news infographic showing Velociraptor weaponized, SEBI rule updates, FBI warning on global hack, and UK ransomware ban

India’s Securities and Exchange Board (SEBI) has announced significant changes to its Cybersecurity and Cyber Resilience Framework (CSCRF), designed to ease compliance requirements for smaller market intermediaries.

✅ What’s Changing?

  • SEBI has adopted a tiered compliance model, meaning:
    • Large firms (like major exchanges and depositories) will continue to follow strict cybersecurity standards.
    • Small and mid-sized intermediaries will now face lighter compliance requirements aligned with their scale and risk exposure.
  • This adjustment recognizes that smaller entities often lack the resources to implement the same level of controls as larger financial institutions.

📊 Why It Matters

  • Reduced compliance burden: Smaller firms can focus resources on growth while still maintaining essential cybersecurity measures.
  • Flexibility: The new model ensures that compliance is risk-based and proportionate.
  • Challenges remain: Experts caution that even with relaxed rules, smaller firms may still struggle due to budget constraints and limited security expertise.

🔐 The Bigger Picture

This move is seen as part of SEBI’s broader effort to create a more inclusive, yet secure, financial ecosystem in India. By acknowledging the varied capacities of different market players, SEBI aims to strengthen the industry’s overall resilience without stifling innovation or growth.

👉 Takeaway for businesses: If you’re a smaller market intermediary, this is a chance to stay compliant without being overwhelmed—but you’ll still need to adopt core cybersecurity practices to protect client data and maintain trust.

Read full coverage here