AKP Corporate & Compliance Digest February 16, 2026
- AK & Partners
- 5 days ago
- 8 min read
We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.
1. Labour Law
1.1. Ministry of Labour & Employment announces comprehensive Employee Provident Fund Organisation reforms
Employment announces comprehensive Employee Provident Fund Organisation (“EPFO”) introduces reforms to enhance digital services and expand coverage, achieving significant growth in registrations and contributing members between 2019 and 2024. Key initiatives, introduced between October 2019 and April 2025, focus on easing business interaction and improving citizen services:
Initiative | Implementation Date / Status | Benefit |
Common/Auto Registration | From Feb 2020 | Simplifies online EPFO registration via Shram Suvidha and MCA Spice+ portal for new companies. |
J&K and Ladakh Act | W.e.f. Oct 31, 2019 | Extended provident fund, pension, and insurance benefits to employees in the UTs. |
Worker UAN Self Generation | Launched Nov 1, 2019 | Allows workers to generate their own Universal Account Number online. |
UAN Face Auth Tech (FAT) | Introduced Apr 2025 | Contactless, secure UAN generation via the UMANG App using Aadhaar FAT. |
Centralised Pension (CPPS) | Operational | Enables pension disbursement through any bank/branch across India without PPO transfers. |
Project EPFO 3.0 | Digital transformation | Aims for faster claims processing (under 3 days) via a Core Banking System approach. |
1.2. Government of Bihar notifies Amendment Rules under Migrant Labour Accident Grant Scheme
The Government of Bihar has issued Notification S.O. 75 dated February 09, 2026, notifying the Bihar State Migrant Labour Accident Grant Scheme (Amendment) Rules, 2026, amending the Bihar State Migrant Labour Accident Grant Scheme Rules, 2008. The amendment revises Rule 5 to enhance financial assistance payable to migrant labourers or their dependents and mandates disbursement of grants through the Real Time Gross Settlement (“RTGS”) mechanism. The revised framework provides compensation of INR 4,00,000 (Indian Rupees Four Lakh only) in cases of accidental death, INR 1,00,000 (Indian Rupees One Lakh only) for permanent disability, and INR 50,000 (Indian Rupees Fifty Thousand only) for permanent partial disability, while also providing for State funded transportation of mortal remains of migrant labourers who die outside the State or abroad. The amendment has come into force from the date of its publication in the Official Gazette.
2. Stock Exchanges
2.1 NSDL issues circular on SEBI Master Circular under ICDR Regulations
National Securities Depository Limited (“NSDL”) has issued Circular No. NSDL/POLICY/2026/0022 dated February 11, 2026, drawing the attention of participants to the updated Master Circular issued by the Securities and Exchange Board of India (“SEBI”) under the SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 (“ICDR Regulations”). The circular requires Depository Participants and market intermediaries to take note of the revised regulatory framework consolidating applicable circulars issued up to December 31, 2025, and to ensure compliance with the updated reporting and operational requirements.
2.2 NSDL amends Business Rules revising penalty structure for Depository Participants
NSDL has issued Circular No. NSDL/POLICY/2026/0020 dated February 09, 2026, amending Rule 18.1.1 of the NSDL Business Rules to revise the penalty framework applicable to Depository Participants (“DPs”) for non-compliance with requirements relating to the provision of online demat account closure facilities. The amended framework introduces a graded penalty structure, including monetary penalties for continued non-compliance and potential restrictions on opening new accounts beyond prescribed timelines, aimed at strengthening investor protection and ensuring adherence to digital service obligations by participants.
Nature of Failure | Timeline | Penalty / Action |
Failure to provide an online account closure facility to clients by a participant offering various online depository services. | Initial Failure | INR 25,000 (Indian Rupees Twenty Five Thousand only) |
Continued failure to comply after being called upon to provide the facility within specified timelines. | Within 60 days | Nil |
61st – 75th day | INR 1,500 (Indian Rupee Fifteen Thousand only) per day until compliance | |
76th – 120th day | INR 22,500 (India Rupees Twenty two Thousand Five Hundred only) + INR 2,500 (Indian Rupee Twenty Fuve Hundred only) per day until compliance | |
Beyond 120th day | INR 1,35,000 (India Rupee One Lakh Thirty Five Thousand only) + debarment from opening new accounts until compliance + Reference to Member Committee for Directions |
3. Information Technology
3.1. Government notifies Amendment Rules to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
The Ministry of Electronics and Information Technology (“MeitY”) has issued the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026, vide Notification G.S.R. 120(E) dated February 10, 2026, amending the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The amendments introduce a regulatory framework governing “synthetically generated information” that prescribes due diligence obligations for intermediaries, mandatory user disclosures, prominent labelling requirements, and the deployment of technical measures to detect and restrict unlawful AI-generated or manipulated content. The Rules also shorten compliance timelines for content takedown and grievance response obligations and require significant social media intermediaries to verify user declarations relating to synthetic content prior to publication.
