Sagus Speaks - August 2025 | Part II

REGULATORY AND POLICY UPDATES

RBI issues Reserve Bank of India (Know Your Customer (KYC)) (2nd Amendment) Directions, 2025¹.

The Reserve Bank of India ("RBI") by notification dated 14.08.2025 issued the RBI (Know Your Customer (KYC)) (2nd Amendment) Directions, 2025 ("KYC Amendment Directions") amending the RBI KYC Directions, 2016 ("KYC Master Directions"). Key highlights of the KYC Amendment Directions include as follows:

1. A direct link to the Frequently Asked Questions (FAQs) on KYC has been added in the KYC Master Directions.
2. RBI has clarified that the Customer Acceptance Policy to be framed by the regulated entities under the KYC Master Directions should not be applied in a manner that denies banking or financial services to the general public, especially to financially or socially disadvantaged persons, including Persons with Disabilities (PwDs). Further, no KYC application (whether for onboarding or periodic updation) shall be rejected without application of mind. The officer concerned shall duly record the reason(s) for rejection.
3. KYC requirements stand extended to occasional transactions of INR 50,000 or above, whether carried out as one transaction or multiple interconnected transactions and to international money transfers.
4. Aadhaar Face Authentication has been expressly recognised as a valid mode of Biometric-based e-KYC authentication.
5. Liveness checks during Video based Customer Identification Process (V-CIP) must not result in exclusion of persons with special needs.

SEBI issues technical clarifications on Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities².

The Securities and Exchange Board of India ("SEBI"), by way of Circular No. SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2025/119 dated 28.08.2025 ("Circular") issued technical clarifications to the Cybersecurity and Cyber Resilience Framework ("CSCRF") for SEBI Regulated Entities ("REs"). Key clarifications are as follows:

1. REs are required to implement and comply with various standards and corresponding guidelines mentioned in CSCRF. For ease of compliance and clarity of implementation, SEBI has introduced two fundamental principles to address compliance challenges faced by entities regulated by multiple authorities (such as banks regulated by both SEBI and RBI):
   
   1. Principle of Exclusivity: The CSCRF will apply only to those systems/applications/ infrastructure/processes which are exclusively used for SEBI-regulated activities. Shared infrastructure will fall under SEBI scope only if not already covered by another regulator. For example, data classification, definition of critical systems, VAPT scope, asset inventory updating, patch management timelines, cloud compliance, supply chain risk, and log management are covered distinctly.
   2. Principle of Equivalence: Where another regulator's frameworks/guidelines contains equivalent cybersecurity controls, compliance with those suffices for SEBI's requirements. For example, Cyber Capability Index, IT Committee constitution, patch management policy, cybersecurity policy, ITSM tool requirements, red teaming, and SOC efficacy.
2. The CSCRF extends to any system on the same network segment as existing critical systems, expanding the traditional narrow scope.
3. While zero-trust is emphasized, SEBI now allows a broader set of methodologies (including network segmentation, no single point of failure, and high availability), subject to IT Committee approval.
4. Security guidelines for mobile apps are now recommendatory (and not mandatory) in nature.
5. Instead of compulsory public/press releases per impact tier, REs should respond as per their approved Cyber Crisis Management Plan (CCMP), giving more discretion to REs.
6. It is recommended (but not mandated) to use a range of security solutions like threat simulation, vulnerability management and decoys system, to assess and enhance their cybersecurity posture.
7. The cyber-supply chain risk assessment process may be done by REs in consultation with their IT Committee.
8. Only REs designated as Critical Information Infrastructure ("CII") by NCIIPC need to comply with national guidelines on CII, narrowing the prior scope.
9. Compliance with CERT-In's Cyber Security Audit Policy Guidelines is now formally required for all cybersecurity audits.

GOVERNMENT NOTIFICATIONS

Parliament has passed the Promotion and Regulation of Online Gaming Bill, 2025³.

