India

In 2016 Royzz & Co restructured to become a full-service law firm. It is headed by its founder and managing partner, Ms Mahua Roy Chowdhury. The restructuring has resulted in the expansion of its practice areas and, accordingly, the induction of new partners in various domains. Mr Sanjay Visen (litigation), Mr Rakesh Parik (corporate, M&A and tax) and Mr Dhaval Shah (real estate and project finance) and Mr Suresh Balakrishnan (insurance-of counsel). The firm has its presence in Mumbai, Delhi,Ahmedabad and  Chennai. The firm is skilled in commercial dispute resolution and technology transaction while  retaining its core strength in IP including patent drafting,  prosecution and litigation. The firms practice have vast experience in strategic advisory for ‘India entry’ and/or product launch.

Brus Chambers, with strong arbitration practice and result oriented, is considered as a beacon of excellence in international and domestic commercial arbitration more particularly focused on infrastructure, shipping, energy, oil, gas, contractual and commercial.

Dr. Shrikant Hathi listed by Legal 500 in the ‘Hall of Fame’ and Ms. Binita Hathi ranked by Legal 500 as ‘Leading Individual’ in India for shipping work co-heads the shipping and shipping litigation and arbitration practice including ship arrest in India.

Our team always puts our clients first. We bring fresh ideas, innovative solutions and perspectives to all our engagements. Our relentless focus on forging bold ideas helps our clients achieve superior outcomes in competitive environments. Our focus on trust, ethics, nurturing diverse opinions and building a collaborative culture helps us drive excellence for our clients and bridge the gap between what is and what can be.

On August 20, 2024, the Securities and Exchange Board of India (“SEBI”) took a major step towards improving the cybersecurity landscape in India’s financial sector by releasing the Cybersecurity and Cyber Resilience Framework (“CSCRF”) for SEBI Regulated Entities (“Regulated Entities/RE”), including but not limited to: Alternative Investment Funds (AIFs) Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs) Clearing Corporations Collective Investment Schemes (CIS) Credit Rating Agencies (CRAs) Custodians Depositories and Depository Participants Investment Advisors and Research Analysts KYC Registration Agencies Merchant Bankers The applicability of various standards and guidelines of  CSCRF is based on different categories of Regulated Entities. CSCRF follows a  graded approach and classifies Regulated Entities  in the following five broad categories: (i) Market Infrastructure Institutions (MIIs) (ii) Qualified REs (i) Midsize REs (ii) Small size REs (iii)Self certification REs The Need for CSCRF Indeed, nothing is more imperative than developing a foolproof cybersecurity structure that can meet the requirement of the emergent and dynamic financial sector of India. SEBI has also noted the dynamism and ever growing nature of the threat from cyber incidents and has put in place the CSCRF to tackle the challenges and enhance the security of Regulated Entities. Banks and other financial institutions across the world in the last few years have been on the receiving end of cyber threats, ranging from theft of clients’ data to complex and dangerous hacking executed on the financial markets. The CSCRF is thus an indication of SEBI’s strategy on how to address cyber risks and improve protection from cyber threats. The CSCRF is designed to be comprehensive, addressing a spectrum of cybersecurity issues from preventive measures to response strategies The CSCRF is divided into four main parts to facilitate ease of compliance and implementation: iv. Part I: Objectives and Standards: This section outlines the goals that security controls need to achieve and the established principles for compliance. v. Part II: Guidelines: This part provides recommendations and measures for complying with the standards. Some guidelines are mandatory and must be adhered to by the REs. vi. Part III: Structured Formats for Compliance: This section includes standard formats for compliance, ensuring uniformity and ease of reporting vii. Part IV: Annexures and References: This part contains additional resources and references to support the implementation of the framework. Key Provisions under the CSCRF a. Governance Under the CSCRF, SEBI mandates a dedicated cyber security committee responsible for formulating and overseeing the implementation of cyber security policies be established by all Regulated Entities and such a committee shall include senior management and IT experts to ensure that cyber security considerations are integrated into all the processes of the Regulated Entities. b.Cyber Capability Index  SEBI has also provided for a Cyber Capability Index (“CCI”) under the CSCRF, which is a comprehensive framework intended to evaluate the resilience of cyber security framework. Market Infrastructure Institutions are mandated to undergo a third-party cyber resilience assessment biannually, while Qualified Regulated Entities are required to perform an annual self-assessment. c. Incident Management and Response An important aspect of the CSCRF is the emphasis on effective incident management. Regulated Entities are required to implement procedures for responding, detecting and recovering from cyber incidents. This includes the establishment of an Incident Response Team (“IRT”) along with a communication protocol for reporting incidents to SEBI and other relevant authorities. The CSCRF also stipulates that entities must maintain detailed records of all cyber incidents and their resolutions. d. Risk Management- Third Parties The CSCRF also takes into account the risks associated and posed with third-party vendors and service providers. The Regulated Entities are required to assess and manage the cyber security readiness of their third-party vendors and service providers making sure that they have in place and comply with similar security standards. e. Compliances and Audits SEBI has provided consistency in auditing Regulated Entities by creating and providing an auditors’ checklist under the CSCRF. This shall ensure a more effective audit process, ensuring that all Regulated Entities are held to the same standards. f. Risk Management Regulated Entities under the CSCRF are required to carry out regular risk assessments to identify any cybersecurity threats. This shall enable the Regulated Entities to implement appropriate strategies to mitigate any threats. g. Data Protection and Privacy Protecting sensitive data is the most important part of the CSCRF. It requires that Regulated Entities implement robust data encryption, access controls, and privacy measures to safeguard sensitive information. This includes ensuring compliance with data protection regulations and maintaining transparency in data handling practices. Implementation and Compliance The introduction of the CSCRF is a significant step taken SEBI, however, its effectiveness shall depend on its implementation. Regulated Entities have been provided with clear guidelines for to follow by SEBI, along with a timeline for compliance.  Regulated Entities are required to submit reports regularly on their cyber security preparations and planning. Impact on the Financial Sector By setting high standards for cyber security and resilience, the CSCRF is expected to have a profound impact on the financial sector. SEBI is not only enhancing the protection of data but also reinforcing confidence in India’s financial markets. The CSCRF aligns with best practices all over the world in cyber security, making the Indian financial institutions at par with international standards. This alignment is important as India continues to grow, integrate more deeply into the global financial system and attract international investments. Conclusion While the CSCRF is a crucial initiative by SEBI, the implementation of CSCRF may present challenges as smaller entities may face difficulties in meeting the stringent requirements under the CSCRF due to resource constraints. Therefore, to mitigate this, SEBI may need to provide additional and continued support to help such small entities comply with the CSCRF. Moreover, the fast evolving nature of cyber threats will require that the CSCRF is regularly updated to address all the new challenges presented. The commitment of SEBI towards continuous improvement and engagement with the Regulated Entities will be crucial in ensuring the CSCRF remains relevant and effective.  

Introduction In the backdrop of India’s ambitions to achieve its net zero emissions target by 2070, India has been following a mix of strategies, which include clean energy transition and energy use efficiency methods.

The Indian mutual fund industry has experienced significant growth in recent years,

Cyril Amarchand Mangaldas (CAM) advised Brigade Enterprises Limited (“Brigade”) as its legal counsel on the issuance of equity shares by way of a qualified institutions placement (“QIP”).