Corporate & Compliance Digest April 13, 2026

We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.

1.               Labour & Employment Law

1.1.           Revision of Minimum Wages in Haryana Effective April 01, 2026

The Government of Haryana has issued a notification revising the minimum rates of wages for employees engaged in scheduled employments within the State, effective April 01, 2026, with adjustments based on the applicable Variable Dearness Allowance linked to the Consumer Price Index. The notification further stipulates that there shall be no distinction in wages between men and women workers, casts an obligation on the principal employer to ensure payment of minimum wages where workers are engaged through contractors or service providers, and mandates that no employee shall be paid wages lower than the notified minimum rates.

2.               Securities & Capital Markets

2.1.           CDSL issues communiqué on SEBI mechanism for lock-in of pledged shares under ICDR Regulations, 2018

Central Depository Services (India) Limited (“CDSL”) has informed depository participants about the Securities and Exchange Board of India (“SEBI”) circular dated 8 April 2026 on the mechanism for lock in of pledged shares under the SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018. SEBI has amended the SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 to permit specified securities, on which a traditional lock in cannot be created, to instead be recorded as “non transferable” by depositories for the duration of the applicable lock in period, with issuers required to align their articles of association, lender / pledgee intimations and offer document disclosures to this framework.

2.2.           BSE issues notice on applicability and review of Long-Term Additional Surveillance Measure (LT ASM)

BSE Limited (“BSE”) has notified trading members of the continued applicability and periodic review of Long Term Additional Surveillance Measures (“LT ASM”) under its revised framework, referencing earlier surveillance notices issued between 2018 and 2024. With effect from 16 April 2026, 100 per cent (hundred per cent) margins will apply on all open positions as on 15 April 2026 and on new positions in securities specified in Annexure I (Part A), while certain securities will move to higher LT ASM stages (Part B) and attract lower price bands from 13 April 2026, others will be shifted to T/XT/MT/TS groups from 16 April 2026 (Part D), and some will exit the LT ASM framework (Annexure II), with a consolidated list provided in Annexure III. BSE has emphasised that this shortlisting is a market surveillance tool (based on XBRL submissions) and not an adverse action against the companies, and that LT ASM operates alongside other surveillance measures, with price bands reinstated when securities move out of the framework.

2.3.           BSE issues notice on movement of securities into higher stages under Graded Surveillance Measure (GSM) framework

BSE Limited has announced that specified securities, as listed in the accompanying annexure, will be moved into higher stages of the Graded Surveillance Measure (“GSM”) framework with effect from 13 April 2026, pursuant to earlier GSM framework notices issued since 2017. Depending on the GSM stage, these securities will attract progressively stringent actions, including 100 per cent (hundred per cent) margin with 5 per cent (five per cent) or lower price bands (Stage I), trade for trade settlement with additional surveillance deposits of 50 per cent (fifty per cent) or 100 per cent (hundred per cent) of trade value (Stages II–III), weekly trading and no upward price movement (Stage IV), with all such securities settled on a trade to trade basis without netting.

2.4.           NSE issues circular on listing of Treasury Bills and State Development Loans on capital market segment

National Stock Exchange of India Limited (“NSE”) has listed specified Government of India Treasury Bills (“T bills”) and State Development Loans (“SDLs”) on its capital market segment with effect from 10 April 2026, in accordance with Regulation 3.1.1 and Regulation 2.5.5 of the National Stock Exchange (Capital Market) Trading Regulations. The circular provides an annexure setting out the symbols, market lot sizes, issue descriptions, coupon rates, maturity dates and International Securities Identification Numbers (“ISINs”) for each newly admitted SDL and Treasury Bill, and clarifies that for trading purposes these securities will be identified solely by their designated codes and traded only in the prescribed lot sizes.

