We are delighted to share this week's AKP Corporate & Compliance Weekly Digest. Please feel free to write to us with your feedback at info@akandpartners.in.
1. Labour Law
1.1. ESIC pushes SPREE 2025 to widen social security coverage
The Ministry of Labour and Employment highlighted an Employees' State Insurance Corporation ("ESIC") outreach in Haryana promoting registration under the Employees' State Insurance Act, 1948, reminding that every eligible school, factory, clinic, hospital, shop, or establishment with 10 (ten) or more employees must register within 15 (fifteen) days of crossing the threshold; the seminar promoted the Scheme to Promote Registration of Employers and Employees ("SPREE") 2025, which offers no inspection of past records, no demand for past contributions, interest or penalties, and no legal action for prior non-compliance, with registration effective from the date of enrolment, while noting ESIC coverage can mitigate liabilities under the Employees' Compensation Act, 1923 and the Maternity Benefit Act, 1961; SPREE 2025 remains open until December 31, 2025 to enable establishments to regularise and extend benefits including medical care, sickness and maternity benefits, disability and dependent pensions, unemployment allowance, funeral expenses, and skilling support.
1.2. EPFO launches 'Passbook Lite', Annexure K downloads, and trimmed approvals for faster PF services
The Employees' Provident Fund Organisation ("EPFO") announced reforms to deliver key Provident Fund (PF) services through 1 (one) login, including a new "Passbook Lite" view within the member portal and direct member downloads of Annexure K (transfer certificate), while delegating approvals from Regional Provident Fund Commissioner level to Assistant Provident Fund Commissioners and below to speed claim settlements, transfers, advances, refunds, cheque, returns, and interest adjustments, with the Ministry of Labour and Employment stating the changes aim to improve transparency, reduce grievances, and enhance user experience.
1.3. Gujarat issues State Action Plan for Child and Adolescent Labour & POSH Compliance
The Gujarat state government issued a State Action Plan for Child and Adolescent Labour and announced compliance and survey directives for implementing the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, in private institutions.
1.4. Andhra Pradesh finalises amendment to Rule 95 of A.P. Factories Rules, 1950
The Labour, Factories, Boilers and Insurance Medical Services Department issued a notification to amend Rule 95 of the Andhra Pradesh Factories Rules, 1950 under the Factories Act, 1948, the amendment aims to narrow the application of the rule from the umbrella term of "women" to only cover "pregnant woman and lactating mother" under the aforementioned rule.
1.5. EPFO streamlines "exceptional transaction" approvals to speed claim settlement
The EPFO revised and consolidated the delegation of financial powers for processing exceptional transactions, superseding earlier circulars and rationalising authority across field offices and headquarters to fast-track member claims.
2. Stamp Duty
2.1. Ghaziabad circle rate hike proposal of up to 40 per cent will raise stamp duty
The District Administration proposed increasing Ghaziabad circle rates by up to 40 (forty) per cent, which would lift the base on which stamp duty and registration fees are calculated because Uttar Pradesh (UP) levies these on the higher of the declared consideration or the circle rate; the draft points to varied increases across flats, plots and commercial hubs, and invites public objections until September 30, 2025, ahead of a review meeting on October 4, 2025, with officials noting the last revision in September 2024 and emphasising that any approval will directly raise buyers' duty outgo on registrations.
2.2. Kolkata circle rate hikes up to 90 per cent will raise stamp duty
Kolkata's first circle-rate revision in 7 (seven) years raised benchmark values by 15 (fifteen) to 90 (ninety) per cent effective September 17, 2025, which directly increases stamp duty since West Bengal levies it on the higher of the transaction value or the circle rate, and also lifts the 1 (one) per cent registration fee in absolute terms; with typical West Bengal stamp duty bands of 5 (five) to 7 (seven) per cent and the COVID-era 2 (two) per cent stamp duty rebate and 10 (ten) per cent circle-rate cut withdrawn from July 1, 2024, buyers now face full rates on a higher base.
3. Stock Exchanges
3.1. NSDL enhances BSDA eligibility report on e-PASS to help DPs correctly tag accounts
National Securities Depository Limited ("NSDL") issued a Circular announcing an enhancement to the "List of Demat Accounts for Basic Services Demat Account ("BSDA")" report on the NSDL e-PASS portal that provides Depository Participants ("DPs") with a new file highlighting demat accounts that meet BSDA criteria but are not yet marked as BSDA, enabling review and re-classification from Regular to BSDA to improve investor benefits and alignment with Securities and Exchange Board of India ("SEBI") norms.
