We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.
1. Labour Law
1.1. Ministry of Labour and Employment issues notification for Aadhaar authentication by Employees' State Insurance Corporation
The Ministry of Labour and Employment has issued a notification number. S.O. 3792(E) dated August 21, 2025, authorising the Employees' State Insurance Corporation ("ESIC") to use Aadhaar authentication for establishing the identity of beneficiaries. This step aims to enable seamless access to social welfare benefits and services while preventing misuse, improving efficiency, and promoting transparency. Aadhaar authentication will be performed voluntarily, with ESIC required to obtain consent from the Aadhaar holder. Alternative identity documents, such as a passport, PAN card, or driving license, will be accepted for those who opt out of Aadhaar authentication, ensuring no denial of service. This notification supersedes a previous one issued in January 2023 and is effective upon publication in the Official Gazette.
1.2. ESIC issues circular on consolidated FAQ on SPARROW login issues by ESIC
ESIC has issued a circular dated August 21, 2025, addressing persistent login issues users face on the SPARROW portal (Performance Appraisal Report system). ESIC consolidated all troubleshooting steps, relevant guidelines, and solutions to assist users and field offices into a single Frequently Asked Questions ("FAQ") document. The FAQ covers common problems such as VPN activation, email ID issues, unauthorised access messages, missing employee IDs, incorrect OTP delivery, missing APARs, and corresponding remedial actions.
1.3. Extension of public utility service status for the iron and steel industry
The Ministry of Labour and Employment has released notification no. S.0. 3751(E) dated August 19, 2025, that public interest necessitates extending the status of services engaged in the Iron and Steel industry as a public utility service under the Industrial Disputes Act, 1947. This extension applies for 6 (six) months from August 17, 2025, following a previous six-month declaration effective February 17, 2025. The notification affirms that the services in these industries will continue to be treated as public utility services to support industrial peace and public welfare.
1.4. Government of India announces Pradhan Mantri Viksit Bharat Rozgar Yojana with INR 1 lakh crore outlay to boost youth employment
Prime Minister Narendra Modi has announced the Pradhan Mantri Viksit Bharat Rozgar Yojana during his 12th Independence Day address, with a financial outlay of nearly INR 1 Lakh Crore (Indian Rupees One Lakh Crore only) to benefit 3.5 (three crore fifty lakh) crore youth over two years. The scheme comprises two parts: Part A provides support to first-time employees registered with Employees Provident Fund Organisation (EPFO), offering up to INR 15,000 (Indian Rupees Fifteen Thousand only) in two instalments for those earning up to INR 1 Lakh (Indian Rupees One Lakh only) annually; Part B incentivises employers with up to INR 3,000 (Indian Rupees Three Thousand only) per month for two years (extended to four years for manufacturing) for each additional employee with salaries up to INR 1 Lakh (Indian Rupees One Lakh only). Payments will be made through Direct Benefit Transfer using the Aadhaar Bridge Payment System for employees and directly to PAN-linked accounts for employers.
2. Stock Exchange
2.1. NSE issues clarification on IT and cybersecurity committees for Qualified Stock-Brokers
The National Stock Exchange of India ("NSE") issued a circular on August 22, 2025, clarifying the requirement for Qualified Stock-Brokers ("QSBs") regarding their Information Technology ("IT") and Cybersecurity Committees. Based on SEBI circulars from February 2023 and August 2024, QSBs must have an IT Committee with at least one external independent cybersecurity expert. NSE clarifies that QSBs can maintain a single integrated IT Committee responsible for IT and cybersecurity functions, instead of separate committees.
2.2. NSDL launches e-PASS facility for valid UPI ID requests
National Securities Depository Limited ("NSDL") has enhanced its e-PASS portal to allow Depository Participants ("DP") to submit requests for obtaining 'At Valid' UPI handles in line with SEBI's June 11, 2025, circular on the adoption of standardised, validated, and exclusive UPI IDs for payment collection by SEBI-registered intermediaries from investors. The operational guidelines for requesting valid UPI handles are provided as an annexure, and existing checker users can access the new feature via their current login credentials.
2.3. CDSL issues extension of timeline for implementation of SEBI circular on Margin Obligations via pledge/re-pledge in the depository system
The Central Depository Services Limited ("CDSL") has issued a communique on August 19, 2025, informing all DPs of the Securities Exchange Board of India (SEBI) circular that extends the implementation deadline on margin obligations to be given by way of pledge/re-pledge in the depository system. Initially set for September 01, 2025, the new timeline has been extended to October 10, 2025, following depositories CDSL and NSDL requests to allow additional time for system development and end-to-end testing. Stock exchanges, depositories, and clearing corporations have been directed to notify members, update systems, and amend bye-laws and regulations accordingly.
