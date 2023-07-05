According to the Sebi consultation paper, the regulated entities such as brokers may be held accountable for the cyber risks posed by their third-party vendors.

Sebi has released a consultation paper on 'Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities'. The consultation paper is aimed at improving the cybersecurity and cyber resilience of market intermediaries, market infrastructure institutions, and other regulated entities. The consulting paper outlines steps to ensure the cyber-resilience from third-party vendors by putting the responsibility on REs.

According to the Sebi consultation paper, the regulated entities such as brokers may be held accountable for the cyber risks posed by their third-party vendors.

“REs shall be solely accountable for all aspects related to third party services taken including (but not limited to) confidentiality, integrity, availability, non-repudiation, and security of its data and logs and ensuring compliance with laws, regulations, circulars, etc. issued by Sebi/Government of India. Accordingly, REs shall be responsible and accountable for any violation of the same,” SEBI’s consultation paper noted.