Corporate & Compliance Digest March 02, 2026

We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.

1.              Labour Law

1.1.        Kerala amends Migrant Workers Welfare Scheme, 2010

The Government of Kerala has notified amendments to the Kerala Migrant Workers Welfare Scheme, 2010, through S.R.O. No. 166/2026, aimed at strengthening welfare benefits and streamlining membership compliance for interstate migrant workers. The amendment enhances financial assistance limits, revises contribution and membership requirements, and introduces increased government and welfare board contributions to the scheme fund. The notification also rationalises renewal and certification procedures, permits digital application through software or mobile applications, and modifies terminal benefit provisions to improve social security coverage for migrant workers. The amendments came into force with immediate effect upon publication in the Official Gazette.

1.2.        Kerala notifies Jewellery Workers’ Welfare Fund Rules

The Government of Kerala has notified the Kerala Jewellery Workers’ Welfare Fund Rules, 2010 under the Kerala Jewellery Workers’ Welfare Fund Act, 2009, prescribing the operational framework for administration and collection of welfare contributions for jewellery sector workers. The Rules lay down procedures for dealer registration, filing of annual and monthly returns, assessment and payment of cess based on sale proceeds, maintenance of statutory registers, and recovery mechanisms for defaulted amounts. They also establish administrative structures, including powers of assessing officers, appellate mechanisms, and governance functions of the Welfare Fund Board to ensure effective implementation of the welfare scheme. The Rules came into force upon publication in the Official Gazette.

1.3.    Kerala amends Shops and Commercial Establishments Workers Welfare Fund Scheme

The Government of Kerala has notified the Kerala Shops and Commercial Establishments Workers Welfare Fund (Amendment) Scheme, 2026 through S.R.O. No. 251/2026, revising benefits payable under the existing welfare framework for workers. The amendment enhances financial assistance amounts under various welfare components, including marriage assistance, medical aid, and death-related benefits, reflecting updated social security support levels for registered workers. The revised scheme has come into force with immediate effect upon publication in the Official Gazette.

2.              Stamp Duty

2.1.        Uttar Pradesh grants stamp duty remission under Higher Education Incentive Policy

The Government of Uttar Pradesh, vide notification dated February 23, 2026, has provided stamp duty remission for specified transactions executed under the Uttar Pradesh Higher Education Incentive Policy, 2024. Issued under Section 9 of the Indian Stamp Act, 1899 (as applicable to the State), the notification grants graded exemptions for establishment of Multidisciplinary Educational and Research Universities (MERUs). The remission ranges from 20% to 50% based on land investment value, while a 100% exemption is available for MERUs set up in aspirational districts, qualifying foreign higher education institutions, and top-ranked universities establishing eligible institutions. The benefit applies to conveyance and lease instruments relating to project land, subject to compliance conditions including certification by authorities and submission of a bank guarantee linked to project implementation timelines.

3.              Stock Exchanges

3.1.       NSDL introduces e-PASS facility for FATF compliance reporting by Depository Participants

National Securities Depository Limited (NSDL), through Circular No. NSDL/POLICY/2026/0027 dated February 23, 2026, has introduced a dedicated facility on the NSDL e-PASS portal enabling Depository Participants (DPs) to submit confirmations relating to Financial Action Task Force (FATF) public statements. The facility allows DPs to report compliance actions undertaken in respect of jurisdictions identified with strategic AML/CFT deficiencies, including enhanced due diligence, monitoring mechanisms, and other risk-mitigation measures. The module will be automatically enabled for existing maker and checker (compliance officer) users, with submissions routed through a maker-checker verification workflow before final upload to NSDL. The circular aims to streamline FATF-related regulatory reporting, strengthen monitoring of cross-border risk exposure, and ensure timely compliance with AML/CFT obligations aligned with international standards.

4.              Information Technology

4.1.        CERT-In issues critical vulnerability alert for Honeywell CCTV products

The Indian Computer Emergency Response Team (CERT-In) has issued Vulnerability Note CIVN-2026-0098 highlighting a critical security bypass vulnerability affecting certain Honeywell CCTV devices. The advisory warns that the flaw may allow unauthenticated remote attackers to bypass authentication controls, take over administrative accounts, and gain unauthorized access to live and recorded surveillance feeds. The vulnerability arises from an authentication error in the password recovery mechanism, enabling attackers to modify recovery email settings without valid credentials. CERT-In has assessed the risk as high, noting potential exposure of sensitive data and compromise of video surveillance systems across affected installations.

