SEBI CSCRF for VC Funds
Venture Capital funds need to comply with SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF) by August 31, 2025
What is CSCRF?
SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF) is a regulatory framework designed to strengthen the cybersecurity posture of SEBI-regulated entities (REs) in the Indian securities market. Here's a breakdown of its key aspects. Download the circulars below
SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113
SEBI/HO/IMD/IMD-PoD-1/P/CIR/2023/046
SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2025/45
SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2025/60
Still confused?
Goals of
the framework
Get more information for the same by downloading the CSCRF for SEBI regulated entities.
Strengthen Cybersecurity
Enhance financial sector's digital defenses and protect against evolving cyber threats.
Build Cyber Resilience
Develop capabilities to anticipate, withstand, contain, and recover from cyber incidents.
Align with Global Standards
Incorporate best practices and mandate industry-standard cybersecurity certifications.
Ensure Operational Continuity
Create robust incident response plans and security monitoring mechanisms.
Promote Governance
Establish board-level oversight, assign clear responsibilities, and enforce comprehensive risk management.
What needs to be done
Set up monitoring services for real-time threat detection.
Achieve ISO 27001 certification and conduct Vulnerability Assessment and Penetration Testing (VAPT).
Ensure compliance of external vendors with cybersecurity standards.
Store regulatory data securely within India, as mandated by SEBI.
Have a virtual Chief Information Security Officer for expert oversight.
How It will be done
What Happens if VCs Don’t Comply?
Non-compliance with CSCRF can lead to
Regulatory Actions
Suspension of Services
Operational Risks
Reputational Damage
Final Deliverables
Timelime
All deliverables will be completed in phases, ensuring full compliance by
