Corporate & Compliance Digest June 08, 2026

We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.

1.               Labour Law & Employment Law

1.1.     Bihar Repeals Shops and Establishments Act Following Implementation of Occupational Safety Code

The Government of Bihar has promulgated the Bihar Shops and Establishments (Regulation of Employment and Conditions of Service) (Repeal) Ordinance, 2026, repealing the Bihar Shops and Establishments (Regulation of Employment and Conditions of Service) Act, 2025. The repeal has been introduced in light of the enforcement of the Occupational Safety, Health and Working Conditions Code, 2020 by the Central Government, which covers several areas already regulated under the state legislation. The ordinance notes that the coexistence of overlapping provisions under both laws necessitated the repeal to streamline regulatory compliance, promote industrial investment, and support economic growth within the state. The measure has been enacted through an ordinance as the Bihar Legislature was not in session and immediate legislative action was considered necessary.

1.2.     Ministry of Labour & Employment Mandates eShram Registration Following Implementation of Social Security Code

The Government of India has issued an urgent directive under Notification No. U-11019/13/2026-GPW, ordering all online aggregators to complete their onboarding and API integration on the eShram portal by June 21, 2026. The integration has been introduced in light of the enforcement of the Code on Social Security, 2020 by the Central Government, which mandates statutory social security protection for gig and platform workers. The ministry notes that Rule 48(2) of the Social Security (Rules), 2026 requires aggregators to share worker details within 45 days of commencement to streamline regulatory data flow and ensure welfare scheme eligibility. The measure has been enacted with an immediate time-bound deadline to avoid the invocation of penal provisions under Section 133 of the Code, as a critical enforcement window has already elapsed.

1.3.        Telangana Enforces Platform Based Gig Workers Act Following Gazette Notification

The Government of Telangana has issued an official order under G.O.Ms.No. 7, appointing June 2, 2026, as the commencement date for the Telangana Platform Based Gig Workers (Registration, Social Security and Welfare) Act, 2026 (Act No.21 of 2026). The implementation has been introduced in light of the powers conferred by sub-section (3) of section 1 of the state legislation, officially bringing all its statutory provisions into force. The Labor Employment Training and Factories (LAB-I) Department notes that the notification is to be published in an extraordinary issue of the Telangana Gazette to establish the formal regulatory framework for gig worker registration and social welfare. The measure has been enacted through an executive order signed by the Secretary to Government, Harichandana Dasari, moving the state's welfare administration into immediate active enforcement.

2.               Securities & Capital Markets

2.1.           NSDL issues circular on SEBI’s Master Circular for Alternative Investment Funds

National Securities Depository Limited (“NSDL”) has issued a circular informing participants about the Securities and Exchange Board of India (“SEBI”) Master Circular for Alternative Investment Funds (“AIFs”) dated June 03, 2026. The Master Circular consolidates all existing regulatory provisions, circulars and operational guidelines issued under the SEBI (Alternative Investment Funds) Regulations, 2012 up to May 31, 2026, thereby superseding the earlier Master Circular dated May 07, 2024. The circular covers key areas including registration and launch of AIF schemes, fund raising, overseas investments, governance standards, valuation norms, reporting obligations, benchmarking requirements, winding up of schemes and investor accreditation.

2.2.           NSDL revises Annual System Audit framework for Depository Participants

NSDL has issued Circular No. NSDL/POLICY/2026/0087 dated June 04, 2026 regarding implementation of the SEBI Cyber Security and Cyber Resilience Framework (“CSCRF”) requirements for submission of Annual System Audit Reports by Depository Participants (“DPs”). The circular revises the qualifications and eligibility criteria for appointment of system auditors and introduces an updated and comprehensive Terms of Reference (“TOR”) framework for annual audits. The revised TOR covers software change management, password security, session management, database security, network integrity, access controls, backup and recovery, Business Continuity Planning (“BCP”)/Disaster Recovery (“DR”), cloud infrastructure, AI/ML controls, phishing and malware protection, remote access controls, third-party risk management and compliance with SEBI and depository directions. DPs are required to submit Annual System Audit Reports annually within three months from the end of the financial year, i.e., by June 30, and submit Action Taken Reports (“ATRs”) for non-compliances by September 30.

