Corporate & Compliance Digest March 30, 2026

1.1. ESIC mandates faster payments for vendors and MSMEs

The Employees’ State Insurance Corporation (“ESIC”) has issued a new directive to ensure that all vendors, including those from Micro, Small and Medium Enterprises (“MSMEs”), receive their payments more promptly. Under these updated guidelines, all units must complete payments for goods and services procured through the Government e-Marketplace within 10 days of the Consignee Receipt and Acceptance Certificate being generated. This strict deadline also applies to cases where the certificate is automatically produced by the system. Any unit failing to meet this 10-day window will be required to provide a formal justification and must detail the delay in their pendency reports.

1.2. ESIC Simplifies Dispute Settlements Under New Amnesty Scheme

The ESIC has issued a key clarification to streamline how employers resolve legal disputes through the New Amnesty Scheme, 2025. Crucially, the ESIC has confirmed that businesses do not need prior permission from a court to start a settlement process; the requirement to "seek permission" is merely a procedural step to close any ongoing court cases once an agreement is reached. Employers wishing to use the scheme shall simply provide an undertaking to the ESIC promising to withdraw their pending appeals or petitions once the settlement is finalised. This update is designed to make the administrative framework more accessible by removing perceived legal hurdles and encouraging out-of-court resolutions. These changes apply to new applications and will not affect any cases that have already been settled under the existing scheme.

1.3. PFRDA to introduce multiple NAV framework from April

The Pension Fund Regulatory and Development Authority (“PFRDA”) is set to implement a new 'multiple NAV framework' starting from April 01, 2026. This change follows a revision in investment management fees and Point of Presence charges, which will now be differentiated for government and non-government subscribers and adjusted directly through the Net Asset Value (“NAV”). To facilitate this transition, certain online services, including portfolio rebalancing, subscriber shifting and fund withdrawals, will be suspended on Central Recordkeeping Agency platforms between March 25, 2026, and April 01, 2026. While these specific transactions are paused, new user registrations and regular pension contributions will continue to be processed as normal. All services are expected to resume fully from April 02, 2026.

2. Stamp Duty

2.1. GMRL proposes stamp duty surcharge and TOD revenue share for metro funding

Gurugram Metro Rail Limited has proposed a 0.5 per cent (Zero point Five per cent) surcharge on stamp duty for property transactions in Gurugram, along with seeking a 35 per cent (Thirty-Five per cent) share of transit-oriented development (TOD) revenues linked to properties located within 500–800 metres of metro corridors. The proposal forms part of the metro project’s value capture financing framework, including revenue from premiums on additional floor area ratio (FAR), and envisages that 35 per cent (Thirty Five per cent) of yearly projected revenue from such mechanisms would accrue to the metro project while the remaining 65per cent (Sixty Five per cent) would be utilised for infrastructure and utility expansion along the corridor. At present, stamp duty in Haryana ranges between 5 per cent (Five per cent) and 7 per cent (Seven per cent), along with a 2 per cent (Two per cent) infrastructure cess shared between local authorities. The proposal is currently under discussion, with the state government yet to take a final decision following examination by the finance and revenue departments.

2.2. Gujarat fixes INR 300 stamp duty for intra-family land transactions

The Government of Gujarat has decided to provide relaxation in jantri-based stamp duty provisions for internal land transactions among lineal and collateral heirs by prescribing a fixed stamp duty of INR 300 (Indian Rupees Three Hundred only) on specified transactions. The decision provides that where one or more heirs relinquish rights in favour of other heirs, or where joint holders undertake partition, whether in single or multiple stages, each deed of relinquishment, reduction of rights, or partition shall attract a stamp duty of INR 300 (Indian Rupees Three Hundred only). The same rate applies in cases where, in the absence of lineal heirs, rights are transferred to collateral heirs, including for change deeds relating to name entries during lifetime and partition. The measure aims to facilitate easier division of property among family members, reduce disputes and litigation, promote proper legal documentation, and encourage registration of transactions by lowering the financial burden associated with such transfers.