3.2. NSDL orders suspension of demat accounts with invalid KYC post-KRA validation
NSDL issued a Circular directing DPs to suspend, for debit and credit, demat accounts of existing clients whose Know Your Customer ("KYC") records are found invalid by KYC Registration Agencies ("KRAs") after the validation process; NSDL indicated DP-wise impacted accounts would be available on the e-PASS portal for outreach, advised client intimation via letter or email, and stated suspensions may be lifted upon rectification as confirmed by the KRAs, aligning with the SEBI KRA validation framework.
3.3. BSE StAR MF tightens FATCA/CRS checks, valid foreign TIN now mandatory
The Bombay Stock Exchange ("BSE") reiterated that Members must ensure correct Foreign Account Tax Compliance Act ("FATCA") and Common Reporting Standard ("CRS") data on the BSE StAR Mutual Fund (BSE StAR MF) platform, noting that Registrar and Transfer Agents ("RTAs"), acting on directions from the Central Board of Direct Taxes (CBDT), have implemented immediate additional validations: client orders will be allowed only if a valid foreign Taxpayer Identification Number ("TIN") exists in RTA records where applicable, the checks apply to all tax categories declaring tax residency other than India, TINs must match the prescribed country formats, and entries that are incorrect, dummy, null, or otherwise non-conforming will lead to rejection or refund until clients remediate their FATCA/CRS declarations; any update must include the entire FATCA/CRS profile, not partial information.
3.4. BSE issues advisory to Trading Members on due diligence amid unregistered tipsters and credential-theft schemes
BSE issued a Notice advising Trading Members to exercise heightened care while handling client transactions after detecting a modus operandi involving entities not registered with SEBI offering investment tips, "assured" returns, and soliciting investor login credentials; the Exchange referenced its December 31, 2024 notice on the Brokers' Institutional Mechanism for prevention and detection of fraud or market abuse and urged enhanced due diligence, monitoring of client transactions, stronger internal surveillance including pre-trade risk controls, and client awareness campaigns to mitigate regulatory and reputational risk.
3.5. NSE withholds payouts for trades of September 12, 2025, on Enforcement Authority directions
The National Stock Exchange ("NSE") said it had received directions from the Enforcement Authority to stop all suspected fraudulent transactions executed in a complainant's trading account on September 12, 2025; accordingly, the Exchange has withheld securities and funds payouts relating to certain client counterparties in specified stocks, notified the concerned trading members, and stated that any modification will follow further instructions from the Enforcement Authority, with queries to be addressed to surveillance@nse.co.in.
3.6. NSE Clearing moves client collateral segregation reporting to new portal
NSE Clearing Limited ("NCL") directed all members that, effective trade date September 22, 2025 (reporting date September 23, 2025), the client collateral segregation report must be submitted only through the new NCL Member Portal, with any filings on the existing portal from that date treated as invalid; the cutover follows transition circulars issued on August 26, 2025, September 5, 2025, and September 12, 2025.
3.7. NSE reminds brokers to file ATRs for system and cyber audit non-compliances by September 30, 2025
NSE issued a Circular reminding Trading Members to submit an Action Taken Report ("ATR") for any non-compliances cited in the System Audit and the Cyber Security and Cyber Resilience Audit for the period ended March 31, 2025, by September 30, 2025, through the Electronic NSE Interface ("ENIT"); auditors will review the ATR and mark each observation as compliant or non-compliant on ENIT, and members are advised to follow the prescribed online submission path.
3.8. NSDL implements SEBI CSCRF VAPT reporting for Participants
NSDL issued a Circular implementing SEBI Cyber Security and Cyber Resilience Framework (CSCRF) requirements for summary submission of Vulnerability Assessment and Penetration Testing (VAPT) and cyber audit reports in the prescribed format, clarifying that explicit vulnerability details are not to be shared unless specifically requested by the regulator; DPs must align processes and submissions to these SEBI directions and ensure confidentiality of audit artefacts.
4. Information Technology
4.1. CERT-In flags multiple vulnerabilities in Apple products
The Indian Computer Emergency Response Team ("CERT-In") issued Advisory CIAD-2025-0031 warning of multiple security flaws impacting Apple products and urging immediate installation of the latest vendor updates to mitigate risks such as remote code execution, information disclosure, privilege escalation, and denial of service; enterprises should accelerate patch deployment and monitor for anomalies across managed devices.