2.5.           NSE issues circular on business continuity for interoperable stock exchange segments and BSE exclusive contracts in F&O

NSE Limited has issued further operational guidance on the business continuity mechanism for interoperable segments, under which NSE and BSE act as alternative trading venues for each other in the event of an outage, pursuant to Securities and Exchange Board of India circular and earlier NSE interoperability circulars. For the equity derivatives segment, the circular sets out the treatment of BSE exclusive contracts when traded on NSE upon invocation of the alternative venue, including a distinct “$” suffix in contract symbols, a new “BSE listed” admission type field in contract masters, rejection of orders in such contracts when the alternative venue is not active, enabling and broadcast messages when activation occurs, and the availability of separate contract files (for NSE exclusive and joint NSE BSE contracts) on the exchange website from 13 April 2026. It also clarifies that contract specifications will mirror BSE’s details and that spread contracts and certain protections such as Liquidity Protection Provision will not apply to these BSE exclusive contracts on NSE.

2.6.           CDSL issues communiqué on submission of compliance for closure of cyber audit observations

CDSL Limited has reminded depository participants of their obligation to remediate and close observations raised in the cyber security and cyber resilience audit, as previously communicated in December 2025 communiqués on cyber audit reports and extended timelines. Any audit observation must be addressed promptly, certified by the auditor, and the compliance relating to closure of identified findings must be submitted to CDSL within three months from the due date of the audit report, with depository participants required to submit closure compliance for the April–September 2025 audit period by 30 April 2026.

2.7.           CDSL issues communiqué on amendments to DP Operating Instructions for account categorisation and settlements

CDSL Limited has notified depository participants of amendments to its Depository Participant Operating Instructions (“DP OI”) in Chapters 1, 2 and 6 concerning account types within CDSL, account opening and settlement processes, particularly around categorisation of dematerialised accounts. The track change annexure reflects clarifications and refinements to the definitions and operation of accounts such as Clearing Member principal accounts, unified settlement (pool) accounts, Clearing Member pool accounts, Trading Member pool accounts, margin trading (“MANTRA”) accounts and early pay in instructions, including explicit references to Clearing Corporation / Clearing House pool accounts and conditions for direct pay out credit. Depository participants have been asked to review these amendments carefully and ensure their systems and procedures are aligned and may contact the CDSL helpdesk for queries.

3.               Information Technology & Data Protection

3.1.           CERT-In Flags High-Severity Vulnerability in Atom 3x Projector

The Indian Computer Emergency Response Team (“CERT-In”) has issued Vulnerability Note CIVN-2026-0179 dated April 10, 2026, highlighting a high-severity security misconfiguration vulnerability in the Atom 3x Projector (E-Gate Atom 3X, Model No. E04132). The advisory states that the vulnerability arises due to exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls, which could enable an unauthorised attacker on the same network to gain root-level access and fully compromise the device. The identified issue poses risks to the confidentiality, integrity and availability of the affected system, potentially leading to unauthorised access and device takeover, and users and administrators are advised to upgrade the device to the latest available version to mitigate the risk.

3.2.           CERT-In Flags High-Severity Authorization Bypass Vulnerability in Docker Engine CERT-In has issued Vulnerability Note CIVN-2026-0178 dated April 10, 2026, highlighting a high-severity authorization bypass vulnerability in Docker Engine affecting versions prior to 29.3.1. The advisory states that the vulnerability arises due to improper handling of oversized HTTP request bodies, which could allow an attacker to bypass authorization plugins (AuthZ) under specific conditions and gain unauthorised privileged access to the host file system. The identified issue poses risks including compromise of system integrity, unauthorised access to sensitive data such as cloud credentials, SSH keys and Kubernetes configurations, and execution of unauthorised actions, and users and administrators are advised to upgrade to the latest version and implement additional access controls where immediate patching is not feasible.

