SEBI’s amended cyber resilience framework strengthens governance by formalizing roles of CTO and CISO and restructuring reporting lines within MIIs. However, the absence of clear individual liability creates an accountability gap despite enhanced oversight mechanisms.