Sebi’s cyber framework: Tiered relief proposed for small intermediaries; experts flag compliance risks

Sebi’s current clarifications on its Cybersecurity and Cyber Resilience Framework launched tiered compliance requirements, lowering necessities for smaller intermediaries. While the transfer is seen as a step towards strengthening market safety and aligning with world norms, experts warning that smaller companies should wrestle with the prices and complexity of implementation, reported Economic Times.“Sebi’s enhanced cyber rules substantially improve market security. However, this is overwhelming for smaller firms, and they may face considerable challenges due to increased costs and technical demands,” mentioned Vikas Garg, companion, Deloitte India. He added that bigger organisations can take up compliance prices by devoted groups and superior know-how, whereas smaller entities might require phased implementation and regulatory flexibility.The framework is a part of India’s efforts to align with world requirements. “The framework signals a strong commitment to market integrity and investor protection. They are also in most of the forms aligned with the global prevalent practices of the US SEC and UK FCA on cyber risk management,” mentioned Atul Gupta, companion and head of Digital Trust and Cyber at KPMG India, quoted by ET. With a number of regulators — together with RBI, IRDAI and CERT-In — sustaining their very own norms, experts argue {that a} unified nationwide framework may simplify compliance.Sebi has launched exemptions to ease the burden on smaller intermediaries. “Portfolio Managers with up to 3,000 crore of AUM will now be self-certification reporting entities who have far less onerous obligations. Similarly, merchant bankers without active operations fall outside the framework’s ambit,” mentioned Arun Prabhu, companion and co-head of Digital+, TMT at Cyril Amarchand Mangaldas. He recommended that shared infrastructure options may additionally assist cut back prices.Still, non-compliance risks stay excessive. “Despite the clarification, smaller intermediaries face significant legal exposure if they fail to comply with SEBI’s framework,” mentioned Rohit Jain, managing companion at Singhania & Co. He famous SEBI’s intent to carry senior administration accountable for cyber governance and its emphasis on regulated entities managing third-party risks.According to experts, the important thing problem lies in balancing regulatory compliance with real resilience. “Today, many firms are devoting more resources to compliance paperwork rather than to genuine resilience initiatives,” Deloitte’s Garg noticed.The framework displays world benchmarks, together with NIST practices, however its effectiveness will depend upon execution. “The true test lies in implementation and enforcement,” KPMG’s Gupta mentioned, stressing that smaller companies’ adoption can be essential for total market resilience.Despite considerations round vendor risks and compliance prices, experts say corporations that deal with cyber resilience as a strategic funding might achieve a aggressive edge. As Gupta famous, early adoption of safe techniques may strengthen each compliance and market positioning.