Corporate & Compliance Digest June 15, 2026
- AK & Partners
- Jun 15
- 6 min read
We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.
1. Labour Law & Employment Law
1.1. West Bengal permits flexible working hours for shops and establishments
The Labour Department of West Bengal has issued a notification granting an exemption to shops and establishments registered under the West Bengal Shops and Establishments Act, 1963 ("WBSE Act"). The notification aims to provide greater flexibility in the work schedule by modifying the applicability of certain provisions relating to working hours under Section 7 of the WBSE Act. Under the revised framework, no employee may be required or permitted to work more than eight and a half hours in a day or 48 (forty-eight) hours in a week. The total spread-over of working hours, including overtime, must not exceed 12 (twelve) hours in any day. In addition, overtime work has been capped at 144 (one hundred forty-four) hours in a quarter. The notification takes immediate effect, and all other provisions Section 7 of the WBSE Act will continue to apply without modification.
1.2. Maharashtra issues Draft Occupational Safety, Health and Working Conditions (Labour) Rules, 2026
The Government of Maharashtra has released the draft Maharashtra Occupational Safety, Health and Working Conditions Labour Rules, 2026 (“Draft Rules”). The Draft Rules aim to consolidate and replace several existing labour and workplace safety regulations. The key provisions of the Draft Rules include a fully digital registration system of establishments, enhanced worker health protection measures, detailed reporting obligations of workplace accidents and diseases, issuance of mandatory appointment letter and safety committee for establishment employing 250 or more workers. The Draft rules are expected to simplify registration process, improve workplace safety standards and ensure protection of workers' rights and welfare.
2. Securities & Capital Markets
2.1. NSE allows availability of Altiva Equity Long-Short Fund on MF platform
The National Stock Exchange of India (“NSE”) has announced the availability of the Altiva Equity ExTop 100 Long-Short Fund under the Specialised Investment Fund (“SIF”) category on the NSE MF Invest platform. The fund, offered by Edelweiss Mutual Fund, has been reopened for subscriptions, redemptions, and systematic transactions including Systematic Investment Plan (“SIP”), Systematic Transfer Plan (“STP”), and Systematic Withdrawal Plan (“SWP”) with effect from June 10, 2026. The circular lists multiple variants of the scheme across direct and regular plans, enabling broader investor participation through the exchange platform.
2.2. NSE restricts trading for KYC non-compliant clients
The NSE has issued guidelines in relation to amendments under the SEBI KYC (Know Your Client) Registration Agency (“KRA”) Regulations, 2011. It has been specified that clients whose KYC status remains “on hold” with KRAs for the period May 1, 2026 to May 31, 2026 will not be permitted to trade or square off positions on the exchange from June 26, 2026 until compliance is completed. The exchange will flag such Permanent Account Numbers (“PANs”) as non-compliant, and trading will only resume on a T+1 basis after validation. The measure aims to strengthen investor due diligence and ensure compliance with regulatory requirements.
2.3. NSDL enhances SPEED-e application for password-based users
The National Securities Depository Limited (“NSDL”) has introduced enhancements to its SPEED-e platform for password-based users to streamline operations and improve usability. A key change includes removal of the mandatory requirement to provide Clearing Member Beneficiary Participant Identification (“CM BP ID”) at the registration stage, although it remains necessary for initiating market transactions. Additionally, designated pool accounts of Indian Clearing Corporation Limited (“ICCL”) and NSE Clearing Limited (“NCL”) have been added as default pre-notified accounts, facilitating corporate bond transfers through the platform. These changes are intended to simplify onboarding and enhance transaction efficiency for users.
2.4. CDSL mandates submission of Cyber Security Audit Reports
Central Depository Services (India) Limited (“CDSL”) has directed Depository Participants (“DPs”) to submit their Cyber Security Audit Reports through its online audit portal on or before June 30, 2026. The requirement follows earlier guidance and forms part of ongoing cyber security compliance obligations for DPs. Failure to submit within the prescribed timeline will be treated as non-compliance and may attract penalties as per applicable CDSL regulations.
3. Information Technology & Data Protection
3.1. CERT-In Flags Multiple High-Severity Vulnerabilities in Adobe Products
CERT-In has issued Advisory CIAD-2026-0031 highlighting multiple vulnerabilities in various Adobe products, including Adobe Experience Manager, Adobe Experience Manager Forms, Adobe InDesign, Adobe InCopy, Adobe Substance 3D Sampler, Adobe Content Credentials SDK, Adobe Dreamweaver, Adobe Acrobat Reader, Adobe ColdFusion, Adobe Format Plugins, and Adobe Campaign Classic. The advisory states that the vulnerabilities arise from issues such as improper input validation, cross-site scripting (DOM-based, reflected and stored XSS), memory corruption, incorrect authorisation, and supply chain-related weaknesses. CERT-In has noted that successful exploitation could allow attackers to execute arbitrary code, gain elevated privileges, bypass security restrictions, access sensitive information, manipulate application functionality, or cause denial of service conditions, potentially resulting in complete system compromise. The advisory recommends that affected users and organisations apply the security updates released by Adobe to mitigate the identified risks.