4.2.        CERT-In issues advisory on privilege escalation vulnerability in Microsoft Windows Admin Center

CERT-In has issued Vulnerability Note CIVN-2026-0099 highlighting a high-severity privilege escalation vulnerability affecting Microsoft Windows Admin Center. The vulnerability arises due to improper authentication validation, which may allow an authorized attacker to bypass security restrictions and obtain elevated privileges on affected systems. As Windows Admin Center is widely deployed for browser-based administration of Windows servers and infrastructure environments, successful exploitation could lead to unauthorized system control and operational risks. Users and organizations are advised to apply Microsoft’s recommended security updates and mitigation measures to prevent potential exploitation.

4.3.        CERT-In issues advisory on information disclosure vulnerability in Microsoft Teams

CERT-In has issued Vulnerability Note CIVN-2026-0100 highlighting a high-severity information disclosure vulnerability affecting Microsoft Teams. The vulnerability arises due to improper access control mechanisms, which may allow an attacker to disclose sensitive information, including meeting data, chats, and shared files, particularly where systems are misconfigured or insufficiently secured. As Microsoft Teams is widely used for enterprise communication and collaboration, successful exploitation could result in exposure of confidential business information and data leakage. Organisations and users are advised to apply the security updates and mitigation measures released by Microsoft to reduce the risk of unauthorised information disclosure.

4.4.        CERT-In issues advisory on multiple vulnerabilities in SolarWinds Serv-U

CERT-In has issued Vulnerability Note CIVN-2026-0101 identifying multiple critical vulnerabilities affecting SolarWinds Serv-U (version 15.5.3 and prior). The vulnerabilities stem from improper access control and logic handling flaws, which may allow attackers to bypass authentication, escalate privileges, gain unauthorised administrative access, and execute arbitrary code on affected systems. Given Serv-U’s deployment as an enterprise managed file transfer solution, successful exploitation could result in system compromise, configuration manipulation, and exposure of sensitive data. Organisations using affected versions are advised to urgently apply vendor-recommended security updates and mitigation measures to prevent potential exploitation.

4.5.        CERT-In issues advisory on authentication bypass vulnerability in Cisco SD-WAN products

CERT-In has issued Vulnerability Note CIVN-2026-0102 highlighting a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. The vulnerability arises from flaws in the peering authentication mechanism, which may allow an unauthenticated remote attacker to bypass authentication controls and gain administrative privileges on affected systems. Successful exploitation could enable attackers to access internal high-privileged accounts, manipulate network configurations through NETCONF, and disrupt services, impacting the confidentiality, integrity, and availability of SD-WAN infrastructure. Organisations are advised to promptly implement Cisco’s recommended security updates and mitigation measures to prevent potential system compromise.

4.6.        CERT-In issues advisory on command injection vulnerability in FileZen

CERT-In has issued Vulnerability Note CIVN-2026-0103 highlighting a high-severity command injection vulnerability affecting FileZen versions V4.2.1 through V4.2.8 and V5.0.0 through V5.0.10. The vulnerability arises due to improper neutralisation of special elements when the antivirus check option is enabled, which may allow an unauthenticated remote attacker to execute arbitrary code on affected systems through specially crafted HTTP requests. Successful exploitation could result in full system compromise, unauthorised access, sensitive information disclosure, and service disruption, with CERT-In noting active exploitation of the vulnerability in the wild. Organisations are advised to urgently apply vendor-released security updates and mitigation measures to secure affected deployments.

4.7.     CERT-In issues advisory on multiple vulnerabilities in Cisco Catalyst SD-WAN Manager

CERT-In has issued Vulnerability Note CIVN-2026-0104 highlighting multiple critical vulnerabilities affecting Cisco Catalyst SD-WAN Manager. The vulnerabilities include authentication bypass, privilege escalation, information disclosure, and arbitrary file overwrite flaws arising from improper authentication controls, insufficient API validation, and insecure file handling mechanisms. Successful exploitation could allow attackers to gain root-level access, execute commands with administrative privileges, access sensitive system information, overwrite files, and compromise affected systems, impacting confidentiality, integrity, and availability of network infrastructure. Organisations using affected deployments are advised to urgently apply Cisco’s recommended security updates and mitigation measures to prevent potential system compromise and service disruption.