3.2. CERT-In flags critical vulnerabilities in OpenSSL
CERT-In issued Vulnerability Note CIVN 2026 0078, rating as CRITICAL multiple vulnerabilities in OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2. CERT-In stated that the issues arising from insufficient validation of untrusted input, unsafe handling of ASN.1 parameters, and improper bounds checking could allow a remote attacker to trigger remote code execution, cause denial of service, and access sensitive information, potentially leading to full system compromise and data manipulation. CERT-In advised users to apply the appropriate security updates provided by the OpenSSL Project to mitigate these risks and ensure the integrity of secure communications.
3.3. CERT-In flags high severity vulnerability in Red Hat JBoss Enterprise Application
CERT-In issued Vulnerability Note CIVN 2026 0079, rating as HIGH an information disclosure vulnerability in Red Hat JBoss Enterprise Application Platform (EAP) affecting x86_64 text only advisories. CERT-In stated that the issue arising from the insufficient clearing of the output buffer in Java based decompressor implementations (lz4 java 1.10.0 and earlier) could allow a remote attacker to use specially crafted compressed input to read previous buffer contents, potentially leading to the unauthorised disclosure of sensitive information and data theft. CERT-In advised users to apply the appropriate security updates and patches provided by Red Hat to secure their enterprise application environments.
3.4. CERT-In flags critical vulnerability in FortiClient EMS
CERT-In issued Vulnerability Note CIVN 2026 0080, rating as CRITICAL a remote code execution vulnerability in FortiClient Endpoint Management Server (EMS) version 7.4.4. CERT-In stated that the issue arising from the improper neutralisation of special elements in SQL commands could allow an unauthenticated remote attacker to exploit a SQL injection flaw by sending specially crafted requests to the EMS administrative interface, potentially leading to the execution of arbitrary code with service privileges and a complete compromise of the system and managed endpoints. CERT-In advised organisations and administrators to apply the necessary security patches and updates for their FortiClient EMS deployments to mitigate the risk of unauthorised system access.
3.5. CERT-In flags multiple vulnerabilities in Aruba Products
CERT-In issued Vulnerability Note CIVN 2026 0081, rating as MEDIUM multiple vulnerabilities in HPE Aruba Networking Private 5G Core versions 1.24.3.0 through 1.24.3.3. CERT-In stated that the issues arising from unauthenticated authentication bypass in the application API, improper access control in the management API, and unauthenticated information disclosure could allow a remote attacker to create unauthorised administrative accounts, trigger denial of service, and cause privilege escalation, potentially leading to full system compromise and unauthorised data modification. CERT-In advised users to apply vendor-provided updates to secure their Aruba deployments and prevent service disruption or the disclosure of sensitive information.
3.6. CERT-In flags high severity vulnerability in BeyondTrust products
CERT-In issued Vulnerability Note CIVN 2026 0082, rating as HIGH a remote code execution vulnerability in BeyondTrust Remote Support (version 25.3.1 or earlier) and Privileged Remote Access (version 24.3.4 or earlier). CERT-In stated that the issue arising from a Server Side Template Injection (SSTI) vulnerability could allow a remote attacker to bypass security restrictions, perform unauthorised actions, and execute arbitrary code on the targeted system, potentially leading to full system compromise and the exposure of sensitive data. CERT-In advised organisations and individuals using these products to apply the necessary security updates to mitigate the risk of unauthorised remote access and potential data theft.
