Corporate & Compliance Digest March 16, 2026

We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.

1.               Labour Law

1.1.           Delhi notifies Delhi Shops and Establishments (Amendment) Act, 2026

The Government of the National Capital Territory of Delhi has notified the Delhi Shops and Establishments (Amendment) Act, 2026 in the Official Gazette on March 11, 2026, introducing significant changes to the Delhi Shops and Establishments Act, 1954. The amendment was passed by the Legislative Assembly of the National Capital Territory of Delhi on January 9, 2026 and subsequently received Presidential assent. The amendment restricts the applicability of the Act to establishments employing 20 (twenty) or more employees, increases the maximum daily working hours to 10 (ten) hours, and raises the weekly working limit to 60 (sixty) hours. It also revises overtime limits to 144 (one hundred forty-four) hours per quarter, extends the continuous work limit to 6 (six) hours, and introduces provisions permitting women to work night shifts subject to written consent and mandatory safety safeguards.

1.2.           ESIC issues revised D.O. letter on pharmacy reporting under Dhanvantri Module

The Employees’ State Insurance Corporation (“ESIC”) has issued a revised and updated D.O. Letter dated  March 9, 2026 concerning the submission of pharmacy-related data under the Dhanvantri Module for the Monthly Assessment mechanism across ESIC institutions. The revision aims to streamline data collection by discontinuing duplicate reporting through emails and ensuring that information is submitted only through the prescribed module. The updated instructions introduce modifications to the reporting process for pharmacy data to ensure uniformity, accuracy, and timely monitoring of institutional performance. ESIC has directed all concerned authorities to submit Monthly Assessment data through the Dhanvantri Module by the 7th of every month, with a review meeting scheduled on the 10th of each month to assess compliance and operational status.

1.3.           Uttar Pradesh releases draft notification for Code on Wages Rules, 2026

The Government of Uttar Pradesh has issued a draft notification proposing the Uttar Pradesh Code on Wages Rules, 2026 under the Code on Wages, 2019. The draft rules aim to operationalise the provisions of the central legislation at the state level and streamline wage-related compliance for employers and workers. The proposed rules outline procedures relating to fixation and revision of minimum wages, payment of wages, maintenance of registers and records, and filing of returns by employers. The draft framework also provides mechanisms for the timely payment of wages, the determination of overtime wages, and grievance redressal for wage-related disputes. Stakeholders have been invited to submit objections or suggestions within the prescribed consultation period before the rules are finalised and notified by the state government.

1.4.           Uttar Pradesh notifies Industrial Relations Rules, 2026

The Government of Uttar Pradesh has notified the Uttar Pradesh Industrial Relations Rules, 2026 under the Industrial Relations Code, 2020, to operationalise the provisions relating to industrial relations and dispute resolution within establishments in the state. The rules form part of the broader implementation of India’s labour codes aimed at consolidating and simplifying multiple labour laws. The notified rules prescribe procedures relating to the registration and recognition of trade unions, constitution of works committees and grievance redressal committees, resolution of industrial disputes and regulation of strikes, layoffs, retrenchment and closures. The framework is intended to promote industrial harmony while streamlining compliance requirements for employers and strengthening mechanisms for resolving workplace disputes.

1.5.           Uttar Pradesh notifies Social Security Code Rules, 2026

The Government of Uttar Pradesh has notified the Uttar Pradesh Social Security Code Rules, 2026 under the Code on Social Security, 2020, to operationalise social security provisions for workers and employees within the state. The rules form part of the broader implementation of India’s labour codes, which consolidate multiple labour laws into a unified regulatory framework governing wages, industrial relations, occupational safety, and social security. The notified rules prescribe procedures relating to the administration of social security schemes, registration and compliance requirements for employers, and the implementation of welfare benefits for workers, including those in organised, unorganised, and platform-based sectors. The framework is intended to strengthen social security coverage and streamline compliance obligations for employers while enhancing worker welfare.

2.               Stamp Duty

2.1.        Maharashtra Assembly passes Stamp (Amendment) Bill, 2026 to decentralise adjudication of stamp duty cases

The Maharashtra Assembly has passed the Maharashtra Stamp (Amendment) Bill, 2026, with the objective of speeding up disposal of pending stamp duty cases and improving administrative efficiency. The amendment to Section 52A of the Maharashtra Stamp Act, 1958 decentralises adjudicatory powers by enhancing the monetary limits of officers at lower levels, enabling matters involving higher amounts to be decided locally rather than being escalated. As revised, the District Collector (Stamp) may adjudicate cases up to INR 20 Lakh (Indian Rupees Twenty Lakh only), the Deputy Inspector General of Registration (excluding Mumbai) up to INR 50 Lakh (Indian Rupees Fifty Lakh only), the Additional Stamp Controller, Mumbai up to Rs 1 Crore, and the Chief Controlling Revenue Authority up to INR 1 Crore (Indian Rupees One Crore only). The measure is intended to reduce delays, improve transparency, clear backlog of pending matters, and facilitate quicker resolution of property-related stamp duty issues for citizens, buyers, and sellers across the state.