4.2. CERT-In flags High-severity flaws in Google Chrome
CERT-In issued Vulnerability Note CIVN-2025-0217 warning that multiple bugs in Google Chrome for Desktop could enable remote code execution, denial of service, and information disclosure; affected builds are versions prior to 140.0.7339.185/.186 on Windows and macOS and prior to 140.0.7339.185 on Linux, with issues cited including type confusion in V8, heap buffer overflow in ANGLE, and use-after-free in Dawn and WebRTC; users are advised to apply the latest vendor updates without delay.
4.3. CERT-In warns of high-severity ARP flaw in Cisco IOS XR
CERT-In issued Vulnerability Note CIVN-2025-0213 on a High severity Denial of Service (DoS) flaw in the Address Resolution Protocol (ARP) handling of Cisco IOS XR Software that permits an unauthenticated adjacent attacker to trigger a broadcast storm by flooding the management interface, degrading performance, cutting management access, or rendering devices unresponsive, with potential impact to confidentiality, integrity, and availability; administrators should apply the fixes referenced in Cisco's advisory for CVE-2025-20340 without delay.
4.4. CERT-In warns of multiple vulnerabilities in Schneider Electric Altivar and Saitel devices
CERT-In issued Vulnerability Note CIVN-2025-0214 on multiple flaws affecting Schneider Electric Altivar Process Drives, Altivar Machine Drives (ATV340E), Altivar Soft Starter (ATS490), Saitel DR/DP remote terminal units, certain Altivar communication modules, and the ATVdPAC module; issues include cross-site scripting and improper command handling that could allow security bypass, data exposure, or command execution during authenticated sessions, with a Medium severity rating; administrators should implement Schneider Electric's remediations referenced in security notices SEVD-2025-252-01 and SEVD-2025-252-02 and review fleet exposure.
4.5. CERT-In warns of reflected XSS in PPC 2K15X Router
CERT-In issued Vulnerability Note CIVN-2025-0215 on a reflected cross-site scripting flaw in the PPC 2K15X Router's web management portal caused by improper validation of Common Gateway Interface (CGI) parameters; an unauthenticated attacker could inject JavaScript that executes in an administrator's browser upon interaction, with a Medium severity assessment (CVSS v4.0 5.1 (five point one)); users should implement vendor patches and limit exposure of the management interface.
4.6. CERT-In flags High-severity vulnerabilities in Microsoft Edge
CERT-In issued Vulnerability Note CIVN-2025-0218 on High severity flaws in Microsoft Edge for Desktop prior to version 140.0.3485.66 that could enable security bypass and remote code execution due to issues including use-after-free in Service Worker and improper Mojo implementation; administrators should install Microsoft's update and move to version 140.0.3485.66 or later, with bugs tracked as CVE-2025-10200 and CVE-2025-10201.
4.7. CERT-In flags critical RCE in Rockwell Control Logix Ethernet modules
CERT-In issued Vulnerability Note CIVN-2025-0216 on a critical remote code execution flaw affecting Rockwell Automation Control Logix Ethernet modules, advising operators to implement Rockwell's Security Advisory SD1732 fixes without delay, minimise exposure of affected modules, and enforce network segmentation; the issue is tracked as Common Vulnerabilities and Exposures (CVE) CVE-2025-7353 and has been detailed by Rockwell and the U.S. Cybersecurity and Infrastructure Security Agency as remotely exploitable with low complexity, warranting urgent remediation in industrial environments.
5. Tax
5.1. MoF issues FAQs-3 on 56th (fifty-sixth) GST Council decisions, mapping 2025 rate and exemption notifications
The Ministry of Finance (MoF) released "Frequently Asked Questions-3" summarising decisions of the fifty-sixth Goods and Services Tax (GST) Council, pointing taxpayers to the new Central Goods and Services Tax (CGST) rate notification for goods (Notification No. 9/2025-Central Tax (Rate), September 17, 2025), the updated CGST exemptions list (Notification No. 10/2025-Central Tax (Rate), September 17, 2025), the handicrafts rate amendment (Notification No. 13/2025-Central Tax (Rate), September 17, 2025), the revised Compensation Cess rates (Notification No. 2/2025-Compensation Cess (Rate), September 17, 2025, amending Notification No. 1/2017-Compensation Cess (Rate)), the change for goods imported for petroleum operations (Notification No. 11/2025-Central Tax (Rate), September 17, 2025), and confirmation that bricks under the Special Composition Scheme see no rate change (Notification No. 14/2025-Central Tax (Rate), September 17, 2025).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