4.8.        CERT-In issues advisory on denial of service vulnerability in Cisco Nexus switching platforms

CERT-In has issued Vulnerability Note CIVN-2026-0105 highlighting a high-severity denial of service (DoS) vulnerability affecting Cisco Nexus 3600 and Nexus 9500-R series switching platforms. The vulnerability arises from a logic error in Ethernet VPN (EVPN) Layer 2 ingress packet processing, which may allow an unauthenticated adjacent attacker to trigger crafted traffic frames and cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop. Successful exploitation could disrupt network operations and impact system availability, resulting in service outages. Organisations are advised to implement Cisco’s recommended mitigation measures and monitor network traffic, as manual intervention may be required to stop malicious traffic and restore normal operations.

4.9.        CERT-In issues advisory on SNMP denial of service vulnerability in Cisco Nexus 9000 Series switches

CERT-In has issued Vulnerability Note CIVN-2026-0106 highlighting a high-severity denial of service (DoS) vulnerability affecting Cisco Nexus 9000 Series Fabric Switches operating in ACI mode. The vulnerability arises from improper processing of SNMP requests, which may allow an authenticated remote attacker to repeatedly send crafted queries and trigger a kernel panic, resulting in device reloads and service disruption. Successful exploitation could impact system availability and network operations. Organizations are advised to apply Cisco’s recommended security updates and mitigation measures to prevent potential exploitation and ensure continued network stability.

4.10.     CERT-In issues advisory on denial of service vulnerability in Cisco Nexus 9000 Series switches

CERT-In has issued Vulnerability Note CIVN-2026-0107 highlighting a high-severity denial of service (DoS) vulnerability affecting Cisco Nexus 9000 Series Fabric Switches operating in ACI mode. The vulnerability arises from insufficient validation while processing specific Ethernet frames, which may allow an unauthenticated adjacent attacker to send crafted traffic to the management interface and trigger unexpected device reloads. Successful exploitation could disrupt network availability and operations, with the issue impacting the out-of-band (OOB) management interface. Organizations are advised to implement Cisco’s recommended security updates and mitigation measures to reduce the risk of service disruption.

4.11.     CERT-In issues advisory on denial of service vulnerability in Cisco NX-OS based devices

CERT-In has issued Vulnerability Note CIVN-2026-0108 highlighting a high-severity denial of service (DoS) vulnerability affecting multiple Cisco devices, including Nexus 3000 Series switches, Nexus 9000 Series switches (ACI and standalone NX-OS modes), and UCS X-Series Direct Fabric Interconnects. The vulnerability arises from improper handling of specific fields in Link Layer Discovery Protocol (LLDP) frames, which may allow an unauthenticated adjacent attacker to send crafted packets that trigger an LLDP process restart and cause unexpected device reloads. Successful exploitation could disrupt network availability and operations, resulting in service outages. Organizations are advised to apply Cisco’s recommended security updates and mitigation measures to reduce the risk of exploitation.

4.12.     CERT-In issues advisory on denial of service vulnerability in IBM WebSphere Application Server

CERT-In has issued Vulnerability Note CIVN-2026-0109 highlighting a high-severity vulnerability affecting IBM WebSphere Application Server (versions 8.5 and 9.0) and IBM WebSphere Application Server Liberty (versions 21.0.0.3 and 26.0.0.2). The vulnerability arises from improper handling of specially crafted JSON Web Encryption (JWE) tokens, which may allow remote attackers to trigger excessive memory allocation and processing during token decompression, resulting in a denial of service (DoS) condition. Successful exploitation could lead to application instability and service outages, impacting system availability. Organizations are advised to promptly apply the security updates and mitigation measures released by IBM to reduce the risk of exploitation. [Link]

4.13.     CERT-In issues advisory on multiple vulnerabilities in VMware products

CERT-In has issued Vulnerability Note CIVN-2026-0110 highlighting multiple high-severity vulnerabilities affecting VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure. The vulnerabilities include command injection, stored cross-site scripting (XSS), and privilege escalation flaws arising from improper input handling and insufficient access controls, which may allow attackers to execute arbitrary commands, inject malicious scripts, and gain elevated privileges within affected VMware environments. Successful exploitation could lead to unauthorized access, administrative compromise, and disruption of virtualized infrastructure and cloud operations. Organizations are advised to promptly apply VMware’s recommended security updates and mitigation measures to reduce exposure to potential attacks.