3.3.           Multiple High-Severity Vulnerabilities Identified in OpenSSL

CERT-In has flagged multiple vulnerabilities in OpenSSL, arising from issues such as incorrect failure handling in RSA KEM RSASVE encapsulation, out-of-bounds read in AES-CFB-128 on x86-64 systems with AVX-512 support, potential use-after-free in DANE client code, NULL pointer dereference in CMS processing functions, and heap buffer overflow in hexadecimal conversion. These vulnerabilities could enable a remote attacker to exploit specially crafted inputs to cause denial of service, memory corruption or potential system compromise, thereby impacting the confidentiality, integrity and availability of affected systems using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

3.4.           Multiple Vulnerabilities Identified in Progress ShareFile Storage Zones Controller

CERT-In has flagged multiple vulnerabilities in Progress ShareFile Storage Zones Controller (SZC), arising from execution after redirect (EAR) and arbitrary file upload issues. The advisory states that these vulnerabilities could enable an attacker to modify system configurations and execute arbitrary code remotely on the affected system, potentially leading to complete system compromise. The identified risks include unauthorised access, data manipulation and disruption of system integrity, and users and administrators are advised to apply the necessary security updates and patches to mitigate the risk.

3.5.           Multiple Vulnerabilities Identified in Microsoft Products

CERT-In has flagged multiple vulnerabilities in Microsoft products, including those tracked under CVE-2026-32186, CVE-2026-32211 and CVE-2026-32173. The advisory states that these vulnerabilities could be exploited by attackers to execute arbitrary code, escalate privileges and compromise affected systems, potentially leading to unauthorised access, data breaches and disruption of system operations. The identified risks impact the confidentiality, integrity and availability of the affected systems, and users and administrators are advised to apply the relevant security updates and patches released by Microsoft to mitigate the risks.

3.6.           CERT-In Flags Critical Authentication Bypass Vulnerability in SAML SSO Plugin of Drupal

CERT-In has issued Vulnerability Note CIVN-2026-0174 dated April 07, 2026, highlighting a critical authentication bypass vulnerability in the SAML SSO Plugin of Drupal affecting versions prior to 3.1.4. The advisory states that the vulnerability arises due to improper enforcement of access restrictions during the SAML authentication process, which could allow a remote attacker to bypass authentication controls by manipulating SAML responses or authentication flows and gain unauthorised access to sensitive information. The identified issue poses risks including access control bypass, unauthorised data exposure and potential compromise of system confidentiality, integrity and availability, and users and administrators are advised to apply the necessary security updates released by Drupal to mitigate the risk.

3.7.           CERT-In Flags Critical Multiple Vulnerabilities in Android OS

CERT-In has issued Vulnerability Note CIVN-2026-0173 dated April 07, 2026, highlighting multiple critical vulnerabilities in Android OS affecting Android 14, Android 15, Android 16 and Android 16-QPR2. The advisory states that these vulnerabilities arise due to flaws in multiple components, including the Android Framework and third-party components, which could be exploited by a remote attacker to execute arbitrary code, cause denial of service, escalate privileges or gain access to sensitive information. The identified issues pose significant risks including system compromise, service disruption and unauthorised data access, and users and administrators are advised to apply the relevant security updates issued by Android to mitigate the risks.

3.8.           CERT-In Flags Critical Improper Access Control Vulnerability in FortiClient (EMS)

CERT-In has issued Vulnerability Note CIVN-2026-0172 dated April 07, 2026, highlighting a critical improper access control vulnerability in FortiClient Endpoint Management Server (EMS) affecting versions 7.4.0 through 7.4.6. The advisory states that the vulnerability arises due to inadequate authentication and authorization controls, which could allow an unauthenticated attacker to execute arbitrary code on the affected system by sending specially crafted requests. The identified issue poses significant risks including unauthorised command execution, data loss and complete system compromise, and is reportedly being actively exploited in the wild, and users and administrators are strongly advised to apply the latest security patches issued by Fortinet immediately to mitigate the risk.

