The Securities and Exchange Board of India

SEBI Advisory on Emerging Advanced Artificial Intelligence (AI) Tools for Vulnerability Detection

 On May 05, 2026, the Securities and Exchange Board of India (“SEBI”) has issued a circular (No. HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026) in exercise of powers under Section 11(1) of the Securities and Exchange Board of India Act, 1992, warning all Regulated Entities (“REs”) of emerging cybersecurity risks arising from advanced AI-driven vulnerability identification tools such as “Mythos.” The advisory cautions that the rapid evolution of such tools enables identification and potential exploitation of existing vulnerabilities at speed and scale, while raising concerns relating to data confidentiality, application integrity, and the reliability of outputs.

 SEBI cautioned that AI-powered vulnerability identification tools such as Mythos are evolving rapidly and increasing the risk of exploitation of systems at scale. The regulator noted that given the interconnectedness and interdependency of market participants, a coordinated approach to vulnerability management, information sharing, and monitoring is necessary to prevent cascading impact across the securities market ecosystem.

 In response, SEBI has constituted a dedicated task force named “Cyber Suraksha AI,” comprising representatives from Market Infrastructure Institutions (“MIIs”), Qualified Registrars to an Issue and Share Transfer Agents (“QRTAs”), and other stakeholders. The task force is mandated to examine cybersecurity risks posed by AI-based models, devise uniform mitigation strategies, facilitate threat intelligence sharing, and review the cybersecurity posture of third-party application service providers. The circular is to be read with all applicable SEBI circulars including the Cybersecurity and Cyber Resilience Framework (“CSCRF”).

The advisory is particularly relevant for stock exchanges, depositories, brokers, market infrastructure institutions, fintech platforms, and technology vendors operating within the securities ecosystem.

Key Highlights

1. Constitution of Cyber Suraksha AI Task Force: SEBI has constituted the Cyber Suraksha AI task force comprising representatives from MIIs, QRTAs, Qualified Regulated Entities (“QREs”), and other stakeholders. The task force is mandated to: examine cybersecurity risks posed by AI-based models and devise uniform mitigation strategies; facilitate sharing of threat intelligence and vulnerability management best practices; report on a priority basis any cyber incidents or significant attack vectors; and review the cybersecurity posture of third-party application service providers including empanelled vendors. Following a consultation meeting of the task force with MIIs and QRTAs, SEBI has issued a detailed advisory at Annexure-A prescribing specific compliance measures applicable to all REs. These include: immediate patching of all operating systems and applications; regular Vulnerability Assessments and security audits using both conventional and AI-based tools under the CSCRF; engagement with third-party vendors including VAPT, continuous monitoring, and hardening measures; structured change management protocols; API security measures; rigorous Security Operations Centre (“SOC”) monitoring integrated with SOAR playbooks and SIEM solutions; expedited onboarding with the Market SOC (“M-SOC”) established by NSE and BSE; and at the strategic level, preparation of long-term plans for AI usage in threat detection, recalibration of risks for AI-accelerated threats, and AI-augmented SOC transformation.

2. Concerns Regarding Operational and Systemic Risks: A central aspect of the advisory is SEBI’s caution regarding the potential risks associated with inadequately governed or improperly deployed AI systems. The regulator observed that while AI technologies may improve cyber defence capabilities, they may simultaneously create vulnerabilities capable of compromising interconnected financial infrastructure. SEBI highlighted concerns relating to operational disruptions, inaccurate threat assessments, misuse of AI-generated outputs, unauthorised access to sensitive systems, compromise of confidential data, and broader systemic instability. The advisory indicates that failures associated with AI systems may not remain confined to individual entities and could potentially impact the wider securities market ecosystem.

3. Increasing Regulatory Focus on Cybersecurity Governance: The advisory underscores SEBI’s expectation that RE’s should strengthen internal cybersecurity governance frameworks and establish appropriate oversight mechanisms surrounding AI deployment. The communication reflects the regulator’s broader position that cybersecurity governance is no longer merely a technical or operational issue, but a significant compliance, risk management, and governance concern. The advisory also indicates that boards, senior management, compliance teams, and technology leadership may increasingly be expected to maintain active oversight over cybersecurity infrastructure and AI-driven operational systems.

4. Emphasis on Continuous Monitoring and Proactive Risk Management: SEBI placed considerable emphasis on the need for RE’s to maintain robust vulnerability assessment mechanisms, continuous monitoring systems, and effective incident response frameworks. The advisory highlights the importance of proactive cybersecurity preparedness and continuous surveillance of technological infrastructure to identify and mitigate emerging threats in a timely manner. The communication reflects the regulator’s expectation that entities operating within the securities market ecosystem should adopt dynamic risk management practices capable of responding to rapidly evolving cybersecurity challenges and technological threats.

