Cybersecurity Is SEBI’s “Next Big Challenge” In An AI‑Driven Market, Says Finance Minister

Union Finance Minister Nirmala Sitharaman has put cybersecurity firmly at the top of India’s capital‑markets agenda, calling it “the most pressing” emerging challenge for SEBI and every entity it regulates. Speaking at SEBI’s 38th Foundation Day in Mumbai, she warned that a single successful cyberattack on a major exchange, depository, clearing corporation or large broker could disrupt markets on a national scale, erase investor wealth and damage public confidence in ways that may take years to repair. 

The Minister linked this urgency directly to AI. She noted that AI‑led tools are making cyberattacks faster, more adaptive, more scalable and in some cases almost autonomous, capable of automatically discovering system vulnerabilities, interfering with source code, targeting software supply chains and coordinating intrusions that evolve in real time to evade detection. “The tools of attack are evolving at high speed, and the tools of defence must evolve even faster,” she said, stressing that not just SEBI, but all regulated entities will have to remain exceptionally vigilant. Sitharaman did acknowledge that SEBI is not starting from zero. She praised the Cybersecurity and Cyber Resilience Framework that came into effect in April 2025 as a “solid foundation” and highlighted SEBI’s Data Analytics and Digital Forensics Lab, which already uses advanced analytics, AI and machine‑learning models to detect complex market‑manipulation patterns and network‑based frauds. She also welcomed tools like “SEBI Check” to verify intermediary payment links and SEBI’s recent actions against unregistered “fin‑fluencers,” but urged the regulator to invest substantially more in public‑awareness campaigns in regional languages and in rapid takedown mechanisms for deepfake‑driven investment scams circulating on social media. 

Looking ahead, the Finance Minister called for “anticipatory regulation”—rules that keep pace with technology rather than only reacting after crises—and asked SEBI to institutionalise more frequent, substantive consultations with global counterparts on cross‑border fraud, AI in markets, sustainable‑finance disclosures and settlement interoperability. For your readers, this speech is an important signal: cybersecurity and data protection are no longer niche “IT issues” but core elements of market integrity, investor protection and India’s ambition to be a trusted global capital‑markets hub.  

Read More →   

https://www.fortuneindia.com/short-videos/cybersecurity-is-sebi's-next-big-challenge-amid-ai-led-threats:-fm/oKGsCFrjvZE#google_vignette 

📰 MINI HEADLINES 

• CERT-In issues high‑severity warning on “frontier AI” cyber risks, tells MSMEs and citizens to move beyond reactive security 

India’s national cyber agency CERT-In has released a high‑severity advisory titled “Defending Against Frontier AI Driven Cyber Risks”, warning that advanced AI models can now scan code, discover vulnerabilities and chain together multi‑stage exploits at speeds humans cannot match. The note, partly due to global “Mythos” jitters, tells MSMEs, larger organisations, and individual users to stop just reacting and instead focus on prevention: quickly patch internet-facing systems, turn on strong authentication, improve logging and monitoring, train staff to spot AI-generated phishing, and be ready for attacks that are faster, more convincing, and much more automated than before. 

Read More → https://www.moneycontrol.com/technology/cert-in-issues-advisory-against-ai-driven-cyber-attacks-for-msmes-organisations-and-individuals-article-13899942.html 

• US SECURE Data Act aims to replace state patchwork with a single national privacy standard 

House Republicans have introduced the SECURE Data Act, a comprehensive federal privacy bill. This bill would preempt the majority of state privacy laws and establish a unified framework for the management of personal data of Americans. The proposal is the most significant effort to establish a US-wide privacy standard, as it mandates data minimization and security by design, tightens regulations on targeted advertising and data sales, and grants GDPR-style rights (access, correction, deletion, portability). Additionally, it provides the FTC and state attorneys general with robust enforcement powers. 

Read More → https://www.wiley.law/alert-SECURE-Act-US-House-Introduces-New-National-Privacy-Framework 

• EDPB issues new GDPR playbook for using personal data in scientific research 

To ensure that organisations can duly utilise personal data for scientific research under the GDPR, the European Data Protection Board has adopted Guidelines 1/2026. These guidelines encompass clinical studies, AI-driven projects, and large data-set analyses. The draft guidance, which is currently available for public consultation, delineates the criteria for "genuinely scientific" research, the extent to which controllers may rely on broad consent or additional processing, and the necessary safeguards, including pseudonymization, secure research environments, and restrictions on erasure/objection rights, to enable the coexistence of fundamental privacy rights and data-driven innovation. 

Read More → https://www.globalpolicywatch.com/2026/04/new-edpb-guidelines-on-the-use-of-personal-data-in-scientific-research/