Sebi proposes sweeping revamp of tech rules for exchanges

India's market regulator proposed a broad overhaul of the technology rules governing stock exchanges, clearing corporations and depositories, aiming to tighten governance around system failures, incident reporting and disaster recovery.

The Securities and Exchange Board of India circulated a consultation paper Friday that would replace the current Cyber Security and Resilience Framework, in effect since 2015, with a more detailed set of requirements. The draft covers infrastructure resilience, third-party vendor oversight and the role of a designated chief information security officer at every market infrastructure institution.

One of the sharper changes: a mandatory 24-hour deadline for reporting certain cyber incidents to Sebi, with timelines running from first detection. The current framework has no such reporting clock. The draft also requires exchanges and clearing houses to test their disaster-recovery setups at least twice a year, with live failover drills that include members.

Sebi wants