3. Tax
3.1. Delhi government issues notification on amendments to Delhi Goods and Services Tax Rates
The Delhi Government has released notification F. No. 14 (101)/LA/2025/jtsecylaw/631-640 dated August 22, 2025, on amendments to the Delhi Goods and Services Tax ("GST") rates as published in the Gazette on August 20, 2025. The notification modifies the list of exempted entities by inserting exclusions: in item 4, the exemption now excludes "body corporates," and item 5AB excludes "persons opting for composition levy." This amendment aims to clarify the scope of entities eligible for certain GST exemptions or rates in the National Capital Territory of Delhi. The changes are effective immediately upon publication.
3.2. Delhi government releases the Delhi Goods and Services Tax (Second Amendment) Act, 2025
The Delhi Government has released notification F.14 (102)/LA/2025/ jtsecylaw/641-650 dated August 22, 2025, on the amendments to the Delhi Goods and Services Tax Act, 2017, through the Delhi Goods and Services Tax (Second Amendment) Act, 2025, which was enacted on August 20, 2025. Key changes include clarifications on the treatment of plant and machinery in tax computations, amendments to filing and penalty provisions, and the introduction of provisions for the affixation of unique identification markings on specified goods to enhance tracking and transparency. The act also outlines conditions for tax liability, defines the applicability of unique identification markings, and amends the scope of goods eligible under special economic zones and free trade warehousing zones.
3.3. Ministry of Law and Justice notifies the Income Tax Act 2025
The Ministry of Law and Justice, by Gazette ID CG-DL-E-22082025-265620, released the Income-tax Act of 2025, legislation aimed at replacing the Income-tax Act of 1961, to simplify and modernise India's tax framework. It retains most provisions of the earlier Act. Still, it seeks to facilitate the language, remove redundant provisions, and introduce structural reforms such as faceless assessment and greater use of technology for transparent and efficient tax administration. The Act does not change tax rates or regimes but broadens definitions, including cryptocurrencies as taxable digital assets. The Act also refines presumptive taxation on income computation for small businesses and professionals. Following parliamentary review and government approval, the law was notified to come into force from April 01, 2026.
3.4. Ministry of Law and Justice notifies the Taxation Laws (Amendment) Act 2025
The Ministry of Law and Justice, by Gazette ID CG-DL-E-22082025-265618, has released the Taxation Laws (Amendment) Act, 2025, which amends the Income-tax Act, 1961, and the Finance Act, 2025. It was published on August 21, 2025, and received presidential assent the same day, formally becoming law. The Act includes amendments effective from April 01, 2025, affecting Sections such as 10, 16, and 80CCD of the Income-tax Act, introducing provisions related to the Unified Pension Scheme, clarifying taxability of certain pension payments, and setting definitions for "pool corpus" and "individual corpus."
3.5. CBIC extends GSTR-3B filing deadline for Mumbai and surrounding districts
The Central Board of Indirect Taxes and Customs (CBIC) has issued a notification G.S.R. 565(E) dated August 20, 2025, extending the due date for filing GSTR-3B returns for July 2025 until August 27, 2025. This extension applies specifically to registered taxpayers whose principal place of business is located in the districts of Mumbai (City), Mumbai (Suburban), Thane, Raigad, and Palghar in Maharashtra state, who are required to furnish returns under the relevant provisions of the Central Goods and Services Tax Act, 2017 and Rules. The Commissioner granted the extension based on the Council's recommendations under the powers conferred by sub-section (6) of section 39 of the Central Goods and Services Tax Act 2017.
3.6. Ministry of Finance notifies Kanpur Development Authority as a tax-exempt assessee under section 10(46A) of the Income-Tax Act
The Central Board of Direct Taxes ("CBDT") has released a notification S.O. 3838(E) dated August 21, 2025, declaring the Kanpur Development Authority as an "assessee" under clause (46A) of section 10 of the Income-tax Act, 1961. This notification is effective from the assessment year 2024-2025 and confirms the authority's status under the Uttar Pradesh Urban Planning and Development Act. The retrospective application of this notification ensures no adverse effect on any person. This change formalises the tax status of the Kanpur Development Authority for specific tax exemptions under section 10(46A)(b) of the Income-tax Act, 1961.
3.7. CBDT releases notification of the Income Tax (Twenty-Third Amendment) Rules, 2025
CBDT has released the notification G.S.R. 564(E) dated August 20, 2025, on the Twenty-Third Amendment to the Income-tax Rules, 2025, effective immediately upon Gazette publication. The amendment revises FORM No. 10CC, Appendix II, to clarify income reporting for Units operating as International Financial Service Centre ("IFSC") Insurance Offices. Specifically, it defines "gross income" and permits submission of zero income in cases where profit is computed under Section 44 and the First Schedule of the Income-Tax Act.
