The Securities and Exchange Board of India (SEBI) has mandated an enhanced cybersecurity framework for stock brokers and depository participants, strengthening investor protection against digital threats and market infrastructure vulnerabilities.
## New Compliance Requirements
Key mandates under the enhanced framework:
– Multi-factor authentication for all client accounts
– Real-time threat monitoring and incident response
– Annual security audits by CERT-In empaneled auditors
– Data encryption standards for client information
– Mandatory cyber insurance coverage
## Implementation Timeline
The new framework will be implemented in three phases:
– Phase 1 (April 2026): Large brokers (Tier 1)
– Phase 2 (July 2026): Medium brokers (Tier 2)
– Phase 3 (October 2026): Small brokers (Tier 3)
## Compliance Requirements
Brokers must appoint a Chief Information Security Officer (CISO) and establish dedicated security operations centers for monitoring.
## Data Protection Standards
Client data handling norms have been strengthened, with specific guidelines on data localization and cross-border data transfers.
## Penalty Framework
Non-compliance will attract significant penalties, including potential suspension of trading licenses for repeated violations.
## Industry Investment
The brokerage industry is estimated to invest over Rs. 2,000 crore collectively to meet the enhanced compliance requirements.
## Investor Benefits
The new framework will significantly reduce the risk of account hacking, unauthorized trading, and data breaches, providing enhanced protection for retail investors.
