AKP Corporate & Compliance Digest December 15, 2025

We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.

1. Labour Law

1.1.  Centre issues Industrial Relations Code (Removal of Difficulties) Order, 2025

The Ministry of Labour and Employment notified the Industrial Relations Code (Removal of Difficulties) Order, 2025, with effect from December 8, 2025. It clarifies that the existing Labour Courts, Industrial Tribunals and National Industrial Tribunals constituted under the Industrial Disputes Act, 1947 will continue to adjudicate both pending and new matters until the corresponding Industrial Tribunals and National Industrial Tribunals under the Industrial Relations Code, 2020 are constituted, to ensure continuity and avoid any legal or administrative vacuum.

1.2.  Delhi amends Delhi Shops & Establishments Rules, 1954 by deleting the renewal rule

The Labour Department, Government of the National Capital Territory of Delhi notified the Delhi Shops & Establishments (Amendment) Rules, 2025 under section 47 of the Delhi Shops & Establishments Act, 1954, omitting Rule 5 of the Delhi Shops & Establishments Rules, 1954. Rule 5 had required renewal of the registration certificate every 21 (twenty-one) years and mandated that the renewal application be made within 30 (thirty) days of expiry, so the specific renewal mechanism under Rule 5 will no longer apply going forward. [Delhi]

2.  Stamp Duty

2.1. Delhi High Court upholds 10 per cent statutory deduction on unused stamp duty refunds

The Delhi High Court held that refunds of unused stamp duty in Delhi are governed by Section 54 of the Indian Stamp Act, 1899, which requires the Collector to repay the stamp value after deducting “ten naye paise for each rupee”, i.e., 10 per cent (ten per cent). The Court dismissed the appeal challenging the 10 per cent (ten per cent) deduction, and distinguished earlier litigation under the Maharashtra Stamp Act, 1958.

2.2. Maharashtra amends Maharashtra Stamp Act, 1958 to allow direct appeals to State Government in stamp duty disputes

The Maharashtra Legislative Assembly unanimously passed the Maharashtra Stamp (Second Amendment) Bill, 2025, inserting Section 53B into the Maharashtra Stamp Act, 1958 to create a statutory appeal route for stamp duty disputes. Under this mechanism, a person aggrieved by an order of the Chief Controlling Revenue Authority can appeal directly to the State Government within 60 (sixty) days, on payment of a fee of INR 1,000 (Indian Rupees One Thousand only), and the State Government’s decision is stated to be final.

3. Stock Exchanges

3.1. BSE sets electronic filing process and deadline for Action Taken Reports on internal audit non-compliances

Bombay Stock Exchange (“BSE”) issued Exchange Notice No. 20251212-10 dated December 12, 2025, reiterating that Trading Members must close all non-compliances reported in the internal audit report within 2 (two) months from the end of the due date for submission of the Internal Audit Report and, for the half-year ended September 30, 2025, set January 31, 2026 as the due date for submitting the Action Taken Report (“ATR”).  The notice provides the procedure for electronic submission of the ATR through the BSE Electronic Filing System (BEFS) (Annexure A) and clarifies that submission is treated as complete only when the member submits the ATR to the Exchange and receives an acknowledgement email (saved reports or auditor-submitted reports are not treated as final submission).  It further states that monetary penalties and/or disciplinary actions will be initiated as per Exchange Notice dated October 10, 2025 if observations are not closed in the ATR or the ATR is not submitted by the due date, and that immediate action may be taken (without waiting for ATR submission) for critical non-compliances such as shortfall of client funds/securities/commodities, net worth shortfalls or incorrect net worth reporting leading to shortfall, failure to meet minimum net worth for margin trading facility, offering fixed/assured/periodic returns to clients, or mobilising deposits from investors.