Parliament has passed the Promotion and Regulation of Online Gaming Bill, 2025 ("Online Gaming Bill") on 21.08.2025. The Online Gaming Bill shall be applicable on online money gaming service offered, whether inside India or outside India. The Online Gaming Bill prohibits online money games, and promotes and regulates certain other online games. Key highlights of the Online Gaming Bill are as follows:

1. Recognition and promotion of e-sport: The Online Gaming Bill defines "e-sport" primarily as an online game played as part of multi-sports events in multiplayer formats, recognised and registered under the National Sports Governance Act, 2025, whose outcome is determined solely by factors such as physical dexterity, mental agility, strategic thinking or other similar skills. These games may include payment solely for the purpose of entering the competition and performance-based prize money, and shall not involve bets, wagers, stakes, or any winnings therefrom, by participants or non-participants. The Online Gaming Bill recognizes e-sports as a legitimate form of competitive sport in India and provides for steps to be taken by the Central Government to form guidelines for organization and conduct of e-sports events.
2. Recognition and development of online social games: The Online Gaming Bill defines "online social games" as online games where there is no staking of money or other stakes or any monetary gains by way of winning and is offered solely for entertainment or skill-development purposes and is not an online money game or e-sports. The Online Gaming Bill provides for the Central Government to take steps to facilitate the registration of such games and creation of platforms to support their development.
3. Prohibition of online money games: The Online Gaming Bill prohibits any person from offering, aiding, abetting, inducing or otherwise indulging or engaging in offering, advertising and transferring of any funds towards online money games and online money gaming services.
4. The Online Gaming Bill provides for the constitution of an authority to determine whether a particular online game is an online money game or not. The authority will also recognise, categorise and register online games in addition to this the authority will also be responsible for handling the complaints related to online games being prejudicial to the user interest.
5. The Online Gaming Bill also provides for the offences and penalties applicable in contravention of the Online Gaming Bill, whereby, inter alia, any person who offers online money gaming service in contravention of the Online Gaming Bill shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one crore rupees or both. The Online Gaming Bill specifies that offences of offering online gaming services and facilitating financial transactions for such games shall be cognizable and non-bailable.

MCA notifies the Companies (Incorporation) Second Amendment Rules, 2025⁴.

The Ministry of Corporate Affairs ("MCA") by way of Notification No. G.S.R. 579(E) dated 26.08.2025 has notified the Companies (Incorporation) Second Amendment Rules, 2025 ("Amendment Rules") to amend the existing Companies (Incorporation) Rules, 2014 ("Principal Rules"). The Amendment Rules will come into effect from 15.09.2025.

A key change introduced through the Amendment Rules is the substitution of Form No. RD-1, which is the application form used for filings with the Central Government (Regional Director) in cases such as:

1. Rectification of name
2. Change in financial year
3. Conversion of a public company into a private company
4. Notice of approval of a scheme filed in Form CAA-1
5. Other specified purposes under the Companies Act, 2013

The revised Form No. RD-1 now requires applicants to specify their category (i.e., company, limited liability partnership, or others). This requirement was not provided for in the earlier version of Form No. RD-1.

MoP revises the threshold for capital expenditure of hydro generating stations requiring the concurrence of CEA⁵.

The Ministry of Power ("MoP"), through its notification dated 01.08.2025 (published on the website on 18.08.2025), has stipulated that schemes for setting up hydro generating stations involving an estimated capital expenditure exceeding INR 3,000 crores will now require mandatory concurrence of the Central Electricity Authority ("CEA").

Further, developers are to ensure strict adherence to the provisions of the National Dam Safety Act, 2021 while implementing hydro projects.

Further, off-stream closed-loop pumped storage projects are exempted from seeking CEA concurrence irrespective of their capital expenditure and developers of such projects may seek technical guidance from CEA.

Department for Promotion of Industry and Internal Trade published the Cross Recessed Screws (Quality Control) Order, 2025⁶.

The Department for Promotion of Industry and Internal Trade ("DPIIT"), on 27.08.2025, published the Cross Recessed Screws (Quality Control) Order, 2025 ("Order") in exercise of the powers conferred by section 16 of the Bureau of Indian Standards Act, 2016, replacing the earlier order from 2024. The Order will come into effect from date of its publication in the official gazette.