3.2. CERT-In Issues Critical Advisory on Multiple Vulnerabilities in Microsoft Products
CERT-In has issued Advisory CIAD-2026-0030 highlighting multiple vulnerabilities affecting a wide range of Microsoft products, including Microsoft Apps, Extended Security Updates (ESU), Windows, Developer Tools, Microsoft Office, Azure, System Center, Server Software, Microsoft Dynamics, Microsoft Browser products, the Linux kernel–Microsoft MANA Network Driver, Nuance PowerScribe One, and Nuance PowerScribe 360. The advisory notes that the vulnerabilities could enable attackers to gain elevated privileges, obtain or modify information, execute remote code, conduct spoofing attacks, bypass security features, or cause denial of service conditions on affected systems. CERT-In has assessed the severity as Critical, citing risks such as system compromise, data exfiltration, ransomware attacks, system instability, and service disruption. The advisory recommends that organisations and individuals using the affected products promptly apply the security updates released by Microsoft to mitigate the identified risks.
3.3. CERT-In Issues Advisory on Multiple Vulnerabilities in Oracle Products
CERT-In has issued Advisory CIAD-2026-0028 highlighting multiple vulnerabilities affecting Oracle Communications Unified Assurance, Oracle Database Server, Oracle E-Business Suite, Oracle Hospitality OPERA 5 Property Services, and Oracle REST Data Services (ORDS). The advisory notes that several vulnerabilities are remotely exploitable over a network without authentication and may be exploited without valid user credentials. According to the advisory, successful exploitation could result in unauthorised access to sensitive information, disclosure or modification of data, compromise of system integrity, and disruption of services. CERT-In has assessed the severity as High due to the potential impact on the confidentiality, integrity, and availability of affected systems deployed across enterprise environments. Organisations and users of the affected Oracle products have been advised to apply the security updates released by Oracle under its Critical Security Patch Update (CSPU) to mitigate the identified risks.
3.4. CERT-In Flags Critical Vulnerabilities in Google Chrome for Desktop
CERT-In has issued Vulnerability Note CIVN-2026-0298 highlighting multiple critical vulnerabilities in Google Chrome for Desktop affecting versions prior to 149.0.7827.53/54 for Windows and Mac, and prior to 149.0.7827.53 for Linux. The vulnerabilities arise from issues such as out-of-bounds read and write, use-after-free, heap and stack buffer overflows, type confusion, integer overflow, script injection, policy bypass, side-channel information leakage, and race conditions across multiple Chrome components, including ANGLE, V8, GPU, WebRTC, Network, FileSystem, Password Manager, and Chromecast. According to CERT-In, a remote attacker could exploit these vulnerabilities by persuading a user to access a specially crafted web request, potentially leading to arbitrary code execution, disclosure of sensitive information, bypass of security restrictions, privilege escalation, or denial-of-service conditions. Users and organisations have been advised to update Google Chrome to the latest vendor-supported version to mitigate the identified risks.
4. Regulatory Enforcement
Authority | Name of the Company/ Individual | Amount of Penalty Imposed | Contravention |
Registrar of Companies (“ROC”), Bangalore | Trimont Services India Private Limited
| Consolidated Penalty of INR 1,60,000/- (Indian Rupees One Lakh Sixty Thousand only) on the Company and Directors | The company has admitted, through its suo-motu adjudication application, that it failed to comply with the provisions of Section 173(1) of the Companies Act, 2013, which mandates that the gap between two consecutive Board Meetings shall not exceed 120 days. The violation resulted in a delay of 31 days. Violation of Section 173(1) & Section 450 of the Companies Act, 2013. |
Registrar of Companies(“ROC”), Bangalore
| Metropolis Technologies India Private Limited | Consolidated Penalty of INR 3,50,000/- (Indian Rupees Three Lakh Fifty Thousand only)
| The company, through its suo-motu application, has admitted non-compliance with Section 10A(1)(a) of the Companies Act, 2013, by commencing business on 10.11.2022 without filing e-Form INC-20A as required before commencement of business. The form was filed belatedly on 08.05.2023, resulting in a violation of Section 10A(1)(a) for a period of 179 days. |
Registrar of Companies (“ROC”), Bangalore | Tactile Education Services Private Limited | Consolidated Penalty of INR 6,42,000/- (Indian Rupees Six Lakhs Forty Two Thousand only) | The company violated Sections 62(1)(c) and 42 of the Companies Act, 2013 by allotting equity shares against loans received from shareholders/directors without complying with the requirements for preferential allotment and private placement. Further, the company violated Section 42(8) by filing Form PAS-3 with a delay of 61 days from the date of allotment. |
Disclaimer
The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.
For further queries or details, you may contact:
Mr Anuroop Omkar
Founding Partner, AK & Partners
Comments