SEBI proposes overhaul of tech and cyber rules for stock exchanges

SEBI has proposed a broad overhaul of technology and cyber-security rules for stock exchanges, clearing corporations and depositories, in a consultation paper that aims to simplify the rulebook while tightening the framework around operational resilience.

The June 22, 2026 proposal is part of a wider ease-of-doing-business review for market infrastructure institutions. SEBI said the exercise is meant to remove redundancies, obsolete requirements and overlaps, while keeping cyber resilience and continuity planning at the center of the framework.

Public comments on the paper are open until July 13, 2026.

What SEBI proposed

The consultation paper covers annual system audits, cyber security, business continuity planning, disaster recovery and capacity planning. It also looks at rules for trading software and technology vendors used by market infrastructure institutions.

According to the reporting, SEBI wants to consolidate multiple circulars and master circular provisions into a simpler framework. The regulator is also seeking to align legacy technology rules with its Cyber Security and Cyber Resilience Framework, or CSCRF.

That means provisions already covered under CSCRF could be removed from older circulars. The reporting says the list includes cyber crisis management plans, vulnerability assessments, data encryption, cyber resilience testing and security operations centres.

SEBI is also proposing to rationalize algorithmic trading rules. The proposed structure would group order-to-trade ratio penalties, algorithm tagging and software testing under one section.

Why the overhaul matters

The proposed rewrite matters because stock exchanges, clearing corporations and depositories sit at the center of India’s market infrastructure. The rules governing their technology systems affect how trading, settlement and recovery processes work during normal operations and stress events.

SEBI’s focus on audits, disaster recovery and capacity planning shows that the regulator is not just trimming paperwork. It is trying to simplify the rulebook while still keeping clear operational safeguards around systems that must stay resilient during disruptions.

For market infrastructure institutions, the practical result could be a smaller compliance load in areas where older rules duplicate newer ones. For the broader market, the key question is whether the streamlined structure still preserves enough detail to manage cyber and operational risk.

How the proposal fits SEBI's broader review

The consultation paper is part of a broader review of regulations for stock exchanges, clearing corporations and commodity derivatives exchanges. SEBI has framed the exercise as an "optimal regulation" approach, aimed at reducing duplication without weakening oversight.

The regulator has also been reviewing older master circulars that it says have accumulated obsolete provisions over time. The current proposal would replace scattered requirements with a more consolidated framework.

The reported goal is to make the rulebook easier to follow for exchanges and related institutions, while keeping the core expectations for supervision, continuity and cyber protection intact.

Changes for vendors and algorithmic trading

One of the more practical changes in the proposal concerns vendors operating in exchange co-location facilities. SEBI has suggested allowing vendors to provide either hardware or software services, rather than requiring end-to-end solutions.

That could give trading members and related institutions more flexibility in how they structure technical support and procurement. It may also lower costs in some cases, although the final impact will depend on the wording SEBI adopts after consultation.

The proposal also touches algorithmic trading compliance. By grouping related requirements under one section, SEBI appears to be trying to make the framework easier to interpret and enforce.

The timing and comment window

The first detailed reporting on the proposal emerged on June 22, 2026, when The Economic Times reported that SEBI had issued a consultation paper on a sweeping revamp of technology rules for stock exchanges.

A follow-up report on June 23 said SEBI's broader ease-of-business push included a review of regulations for stock exchanges, clearing corporations and commodity derivatives exchanges. That report also said comments on the trading software and technology paper remain open until July 13, 2026.

The immediate next step is stakeholder feedback. SEBI will review the comments before deciding whether to finalize the framework as proposed or adjust it further.

Open questions

Several details still need to be clarified before the proposal becomes final. SEBI has not yet published the revised circulars, so it remains unclear exactly which provisions will be removed or merged.

It is also not yet clear whether the same structure will be adopted across all market segments at once or introduced in stages.

For now, the proposal signals a familiar regulatory pattern: simplify the rulebook where older provisions overlap, but leave cyber resilience and operational continuity as core obligations for the institutions that keep the market running.