The Order requires certain goods or articles to compulsorily bear the Standard Mark, which must be obtained under a license from the Bureau in accordance with Scheme-I of Schedule-II of the Bureau of Indian Standards (Conformity Assessment) Regulations, 2018. However, this requirement does not apply to goods or articles manufactured domestically for export, goods or articles imported as part of finished products, sub-assemblies or components, or goods or articles imported by domestic manufacturers for use in producing export products.

Furthermore, the Order does not apply to goods manufactured domestically by enterprises registered under the Udyam portal of the Ministry of MSME, provided their investment in plant and machinery or equipment does not exceed INR 25 lakh and their turnover in the previous financial year, certified by a chartered accountant, does not exceed INR 2 crore. It also exempts up to 200 kilograms of goods imported annually for research and development by Original Equipment Manufacturers ("OEMs") of crossed recessed screws, subject to the conditions that such goods are not sold commercially, and can be disposed of as scrap, but the OEMs shall maintain year-wise records of these imports for submission to government authorities if required.

GERC notifies the Gujarat Electricity Regulatory Commission (Procurement of Energy from Renewable Sources) Regulations, 2025⁷.

The Gujarat Electricity Regulatory Commission ("GERC") by its Notification No. 07 of 2025 dated 19.08.2025 issued the GERC (Procurement of Energy from Renewable Sources) Regulations, 2025 ("RPPO Regulations, 2025") with effect from the date of publication in the Official Gazette, i.e., 12.08.2025. The key highlights of the RPPO Regulations, 2025 are as follows:

1. Applicability: The Renewable Power Purchase Obligation ("RPPO") is applicable to all obligated entities within Gujarat, including distribution licensees, open access consumers, captive users with installed capacity exceeding 100 kW and any person, consuming electricity procured from conventional sources. Designated consumers, as defined under the Energy Conservation Act, 2001, shall be required to comply with RPPO irrespective of capacity of captive generating plant.
2. Quantum of RPPO: Obligated Entities must purchase or generate and consume a minimum specified quantum of electricity from renewable energy ("RE") sources and meet an additional energy storage obligation, as mentioned under Table 1 & 2 of the RPPO Regulations, 2025. The RPPO targets are divided into components including (i) Wind Renewable Energy; (ii) Hydro Renewable Energy; (iii) Distributed Renewable Energy (projects < 10 MW, including rooftop solar) and (iv) Other Renewable Energy (e.g., biomass, bagasse co-generation, MSW-based projects).
3. The specified RPPO shall be met either directly or through RE Certificate ("REC") in accordance with the Central Electricity Regulatory Commission (Terms and Conditions for Renewable Energy Certificates for Renewable Energy Generation) Regulations, 2022
4. Energy Storage Obligation: Obligated entities must comply with storage targets which shall be calculated in energy terms as a percentage of total consumption of electricity and shall be treated as fulfilled only when at least 85% of the total energy stored in the Energy Storage System, on an annual basis, is procured from RE sources.
5. Role of State Agency: The Gujarat Energy Development Agency is designated as the State Agency to monitor RPPO compliance, maintain a dedicated RPPO web portal, and submit quarterly and annual compliance reports to GERC.
6. Registration & Reporting: Obligated entities must register on the RPPO web portal and submit quarterly and annual compliance reports. Distribution licensees must also disclose estimated RE procurement in their tariff filings.
7. Consequences of Default: Non-compliance with RPPO attracts penalties under Section 26(3) of the Energy Conservation Act, 2001, computed at twice the TOE value (currently ₹3.72 per kWh based on Ministry of Power notification dated 26.12.2023). Penalty amounts will be deposited into a dedicated fund for procurement of RECs or development of transmission infrastructure.

To read this Newsletter in full, please click here.

Footnotes

1. RBI (Know Your Customer (KYC)) (2nd Amendment) Directions, 2025.

2. Technical clarifications to the Cybersecurity and Cyber Resilience Framework.

3. Promotion and Regulation of Online Gaming Bill, 2025.

4. Companies (Incorporation) Second Amendment Rules, 2025.

5. Revision of Limit of Capital Expenditure of Hydro Generating Stations for concurrence by CEA.

6. Cross Recessed Screws (Quality Control) Order, 2025.

7. GERC (Procurement of Energy from Renewable Sources) Regulations, 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.