2.2.           Goa Cabinet approves amendment to cap stamp duty on corporate restructuring transactions

The Goa State Cabinet has approved an amendment to the Stamp act to reduce stamp duty payable on orders of the High Court or a Tribunal in relation to amalgamation, reconstruction, merger, or de-merger. The amendment provides for levy of stamp duty at 5 per cent (five per cent) on the market value of the property or the amount of consideration set forth in the instrument or order, whichever is applicable, subject to a maximum cap of INR 210 Crore (Indian Rupees Two Hundred Ten Crore only), for transfers arising out of Schemes of Arrangement. The proposal is intended to rationalise stamp duty on corporate restructuring transactions and attract investment in the State. At present, Goa provides an 80% (eighty per cent) reduction in stamp duty for transfer of property pursuant to a Scheme of Arrangement in the case of small companies up to INR 5 Crore (Indian Rupees Five Crore only), but does not prescribe a specific capped rate for Schemes of Arrangement exceeding INR 75 Crore (Indian Rupees Seventy-Five Crore only).

3.               Stock Exchanges

3.1.           NSE issues guidelines on non‑validated KYC records

The National Stock Exchange of India Limited (“NSE”) has stated that clients whose Know Your Client (“KYC”) records remain “On Hold” with KYC Registration Agencies (“KRAs”) for uploads made between February 01, 2026 and February 28, 2026 will not be allowed to trade or square off positions from March 21, 2026, until their KYC is validated, after which their Permanent Account Number (“PAN”) will be re‑enabled for trading on a T+1 basis.

3.2.        NSE issues circular on colocation – digital acceptance and Colo‑as‑a‑Service changes

The NSE has increased the maximum permissible interactive internet protocol (IP) count across colocation rack variants and relaxed the Colo‑as‑a‑Service (“CaaS”) framework by allowing vendors to choose any rack type and removing earlier caps on clients per rack, member–vendor contracts and order connectivity lines, with all related requests now to be submitted digitally on ENIT from March 16, 2026.

3.3.        NSE issues reminder on submission of Action Taken Report (“ATR”) for system audit

The NSE has reminded trading members to implement corrective actions and submit their Action Taken Reports (“ATRs”) for non‑compliances reported in the System Audit Report (Type III) for April 2025–September 2025 by March 31, 2026 through ENIT, with auditors recording the final compliance status online.

3.4.       NSE Clearing issues circular on review of margin framework for commodity derivatives

NSE Clearing Limited has updated the margin framework for key non‑agricultural commodities, revising minimum initial margin, short option margin, margin period of risk and volatility scan range for products such as gold, silver, base metals, crude oil and natural gas, while keeping all other existing margin components unchanged and applying the new framework from April 01, 2026.

4.               Information Technology

4.1.           CERT-In issues advisory on multiple vulnerabilities in Cisco Firewall Management Software

CERT-In has issued Vulnerability Note CIVN-2026-0119 highlighting a high-severity SQL injection vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software. The vulnerability exists in the web-based management interface and REST API due to inadequate validation of user-supplied input. This flaw could allow an authenticated, remote attacker to conduct SQL injection attacks by sending specially crafted requests to an affected device. Successful exploitation could allow an attacker to gain full access to the database, read sensitive files on the underlying operating system, and cause significant service disruption. CERT-In has assessed a high risk to data manipulation and the overall confidentiality, integrity, and availability of the system. Organizations and IT administrators are urged to apply the appropriate security updates as detailed in the Cisco Advisory to mitigate these risks.

4.2.          CERT-In issues advisory on multiple vulnerabilities in HPE Aruba Networking AOS-CX

The Indian Computer Emergency Response Team has issued Vulnerability Note CIVN-2026-0137 highlighting high-severity security vulnerabilities in HPE Aruba Networking AOS-CX, used in Aruba CX series switches. The affected versions include 10.17.0001 and below, 10.16.1020 and below, 10.13.1160 and below, and 10.10.1170 and below. The vulnerabilities include an unauthenticated administrator password reset flaw (CVE-2026-23813) that allows attackers to bypass authentication and take control of the device, command injection vulnerabilities in the CLI (CVE-2026-23814, CVE-2026-23815 and CVE-2026-23816) that could enable execution of malicious commands with elevated privileges, and an open redirect vulnerability (CVE-2026-23817) that may redirect users to malicious websites, enabling phishing attacks. Exploitation of these vulnerabilities could lead to unauthorized administrative access, complete system compromise, and threats to the confidentiality and integrity of network infrastructure. Organizations using Aruba CX switches have been advised to immediately update their firmware to the latest patched versions to mitigate these risks.