3. Stock Exchanges

3.1. CDSL issues updated on sanctions list under Section 51A of UAPA

Central Depository Services (India) (“CDSL”) has informed depository participants that, based on a SEBI communication relaying two recent United Nations Security Council press notes, two additional individuals linked to ISIL and Al Qaida have been added to the UN sanctions list, namely Sami Jasim Muhammad Jaata Al Jaburi (QDi 437) and Abd El Hamid Salim Ibrahim Brukan Al Khatouni (QDi 438). Participants are required to implement the Central Government order on Section 51A of the Unlawful Activities Prevention Act 1967, including screening all existing and new accounts against the updated UN lists, processing any delisting requests through the Ministry of Home Affairs and Ministry of External Affairs, and guiding designated persons on recourse to the UN Ombudsperson mechanism, while also monitoring SEBI’s UNSC Sanctions Committee List tab for ongoing updates.

3.3. CDSL issues amendments on rights and obligations of Beneficial Owners and DPs

Pursuant to a SEBI letter dated 25 September 2025, CDSL has amended Chapter 2 of its DP Operating Instructions, particularly Annexure 2.7 on the rights and obligations of beneficial owners and depository participants. The updated provisions reiterate that demat accounts must be opened only after complete KYC, require confidential handling of client data, clarify tariff disclosures and prior notice for any increase in charges, reinforce segregation of each beneficial owner’s securities, and emphasise prohibitions on compelling clients to execute powers of attorney or demat debit and pledge instructions, while also refining provisions on statements of account, account closure, default in payment of charges, freezing and defreezing, grievance redress and the binding effect of SEBI and depository rules and circulars.

3.4. CDSL issues amendments on HUF Demat accounts and joint holding

CDSL has introduced amendments to Chapter 2 of its DP Operating Instructions to allow opening of Hindu Undivided Family (“HUF”) demat accounts jointly with a maximum of two individual joint holders, in line with SEBI’s letter dated 13 August 2025. The revised framework continues to mandate PAN of both the HUF entity and the karta, detailed declarations of family members, and execution of powers of attorney or demat debit and pledge instructions by all HUF members and joint holders, while elaborating procedures on change of karta upon death, treatment of accounts where a third party joint holder dies, capturing coparcener details, and the manner in which securities and accounts are to be handled in cases of full or partial partition of the HUF, including opening new demat accounts per partitioned coparcener and joint holder.

3.5. NSE revises straight through processing (STP) format revision

National Stock Exchange of India (“NSE”)Limited has revised the straight through processing (“STP”) IFN515 message format, following discussions in the Broker’s Industry Standards Forum and consultation with the Securities and Exchange Board of India, by changing the description of a key amount field in the mandatory subsequence D3 (Amounts) column 19A. The field, which previously referred only to brokerage, will now capture “brokerage and other permissible charges”, and the detailed revised format, including field level content rules, validations and examples, has been circulated as an annexure for trading members’ implementation.

3.6. NSE announces revision of market wide position limit for securities lending and borrowing

NSE Clearing Limited has announced a revision of the Market Wide Position Limit and related participant, institutional client and non institutional client limits for the security HIRECT under the Securities Lending and Borrowing Scheme with effect from 30 March 2026. For March 2026, the Market Wide Position Limit and the limits for participants and institutional clients have been doubled from 963495 shares to 1926990 shares, with corresponding increases for non institutional clients, and participants and custodians have been advised to factor these enhanced limits into their positions.

4. Information Technology

4.1. CERT-In issues advisory on multiple vulnerabilities in Apple products

CERT-In has issued advisory CIAD-2026-0015 dated March 26, 2026, highlighting multiple vulnerabilities in Apple products, including iOS, iPadOS, macOS, Safari, tvOS, watchOS, visionOS, and Xcode versions prior to specified updates. The advisory identifies a high severity risk, noting that the vulnerabilities could allow attackers to execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security controls, or cause denial of service. The advisory applies to all organisations and individuals using affected Apple products, with potential impacts including data theft, malware propagation, and system compromise, and underscores the need for timely mitigation to strengthen cybersecurity posture.

4.2. CERT-In issues advisory on multiple vulnerabilities in Microsoft products

CERT-In has issued advisory CIAD-2026-0014 dated March 25, 2026, highlighting multiple vulnerabilities in Microsoft products, including Azure DevOps, Azure Data Factory, Microsoft 365 Copilot, Microsoft Bing, Microsoft Purview, and Azure Cloud Shell. The advisory categorises the vulnerabilities as high severity, noting that they could allow attackers to execute remote code, gain elevated privileges, perform server-side request forgery (SSRF) attacks, and access sensitive information. The advisory is directed at individual users, IT administrators, and security teams, and flags risks including system compromise, data exfiltration, ransomware attacks, and system instability. CERT-In has advised users to apply appropriate security updates to mitigate these vulnerabilities and strengthen system security.