3.2. BSE restricts trading for clients with “On Hold” KYC validations uploaded to KRAs in November 2025

BSE issued Notice No. 20251210-27 dated December 10, 2025, stating that clients whose Know Your Customer (KYC) records are not validated by KYC Registration Agencies (“KRAs”) and are marked “On Hold” (for both Aadhaar and non-Aadhaar Officially Valid Documents-based uploads) for KYC uploaded between November 1, 2025 and November 30, 2025 will not be permitted to trade on the Exchange and will also not be allowed to square up existing open positions with effect from December 20, 2025, until they comply with the validation requirements, and any open positions will naturally expire on the contract expiry date. BSE will flag the relevant Permanent Account Number (PAN) as “Not Permitted to Trade” based on KRA data, and once a PAN becomes KRA-compliant, trading will be permitted on T+1 based on information received from KRAs on T day. The notice also reiterates Securities and Exchange Board of Indias (“SEBI”) centralised mechanism for reporting the demise of an investor through KRAs, under which SEBI-regulated entities must block debit transactions and suspend trading/inactivate or close the Unique Client Code (UCC) in such accounts, and notes that demise data is being shared by KRAs on a daily basis.

3.3. NSDL enhances Statement of Holdings exports for freeze-type standardised values

National Securities Depository Limited (“NSDL”) issued Circular No. NSDL/POLICY/2025/0159 dated December 8, 2025, informing participants that it will enhance the Statement of Holding (SOH) export to populate standardised values (as per the UDiFF catalogue) in the SOH columns relating to freeze types at ISIN level and account level.  Instead of populating “DF” for all records, NSDL will populate “FD” (Frozen for Debit), “FC” (Frozen for Credit) or “FB” (Frozen for Both) based on the actual freeze type, across the relevant ISO tags for ISIN freeze, BOID freeze and BOISIN freeze.  Participants have been advised to implement necessary changes in their back-office systems by December 31, 2025.

3.4. NSDL enables value-free transfer of Government Securities between demat and RBI Retail Direct gilt accounts

NSDL stated that pursuant to Reserve Bank of India (“RBI”) directions it is enhancing its depository system (including via an Application Programming Interface) to enable value free transfer (VFT) of Government Securities (G-Secs) between demat accounts across depositories (NSDL and Central Depository Services (India) Limited) and between an NSDL demat account and an RBI Retail Direct Gilt Account (RDG) maintained at Clearing Corporation of India Limited (CCIL) for own-account transfers.  The enhancement introduces new transaction types “DTR” (Demat to RDG) and “RTD” (RDG to Demat) and provides that such transfer instructions (including inter-depository transfers) will be processed on all working days (including working Saturdays), except bank holidays declared in Maharashtra under the Negotiable Instruments Act, 1881. For NSDL-to-RDG transfers, clients may use an Inter Depository Delivery Instruction slip, specify the RDG account as a 12 (twelve) alphanumeric identifier, and use off-market reason code “TOA” (Transfer to own account), with validations including Permanent Account Number matching in the same holder sequence and checks for unpaid coupon payments; deadlines for participants are up to 4.30 PM (four-thirty PM) Monday to Friday and 1:00 PM (one PM) on working Saturdays. SPEED-e users may also initiate such off-market requests, relevant codes are published in the UDiFF catalogue V2.0.0.5, and the enhancements will be implemented with effect from end of day December 12, 2025.

3.5.   TRAI mandates 1600-series adoption for service and transactional voice calls

NSDL informed participants that the Telecom Regulatory Authority of India (TRAI) has, by its Direction dated November 19, 2025 under the Telecom Regulatory Authority of India Act, 1997 and the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR), mandated phase-wise adoption of the 1600-series (one thousand six hundred-series) for all service and transactional voice calls by entities regulated by the RBI, the SEBI and the Pension Fund Regulatory and Development Authority (PFRDA), to address misuse of 10 (ten)-digit numbers and related spoofing and impersonation risks in the Banking, Financial Services and Insurance (BFSI) sector. NSDL highlighted that Qualified Stockbrokers (QSBs) must complete mandatory adoption by March 15, 2026, while other SEBI-registered intermediaries may adopt voluntarily for the time being.  It cautioned that, after the applicable deadline, any participant not adopting the 1600-series may face action applicable to unregistered telemarketers in the event of an Unsolicited Commercial Communication (UCC) complaint and must ensure that no service or transactional voice calls are initiated from non-1600 numbers after the specified dates, irrespective of customer consent.