4.3.           CERT-In issues advisory on multiple vulnerabilities in Mozilla Products

CERT-In has issued Vulnerability Note CIVN-2026-0139 highlighting high-severity vulnerabilities affecting a range of IBM products, including IBM Cloud Pak for Security, IBM QRadar Suite Software, and IBM Storage Insights. These vulnerabilities are primarily caused by improper input validation, use of components with known vulnerabilities, and improper neutralization of special elements within the software. Successful exploitation of these flaws could allow a remote attacker to execute arbitrary code, bypass security restrictions, and gain unauthorized access to sensitive information. Furthermore, some vulnerabilities could lead to cross-site scripting (XSS) and denial-of-service (DoS) conditions, significantly impacting the confidentiality and availability of enterprise data. Organizations utilizing these IBM security and storage solutions are strongly advised to apply the vendor-provided security patches immediately to mitigate the risk of full system compromise.

4.4.           UIDAI launches Bug Bounty Programme to strengthen Aadhaar security

The Unique Identification Authority of India (“UIDAI”) has launched its first Bug Bounty Programme to further enhance the security of the Aadhaar ecosystem. The initiative invites cybersecurity experts to identify potential vulnerabilities in key UIDAI digital platforms and report them responsibly in exchange for rewards based on the severity of the issues discovered. A panel of 20 experienced security researchers and ethical hackers has been selected to participate in the programme. The participants will assess UIDAI’s digital assets, including the UIDAI official website, myAadhaar portal, and the Secure QR Code application, to detect vulnerabilities classified under Critical, High, Medium, and Low risk categories. The programme is being implemented in partnership with ComOlho IT Private Limited, a cybersecurity solutions provider. The initiative complements UIDAI’s existing security measures such as regular security audits, vulnerability assessments, penetration testing, and continuous monitoring, and aims to further strengthen the protection of Aadhaar-related digital services.

5.               Tax

5.1.           CBIC issues Procedure for HSNS Return Filing

The Central Board of Indirect Taxes and Customs issued Advisory No. 06/2026 setting out the portal-based procedure for filing Form HSNS RET-01 for Health Security se National Security Cess registrants. The advisory states that the monthly return must be filed on the CBIC taxpayer portal on or before the 20th day of the succeeding month, and it also explains the process for revised returns, acknowledgements, and document upload.

6.             Banking & Financial Regulation

6.1.          RBI Issues Amendment Directions on ‘Clarification on Owned Fund / Tier 1 Capital computation for NBFCs / ARCs and applicability to Credit / Investment Concentration Norms’

Reserve Bank of India (“RBI”) issued the final amendment directions on clarification of owned fund and Tier 1 capital computation for non-banking financial companies (“NBFCs”) and asset reconstruction companies (“ARCs”), and on the applicability of credit and investment concentration norms. RBI noted that, at present, NBFCs other than NBFC-Upper Layer and ARCs reckon Tier 1 capital as on March 31 of the previous year for compliance with such concentration norms and stated that the final directions cover prudential norms on capital adequacy, concentration risk management, housing finance companies, core investment companies, mortgage guarantee companies, ARCs and standalone primary dealers.

7.               Corporate Law & MCA

7.1.           Amendments to Companies (Accounting Standard) Rules, 2021

Ministry of Corporate Affairs (“MCA”) notifies the Companies (Accounting Standards) Amendment Rules, 2026, aligning AS 22 with the Organisation for Economic Co-operation and Development’s Pillar Two requirements by introducing specific compliance obligations for entities subject to global minimum tax laws. Companies shall apply a mandatory exception that prohibits recognition and disclosure of deferred tax assets and liabilities related to Pillar Two income taxes, while separately disclosing the current Pillar Two tax expense or income. Where such legislation is enacted or substantively enacted but not yet effective, entities are required to disclose known or reasonably estimable information on their exposure, supported by qualitative and indicative quantitative details. These disclosure requirements apply to annual reporting periods beginning on or after April 1, 2025, with interim reporting relief up to March 31, 2026, and provide a compliance exemption for small and medium-sized companies from detailed exposure disclosures.

7.2.       Compliance Advisory on Company and LLP Name Reservation and Incorporation 

The MCA has issued an advisory outlining strict compliance requirements for name reservation and incorporation of companies and LLPs, emphasising rejection of names that closely resemble existing entities, trademarks or well-known abbreviations. The advisory clarifies that No Objection Certificates will not override statutory prohibitions on identical or deceptively similar names and reiterates cooling-off periods for the reuse of dissolved or struck-off entity names. Advisory highlights mandatory regulatory approvals for sensitive words such as bank, insurance, finance and professional designations, along with alignment between proposed names, National Industrial Classification codes and stated activities of the entity. Stakeholders are advised to ensure accuracy and consistency in incorporation documents, registered office proofs and declarations, as procedural non-compliance may lead to rejection and penal consequences.

8.               Regulatory Enforcement / Compliance Action

Disclaimer

The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.

For further queries or details, you may contact:

Mr Anuroop Omkar

Founding Partner, AK & Partners

info@akandpartners.in