August 2025

SEBI Extends Cybersecurity Compliance by Two Months Know It All

Leave a Comment / Cyber Security / Lumiverse Solutions

SEBI Extends Cybersecurity Compliance by Two Months Know It All INTRODUCTION SEBI Extends Cybersecurity Compliance timeline by two months, providing regulated entities (REs) with more time to put into place and strengthen their cybersecurity and cyber resilience framework. The action, as announced by the Securities and Exchange Board of India (SEBI), is crucial for stockbrokers, depositories, mutual funds, and other market intermediaries who are going the extra step to meet stringent security standards. This extension is not just a relief—it’s also a reminder. In today’s digital-first financial world, cyberattacks are becoming increasingly sophisticated. A well-defined cybersecurity compliance strategy is not optional; it’s essential. By extending the deadline, SEBI is providing breathing space to the industry, but it’s also sending a strong message: cybersecurity is a priority, and compliance is non-negotiable. Background: Understanding SEBI’s Cybersecurity Framework SEBI Extends Cybersecurity Compliance notice is among the efforts of a broader regulatory drive towards cybersecurity. The framework introduces tough policies for: Infrastructure Security – All trading and investment infrastructure will be secured. Incident Response – Early detection, reporting, and remediation of cyber incidents. Data Protection – Securing investor data from breaches and leaks. Continuous Monitoring – 24/7 surveillance to detect vulnerabilities. Timeline of SEBI’s Cybersecurity Compliance Deadlines Initial Framework Release – SEBI first issued cybersecurity guidelines in 2015, evolving them over time. Mandatory Implementation Phase – Extended to various market participants in different phases. Original 2025 Deadline – Most companies were to comply by June 30, 2025. Extension Notice – SEBI Now Exts Cybersecurity Compliance deadline to August 31, 2025. This two-month extension may not be a great deal, but in the IT realm of infrastructure renewal and security scans, every week counts. Why SEBI Extends Cybersecurity Compliance Its reason for doing so is because of the following: Industry Readiness Gaps – The majority of entities informed that full implementation was still in progress. Complexity of Requirements – The framework involves multiple upgrades, audits, and employee training. Supply Chain Delays – Security hardware and software procurement faced delays. Integration Challenges – Aligning legacy systems with modern security tools takes time. SEBI’s Practical Approach – The regulator prefers enabling genuine compliance over forced, rushed adoption. By extending the SEBI Extends Cybersecurity Compliance deadline, the regulator ensures that the transition is both smooth and effective. Who Must Comply? The SEBI Extends Cybersecurity Compliance notice applies to all regulated entities, including: Stock Exchanges Depositories Clearing Corporations Stockbrokers Mutual Funds and Asset Management Companies (AMCs) Portfolio Managers Investment Advisors Research Analysts No sector participant dealing with sensitive investor data is exempt. Key Requirements of SEBI’s Cybersecurity Framework To meet the SEBI Extends Cybersecurity Compliance mandate, entities must: Conduct Risk Assessments – Determine weaknesses in infrastructure. Implement Security Controls – Firewalls, encryption, intrusion detection, etc. Regular Vulnerability Testing – Use VAPT (Vulnerability Assessment and Penetration Testing). Incident Response Plans – Develop detailed response plans for cyberattacks. Employee Awareness Training – Mitigate insider threat risk. Third-Party Risk Management – Vendors are not excluded. Real-Time Monitoring – Use Security Operations Centers (SOCs). Industry Impact of the Extension The SEBI Extends Cybersecurity Compliance update is helpful to the industry because of the following reasons: Extra Time for Complete Implementation – Refraining from early releases and potential loopholes. Improved Vendor Coordination – Including vendor specifications on third-party service providers too. Improved Testing – Extended time frame for security audits and penetration tests. Reduced Operating Stress – Enables companies to retain the level of service quality resulting from upgrading. Compliance Plan for New Deadline Below is the way market players can maximize this two-month window period: Gap Analysis – Determine what is lacking in your current infrastructure. Prioritize Critical Risks – Mitigate the most crucial security vulnerabilities first. Boost Monitoring Capabilities – Spend in newer SOCs and monitoring tools. Mock Drills – Conduct mock cyber attacks for readiness tests. Document Everything – Keep records of compliance proof for SEBI audits. Risks of Non-Compliance As SEBI Extends Cybersecurity Compliance deadline, failure to comply will have: Regulatory Penalties – Suspension and heavy fines. Damage to Reputation – Loss of investor confidence. Legal Action – When investor information is hacked. Reactions in the Industry Cybersecurity professionals have embraced the SEBI Extends Cybersecurity Compliance move more or less in unity. While almost everyone is on the same page that labeling the extension as necessary is what should be done, they suggest sloth will make end-of-period rushes inevitable, making the value useless. August 31, 2025 To-Do List Carry out thorough VAPT and patch all weaknesses. Activate multi-factor authentication to main systems. Get vendors aligned. Employee phishing detection training. Draft SEBI compliance reports. Conclusion The decision by SEBI to extend cybersecurity compliance by two months is more than just a grace period—it’s a strategic opportunity for market participants to strengthen their cyber defenses, align with regulatory expectations, and build lasting trust with investors. In today’s hyper-connected financial ecosystem, cybersecurity is not merely a regulatory checkbox; it is the backbone of operational resilience and investor confidence. By implementing this extension in the optimum way, companies can perform complete scans for vulnerabilities, introduce advanced threat detection tools, strengthen their talent pool, and become completely compliant with the SEBI cybersecurity framework. By doing this preventive action, compliance at the deadline is not only enabled but valuable information is safeguarded, costly breaches are prevented, and reputation in the market is established. SEBI Accelerates Cybersecurity Compliance to drive readiness, not hinder. The best-positioned firms will be made stronger, tougher, and better positioned to succeed in a more digitally oriented financial world. With cyber threats building at record velocity during an age of historic threat, this window is an opportunity to leapfrog patchwork compliance to the full mastery of cybersecurity. Disclaimer The contents of this blog SEBI Extends Cybersecurity Compliance are intended only for general information and education purposes. Even though all reasonable efforts have been made to confirm the facts stated and their publication as accurate and reliable, SEBI (Securities and Exchange Board of India) issued rules, regulations, and compliance requirements change and are

