SEBI/HO/ ITD -1/ITD_CSC_EXT/P/CIR/2025/119 — THE SECURITIES AND EXCHANGE BOARD OF INDIA ACT, 1992

/ CIRCULAR SEBI/HO/ ITD -1/ITD_CSC_EXT/P/CIR/2025/119 To, All Alternative Investment Funds (AIFs) All Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs) All Clearing Corporations All Collective Investment Schemes (CIS) All Credit Rating Agencies (CRAs) All Custodians All Debenture Trustees (DTs) All Depositories All Designated Depository Participants (DDPs) All Depository Participants through Depositories All Investment Advisors (IAs) / Research Analysts (RAs) All KYC Registration Agencies (KRAs) All Merchant Bankers (MBs) All Mutual Funds (MFs)/ Asset Management Companies (AMCs) All Portfolio Managers Association of Portfolio Managers in India (APMI) All Registrar to an Issue and Share Transfer Agents (RTAs) All Stock Brokers through Exchanges All Stock Exchanges All Venture Capital Funds (VCFs) BSE Limited (Investment Adviser Administration and supervisory body- IAASB) BSE Limited (Research Analysts Administration and supervisory body- RAASB) August 28, 2025 Sir / Madam, Subject: Technical Clarifications to Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs) Recognising the need for robust cybersecurity measures and protection of data and IT infrastructure, Securities and Exchange Board of India (SEBI) has issued ' Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)' vide circular SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/113 dated August 20, 2024. Upon receipt of various queries from REs seeking extension and clarification on the aforementioned circular, SEBI has also issued following clarifications and Frequently Asked Questions (FAQs): Based on further discussions, technical clarifications are being issued with respect to Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI