Description
BSE extends the deadline for trading members to submit Cyber Security & Cyber Resilience Audit reports for the half-yearly period ending September 2025, with new preliminary report deadline of January 31, 2026.
Summary
BSE has extended the submission deadline for Cyber Security and Cyber Resilience Audit reports following representations from market participants. Trading members who are Qualified REs and Mid-size/Small size REs providing Internet Based Trading (IBT) or Algo Trading facilities must conduct half-yearly audits as per SEBI-CSCRF requirements. The preliminary audit report deadline for the period April 2025 to September 2025 has been extended to January 31, 2026.
Key Points
- Extension applies to Cyber Security & Cyber Resilience Audit report submissions
- Affects trading members classified as Qualified REs and Mid-size/Small size REs providing IBT or Algo Trading
- Extension granted in consultation with SEBI based on market participant representations
- Members registered with both BSE and NSE should submit reports only to NSE (single submission process)
- Members registered only with BSE continue submitting to BSE as per existing process
Regulatory Changes
No new regulatory requirements introduced. This circular provides timeline relief for existing SEBI-CSCRF cyber security audit requirements outlined in BSE circular 20251110-19 dated November 10, 2025.
Compliance Requirements
Eligible Trading Members:
- Qualified Regulatory Entities (REs)
- Mid-size and Small size REs providing Internet Based Trading (IBT) or Algorithmic Trading facilities
Actions Required:
- Conduct Cyber Security & Cyber Resilience Audit on half-yearly basis
- Submit preliminary audit report by revised deadline
- Submit Action Taken Report (if applicable) by specified date
Submission Process:
- Members registered with both BSE and NSE: Submit to NSE only
- Members registered only with BSE: Submit to BSE through existing process
Important Dates
| Audit Period | Report Type | Revised Due Date |
|---|---|---|
| Half Yearly (April 2025 – September 2025) | Preliminary Audit Report | January 31, 2026 |
| Half Yearly (April 2025 – September 2025) | Action Taken Report (if applicable) | April 30, 2026 |
Reference Circulars:
- BSE Circular 20251110-19 dated November 10, 2025
- BSE Notice 20250929-81 dated September 29, 2025
Impact Assessment
Operational Impact:
- Provides additional time (extended to January 31, 2026) for trading members to complete cyber security audits
- Reduces compliance pressure on trading members during year-end period
- Streamlines submission process for members registered with multiple exchanges
Market Impact:
- Low direct market impact as this is an administrative extension
- Demonstrates regulatory flexibility in response to industry feedback
- Maintains focus on cybersecurity standards while allowing reasonable implementation timelines
Member Benefits:
- Additional compliance window of approximately 2-3 months
- Reduced duplicate submissions for multi-exchange members
- Clearer timelines for audit completion and reporting
Impact Justification
Administrative extension providing relief to trading members for cyber security audit compliance; affects operational timelines but does not change core regulatory requirements