4.  Information Technology

4.1. CERT-In flags high-severity vulnerabilities in Microsoft Edge

The Indian Computer Emergency Response Team (“CERT-In”) issued Vulnerability Note CIVN-2025-0354, reporting multiple HIGH-severity vulnerabilities in Microsoft Edge Stable Channel (Chromium-based) versions prior to 143.0.3650.66.  CERT-In cautioned that, if a user is tricked into visiting a malicious webpage, these issues could enable remote arbitrary code execution, security-bypass and spoofing attacks, privilege escalation, denial of service, or disclosure of sensitive information, with a high risk of full system compromise and unauthorised data access. CERT-In advised organisations and individuals to apply Microsoft’s security updates for Edge to mitigate the vulnerabilities.

4.2. CERT-In reports high-severity vulnerabilities in Zoom Rooms for Windows and macOS

CERT-In issued Vulnerability Note CIVN-2025-0358 (severity: HIGH) on multiple vulnerabilities in Zoom Rooms for Windows and Zoom Rooms for macOS (both before version 6.6.0).  CERT-In stated that exploitation could enable an attacker to elevate privileges and disclose sensitive information on the targeted system, creating a high risk of data manipulation and unauthorised access and potentially impacting application integrity and causing service disruption.  CERT-In advised users to apply vendor updates referenced in Zoom security bulletins ZSB-25051 and ZSB-25050 and identified the associated CVEs as CVE-2025-67460 and CVE-2025-67461.

4.3. CERT-In flags privilege escalation vulnerability in Windows Cloud Files Mini Filter Driver

CERT-In issued Vulnerability Note CIVN-2025-0357 (severity: MEDIUM) reporting a privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver. CERT-In stated that a use-after-free flaw could be exploited by an attacker with local access to interfere with access control or influence file state transitions managed by the driver, enabling elevation of privileges on the targeted system. As mitigation, CERT-In advised applying Microsoft’s security updates, and referenced CVE-2025-62221 for further details.

4.4.  CERT-In flags high-severity vulnerabilities in Red Hat JBoss Enterprise Application Platform

CERT-In issued Vulnerability Note CIVN-2025-0356 (severity: HIGH) reporting multiple vulnerabilities in Red Hat JBoss, affecting JBoss Enterprise Application Platform 8.0 for RHEL 9 x86_64. CERT-In stated that these issues could be exploited remotely to disclose sensitive information and cause a denial-of-service (DoS) condition, driven by Out-of-Memory conditions in Undertow when parsing specially crafted application/x-www-form-urlencoded data and unsafe XML parsing in Eclipse JGit. CERT-In advised applying vendor patches referenced in Red Hat advisories RHSA-2025:22773 and RHSA-2025:22775 and cited the associated CVEs as CVE-2024-3884 and CVE-2025-4949.

4.5.  CERT-In flags multiple high-severity vulnerabilities in Google Chrome for Desktop

CERT-In issued Vulnerability Note CIVN-2025-0355 (severity: HIGH) on multiple vulnerabilities in Google Chrome for Desktop, affecting versions prior to 143.0.7499.40/41 for Windows and macOS, and prior to 143.0.7499.40 for Linux. CERT-In stated that a remote attacker could exploit these issues by persuading a user to visit a specially crafted webpage, and that successful exploitation may enable arbitrary code execution, disclosure of sensitive information, privilege escalation, spoofing, and bypass of security restrictions on the targeted system, with risks including system compromise, data theft, or service disruption. As mitigation, CERT-In advised applying the appropriate vendor updates for Google Chrome.

4.6. CERT-In warns of multiple vulnerabilities affecting Drupal modules

CERT-In issued Vulnerability Note CIVN-2025-0359 (severity: MEDIUM) covering multiple vulnerabilities affecting several Drupal modules, including Mini Site, CKEditor 5 Premium Features, AI (Artificial Intelligence), Login Time Restriction, Tagify, Next.js, Entity Share and Disable Login Page (across specified affected versions).  CERT-In stated these issues could allow an attacker to disclose sensitive information, bypass access restrictions, and execute cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, with associated risks such as unauthorised access to restricted resources, authentication bypass and forced session termination, potentially leading to account compromise and data exposure.  CERT-In attributed the vulnerabilities to factors such as insufficient access controls, insecure default configurations, and improper validation and sanitisation of user inputs.  As mitigation, CERT-In advised upgrading to the latest versions referenced in Drupal security advisories SA-CONTRIB-2025-117 through SA-CONTRIB-2025-124.

Disclaimer

The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.

For further queries or details, you may contact:

Mr Anuroop Omkar

Founding Partner, AK & Partners

info@akandpartners.in