SEBI Extends Cybersecurity Compliance by Two Months Know It All Read More »

What Is .bank.in Domain? RBI’s New Mandate Explained

What Is .bank.in Domain? RBI’s New Mandate Explained Introduction: What Is .bank.in Domain? As the fintech era turns digital, the responsibility falls on as much as trust and security are involved. With more cyber frauds, phishing cases, and fake bank websites, Reserve Bank of India (RBI) has taken a historic step by introducing the use of .bank.in domain for all Indian banks. All this will be elaborated in detail within this blog: What is .bank.in domain? Why RBI made it compulsory? First of all, let us talk about its benefits, how it impacts bank security, search engine optimization, and trust. Steps followed in the process of compliance of the banking sector.And what it implies for fintechs and customers.Let’s start the ride of .bank.in domains and see more about this important RBI initiative. What Is .bank.in Domain? – A Detailed Overview The .bank.in domain is a secure and restricted domain introduced under the ‘.in’ domain hierarchy managed by INRegistry and governed by NIXI (National Internet Exchange of India). It is exclusively meant for Indian banks, ensuring: Verification-based registration (only genuine banks can apply), Restricted use, and High-level DNS and HTTPS security features. RBI’s Vision Behind the Mandate So again, what is .bank.in domain in the context of RBI? RBI’s 2024 circular clearly stated that all banks must migrate to a .bank.in domain by June 2025. This mandate aims to: Enhance trust and legitimacy of banking websites, Prevent spoofing, phishing, and clone websites, and Promote a standardized, RBI-approved digital identity for banks. Why Is the .bank.in Domain Mandate Needed? Let’s look at why RBI had to mandate the .bank.in domain in the first place. 1. Rise in Banking Frauds Spoofed bank sites are usually created by cyber criminals using names like: hdfcbank-security[.]com icicibank-login[.]in sbi-customer-support[.]com The users become duped into providing login details or OTPs. But in .bank.in, it can happen only by the Indian banks registered and qualified to utilize the domain. 2. No Identity Authentication in Generic Domains Banks have used: .com .co.in .in .net These are open domains, where anyone can register without identity authentication, and thus they are unsafe. 3. Global Use of Secure Banking Domains USA and others use .bank, an fTLD-hosted restricted domain, for the same intent. India’s equivalent — .bank.in — is RBI-approved, India-specific, and facilitates Digital India initiatives. Important Features of the .bank.in Domain So that you can learn what is .bank.in domain, you must know its technical and security features: 1. Restricted Access Scheduled commercial banks, Small finance banks, Cooperative banks, and Regional rural banks are allowed to buy a .bank.in domain name, on the condition of RBI license proof. 2. Spoofed DNSSEC (Domain Name System Security Extensions) DNSSEC defends against DNS spoofing and cache poisoning attacks. 3. Defaults to HTTPS Encryption All .bank.in domains require SSL certificates, which is to be at least TLS 1.2 encryption level. 4. Email Authentication Forced on SPF, DKIM, and DMARC to prevent email spoofing attacks. 5. WHOIS Privacy Disabled The .bank.in domains retain their WHOIS data open, or maximum openness and trust. 6. No Subdomain Resale Which implies that the subdomains and domains cannot be resold, monetized, or transferred-the entire package is reserved only for banking activities. Benefits of Having a .bank.in Domain Following are the most crucial advantages that render .bank.in domain worth the exercise: Increase Trust & Customer TrustWhen the customers receive a name like axis.bank.in or sbi.bank.in, it makes them recognize it as official as well as RBI-sanctioned in the first try itself. Safe Brand GuardThe banks no longer have any concerns about the spoofed or cloned domains. The domain itself serves as a security boundary. Better SEO & Domain Authority As .bank.in domains are niche-specific, they: Attract