Extension of timeline for submission of the Cyber Security and Cyber Resilience Audit Report of Trading Members

Description

BSE extends the deadline for submission of preliminary Cyber Security & Cyber Resilience Audit reports for trading members to January 31, 2026, with action taken reports due by April 30, 2026.

Summary

BSE has extended the deadline for trading members to submit their Cyber Security & Cyber Resilience Audit reports following representations from market participants. The preliminary audit report for the half-yearly period (April 2025 - September 2025) is now due on January 31, 2026, instead of the earlier deadline. This circular also clarifies the common submission mechanism for members registered with both BSE and NSE.

Key Points

Timeline extension granted in consultation with SEBI for cyber security audit report submissions
Applies to Qualified REs and Mid-size/Small REs providing IBT or Algo Trading facilities
Members registered with both BSE and NSE should submit reports only to NSE
Members registered only with BSE must continue existing submission process to BSE
Reference to SEBI-CSCRF (Cyber Security and Cyber Resilience Framework) requirements

Regulatory Changes

No new regulatory requirements introduced. This circular provides timeline relief for existing SEBI-CSCRF audit requirements previously communicated via BSE circular 20251110-19 dated November 10, 2025.

Compliance Requirements

Applicable to:

Qualified Regulated Entities (REs)
Mid-size and Small REs providing Internet-Based Trading (IBT) or Algorithmic Trading facilities

Submission Requirements:

Trading members registered with both BSE and NSE: Submit to NSE only (common submission mechanism)
Trading members registered only with BSE: Submit directly to BSE as per existing process
Audit must cover half-yearly period ending September 30, 2025

Important Dates

Audit Period	Report Type	Revised Due Date
April 2025 - September 2025	Preliminary Audit Report	January 31, 2026
April 2025 - September 2025	Action Taken Report (if applicable)	April 30, 2026

Previous circular references:

Exchange circular 20251110-19 dated November 10, 2025
Exchange Notice 20250929-81 dated September 29, 2025

Impact Assessment

Market Impact: Low - No direct impact on trading operations or market activities.

Operational Impact: Medium - Provides compliance relief to trading members by extending deadlines, allowing more time for thorough audit completion and remediation if needed.

Affected Entities: Trading members classified as Qualified REs and Mid-size/Small REs offering IBT or algorithmic trading services. The extension reduces compliance pressure during the year-end period.

Process Streamlining: Implementation of common submission mechanism for dual-registered members reduces administrative burden and potential duplicate submissions.

Impact Justification

Provides compliance relief to trading members by extending audit submission deadlines. Affects operational compliance but does not impact trading operations or market activities directly.

Category	Compliance
Circular ID	`d581483d08f69d53`
Impact	Medium
Severity	Medium
Tags	cyber-security audit compliance trading-members timeline-extension sebi-cscrf nse-common-submission
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink