Corporate & Compliance Digest May 18, 2026
- AK & Partners
- 4 days ago
- 8 min read
We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.
1. Labour Law & Employment Law
1.1. Central Government notifies remuneration threshold for audiovisual workers under OSH Code
The Ministry of Labour and Employment has notified INR 19,000 per month (Indian Rupees Nineteen Thousand only) as the monetary ceiling for remuneration to determine classification as an audiovisual worker under the Code on Occupational Safety, Health and Working Conditions, 2020. The notification has been issued in exercise of powers under Section 2(1)(f) of the Code, with equivalent treatment prescribed where remuneration is paid as a lump sum amount.
1.2. Central Government issues notifications under the Occupational Safety, Health and Working Conditions Code, 2020
The Ministry of Labour and Employment has issued notifications under the Occupational Safety, Health and Working Conditions Code, 2020, appointing the Director General of Mines Safety as the Chief Inspector-cum-Facilitator of Mines across applicable territories and constituting a designated authority under Section 57 comprising representatives from key labour and mine safety bodies. The notifications form part of the operational implementation of the Code’s regulatory framework relating to workplace safety oversight and administration.
1.3. Central Government appoints authorities for prosecution sanctions under the Code on Social Security, 2020
The Ministry of Labour and Employment has appointed the Chief Labour Commissioner (Central) and Additional Chief Labour Commissioner (Central) as the competent authorities for granting sanction for prosecution of offences under Chapters V and VI of the Code on Social Security, 2020, in respect of establishments where the Central Government is the appropriate government. The notification has been issued under Section 136(2) of the Code as part of the implementation of the social security enforcement framework.
1.4. Central Government issues notifications under the Code on Social Security, 2020
The Ministry of Labour and Employment has issued notifications under the Code on Social Security, 2020, appointing competent authorities across jurisdictions for the purposes of Chapter VI and designating labour enforcement and labour commissioner officials for implementation and enforcement of offences under Chapters V and VI in establishments where the Central Government is the appropriate authority. The notifications strengthen the administrative and enforcement framework for implementation of the social security regime.
2. Securities & Capital Markets
2.1. NSDL issues circular on SEBI norms for use of price data for educational purposes
National Securities Depository Limited (“NSDL”) has issued a circular drawing participants’ attention to the Securities and Exchange Board of India (“SEBI”) framework on sharing and usage of securities price data strictly for educational purposes. The circular requires participants to take note of the regulatory norms prescribed by SEBI and ensure adherence while disseminating or using such data. It also reiterates ongoing compliance obligations, including periodic reporting requirements such as investor grievance reports, audit submissions and internal control certifications, to be completed through prescribed channels such as the e‑PASS system and email within stipulated timelines.
2.2. NSDL enables electronic submission of VAPT audit reports through e‑PASS
NSDL has introduced a facility for submission of Vulnerability Assessment and Penetration Testing (“VAPT”) audit reports through its e‑PASS portal, in line with SEBI’s cyber security compliance framework. Participants are required to submit both half-yearly and annual VAPT reports electronically in prescribed formats, along with auditor certifications and supporting annexures. The circular also mandates remediation of identified vulnerabilities and submission of an Action Taken Report within specified timelines, typically within three months of the initial report. Non-compliance with submission timelines may attract regulatory action, reinforcing the importance of timely cybersecurity reporting and adherence to audit procedures.
2.3. NSDL enables electronic submission of cyber security audit reports through e‑PASS
NSDL has further operationalised an electronic facility for submission of cyber security audit reports by participants through the e‑PASS portal. The circular sets out detailed procedures for auditor onboarding, report submission, validation and digital sign-off, ensuring a standardised and transparent reporting process. Participants are required to conduct audits in accordance with SEBI’s Cyber Security and Cyber Resilience Framework (“CSCRF”), submit auditor declarations, and report closure of identified gaps within three months. The circular also prescribes timelines for half-yearly and annual audit submissions and emphasises that delays or non-compliance may result in penalties under NSDL business rules, thereby strengthening cyber resilience and regulatory oversight across market participants.