5. Importance of Data Integrity, Confidentiality, and Reliability: The advisory specifically highlights the need to ensure confidentiality, integrity, and reliability of data processed through AI-enabled systems. SEBI recognised that advanced AI tools frequently operate through access to substantial volumes of sensitive operational, transactional, and market-related information. Accordingly, the regulator emphasised the importance of implementing safeguards capable of preventing unauthorised access, manipulation of information, compromise of system integrity, and generation of inaccurate or unreliable outputs. The advisory signals that data governance and information security will continue to remain central regulatory priorities in the context of AI adoption within financial markets.

6. Focus on Third-Party Technology and Vendor Risk Oversight: SEBI also highlighted the growing risks associated with reliance on external technology providers, AI vendors, outsourced cybersecurity infrastructure, and third-party service providers. The advisory underscores the importance of conducting appropriate due diligence and maintaining ongoing oversight over external technological arrangements.

   The communication reflects the regulator’s broader concern regarding operational dependencies and concentration risks arising from increasing reliance on third-party technology ecosystems within the financial services sector.

7. Alignment with Global Regulatory Trends on AI Governance: The advisory is consistent with broader international regulatory developments where financial regulators are increasingly examining AI deployment from the perspective of accountability, transparency, operational resilience, and systemic risk management. Regulatory authorities globally are moving towards establishing governance standards surrounding AI systems used within critical financial infrastructure. SEBI’s communication therefore represents an important step towards integrating AI governance considerations into India’s securities regulatory framework and signals that greater regulatory scrutiny surrounding AI deployment in financial services is likely to emerge over time.

8. Potential Compliance and Legal Implications for RE’s: Although the advisory does not presently introduce a detailed regulatory framework specifically governing AI systems, it nevertheless carries important compliance and governance implications for RE’s. Organisations may now need to revisit internal technology governance policies, cybersecurity controls, vendor management frameworks, incident response mechanisms, and risk oversight procedures in light of evolving regulatory expectations. The advisory may also encourage entities to strengthen contractual protections with technology vendors, reassess internal accountability structures relating to AI deployment, and adopt more formalised governance frameworks concerning use of emerging technologies within regulated operations.

‘Significant Indices’ under SEBI (Index Providers) Regulations, 2024

On May 05, 2026, the Securities and Exchange Board of India (“SEBI”) has issued a circular operationalising the framework relating to “Significant Indices” under the SEBI (Index Providers) Regulations, 2024. The circular marks an important regulatory development for India’s growing passive investment ecosystem and reflects SEBI’s increasing focus on governance, transparency, accountability, and oversight in relation to benchmark administration and index-related market infrastructure.

With the rapid expansion of Exchange Traded Funds (“ETFs”), index funds, passive investment products, and benchmark-linked financial instruments, market indices have acquired significant influence over capital allocation, investment strategies, and market behaviour. Recognising the systemic importance of widely tracked indices, SEBI has now introduced a formal framework for identifying and regulating “Significant Indices.”

 Under the circular, an index will qualify as a “Significant Index” where the daily average cumulative Assets Under Management (“AUM”) of mutual fund schemes tracking or benchmarking such index exceeds INR 20,000 (Indian Rupees Twenty Thousand) Crores for each of the previous 6 (Six) months ending June 30 and December 31 each year. SEBI has identified 48 (Forty-Eight) indices in the first phase, including Nifty 50, BSE Sensex, and Nifty Bank. Once classified as “Significant,” the relevant index provider will become subject to enhanced regulatory obligations under the SEBI (Index Providers) Regulations, 2024, and must apply for registration with SEBI within 6 (Six) months of the circular (i.e., by November 5, 2026).

The framework seeks to strengthen governance standards surrounding benchmark administration and minimise potential conflicts of interest, operational vulnerabilities, and transparency concerns associated with index creation and management. The circular also reflects SEBI’s intention to align India’s regulatory approach with evolving international standards governing benchmark administrators and index providers.

The circular assumes greater significance in light of the increasing participation of retail and institutional investors in passive investment products, where market indices directly influence investment decisions, fund flows, and portfolio allocation strategies.

Key Highlights

1. Formal Introduction of the “Significant Indices” Framework

SEBI has operationalised the framework for identifying and regulating “Significant Indices” under the SEBI (Index Providers) Regulations, 2024. The circular provides the criteria for classification of an index as a Significant Index and sets out the regulatory requirements applicable upon such classification.

The framework establishes a separate regulatory category for indices that satisfy the prescribed threshold under the Regulations and specifies the governance, compliance, and oversight requirements applicable to such indices and their administrators.

