CERT-In, India’s national cybersecurity authority, has mandated that organizations patch critical vulnerabilities in internet-facing systems within 12 hours of public disclosure. This is a regulatory directive, not a software vulnerability. Organizations with internet-facing infrastructure operating in India or under CERT-In jurisdiction face compliance exposure if existing patch SLAs are not restructured; the directive reflects a global regulatory trend toward accelerated remediation timelines that has strategic implications for vulnerability management programs regardless of jurisdictional applicability.