more domain authority, Rank higher in banking-related searches, Enjoy better CTRs (Click-Through Rates) in search engines. Regulatory Compliance Migrating to .bank.in ensures: RBI compliance, Cyber insurance eligibility, Better audit scores under ISMS, SOC2, and PCI-DSS frameworks. RBI’s Official Circular: Highlights of the Mandate Deadline: Change prior to 30th June 2025 Includes: All Indian banks, cooperative, regional, and payment banks DNSSEC, SSL, and DMARC compliance is required Old domains (.com, .net, etc.) registered to be routed to the .bank.in domain How Banks Can Migrate to .bank.in Domain – Step-by-Step Understanding what .bank.in domain is also understanding how to set it up. Step 1: Verification of Eligibility Banks must possess an RBI license and must be registered on the RBI database. Step 2: Register through INRegistry or Approved Registrars Submit: Proof of registration at RBI Legal authorization letter Domain admin KYC information Step 3: Secure DNS & SSL configuration DNSSEC enabling EV SSL Certificates purchase Implement SPF, DKIM, DMARC Step 4: Website Migration Migration of banking portals, mobile applications, and online services URL change to be made on: SMS notifications, Emailers, Ads, and QR-based payment systems. Step 5: Redirection & Testing 301 redirections of current domains to be triggered Uptime, logs, and security alerts to be tracked VAPT to be conducted What if the banks are not compliant? If one bank does not remain compliant until June 2025: Punishments or restrictions by RBI Cyber insurance to be made void Greater chances of theft of customer data and fraud Loss of customer trust on the internet and SEO ranking What Is .bank.in Domain? – Impact on Customers Considering it from the customer perspective, what is .bank.in domain all about . 1. Easy Identification of Authentic Sites Customers can safely rely only upon those sites which possess extension .bank.in. 2. Reduced Phishing, Greater Confidence Customers will be less deceived by attempts at phishing from sites that look like them. 3. Secure E-mail Communication Due to enforced DMARC and DKIM, bank spam e-mails will be greatly reduced. Fintechs, NBFCs, and Third-Parties How to Change Although fintechs and NBFCs are not mandatory to use .bank.in via law, they are majority banking partners. Hence, they must: Make .bank.in domains functional in USAID, AEPS, and lending APIs White-list .bank.in domains in firewalls and anti-spam filters Upgrade DNS and logic in code to accept

Expert Cybersecurity Services You Can Rely On

Security Assessment Services

Empower Your Security Strategy: Introducing the Pioneers in Assessment Services!

Incident Response

Battle-Tested Cyber Guardians: Unveiling the Elite in Incident Response!

Compliance & Consulting Services

Expert Guidance for Cyber Security Compliance: Introducing Our Consulting Services

Security Operations

Understanding Security Operations: Navigating the Cybersecurity Landscape

Specialized Services

Getting Started with Specialized Cybersecurity Services: An Introductory Framework

Expert Cybersecurity Services You Can Rely On

Security Assessment Services >>

Empower Your Security Strategy: Pioneers in Assessment Services!

Incident Response >>

Battle-Tested Cyber Guardians: Unveiling the Incident Response!

Compliance & Consulting Services >>

Expert Guidance for Cyber Security Compliance: Our Consulting Services

Security Operations >>

Security Operations: Navigating the Cybersecurity Landscape

Specialized Services >>

Specialized Cybersecurity Services: An Introductory Framework

Empowering Industry, Securing Tomorrow

Empowering Industry, Securing Tomorrow

Main Menu

Services

Industries

Follow Us

Security Assessment
Services

Empower Your Security Strategy: Introducing the Pioneers in
Assessment Services!

Incident
Response

Battle-Tested Cyber Guardians: Unveiling the Elite in Incident
Response!

Security
Operations

Specialized
Services

Security Assessment
Services >>

Incident
Response >>

Compliance & Consulting
Services >>

Security
Operations >>

Specialized
Services >>