2.3.           CDSL mandates annual reporting of AI and ML applications

Central Depository Services (India) Limited (“CDSL”) has issued a communiqué directing Depository Participants to submit annual reports relating to use of Artificial Intelligence (“AI”) and Machine Learning (“ML”) applications and systems. Pursuant to communication received from SEBI, DPs using AI and ML-based applications are required to submit prescribed disclosures annually within three months from the end of the financial year, i.e., on or before June 30. The communiqué clarifies that submission of the report is mandatory for all DPs, including those not using any AI or ML systems, who are required to make a NIL submission. CDSL has also reiterated the categories of systems considered to fall under AI/ML technologies, including Natural Language Processing (“NLP”), neural networks, supervised and unsupervised machine learning systems, statistical heuristic systems and knowledge-based systems. The communiqué additionally provides detailed operational guidelines for online submission of AI/ML reports through CDSL’s audit web portal, including process flows for designated officers and audit reporting requirements. DPs have been advised to ensure timely compliance with the revised reporting obligations.

2.4.        NSDL introduces DARPAN ID compliance requirements for Charitable Institution accounts

NSDL has issued Circular No. NSDL/POLICY/2026/0088 dated June 04, 2026 introducing revised compliance requirements for Charitable Institutions categorised as Non-Profit Organisations (“NPOs”). Participants are now required to update existing demat account sub-types as “Charitable Institution NPO or Charitable Institution (NON-NPO) based on account holder request and maintain the registration ID issued through the DARPAN portal of NITI Aayog for NPO accounts. NSDL has also introduced a dedicated DARPAN ID field within the Client Maintenance Module and Unified Distinct File Format (“UDiFF”) for capturing such details in the depository system. Existing NPO demat accounts must be updated within 60 days from the date of the circular, failing which the demat account is required to be suspended for debit transactions under KYC non-compliance. These system changes were implemented in the NSDL depository system with effect from end of day June 05, 2026.

2.5.           NSDL introduces VPN-based internet connectivity for Participants

NSDL has issued Circular No. NSDL/POLICY/2026/0089 dated June 05, 2026 introducing Internet Protocol Security Virtual Private Network (“IPsec VPN”)-based internet connectivity as an additional primary mode of connectivity between the Depository Participant Management (“DPM”) system and NSDL. The facility will be operational from July 01, 2026, onwards and will function alongside the existing Multi-Protocol Label Switching (“MPLS”) connectivity framework introduced earlier by NSDL. Participants have also been advised to ensure uninterrupted electronic communication between DPM systems and the Depository Module (“DM”) in order to comply with the applicable NSDL Business Rules and operational requirements.

2.6.           NSE Clearing revises Securities Lending and Borrowing limits for ANANDRATHI

National Stock Exchange of India Limited (“NSE”) Clearing has revised the Market Wide Position Limit (“MWPL”), participant limits, institutional client limits and non-institutional client limits for the security ANANDRATHI under the Securities Lending and Borrowing Scheme (“SLBS”) with effect from June 04, 2026. Pursuant to the revised framework, the MWPL for ANANDRATHI has been increased from 4,722,705 shares to 9,445,410 shares, while the institutional client limit and participant limit have each been revised from 472,270 shares to 944,541 shares. Further, the non-institutional client limit has been increased from 47,227 shares to 94,454 shares. Participants and custodians have been advised to take note of the revised limits and ensure compliance under the SLBS mechanism.

2.7.           NSE launches DYNA SIF Equity Ex-Top 100 Long-Short Fund on NSE MF Invest Platform

NSE has announced the launch of the DYNA SIF Equity Ex-Top 100 Long-Short Fund New Fund Offer (“NFO”) under the Specialised Investment Fund (“SIF”) category of 360 Mutual Fund on the NSE MF Invest Platform. The NFO will remain open for subscription from June 05, 2026 to June 19, 2026. The scheme will be offered under multiple variants including Regular Plan and Direct Plan options with Growth and Income Distribution cum Capital Withdrawal (“IDCW”) payout and reinvestment facilities. NSE has further instructed members to ensure that clear funds are credited to the designated Clearing Corporation account by June 24, 2026 before 11:59 p.m. for successful allotment processing.