3.9.           CERT-In Flags Multiple Vulnerabilities in Server Software

CERT-In has flagged multiple vulnerabilities in the affected server software, which could be exploited by a remote attacker through specially crafted requests. The advisory states that successful exploitation of these vulnerabilities could enable an attacker to trigger denial of service conditions, gain elevated privileges and cause memory leaks on the targeted system. The identified issues pose risks to system stability, integrity and security, and users and administrators are advised to apply the relevant security updates and patches issued by the vendor to mitigate the risks.

4.    Corporate Affairs

4.1.           Draft Company Incorporation Rule amendment released for public consultation

The Ministry of Corporate Affairs (“MCA”) has published draft Companies (Incorporation) Amendment Rules, 2026 and invited stakeholder comments following a review of the current existing the Companies (Incorporation) Rules, 2014. The proposals aim to simplify procedures and reduce compliance burdens for companies and professionals. Specific changes suggested includes merging several existing incorporation and postincorporation forms into two consolidated eforms (ECHNG and ECON), simplifying company name approval and trademark related rules and rationalising Know Your Customer and documentation requirements for subscribers at incorporation. Further proposals cover removal of certain affidavit and liability requirements for One Person Companies, use of electronic communication for notices and filings and increasing the number of directors eligible for Director Identification Number allotment at incorporation from three to five. Stakeholders are invited to submit comments via the MCA e-consultation Module by May 9^th, 2026.

5.               Tax

5.1.             CBDT Corrects Schedules CG, CYLA, OS and Part B–TI in Income-tax Forms

The Ministry of Finance (Department of Revenue), through the Central Board of Direct Taxes (“CBDT”), has issued a corrigendum dated April 10, 2026, to its earlier notification G.S.R. 231(E) dated March 30, 2026, published in the Gazette of India, Extraordinary, introducing multiple technical amendments to schedules and entries in the prescribed forms. The corrigendum inter alia provides for substitution and deletion of specific rows and references across Schedule CG, Schedule CYLA, Schedule OS, and Part B-TI, correction of column references, and insertion of a new sub-row relating to pass-through income or loss in the nature of short-term capital gains, thereby ensuring accuracy and consistency in reporting formats under the Income-tax framework.

5.2.             CBDT Notifies Technical Amendments Across Business, Capital Gains and MAT Schedules

CBDT has issued a corrigendum dated April 10, 2026, to its earlier notification G.S.R. 230(E) dated March 30, 2026, introducing multiple technical amendments across financial reporting schedules and forms. The corrigendum provides for corrections in Part A–BS and Part A–P&L, substitution and deletion of specific entries in Schedule BP, Schedule CG, Schedule 112A, Schedule 115AD, Schedule UD, and Schedule MATC, and insertion of a sub-row relating to pass-through income or loss in the nature of short-term capital gains, thereby ensuring accuracy and internal consistency in income-tax reporting formats.

5.3.             CBDT Rectifies Formula Error and Loss References in Capital Gains Reporting

CBDT has issued a corrigendum dated April 10, 2026, to its earlier notification G.S.R. 229(E) dated March 30, 2026, introducing targeted technical corrections in prescribed income-tax reporting formats. The corrigendum inter alia rectifies a formula error in Schedule CG by inserting the correct expression for computation under row A8 and amends references in Schedule UD relating to brought forward losses, thereby ensuring accuracy and consistency in computation and disclosure requirements under the Income-tax framework.

5.4.             CBDT Clarifies Disclosure on Incorrect Loss Reporting in General Information Section

CBDT has issued a corrigendum dated April 10, 2026, to its earlier notification G.S.R. 233(E) dated March 30, 2026, introducing a specific clarification in Part A – General Information of the prescribed forms. The corrigendum provides that the phrase relating to incorrect reporting of loss shall be followed by a separate line stating “wrong heads of income chosen”, thereby refining disclosure requirements and improving accuracy in income classification within the reporting framework.

6.               Regulatory Enforcement and Compliance Action

.

Disclaimer

The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.

For further queries or details, you may contact:

Mr Anuroop Omkar

Founding Partner, AK & Partners

info@akandpartners.in