Cross-regulator · India Deep Dive
Board Governance Map
Indian regulators legislate governance through board structures. This map shows every mandated body, who must sit on it, how often it meets and what evidence regulators expect.
Last verified: 2026-06-17| Regulator / Law | Mandated Body / Officer | Composition & Reporting | Cadence | Key Duties & Evidence |
|---|---|---|---|---|
| RBI — MD-ITGRC 2023 | IT Strategy Committee of the Board (ITSC) | Min. 3 directors; chaired by independent director with IT expertise; CISO/CTO board reporting line | Quarterly | IT strategy, IT risk appetite, cyber risk review; minutes evidence MD-ITGRC §4 |
| SEBI — CSCRF 2024 | Board-level Cybersecurity Committee + CISO | CISO with direct board reporting; committee for MII/QRTA/RE-T1 | Policy review annual; committee per charter | CSCRF policy approval, CCI sign-off, incident oversight |
| IRDAI — 2023 Guidelines | Information Security Committee (ISC) + CISO | Board-constituted ISC; CISO appointment letter on file | Quarterly | IS policy approval, SAR review, incident and BCP oversight |
| DPDP Act §10 | Data Protection Officer (SDFs only) | India-based DPO with board-level reporting; contact published | Continuous | DPIA programme, algorithm audits, grievance escalation point |
| Companies Act 2013 + SEBI LODR | Risk Management Committee (top-1000 listed) | Majority board members; chaired by a board member | At least twice a year | Cyber risk explicitly in RMC charter per LODR; risk policy review |
| CERT-In Directions 2022 | Designated Point of Contact | Named PoC communicated to CERT-In | Continuous | Receives directions, coordinates 6-hour reporting |