On Jun. 26, 2025, IND CDSL said it has provided an online facility for submitting the cloud services compliance framework report through its audit web portal.
Depository participants are required to submit cloud compliance framework report to CDSL by Jul. 15, 2025 via designated audit web portal; instructions are in annexure A.
On Mar. 6, IND SEBI issued framework for adoption of cloud services.
IND SEBI published a framework for the adoption of cloud services by regulated entities (REs), including stock exchanges, clearing corporations and other entities.
Sets out mandatory requirements to augment business prospects through scalability, reduced operational cost, digital transformation, reduced IT infrastructure complexity.
Framework
The framework, which has nine high-level principles, highlights the risks associated with cloud adoption and recommends the necessary mandatory controls.
The cloud framework has been drafted to provide baseline standards of security and for the legal and regulatory compliances by the regulated entities (REs).
It is in addition to the existing circulars, guidelines and advisories of IND SEBI.
REs must put in place effective governance, risk and compliance sub-framework for cloud computing to enable them to formulate a cloud strategy suitable to their needs.
RE must also adhere to governance framework in various circulars issued by IND SEBI.
Risk Management
A comprehensive risk management must be undertaken by the RE to continually identify, monitor, and mitigate the risks posed by cloud computing.
Cloud risk management approach must be approved by board of RE; and provide details on various risks of cloud adoption, i.e. technical, legal, business, regulatory.
The approach must also provide commensurate risk mitigation controls proportionate to the criticality and sensitivity of data/operations to be on-boarded on the cloud.
Data on cloud must reside/be processed within the legal boundaries of India.
Investors whose country of incorporation is abroad, original data of REs must be made available and easily accessible in legible, usable form within legal boundaries of India.
REs currently availing cloud services must ensure that all such arrangements are revised and they must be in compliance with the framework within 12 months.
Effectiveness
Effective immediately for all new/proposed cloud onboarding assignments/projects.
Apr. 2024 IND CDSL
On Apr. 2, 2024, IND CDSL reminded DPs to submit confirmation of compliance with the framework if they have not yet done so, the compliance deadline was Mar. 6, 2024.
Aug. 2024 IND NSD Compliance Report
On Aug. 27, 2024, IND NSD issued circular re milestone-based updates per guidelines.
Participants must report on current cloud deployments within one month of issuance of the framework, provide implementation roadmap within 3 months, submit quarterly progress for next 9 months, regularly report compliance with the framework after 1 year.
Reminded participants who have yet not submitted the compliance report that they are required to submit the same to IND NSD by Aug. 30, 2024 at the latest.
Document dated Aug. 27, 2024, received from IND NSD Aug. 29, summarized Sep. 2.
Jun. 2025 IND CDSL Report Submission
On Jun. 26, 2025, IND CDSL said it has provided an online facility for submitting the cloud services compliance framework report through its audit web portal.
Depository participants are required to submit cloud compliance framework report to CDSL by Jul. 15, 2025 via designated audit web portal; instructions are in annexure A.
