Sebi Proposes Consolidating IT and Cybersecurity Regulations for Market Infrastructure Institutions

Sebi has proposed consolidating fragmented IT and cybersecurity regulations for market infrastructure institutions into a unified framework. The initiative aims to reduce compliance burden and eliminate redundancies while maintaining regulatory oversight, with a 75 per cent capacity utilisation threshold as a key operational guideline.

Quick Facts

Who

Securities and Exchange Board of India (Sebi)

What

comprehensive overhaul of IT regulations

When

June 22, 2026 (announcement date)

Where

India

comprehensive overhaul of IT regulations
consolidation of Master Circulars
creation of unified framework
removal of duplicated provisions
harmonisation of capacity planning requirements

The Securities and Exchange Board of India (Sebi) has proposed a comprehensive overhaul of information technology and cybersecurity regulations for market infrastructure institutions (MIIs), including stock exchanges, clearing corporations, and depositories. The regulator aims to simplify compliance requirements, eliminate redundancies, and ensure regulatory consistency by merging provisions from multiple existing Master Circulars into a unified framework covering common IT-related areas such as cybersecurity, cyber resilience, system audits, business continuity planning, disaster recovery, capacity planning, and technology advisories.

Key proposals include removing duplicated references to the Cyber Security and Cyber Resilience Framework (CSCRF) that already apply directly to MIIs, harmonising capacity planning requirements across different institutions, and consolidating provisions on co-location and co-hosting facilities in the commodity derivatives segment with the broader technology framework. The regulator suggested implementing a 75 per cent installed capacity threshold for IT components, with immediate corrective action required if actual utilisation exceeds this level. For depositories, the threshold would be monitored on a 15-day rolling basis.

Sebi emphasized that the consolidation would improve regulatory clarity and reduce compliance burden without diluting oversight. The Standing Committee on Technology (SCOT) would oversee corrective actions taken by MIIs when capacity thresholds are breached, and capacity augmentation would be undertaken where repeated breaches occur. The regulator has also proposed retaining detailed provisions on system clock synchronisation with atomic clocks at a single location within the framework to avoid repetition across multiple chapters.

Sebi has sought public comments on the consultation paper until July 13, 2026, to gather stakeholder feedback before finalising the new regulatory framework.

Topics

Technology Business World

#regulatory consolidation #capacity planning #Master Circulars #compliance #IT regulations #SEBI #market infrastructure institutions #cybersecurity

Why This Matters

This consolidation directly reduces operational costs and administrative complexity for Indian stock exchanges, clearing corporations, and depositories by eliminating redundant compliance requirements. Market participants and investors benefit from clearer, more consistent regulatory standards that strengthen cybersecurity resilience without increasing compliance burden. The unified framework also accelerates regulatory response to technology risks and sets a measurable capacity planning standard that enhances market infrastructure stability.

Timeline & Sources

Jun 22, 2026

Wire

Sebi proposed comprehensive consolidation of IT and cybersecurity regulations for market infrastructure institutions

Jul 13, 2026

Wire

Public comment deadline for Sebi's consultation paper on consolidated IT regulations

Entities

Sources

Sebi to Consolidate IT & Cybersecurity Norms for MIIsRediff MoneyWizMediaJun 23, 2026