3.8. CBDT notifies the Income Tax (Twenty-Fourth Amendment) Rules, 2025
CBDT has released the notification on the Income Tax (Twenty-Fourth Amendment) Rules, 2025, by notification G.S.R. 566(E) dated August 21, 2025. This amendment modifies rule 21AIA of the Income-tax Rules, 1962, by omitting sub-rule (4) and substituting the Explanation to clarify that the term "specified fund" carries the same meaning as defined in sub-clause (i) of clause (c) of the Explanation to clause (4D) of section 10 of the Income-tax Act, 1961. The amendment is effective from the date of its publication and aims to maintain consistency in the interpretation and application of tax exemptions related to specified funds. This notification is a procedural change affecting compliance under the tax rules without altering substantive tax laws.
3.9. CBDT issues Income Tax exemption notification for Tamil Nadu Electricity Regulatory Commission
CBDT, through notification S.O. 3796(E) dated August 19, 2025, has notified that the Tamil Nadu Electricity Regulatory Commission, a government body, will be exempted from income tax on specified items, including government grants, fees under the Electricity Act, penalties, and interest on bank deposits. This exemption is conditional on the Commission not engaging in commercial activities, maintaining the nature of specified income, and filing income tax returns as per prescribed provisions. The notification is effective retrospectively from the financial year 2022-2023 (assessment year 2023-2024). The government certifies no adverse impact due to this retrospective effect.
3.10. CBDT issues notification for Karnataka State Building & Other Construction Workers' Welfare Board
The CBDT has issued a gazette notification S.0. 3853(E) dated August 22, 2025, under Section 10(46) of the Income-tax Act, 1961, that specified income of the "Karnataka State Building & Other Construction Workers' Welfare Board" shall be exempted from tax. The exempt income includes grants from the Central Government, other sums as decided by the Central Government, cess collected under the Building and Other Construction Workers' Welfare Cess Act, 1996, registration fees and annual subscriptions from establishments, and interest earned on bank deposits. This exemption is subject to conditions that the Board shall not engage in commercial activities, maintain the nature of its activities and income, and file income tax returns as per the law.
3.11. Ministry of Law and Justice notifies the Manipur Goods and Services Tax (Amendment) Act 2025
The Ministry of Law and Justice has, by Gazette ID CG-DL-E-19082025-265480 dated August 19, 2025, notified the Manipur Goods and Services Tax (Amendment) Act, 2025, which amends the Manipur GST Act, 2017. This Act introduces several key changes aimed at clarifying and updating GST provisions. Significant amendments include the insertion of provisions allowing waiver of State tax short-levied due to general prevalent practices, extending input tax credit timelines retrospectively for certain financial years, and revising the rules around tax determination, penalty, and interest for non-payment, short-payment, or erroneous refunds of tax and input tax credit from financial year 2024-25 onwards.
4. Information Technology
4.1. CKYCR releases communique on enabling accessibility to digital KYC for differently abled persons
The Central KYC Records Registry ("CKYCR") has issued a communique dated August 21 2025, on the updates to facilitate accessible digital Know Your Customer ("KYC") processes for differently abled individuals, following the Supreme Court order dated April 30, 2025. The updates require adding new fields, such as Differently Abled Status, Type of Impairment, Percentage of Impairment, and UDID Number, in the personal details section of KYC templates for individuals and their related persons in legal entities. These changes will affect all access modes, including screen inputs, bulk uploads, and APIs, prompting an upgrade of the bulk file structure to version 1.3.
4.2. CERT-In issues a vulnerability note on denial of service in CISCO
India Computer Emergency Response Team ("CERT-In") has issued a vulnerability note regarding a high-severity denial-of-service ("DoS") vulnerability in Cisco Secure Firewall ASA and Threat Defence ("FTD") Software. The flaw exists in the Network Address Translation ("NAT") DNS inspection function for IPv4 and IPv6, where processing certain DNS packets with DNS inspection enabled and NAT configured can cause an infinite loop, leading to device reload and DoS. This affects devices configured with NAT44, NAT64, or NAT46. The vulnerability poses significant risks to confidentiality, integrity, and availability. Users are advised to apply the security updates detailed in Cisco's advisory.