2. Threshold-Based Classification of Significant Indices

 The circular prescribes an AUM-based threshold for identifying indices that qualify as “Significant Indices.” An index will be classified as a Significant Index if the daily average cumulative AUM of mutual fund schemes tracking or benchmarking the index exceeds INR 20,000 (Indian Rupees Twenty Thousand) Crores for each of the previous 6 (Six) months, assessed twice yearly based on data ending June 30 and December 31. SEBI has identified 48 (Forty-Eight) indices in the first phase of this classification.

 The classification framework introduces an objective mechanism for identifying indices that fall within the scope of the enhanced regulatory framework under the SEBI (Index Providers) Regulations, 2024. It also provides clarity regarding the circumstances in which additional regulatory requirements become applicable to an index and its administrator.

3. Governance Framework for Significant Indices

The framework prescribes governance requirements applicable to Significant Indices and their administrators. These requirements relate to the administration, management, and oversight of indices classified as Significant Indices under the Regulations.

The framework also sets out expectations regarding governance structures, internal controls, and processes adopted by index providers in relation to the administration of Significant Indices. Such requirements form part of the broader regulatory framework governing benchmark administration under the SEBI (Index Providers) Regulations, 2024.

4. Applicability to Passive Investment Products

The framework applies to indices that are tracked or benchmarked by passive investment products, including Exchange-Traded Funds (“ETFs”) and index funds. Classification as a Significant Index is determined with reference to the assets benchmarked against the index through such products.

Given the increasing use of benchmark indices in passive investment strategies, the framework establishes a dedicated regulatory structure for indices that serve as reference points for a substantial volume of assets managed through passive investment products.

5. Separate Regulatory Category for Significant Indices

The circular introduces a distinct regulatory category for Significant Indices under the SEBI (Index Providers) Regulations, 2024. Upon classification, such indices and their administrators become subject to the provisions specifically applicable to Significant Indices under the regulatory framework.

The framework therefore differentiates between indices that meet the prescribed significance threshold and those that do not, creating a separate set of regulatory requirements applicable to classified indices.

6. Regulatory Obligations of Index Providers

The circular specifies the obligations applicable to index providers administering Significant Indices. These include compliance with the requirements prescribed under the SEBI (Index Providers) Regulations, 2024 following classification of an index as significant.

The framework provides regulatory clarity regarding the responsibilities of index providers and establishes the requirements that become applicable upon an index being designated as a Significant Index under the Regulations.

Discontinuation of Investor Risk Reduction Access (“IRRA”) Platform

 On May 07, 2026, the Securities and Exchange Board of India (“SEBI”) has issued a circular discontinuing the Investor Risk Reduction Access (“IRRA”) platform with immediate effect. The IRRA framework was originally introduced in December 2022 as a contingency mechanism to provide brokers with an alternative access point for trading in case of disruptions in their primary systems; it became operational in October 2023.

The IRRA platform was conceptualised as a temporary risk mitigation framework intended to protect investors from potential losses arising due to operational failures, connectivity issues, cyber incidents, or system outages affecting trading members. The mechanism allowed investors to access an alternative facility to execute limited risk-reducing transactions during periods when their primary broker systems became inaccessible.

 Stock exchanges informed SEBI that the IRRA platform had not been used by any broker since it became operational in October 2023, making it structurally redundant. SEBI noted that a combination of stronger regulatory measures, technological upgrades, and the availability of alternative mechanisms — including robust BCP-DR norms, the Market Security Operations Centre (M-SoC), and independent “cold sites” — had rendered the platform unnecessary. While discontinuing IRRA, SEBI has directed stock exchanges to review and further strengthen the Contingency Pool Trading Facility, which continues to serve as an alternative mechanism during disruptions.

The circular assumes significance in the context of increasing reliance on digital trading infrastructure, growing retail participation in securities markets, and rising regulatory focus on technological preparedness and system reliability among intermediaries and market infrastructure institutions.

The discontinuation of the IRRA mechanism may also encourage intermediaries to strengthen internal disaster recovery systems, business continuity planning frameworks, investor communication protocols, and technological infrastructure resilience in order to minimise the impact of operational disruptions on market participants.

Key Highlights

1. Discontinuation of the IRRA Platform Framework

 SEBI has formally discontinued the IRRA platform with immediate effect, citing its redundancy amid improved technological resilience. Stock exchanges unanimously recommended discontinuation after confirming that the platform had not been used by any broker since it became operational in October 2023.

The platform had functioned as a contingency arrangement enabling investors to undertake limited risk-reducing transactions when normal trading access through brokers became unavailable. The discontinuation marks a shift away from reliance on an external contingency access mechanism within the securities market ecosystem.

2. Increased Focus on Broker-Level Operational Preparedness

The circular reflects SEBI’s broader regulatory expectation that intermediaries should independently maintain robust operational infrastructure and technological preparedness capable of handling disruptions and system failures.