3.7. CERT-In flags critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM)
CERT-In issued Vulnerability Note CIVN 2026 0084, rating as CRITICAL multiple vulnerabilities in Ivanti Endpoint Manager Mobile (Core) versions 11.10.0.4, 11.12.0.1, 12.6.0.1, and prior, as well as Ivanti Neurons for ITSM (Cloud) version 2025.4.0. CERT-In stated that the issues arising from code injection flaws could allow a remote attacker to execute arbitrary code and gain unauthorised access on the targeted system, potentially leading to full system compromise, sensitive data disclosure, and service disruptions. CERT-In advised individuals and organisations using these Ivanti products to apply the appropriate security updates and patches immediately to mitigate the high risk of exploitation.
3.8. CERT-In flags critical vulnerabilities in Adobe Products
CERT-In issued Vulnerability Note CIVN 2026 0085, rating as CRITICAL multiple vulnerabilities in various Adobe products, including Adobe Audition, After Effects, InDesign, Substance 3D (Designer, Stager, and Modeler), Bridge, Lightroom Classic, and the Adobe DNG SDK. CERT-In stated that the issues arising from heap based buffer overflow, out of bounds read/write, use after free, and type confusion could allow an attacker to execute arbitrary code, gain access to sensitive information, or cause a denial of service (DoS) condition, potentially leading to full system compromise and data theft. CERT-In advised users to apply the appropriate security updates and patches referenced in Adobe’s security bulletins to mitigate these high risk vulnerabilities.
3.9. CERT-In flags high severity vulnerability in OpenClaw AI framework
CERT-In has issued Vulnerability Note CIVN-2026-0087, rating as HIGH a security vulnerability affecting Apache Struts (XWork component). The vulnerability arises from improper validation during XML configuration parsing, enabling an attacker to exploit an XML External Entity flaw by submitting specially crafted XML input. CERT-In has stated that successful exploitation could allow an attacker to bypass security restrictions, access sensitive information, and cause denial of service on affected systems. Organisations and individuals using impacted Apache Struts versions have been advised to apply vendor-recommended security updates and patches to mitigate the risk of unauthorised access and system compromise.
3.10. CERT-In flags high severity vulnerabilities in MongoDB
CERT-In issued Vulnerability Note CIVN 2026 0088, rating as HIGH multiple vulnerabilities in MongoDB Server (versions 8.2 through 8.2.4, 8.0 through 8.0.18, and 7.0 through 7.0.29) and various MongoDB Drivers for Ruby and Go. CERT-In stated that the issues arising from improper handling of memory allocation, internal resource identifier collisions, improper input validation, and unsafe reflection could allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service (DoS) condition, potentially leading to unauthorized configuration changes and system instability. CERT-In advised organizations and individuals using MongoDB to apply the appropriate security updates provided by the vendor to mitigate these risks.
3.11. CERT-In flags high severity vulnerabilities in Fortinet products
CERT-In issued Vulnerability Note CIVN 2026 0089, rating as HIGH multiple vulnerabilities in Fortinet products, including FortiOS versions 7.6.0 through 7.6.4 and various versions of FortiSandbox (5.0.x, 4.4.x, 4.2, and 4.0). CERT-In stated that the issues arising from improper handling of LDAP authentication requests and insufficient neutralisation of user supplied input could allow an unauthenticated remote attacker to bypass authentication mechanisms or execute malicious scripts, potentially leading to unauthorised network access, session compromise, and exposure of sensitive information. CERT-In advised organisations and individuals using these products to apply the appropriate security updates and patches from Fortinet to secure their systems against these threats.
4. Tax
4.1. The Income Tax Department issues the Draft Income Tax Rules, 2026
The Draft Income Tax Rules 2026 represent a long-overdue modernisation of the Indian tax structure, specifically targeting the salaried and middle-class segments by adjusting exemption limits that have been stagnant for decades. By proposing significant increases to allowances such as House Rent Allowance (HRA), Children Education and Hostel expenses, the government aims to align tax benefits with the current cost of living and high inflation. Beyond mere exemptions, the draft also simplifies compliance by raising the thresholds for mandatory PAN quoting for common transactions such as vehicle purchases and restaurant bills, while simultaneously tightening oversight of high-value insurance relationships and large-scale cash movements. If these rules are ratified for FY 2026-27, they will likely result in a reduced tax burden and a more streamlined filing experience for millions of taxpayers.
Disclaimer
The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.
For further queries or details, you may contact:
Mr Anuroop Omkar
Founding Partner, AK & Partners
Comments