In a major step toward enhancing governance, operational accountability, and technological oversight in India’s depository ecosystem, the Securities and Exchange Board of India (SEBI) has notified the Securities and Exchange Board of India (Depositories and Participants) (Third Amendment) Regulations, 2025. Issued under F. No. SEBI/LAD-NRO/GN/2025/275, the new regulations amend the existing 2018 framework and will come into force 30 days after publication in the Official Gazette.
These amendments introduce clearer responsibilities for senior management, strengthen checks and balances, and align technological governance with emerging risks in the securities market.
1. Strengthened Board Structure and Roles
One of the key changes relates to regulation 24, where SEBI has added executive directors to the governance structure. This inclusion ensures that leadership roles within depositories are well-defined and that executive management is formally recognized within the regulatory framework.
Additionally, managing directors and executive directors are now referenced together in certain sections, emphasizing shared accountability.
2. Expanded Responsibilities of the Managing Director
SEBI has expanded regulation 26 to include not just the appointment of the managing director (MD) but also their role and responsibilities.
A new sub-regulation (8) outlines several critical responsibilities, including:
- Managing the full affairs of the depository
- Ensuring compliance with all applicable laws, rules, directions, and guidelines
- Overseeing the functions under Vertical 1 and Vertical 2 of the Fourth Schedule, ensuring activities serve public interest
- Taking responsibility for overall risk management
- Ensuring adequate infrastructure and systems for smooth depository operations
Another major update allows the MD to serve, with prior board approval, as a non-executive director in select entities such as Section 8 companies, non-commercial government companies, educational institutions, and universities. This creates opportunities for sector-level knowledge sharing while maintaining safeguards.
3. New Regulation 26A: Clear Framework for Executive Directors
SEBI has introduced regulation 26A, mandating that every depository appoint at least two executive directors—one each for Vertical 1 and Vertical 2—with the option to appoint a third for Vertical 3.
Key features include:
- Executive directors will hold status similar to that of the managing director
- Their appointment, renewal, and termination will follow processes parallel to those applicable to the MD
- They will oversee entire vertical operations, ensuring activities are guided by public interest
- The Vertical 1 executive director must ensure technical infrastructure adequacy
- The Vertical 2 executive director will lead risk management efforts
- Executive directors cannot serve on external boards except subsidiaries, and only with prior approval
This amendment greatly enhances leadership depth and accountability.
4. New Technology Governance Roles: CTO and CISO Mandated
Recognizing the growing importance of cybersecurity and technological resilience, SEBI has inserted two new regulations:
Regulation 81B – Chief Technology Officer (CTO)
Every depository must appoint a CTO responsible for:
- Overseeing IT system design, infrastructure, and operations
- Managing risks across technology functions
- Formulating IT policy and risk management frameworks
- Addressing observations from technology audits
Regulation 81C – Chief Information Security Officer (CISO)
Each depository must appoint a CISO tasked with:
- Identifying and mitigating cybersecurity risks
- Implementing cybersecurity and cyber resilience policies
- Developing and maintaining information security standards and controls
This move aligns Indian market infrastructure institutions with global best practices at a time when technological risks are rapidly evolving.
Conclusion: A Stronger, Safer, Tech-Ready Depository Ecosystem
SEBI’s Third Amendment Regulations, 2025 represent a major overhaul in governance, risk management, and technological oversight for depositories. By formalizing roles, clarifying responsibilities, and strengthening compliance and cybersecurity frameworks, SEBI aims to ensure that India’s depository system remains resilient, transparent, and aligned with the best global standards.
These reforms mark another proactive step toward safeguarding investor interests and supporting the long-term stability of India’s securities markets.