July 1, 2026 at 10:16 AM 2 min readtechAI Insights
India Tightens Cybersecurity Compliance With New CERT-In And SEBI Directives
[Regulatory Landscape]:
India's cybersecurity regulatory environment has become significantly more stringent, forcing organizations to overhaul their data protection and incident response strategies. The Indian Computer Emergency Response Team (CERT-In) now mandates that critical cyber incidents be reported within six hours of detection. Additionally, organizations must maintain secure logs of all ICT systems for 180 days, with the requirement that these logs be stored within Indian jurisdiction.
[Sector-Specific Mandates]:
The Securities and Exchange Board of India (SEBI) has formalized its Cybersecurity and Cyber Resilience Framework (CSCRF), which pushes regulated entities toward a more rigorous compliance model. This framework emphasizes enhanced cyber resilience and broader security testing to protect market integrity. These directives are part of a larger effort to ensure that financial and critical infrastructure remains robust against increasingly sophisticated digital threats.
[Data Protection Accountability]:
The implementation of the Digital Personal Data Protection (DPDP) Act further reinforces these requirements. Data fiduciaries are now legally obligated to implement reasonable security safeguards to prevent personal data breaches. The act places a heavy emphasis on accountability, ensuring that organizations are held responsible for any lapses in data governance. Together, these regulations create a comprehensive security net, compelling businesses to prioritize cybersecurity as a core operational necessity rather than an optional IT function.
Pulse Intelligence
AI AnalysisContext & Background
- CERT-In has been progressively tightening reporting requirements to improve national cyber incident response.
- The DPDP Act was enacted to provide a robust framework for personal data protection in India.
Key Consequences
- Organizations will need to increase their cybersecurity budgets to meet the 180-day log retention requirement.
- Compliance teams will face higher pressure to ensure incident reporting occurs within the six-hour window.
- Data fiduciaries will face stricter legal penalties for failing to implement adequate security safeguards.
Market & Economic Impact
Increased compliance costs will drive growth in the cybersecurity services and data storage sectors.