2.4. NSE issues guidelines on KYC validation and trading restrictions
National Stock Exchange of India Limited (“NSE”) has issued a circular prescribing strict compliance requirements relating to Know Your Client (“KYC”) validation through KYC Registration Agencies (“KRAs”), pursuant to amendments under the SEBI framework. The circular provides that clients whose KYC status remains “on hold” for records submitted between April 01, 2026 and April 30, 2026 shall not be permitted to trade or square off open positions from May 23, 2026 until validation is completed. Further, the exchange will flag such Permanent Account Numbers (“PANs”) as non-compliant, and trading access will only be restored on T+1 upon successful validation. The circular also reiterates requirements regarding blocking of accounts in case of investor demise and mandates operational controls to ensure compliance with KYC norms, thereby strengthening investor protection and regulatory discipline.
2.5. NSE announces launch of SBI Nifty G-Sec July 2031 Index Fund on MF platform
NSE has announced the launch of the SBI Nifty G-Sec July 2031 Index Fund New Fund Offer (“NFO”) on its MF Invest platform. The NFO will be available for subscription from May 14, 2026 to May 19, 2026, offering multiple plan options including direct and regular plans with growth, income distribution cum capital withdrawal (“IDCW”) payout and reinvestment options. The fund falls under the debt category and is benchmarked to government securities, providing investors with exposure to sovereign debt instruments. Members have been instructed to ensure that funds are received by the clearing corporation by May 20, 2026 within the stipulated time to facilitate allotment, thereby enabling seamless participation in the offering.
2.6. NSDL issues amendments to dematerialisation framework and investor service forms
National Securities Depository Limited (“NSDL”) has issued amendments to its bye-laws and business rules governing the processing of investor service requests for dematerialisation of securities. The changes include revisions to key provisions relating to dematerialisation and record maintenance, as well as the introduction of new standardised forms for processes such as dematerialisation requests, transposition, transmission, and signature variation. These amendments aim to streamline and standardise procedures for issuers and registrar and transfer agents (“RTAs”), improving efficiency and consistency in handling investor requests. Participants have been advised to take note of the revised framework and ensure compliance with the updated requirements.
2.7. NSE introduces new interest rate derivatives on Government securities
NSE has announced the introduction of new Interest Rate Futures and Options contracts based on Government of India (“GoI”) securities, aimed at enhancing trading opportunities in the currency derivatives segment. The contracts, linked to specified government securities with defined coupon rates and maturity dates, will be available for trading from May 19, 2026. The circular also sets out detailed contract specifications including expiry cycles, lot sizes, and quantity limits, along with operational instructions for members to update systems prior to launch. This initiative seeks to deepen the derivatives market and provide participants with additional tools for hedging interest rate risk and managing fixed income exposures.
2.8. NSE updates graded surveillance framework for enhanced market monitoring
NSE has issued updates to the Graded Surveillance Measure (“GSM”) framework to strengthen market surveillance and investor protection mechanisms. The revisions include modification of exclusion criteria, limiting index-based exemptions to securities forming part of major indices such as the Nifty 500 or BSE 500, and removal of certain earlier exclusions relating to institutional holdings, dividend history and recent corporate restructuring. The updated framework continues to rely on objective financial and valuation metrics such as net worth, market capitalisation and price-to-earnings ratios for identifying high-risk securities. The revised criteria will be implemented from the next quarterly review effective June 19, 2026, and will operate alongside existing surveillance measures to curb market manipulation and ensure orderly trading.
3. Information Technology & Data Protection
3.1. CERT-In Flags Critical Vulnerabilities in Cisco Catalyst SD-WAN Products
CERT-In has issued a vulnerability note regarding multiple vulnerabilities in Cisco Catalyst SD-WAN Manager and Cisco Catalyst SD-WAN Controller. The vulnerabilities could allow remote attackers to gain escalated privileges, bypass authentication, and access arbitrary files on targeted systems. The advisory highlights privilege escalation vulnerabilities arising from exposure of sensitive session information and improper redaction within device configurations, an XML External Entity (XXE) vulnerability enabling arbitrary file access, and an authentication bypass vulnerability affecting control connection handshaking. CERT-In has noted that the authentication bypass vulnerability is being actively exploited in the wild. The advisory recommends applying the latest security updates issued by Cisco to mitigate risks relating to unauthorised access, network configuration modification, sensitive information disclosure, and system disruption.
