Circular no. IFSCA-CSD0MSC/1/2026-DCS; Dated: 10.03.2026
The IFSCA has amended its Circular titled “Guidelines on Cyber Security and Cyber Resilience for REs in IFSCs”. Under the revised framework, certain categories of REs, including branches of regulated Indian or foreign entities, entities providing services only to group companies and entities with fewer than 10 employees, are granted a 3-year exemption from the circular’s requirements, subject to specified conditions.
The REs specified in para 21 shall comply with the following conditions during the exempted period:
- The RE shall adopt the Cyber Security and Cyber Resilience framework and IS Policy of its parent entity or the holding company of such parent entity.
- The CISO of the parent entity shall act as the Designated Officer for the RE.
- The parent entity or the holding company of such parent entity of the RE, in India or overseas, must be regulated by a regulator/Government Body in its home jurisdiction.
- The Designated Officer of the RE shall certify that all the necessary systems/processes, in line with these Guidelines
- The RE shall submit the annual cybersecurity audit report to IFSCA.
The following categories of REs are also exempted for a period of three (3) years.
- Foreign university set up in the IFSC
- The RE, which has been established as a newly incorporated standalone entity
- Credit Rating Agency
Provided that the Designated Officer of such RE shall, during the exempted period, certify that the RE has implemented adequate cybersecurity measures proportionate to its risk exposure, and shall submit the same to the respective supervision Department/Division of IFSCA within ninety (90) days of the end of each financial year
Click Here To Read The Full Circular
The post IFSCA Amends Cyber Security Guidelines for IFSC REs appeared first on Taxmann Blog.
