Regulator clarifies Cybersecurity and Resilience Framework for regulated entities: exclusivity, equivalence, technical amendments, revised thresholds, immediate provisions

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....Regulator issued technical clarifications to the Cybersecurity and Cyber Resilience Framework for regulated entities, introducing Principles of Exclusivity and Equivalence for entities under multiple regulators, detailed technical amendments (definitions of critical systems, zero-trust guidance, recommendatory mobile app security, VAPT/audit submission formats, Market-SOC onboarding, RTO/RPO expectations, ISO 27001 encouragement), revised categorisation thresholds for portfolio managers and merchant bankers, and adoption of CERT-In audit guidelines. Stock exchanges and depositories must amend bylaws and notify members; certain provisions take immediate effect. The circular is issued under statutory powers to protect investors and regulate the securities market.....