3.2. CERT-In Issues Advisory on Multiple Vulnerabilities in Microsoft Products
CERT-In has issued an advisory regarding multiple vulnerabilities affecting Microsoft products, including Microsoft Windows, Microsoft Office, Microsoft Dynamics, Developer Tools, SQL Server, Azure applications, and Extended Security Updates (ESU) for legacy Microsoft products. The vulnerabilities could allow attackers to gain elevated privileges, obtain sensitive information, execute arbitrary code remotely, bypass security restrictions, conduct spoofing attacks, tamper with data or system processes, and cause denial-of-service conditions. The advisory highlights risks relating to system compromise, data exfiltration, ransomware attacks, and system instability. CERT-In has advised users and organisations to apply the latest security updates released by Microsoft Security Response Centre to mitigate the identified vulnerabilities.
3.3. CERT-In Reports Multiple Vulnerabilities in Google Chrome for Desktop
CERT-In has issued a vulnerability note regarding multiple vulnerabilities affecting Google Chrome for Desktop versions prior to 148.0.7778.96 for Linux and versions prior to 148.0.7778.96/97 for Windows and Mac. The vulnerabilities could allow remote attackers to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause denial-of-service conditions on targeted systems. The advisory states that the vulnerabilities arise from issues including integer overflows, use-after-free conditions, inappropriate implementation, insufficient validation and policy enforcement, object lifecycle issues, out-of-bounds memory access, race conditions, script injection, side-channel information leakage, type confusion, and uninitialized use across multiple Chrome components. Successful exploitation could result in system compromise, data theft, unauthorised access, or service disruption. CERT-In has advised users and organisations to apply the latest security updates released by Google Chrome Releases Blog to mitigate the identified vulnerabilities.
3.4. CERT-In Issues Advisory on Multiple Vulnerabilities in Apple Products
CERT-In has issued an advisory regarding multiple vulnerabilities affecting various Apple products, including Apple iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari versions. The vulnerabilities could allow attackers to execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause denial-of-service conditions on targeted systems. The advisory states that the identified vulnerabilities pose risks relating to information disclosure, code execution, malware propagation, and system crashes. CERT-In has advised organisations and individuals using affected Apple products to apply the latest security updates released by Apple to mitigate the identified vulnerabilities.
4. Regulatory Enforcement and Compliance Action
Authority | Name of Company / Individual | Amount of Penalty Imposed | Contravention |
Securities and Exchange Board of India (SEBI) | Rashmi Saluja | INR 40 Lakhs | Violation of SEBI's Prohibition of Insider Trading (PIT) Regulations. Rashmi Saluja, the former Executive Chairperson of Religare Enterprises, sold REL shares on September 21 and 22, 2023, while allegedly in possession of unpublished price-sensitive information (“UPSI”) related to the Burman Group's impending open offer, which was publicly announced only on September 25, 2023. SEBI concluded that Saluja qualified as an "insider" under insider trading regulations and that her trades violated market norms, rejecting her defence that the trades had been internally pre-approved, on the ground that possession of UPSI overrides such approvals. |
Securities and Exchange Board of India (SEBI)
| Five Individuals in Darshan Orna Limited's fraudulent trading scheme including Aakash Doshi and Kevin Kapadia | INR 3.1 Crore (Indian Rupees Three Crore Ten Lakhs only) | Violated Regulations 3 and 4 of the SEBI (“PFUTP”) Regulations, 2003, prohibiting fraudulent and unfair trade practices, market manipulation, and dissemination of misleading information read with Section 12A of the SEBI Act, 1992, with penalties imposed under Section 15HA of the Act. SEBI found that coordinated buy recommendations for Unison Metals Limited shares were circulated through Telegram channels with lakhs of subscribers in December 2021, as part of a pre-planned strategy to artificially inflate the stock's price and volume. The regulator imposed a total penalty of INR 3.6 Crore (Indian Rupees Three Crore Sixty Lakhs only) on 15 individuals, barred them from the securities markets for three years, and ordered disgorgement of over INR 3.87 Crore (Indian Rupees Three Crore and Eighty Seven Lakhs only) in unlawful gains. |
Disclaimer
The note is prepared for knowledge dissemination and does not constitute legal, financial or commercial advice. AK & Partners or its associates are not responsible for any action taken based on its contents.
For further queries or details, you may contact:
Mr Anuroop Omkar
Founding Partner, AK & Partners
Comments