Reminder for Submission of Action Taken Report for Cyber Security and Cyber Resilience Audit of Trading Members

Published: April 17, 2026

Processed: April 17, 2026

NSE Compliance cyber-security cyber-resilience

PDF Document

If the PDF doesn't display, click here to view it in a new tab ↗

Description

NSE reminds trading members to submit Action Taken Reports (ATR) for non-compliances identified in Cyber Security and Cyber Resilience Audits for the half-yearly audit period ending September 30, 2025, with a deadline of April 30, 2026.

Summary

NSE has issued a reminder to all trading members to submit Action Taken Reports (ATR) for non-compliances identified during the Cyber Security and Cyber Resilience Audit for the half-yearly audit period from April 2025 to September 2025. The ATR must be submitted by April 30, 2026 via the ENIT portal. This circular references the earlier circular NSE/INSP/71214 dated November 10, 2025.

Key Points

Trading members must take corrective action for each non-compliance flagged by auditors in the Cyber Audit Report.
Action Taken Reports (ATR) must be submitted for non-compliances in the audit period ending September 30, 2025.
After reviewing corrective actions, auditors will mark compliance status as Compliant or Non-Compliant on ENIT via ATR.
ATR submission is available through the ENIT portal under: NEW-TRADE → Trade → Cyber Audit → Cyber Audit Help File → ATR (applicable for both trading members and auditors).
Members are also reminded of circular NSE/INSP/70746 dated October 10, 2025, on rationalization and standardization of penalties.

Regulatory Changes

No new regulatory changes are introduced. This circular is a procedural reminder referencing existing obligations under NSE/INSP/71214 dated November 10, 2025, regarding Cyber Security and Cyber Resilience Audit requirements for trading members.

Compliance Requirements

All trading members must review non-compliances reported in their Cyber Audit Report for the period April 2025 – September 2025.
Corrective actions must be taken for each reported non-compliance.
ATR must be submitted through the ENIT portal by April 30, 2026.
Auditors must submit compliance status (Compliant/Non-Compliant) on ENIT through the ATR mechanism.
Non-compliant members may be subject to penalties as per circular NSE/INSP/70746 dated October 10, 2025.

Important Dates

Audit Period	ATR Submission Deadline
Half Yearly (April 2025 – September 2025)	April 30, 2026

Impact Assessment

This circular impacts all NSE trading members who received non-compliance observations in their Cyber Security and Cyber Resilience Audits for the half-year ending September 30, 2025. Failure to submit ATR by the deadline may attract penalties under the rationalized penalty framework (NSE/INSP/70746). The impact is administrative and operational, with no direct market-wide or pricing implications. Members should ensure timely engagement with their auditors and complete ENIT submissions before April 30, 2026.

Category	Compliance
Circular ID	`74bf596c6b3a778d`
Impact	Medium
Severity	Medium
Tags	cyber-security cyber-resilience trading-members action-taken-report compliance inspection audit enit
Source	NSE
Links	PDF Document ↗ Original Source ↗ Permalink