4.14.     CERT-In issues advisory on multiple vulnerabilities in Trend Micro Apex One

CERT-In has issued Vulnerability Note CIVN-2026-0111 highlighting multiple critical vulnerabilities affecting Trend Micro Apex One, including Apex One 2019 (on-premise and SaaS), Trend Micro Apex One (macOS), and Trend Vision One Endpoint Standard Endpoint Protection. The vulnerabilities impact the management console, scan engine, and macOS agent components, and may allow attackers to achieve remote code execution through directory traversal flaws and escalate privileges via multiple local privilege escalation vulnerabilities. Successful exploitation could result in unauthorized access, execution of malicious commands, and compromise of endpoint security systems, affecting confidentiality, integrity, and availability of organizational environments. Organizations are advised to urgently apply vendor-recommended security updates and mitigation measures to prevent potential exploitation.

4.15.     CERT-In issues advisory on multiple vulnerabilities in Zyxel devices

CERT-In has issued Vulnerability Note CIVN-2026-0112 highlighting multiple high-severity vulnerabilities affecting various Zyxel 4G/5G CPEs, DSL/Ethernet CPEs, Fiber ONTs, security routers, and wireless extenders running older firmware versions. The vulnerabilities include null pointer dereference and command injection flaws that may allow authenticated attackers to crash devices, disrupt packet forwarding, or execute arbitrary operating system commands through specially crafted HTTP or UPnP requests. Successful exploitation could result in service interruption, unauthorized access, and compromise of network infrastructure, impacting system confidentiality, integrity, and availability. Organizations and users are advised to promptly update affected devices with vendor-released firmware patches and implement recommended mitigation measures to reduce exposure to potential attacks.

5.            Tax

5.1.        India and France sign protocol amending Double Taxation Avoidance Convention

India and France have signed an Amending Protocol to revise the India–France Double Taxation Avoidance Convention (DTAC), aligning the treaty with evolving international tax standards. The Protocol was signed by representatives of both governments during the recent visit of the President of France to India. The amendment grants source-based taxation rights to India on capital gains arising from the sale of shares of Indian companies and removes the Most Favoured Nation (MFN) clause relating to dividend taxation. It also rationalises dividend taxation by prescribing a uniform 10% rate, subject to a concessional 5% rate for specified shareholding thresholds, and updates provisions relating to Fees for Technical Services in line with international treaty practice. Further, the Protocol strengthens exchange of information mechanisms and introduces provisions on assistance in collection of taxes, while incorporating BEPS Multilateral Instrument standards already adopted by both countries. The revised treaty will enter into force after completion of domestic legal procedures in India and France and is expected to enhance tax certainty, investment flows, and bilateral economic cooperation.

5.2.        CBIC revises tariff values for specified imported goods

The Central Board of Indirect Taxes and Customs (CBIC), vide Notification No. 24/2026–Customs (N.T.) dated February 27, 2026, has amended Notification No. 36/2001–Customs (N.T.) to revise tariff values for specified imported goods under Section 14(2) of the Customs Act, 1962. The amendment substitutes existing Tables 1, 2 and 3, revising tariff values for commodities including crude palm oil, RBD palm oil, palmolein, crude soybean oil, and brass scrap, while also updating benchmark tariff values for gold and silver imports. The notification retains the tariff value for areca nuts without change and aims to align customs valuation with prevailing international price trends. The revised tariff values will come into force with effect from February 28, 2026.

Disclaimer

The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.

For further queries or details, you may contact:

Mr Anuroop Omkar

Founding Partner, AK & Partners

info@akandpartners.in