Description
NSE reminds trading members to submit mandatory Cyber Security & Cyber Resilience Audit Report for H2 2025 by January 31, 2026, to avoid penalties.
Summary
NSE has issued a reminder to all trading members regarding the mandatory submission of Cyber Security & Cyber Resilience Audit Report for the half year ended September 30, 2025. This follows earlier circulars NSE/INSP/71214 dated November 10, 2025, and NSE/INSP/71987 dated December 24, 2025. Trading members falling under Qualified REs and Mid-size REs/Small size REs providing Internet-Based Trading (IBT) or Algorithmic Trading facilities must submit the report electronically through the ENIT Member Portal by January 31, 2026, to avoid penalties and disciplinary action.
Key Points
- Mandatory submission for Qualified REs and Mid-size REs/Small size REs providing IBT or Algo Trading facility
- Report covers the half year period ending September 30, 2025
- Submission must be made electronically through ENIT Member Portal
- Non-compliance will result in penalties and disciplinary action as prescribed in circular NSE/INSP/71214
- This is a reminder following previous circulars issued in November and December 2025
Regulatory Changes
No new regulatory changes introduced. This circular serves as a reminder for existing compliance requirements established in previous circulars NSE/INSP/71214 and NSE/INSP/71987.
Compliance Requirements
Applicable Entities:
- All Trading Members classified as Qualified REs (Regulated Entities)
- Mid-size REs and Small size REs that provide Internet-Based Trading (IBT) or Algorithmic Trading facilities
Required Action:
- Submit Cyber Security & Cyber Resilience Audit Report for H1 FY 2025-26 (half year ended September 30, 2025)
- Submission method: Electronic submission through ENIT Member Portal
- Report must cover cyber security and cyber resilience assessments as per RBI/SEBI cybersecurity framework
Consequences of Non-Compliance:
- Penalty charges as prescribed in circular NSE/INSP/71214 dated November 10, 2025
- Potential disciplinary action by the Exchange
Important Dates
- January 31, 2026: Deadline for submission of Cyber Security & Cyber Resilience Audit Report
- January 21, 2026: Date of reminder circular
- Reporting Period: Half year ended September 30, 2025
Impact Assessment
Operational Impact:
- Trading members must ensure their cyber audit reports are completed and submitted on time
- Firms need to coordinate with their IT audit teams and cybersecurity professionals to finalize reports
- Late submission may result in financial penalties and reputational impact
Market Impact:
- This requirement enhances the overall cybersecurity posture of the trading ecosystem
- Ensures trading members maintain robust cyber resilience frameworks
- Protects market integrity by mandating regular cybersecurity assessments for entities handling client trading activities
Compliance Burden:
- High impact for trading members who have not yet completed their cyber audits
- Members providing IBT and algorithmic trading services face stricter scrutiny given the higher cyber risk profile
Contact Information
Trading members can contact NSE regional offices for clarifications:
- Ahmedabad: inspectionahm@nse.co.in | 079-49008632
- Chennai: inspection_cro@nse.co.in | 044-66309915/17
- Delhi: delhi_inspection@nse.co.in | 011-23459127/38/46
- Kolkata: inspection_kolkata@nse.co.in | 033-40400412/459
- Mumbai: compliance_wro@nse.co.in | 022-26598200/61928200
- Central Help Desk: compliance_assistance@nse.co.in
Impact Justification
Mandatory compliance requirement with potential penalties for non-submission. Affects all Qualified REs and Mid-size/Small size REs providing IBT or Algo Trading facilities.