SEBI has proposed consolidating technology and cybersecurity regulations for market infrastructure institutions, including stock exchanges and depositories. The move aims to simplify compliance by removing duplicate rules and standardizing capacity planning requirements. Institutions will face a 75% system utilization threshold for corrective action.
What Happened
The Securities and Exchange Board of India (SEBI) has released a consultation paper outlining plans to overhaul technology and cybersecurity regulations for Market Infrastructure Institutions (MIIs). These institutions, which include stock exchanges, clearing corporations, and depositories, form the backbone of the Indian securities market. The regulator aims to merge various existing master circulars into one unified framework to improve clarity, remove redundancies, and streamline the compliance process.
Why It Matters for Market Stability
For investors, the operational stability of market infrastructure is vital. Technical glitches at exchanges or depositories can disrupt trading, delay settlements, and create uncertainty. By creating a single set of rules—covering areas like cybersecurity, business continuity planning, and system audits—SEBI is attempting to ensure that all MIIs follow a consistent standard. This reduces the risk of ambiguity in regulatory requirements and helps these institutions maintain better uptime and operational resilience.
The 75% Capacity Rule
One of the specific changes proposed involves harmonizing capacity planning. Under the new framework, if an institution's IT infrastructure reaches more than 75% of its installed capacity, it must take immediate corrective action. If repeated breaches occur, these institutions would be required to undertake capacity augmentation. This rule, which also applies to depositories over a 15-day rolling period, is designed to ensure that trading and settlement systems are not overwhelmed by high transaction volumes, a critical factor during periods of high market volatility.
Impact on Listed MIIs
This proposal carries specific relevance for listed market infrastructure entities, such as BSE and CDSL. While these entities are already subject to stringent regulatory oversight, a unified framework could simplify their internal compliance efforts by removing duplicate filings and redundant processes. Investors in these companies often monitor their regulatory health and operational efficiency, as these factors directly contribute to business sustainability.
What Investors Should Track Next
SEBI has invited public comments on these proposals until July 13, 2026. The key monitorable for the market is the final notification from the regulator, which will outline the implementation timeline. Investors may want to watch how these institutions adapt their IT systems to meet the new, standardized capacity and cybersecurity thresholds in the coming quarters.