2.8.           NSE updates EGR connectivity parameters and NEAT Adapter version

NSE has issued a circular revising Interactive Connectivity Parameters for the Electronic Gold Receipts (“EGR”) segment and introducing an updated National Exchange for Automated Trading (“NEAT”) Adapter version. The Exchange has notified a new Internet Protocol (“IP”) parameter for the EGR segment, effective from June 08, 2026, and available during the mock session scheduled for June 06, 2026. Members have been advised that the existing IP address will cease to be available for login from June 06, 2026 onwards. Consequently, members are required to uninstall the earlier NEAT Adapter version and install the updated Version 1.0.25 for both Windows and Linux operating systems through the specified Extranet paths. All other operational and connectivity requirements remain unchanged.

2.9.           NSE Clearing revises Securities Lending and Borrowing limits for TRENT

NSE Clearing has revised the Market Wide Position Limit (“MWPL”) and participant exposure limits for TRENT under the Securities Lending and Borrowing Scheme (“SLBS”) with effect from June 05, 2026. The MWPL for TRENT has been increased from 22,393,658 shares to 33,590,487 shares. Further, the institutional client limit and participant limit have each been increased from 2,239,365 shares to 3,359,048 shares, while the non-institutional client limit has been revised from 223,936 shares to 335,904 shares. Participants and custodians have been advised to take note of the revised limits and ensure compliance with the updated SLBS position framework.

3.               Information Technology & Data Protection

3.1.           CERT-In Flags Remote Code Execution Vulnerability in Microsoft Office

CERT-In has issued Vulnerability Note CIVN-2026-0283 highlighting a high-severity remote code execution vulnerability in Microsoft Office. The vulnerability arises from the deserialization of untrusted data within Microsoft Office components and may be exploited by an authorised attacker over a network through specially crafted data sent to a vulnerable server. Successful exploitation could enable execution of arbitrary code in the context of the current user, potentially resulting in unauthorised access, data manipulation, and compromise of the affected environment. CERT-In has advised organisations and individuals using Microsoft Office to apply the security updates provided by Microsoft to mitigate the risk.

3.2.           CERT-In Flags Critical Vulnerabilities in IBM WebSphere Application Server

CERT-In has issued Vulnerability Note CIVN-2026-0289 highlighting multiple critical vulnerabilities in IBM WebSphere Application Server versions 8.5 and 9.0. The vulnerabilities arise from improper validation of user-supplied data during deserialization through the SAML Web Single Sign-On component and deserialization of untrusted data via JAX-WS endpoints with WS-Security. Successful exploitation could enable attackers to perform identity spoofing, bypass security restrictions, and execute arbitrary code on targeted systems, potentially affecting the confidentiality, integrity, and availability of applications and causing service disruptions. CERT-In has advised organisations using affected versions to apply the security updates released by IBM.

3.3.           CERT-In Releases Blueprint to Defend Against AI-Assisted Cyber Threats

CERT-In has published the “Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure” to help organisations strengthen resilience against AI-assisted cyber threats. The framework highlights the growing cybersecurity risks arising from advances in artificial intelligence, including accelerated vulnerability discovery, automated exploit development, AI-generated phishing campaigns, adaptive malware, deepfake-enabled fraud, and automated attack orchestration. The blueprint recommends faster vulnerability remediation timelines, reiterates the requirement to report cyber incidents within six hours, and encourages organisations to adopt measures such as zero trust security, multi-factor authentication, privileged access management, continuous security assessments, AI-enabled defensive practices, and Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM), and Cryptographic Bill of Materials (CBOM) mechanisms. The guidance is intended to improve organisational preparedness, strengthen cyber resilience, and reduce exposure to rapidly evolving AI-enabled cyber threats.

4.               Regulatory Enforcement

Disclaimer

The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.

For further queries or details, you may contact:

Mr Anuroop Omkar

Founding Partner, AK & Partners

info@akandpartners.in