4.3. CERT-In flags high severity vulnerabilities in TP-Link Archer routers

CERT-In has issued vulnerability note CIVN-2026-0158 dated March 25, 2026, highlighting multiple high severity vulnerabilities in TP-Link Archer NX200, NX210, NX500, and NX600 routers across specified versions. The vulnerabilities include authorization bypass, command injection, and privilege escalation, which could allow attackers to perform unauthorised privileged HTTP actions, execute arbitrary commands, and tamper with device configuration data. The advisory notes that exploitation may result in unauthorized access, service disruption, and compromise of confidentiality, integrity, and availability of systems, and is applicable to all organisations and individuals using affected TP-Link routers. Users have been advised to apply appropriate security updates as provided by the vendor to mitigate the identified risks.

4.4. CERT-In flags high severity vulnerabilities in MongoDB

CERT-In has issued vulnerability note CIVN-2026-0157 dated March 24, 2026, highlighting multiple high severity vulnerabilities in MongoDB, affecting versions 8.2 prior to 8.2.6, 8.0 prior to 8.0.20, and 7.0 prior to 7.0.31. The vulnerabilities arise due to issues such as use-after-free in aggregation operators and stack memory disclosure, which could allow attackers to access sensitive information on the targeted system. The advisory notes that exploitation may result in unauthorized access and information disclosure, impacting the confidentiality of systems, and is applicable to all organisations and individuals using affected MongoDB versions. Users have been advised to apply appropriate security updates as recommended by the vendor to mitigate the identified risks.

4.5. CERT-In flags multiple vulnerabilities in NetScaler ADC and Gateway

The CERT-In has issued Vulnerability Note CIVN-2026-0159 dated March 27, 2026, highlighting multiple high-severity vulnerabilities in NetScaler ADC and NetScaler Gateway. The affected versions include NetScaler ADC and Gateway 14.1 before 14.1-66.59, 13.1 before 13.1-62.23, and certain FIPS/NDcPP builds. The vulnerabilities arise due to out-of-bounds read and race condition flaws, which can be exploited through specially crafted network requests. Successful exploitation may lead to unauthorised access to sensitive information, session integrity issues, or broader system compromise. CERT-In has advised users and organisations to apply the vendor-recommended patches issued by Citrix to mitigate risks.

5. Corporate Law and MCA

5.1. MCA releases new advisory for stakeholders for naming and registering companies and LLPs

The Ministry of Corporate Affairs has released an updated advisory to help stakeholders navigate the name reservation and incorporation process for Companies and Limited Liability Partnerships (“LLP”). To prevent application rejections, the guide emphasises choosing unique names that do not phonetically or visually resemble existing brands, noting that 'No Objection Certificates' are often disregarded for near-identical names. It provides clear timelines for reusing names from dissolved or struck-off entities and outlines specific restrictions on using professional titles, geographical names or words implying government patronage without proper authorisation. Additionally, the update clarifies requirements for registered office documentation, trademark cross-checking and the specific paperwork needed for foreign directors or subscribers. By following these practical steps and ensuring consistency between business objects and industrial classification codes, applicants can significantly streamline their registration journey.

5.2. Government introduces Corporate Law (Amendment) Bill, 2026

The Government has introduced the Corporate Laws (Amendment) Bill, 2026 (“Bill 2026”) in Lok Sabha on March 23, 2026, to further amend the LLP Act, 2008 and the Companie Act, 2013. A key focus of this Bill 2026 is "decriminalisation", which involves replacing criminal penalties for many procedural errors with simpler civil fines. Special provisions have also been made for businesses operating in International Financial Services Centres- based LLPs and companies, including the use of foreign currencies for share capital and accounting. Furthermore, small companies and start-ups may benefit from exemptions, such as relaxed requirements for mandatory social responsibility spending and auditor appointments. Specific provisions related to conversions of certain trusts into LLPS, amendments relating to disclosures and meetings have been introduced. The Bill 2026 has been moved to Joint Parliamentary Committee for consideration.

6. Regulatory Enforcement & Compliance Action