Sebi preparing action plan for quantum-safe computing: Tuhin Kanta Pandey
Mumbai, Oct 8, 2025
Chairman Tuhin Kanta Pandey says quantum advances could break today's encryption; Sebi aims password protection, stronger AI oversight, and fraud prevention
The Securities and Exchange Board of India (Sebi) has drawn up an action plan and capacity-building measures to ensure the quantum readiness of its regulated systems, Chairman Tuhin Kanta Pandey said on Wednesday at the Global Fintech Fest.
The Sebi chief said the regulator is working on quantum-safe computing with 2028–29 as the target operational date. He explained that passwords used across the financial sector under current encryption standards could be at serious risk with advances in quantum computing.
“How do we prepare ourselves as an industry to go for quantum-safe cryptography based on an action plan that we discover, we prepare, and then we act within the next two to four years,” Pandey said during a panel discussion with Uday Kotak, founder of Kotak Mahindra Bank.
Preparing for a post-quantum world
Drawing a parallel with the Y2K challenge, Pandey underscored the need for timely system preparedness.
“The traditional cryptography that we do now, with which we make passwords, whether it is 128 encrypted or whatever, that will break with quantum computing. Crypto-proof passwords are called post-quantum cryptography (PQC) or quantum key distribution (QKD). We will have to prepare for that. Gradually, in all systems, we will have to look at where passwords have been used, and then replace them,” he said on the sidelines of the event.
Pandey noted that fintechs are testing blockchain applications in the securities market within Sebi’s innovation sandbox.
AI, regulatory coordination, and risk management
On artificial intelligence, Pandey acknowledged both the vast opportunities and the need to address associated risks. He urged coordination with other regulators such as the Reserve Bank of India (RBI) and the Insurance Regulatory and Development Authority of India (Irdai) to ensure effective implementation.
“As we enter the next phase of this transformative journey, the collaboration between fintech innovations and regulatory foresight will determine not just how fast we grow, but how safely we grow,” said Pandey.
Strengthening fraud detection and cybersecurity
The Sebi chairman also outlined measures to combat fraud and protect investors from scams and misleading actors in the market. He described how the regulator is leveraging technology to strengthen its supervisory processes — conducting offsite inspections, monitoring intermediaries in real time, and developing AI/ML models to detect sophisticated market manipulation and network-based fraud.
He stressed the importance of preparedness against cybersecurity threats capable of causing systemic disruptions.
“A single data breach or operational glitch can have cascading effects across interconnected systems. As market participants increasingly rely on third-party service providers and cloud-based platforms, new vectors of risk emerge — sometimes beyond traditional regulatory perimeters,” he warned.
Pandey said Sebi has initiated multiple measures to address these challenges, including new regulatory frameworks, capacity-building programmes, enhanced monitoring, and standard operating procedures for cybersecurity incident response.
“Resilience is not a one-time achievement; it is a continuous process — of learning, adapting, and anticipating,” he added.
Technology neutrality and market evolution
The career bureaucrat-turned-regulator also noted that complete technology neutrality was unrealistic, pointing out that holding paper shares is no longer feasible in an era long transitioned to dematerialised systems.
[The Business Standard]
