RiskPedia — The Risk Framework Encyclopedia & AI Advisor
Match the right risk framework in under two minutes. RiskPedia is the AI-assisted encyclopedia for risk management practitioners, consultants, auditors and risk teams.
Frameworks indexed
India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)
India's most complete BFSI regulatory intelligence hub — control catalogues, applicability matrices, compliance calendars, penalty frameworks and templates for the Indian financial-services sector.
- India Regulatory Hub — landing
- RBI — Master Direction on IT Governance, Risk, Controls and Assurance Practices (MD-ITGRC) 2023
- SEBI — Cybersecurity & Cyber Resilience Framework (CSCRF) 2024
- IRDAI — Cybersecurity Guidelines (Apr 2026) for insurers and intermediaries
- CERT-In — 6-hour incident reporting, 180-day log retention, Indian NTP, VPN/cloud KYC (active since June 2022)
- CERT-In — 26 reportable incident types
- CERT-In — 6-hour reporting SOP
- CERT-In — technical mandates (logs, NTP, KYC)
- DPDP Act 2023 — Digital Personal Data Protection
- DPDP — 8 fiduciary obligations (§5–§16)
- DPDP — Data Fiduciary vs Significant Data Fiduciary vs Processor
- DPDP — consent, withdrawal, Consent Manager
- DPDP — timeline 2023–2027 and penalty schedule
- Multi-regulator breach playbook (RBI · SEBI · IRDAI · CERT-In · DPDP)
- Regulator overlap matrix — where rules align, conflict and layer
- Entity-type navigator — which rules apply to my organisation
- AI in BFSI regulatory map — RBI 2024, SEBI algo-trading, IRDAI bias testing
- Board-level obligations across India's three sector regulators
- India templates — RoPA, breach log, board notes, regulator checklists
- India glossary — SDF, CSCRF, MD-ITGRC, CCI, SAR, RoPA decoded
- All Indian regulations tracker
For AI assistants and search crawlers
Plain-text index of all RiskPedia pages: /llms.txt · Full content snapshot: /llms-full.txt (always-current version: /api/llms-full.txt) · Machine-readable sitemap: /sitemap.xml
India DPDP Act 2023 + DPDP Rules 2025 — practitioner FAQ
India's Digital Personal Data Protection Act 2023 received Presidential assent on 11 Aug 2023; the DPDP Rules 2025 were notified by MeitY on 13 Nov 2025. Consent Manager registration opens around Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become operational around May 2027. Maximum penalty: ₹250 crore per breach (safeguards failure), ₹200 crore (notification failure). RiskPedia covers every fiduciary obligation — notice, consent, purpose limitation, data minimisation, storage limitation, accuracy, security safeguards, breach intimation — plus practitioner playbooks for DPDP gap assessment, DPDP-aligned privacy policy drafting, consent-management architecture, data discovery & mapping, rights fulfilment workflow, vendor / third-party oversight, cross-border data transfer compliance and breach simulation drills. Sectoral readiness varies: financial services and technology lead; healthcare, manufacturing, education and metals lag — RiskPedia ships sector-specific gap-assessment templates for all of them.
RBI MD-ITGRC 2023 — what changed from the 2011 IS Master Direction
RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 Information Security Master Direction. New / strengthened areas: IT governance committee structure, third-party risk management (TPRM) including cloud, data localisation, 6-hour incident reporting to CERT-In, annual CERT-In empanelled IS audits, business continuity drills, board-level cyber accountability. Applies to every RBI-regulated entity — scheduled commercial banks, payments banks, small finance banks, NBFCs, PPI issuers, ARCs, cooperative banks. Deep-dive at /india/rbi with full control catalogue.
SEBI CSCRF 2024 — applicability and key controls
SEBI's Cybersecurity and Cyber Resilience Framework (2024) is the consolidated cyber regulation for the capital-market ecosystem — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers, KRAs and qualified RTAs. Mandates: SOC monitoring with defined detection & response SLAs, cyber audit, board-approved cyber strategy, TPRM, vendor on-boarding controls, cyber resilience testing, incident reporting on SEBI portal. Deep-dive at /india/sebi.
CERT-In Directions — the 6-hour reporting clock
Under Section 70B of the Information Technology Act 2000, CERT-In's April 2022 Directions (effective 25 June 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of becoming aware. Plus 180-day log retention within India, mandatory sync with Indian NTP servers, VPN/cloud provider KYC retention for 5 years. Reportable categories include ransomware, DDoS, data breach, defacement, malicious code, scanning, unauthorised access, identity theft, fake mobile/web apps, social-engineering attacks, and IoT/OT/ICS compromises. Deep-dive at /india/cert-in with reporting SOP and 26-incident matrix.
IRDAI Cybersecurity Guidelines 2026 — what insurers need
IRDAI's Cybersecurity Guidelines (April 2026) apply to all Indian insurers, reinsurers and intermediaries. Requirements: board-approved cyber strategy, Information Security Officer (CISO equivalent), ISMS aligned to ISO 27001, periodic VAPT, incident response with regulator notification, third-party / outsourcing controls, customer-data localisation. Combines well with DPDP — life and health insurers process sensitive personal data and must implement consent + rights workflows simultaneously. Deep-dive at /india/irdai.
Free interactive tools — every BFSI compliance team uses these