4.3. CERT-In issues a vulnerability note on a high-severity out-of-bounds write vulnerability in Apple Products
CERT-In has issued a vulnerability note regarding a high-severity out-of-bounds write vulnerability in Apple products, including iOS, iPadOS (various versions and devices), and macOS (Sequoia, Sonoma, Ventura). The flaw in the ImageIO component allows attackers to exploit improper bounds checking by tricking users into processing malicious image files, potentially leading to memory corruption, arbitrary code execution with user privileges, or DoS. CERT-In urges all Apple product users to apply the security updates released by Apple to mitigate this critical vulnerability. The CVE identifier for this issue is CVE-2025-43300. The advisory highlights that sophisticated targeted attacks may have exploited this vulnerability. Users and organisations are encouraged to remain vigilant and update their devices.
4.4. CERT-In issues a vulnerability note on multiple security flaws in Android
CERT-In has issued a high-severity vulnerability note regarding multiple security flaws in Android versions 13 to 16, affecting core components such as the Framework, System, Kernel, and vendor-specific modules. These vulnerabilities may allow attackers to access sensitive data, escalate privileges, execute arbitrary code remotely, and cause denial-of-service conditions. Users and OEMs are urged to apply the security updates released in the August 2025 Android Security Bulletin to mitigate these risks. The advisory applies to all Android device users and manufacturers.
4.5. CERT-In issues a vulnerability note on a remote code execution vulnerability in Google Chrome Desktop
CERT-In has issued a vulnerability note regarding a high-severity remote code execution vulnerability in Google Chrome for desktop. The flaw, present in versions before 139.0.7258.138/.139 on Windows, Mac, and Linux, allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write issue in the V8 engine. Successful exploitation could lead to system compromise and service disruption. Users are advised to apply the latest vendor updates that Google Chrome provides to mitigate this risk.
4.6. CERT-In issues a vulnerability note on multiple vulnerabilities in Xerox FreeFlow Core
CERT-In has issued a vulnerability note on multiple high-severity vulnerabilities in Xerox FreeFlow Core versions before 8.0.5. An attacker could exploit these vulnerabilities to execute arbitrary commands or cause Server-Side Request Forgery (SSRF) on the targeted system. The risks include unauthorised access to sensitive information, remote code execution, and potential service disruption. CERT-In urges organisations and individuals using Xerox FreeFlow Core to apply the security updates detailed in Xerox's security bulletin to mitigate these threats.
4.7. CERT-In issues a vulnerability note on multiple vulnerabilities in GitLab Community Edition and Enterprise Edition
CERT-In has issued a vulnerability note on multiple medium-severity vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) versions before 18.0.5, 18.1.3, and 18.2.1. These vulnerabilities could allow attackers to bypass security restrictions, obtain sensitive information, and execute cross-site scripting attacks on the targeted systems. The risks include unauthorised data access, system instability, and potential complete system compromise. CERT-In urges all organisations and individuals using GitLab to apply the security updates released by GitLab in July 2025 to mitigate these threats.
4.8. CERT-In issues a vulnerability note on Multiple vulnerabilities in Zoom Products
CERT-In has issued a vulnerability note on multiple high-severity vulnerabilities in Zoom products, including Zoom Workplace, Zoom Rooms, and Zoom Meeting SDK for Windows. These vulnerabilities could allow attackers to inject malicious code or gain elevated privileges on the targeted system. The risks include data manipulation, compromise of application integrity, malicious code injection, and service disruption. CERT-In urges all end-user organisations and individuals using Zoom applications to apply the security updates provided by the vendor to mitigate these threats.
4.9. CERT-In issues advisory on multiple vulnerabilities in Microsoft Products
CERT-In has issued an advisory on multiple high-severity vulnerabilities in Microsoft products, including Windows, Office, Dynamics, SQL Server, Azure, and others. These vulnerabilities could allow attackers to gain elevated privileges, access sensitive information, execute remote code, bypass security restrictions, conduct spoofing attacks, cause DoS, or tamper with system settings. The risks include system compromise, data exfiltration, ransomware attacks, and system instability. CERT-In urges individuals, IT administrators, and security teams to apply the security updates detailed in Microsoft's August 2025 release notes to mitigate these threats.
4.10. Ministry of Electronics and Information Technology advances semiconductor innovation via a design-linked incentive scheme
The Government of India has approved 23 (twenty-three) chip-design projects under the Design Linked Incentive (DLI) Scheme to bolster domestic semiconductor design capabilities. These projects, led by startups and MSMEs, focus on indigenous chips and System-on-chip (SOC) solutions for applications like surveillance cameras, energy meters, microprocessor IPs, and networking. Vervesemi Microelectronics unveiled its roadmap of advanced integrated circuits targeting production in late 2026 or early 2027, including ASICs for motor control, aerospace, precision weighing, and energy metering.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
