Thursday, 18 December, 2025
CERT‑In Mandates Annual Cybersecurity Audits for Public & Private Firms, Includes AI Under Compliance Radar
India’s CERT‑In requires all public and private entities to undergo annual third-party cybersecurity audits, a first in the private sector. Regulators may demand more frequent audits based on risk. The new guidelines expand scrutiny to AI, quantum, blockchain, and software systems via AIBOM/SBOM/QBOM disclosures detailing models, datasets, and dependencies. Organizations must adopt risk-based, domain-specific audit frameworks covering governance, technical, and vendor ecosystems.
Read full story at Money Control