The move indicates that brokers and trading intermediaries may now be expected to strengthen internal systems relating to operational continuity, infrastructure resilience, and outage management rather than depending upon alternate market-wide access mechanisms.

3. Emphasis on Operational Resilience and Technology Governance

The development highlights SEBI’s continued focus on operational resilience and technology governance within increasingly digitised securities markets.

As market participation becomes heavily dependent on online trading platforms, operational disruptions and technological failures have the potential to significantly impact investor access, market efficiency, and transactional continuity. The circular therefore reinforces the importance of maintaining resilient and reliable trading infrastructure across intermediaries and market participants.

4. Reinforcement of Business Continuity and Disaster Recovery Frameworks

The discontinuation of the IRRA platform underscores the growing importance of effective business continuity planning (“BCP”) and disaster recovery (“DR”) mechanisms within the securities market ecosystem.

The circular indirectly signals that RE’s may now face increased expectations with respect to system redundancy, incident response preparedness, infrastructure stability, and continuity of investor services during periods of operational disruption.

5. Impact on Digital Trading Ecosystem and Investor Access

The development assumes particular significance in light of the rapid expansion of digital trading platforms and increasing retail participation in Indian securities markets.

Given the growing dependence of investors on technology-enabled trading systems, intermediaries may need to reassess investor communication protocols, platform stability measures, and contingency arrangements to minimise disruptions caused by system outages or technological failures.

6. Continued Regulatory Emphasis on Investor Protection

Although SEBI has discontinued the IRRA mechanism, the circular does not suggest any reduction in the regulator’s broader focus on investor protection and market stability.

Instead, the move appears to reflect a regulatory preference towards strengthening primary operational infrastructure and intermediary-level preparedness in order to ensure uninterrupted investor access and market continuity.

7. Broader Regulatory Push Towards Infrastructure Stability

The circular forms part of SEBI’s broader regulatory approach aimed at strengthening market infrastructure, improving operational standards, and reducing technology-related systemic risks within the securities ecosystem.

The development reinforces the regulator’s continued emphasis on ensuring reliability, resilience, and stability across critical market infrastructure and intermediary operations in an increasingly technology-driven trading environment.

Status of Special Purpose Vehicles (“SPV’s”) Post Conclusion or Termination of Concession Agreement

On May 15, 2026, the Securities and Exchange Board of India (“SEBI”) has issued a circular clarifying the regulatory treatment of Special Purpose Vehicles (“SPVs”) following the conclusion or termination of concession agreements in infrastructure projects. The clarification is particularly significant for Infrastructure Investment Trusts (“InvITs”), infrastructure developers, sponsors, and lenders involved in concession-based infrastructure assets.

Infrastructure projects held under InvIT structures are commonly operated through SPVs established for the execution and management of specific concession-based assets. However, uncertainties often arise regarding the status and treatment of such SPVs once the underlying concession agreement expires or is terminated.

Through the present circular, SEBI has provided clarity on the continued treatment of such SPVs and prescribed timelines and compliance expectations for transition, restructuring, acquisition of new projects, or exit from the SPV structure. The framework appears aimed at ensuring regulatory continuity, operational clarity, and investor transparency in relation to infrastructure assets held through InvIT arrangements.

The circular also reflects SEBI’s broader focus on strengthening governance standards and improving certainty within India’s infrastructure investment and asset monetisation ecosystem.

Key Highlights

1. Continuation of SPV Status Post Concession Expiry or Termination

SEBI has clarified that an SPV may continue to retain its SPV status even after the conclusion or termination of the concession agreement, subject to compliance with specified conditions under the framework. The clarification provides regulatory continuity for InvIT-held SPVs and addresses uncertainty regarding the treatment of project entities following cessation of concession rights.

2. One-Year Timeline for Exit or Acquisition of New Project

The circular requires the Investment Manager to either exit the SPV through sale, liquidation, merger, or winding-up, or acquire a new infrastructure project within the same SPV, within one year from the later of expiry or termination of the concession agreement, conclusion of pending claims or litigation, or completion of the defect liability period. The prescribed timeline is intended to ensure that inactive or non-operational SPVs are not indefinitely retained within InvIT structures without a defined transition strategy.

3. Exclusion of Time Required for Statutory and Regulatory Approvals

SEBI has clarified that the period consumed in obtaining statutory or regulatory approvals required for sale, merger, liquidation, or winding-up of the SPV will be excluded while calculating the one-year timeline. This provides practical flexibility for infrastructure stakeholders, particularly in transactions involving multiple approvals, government authorities, lenders, or sectoral regulators.

4. Enhanced Disclosure Obligations for InvITs

The circular introduces disclosure requirements concerning such SPVs, including disclosures relating to project status, liabilities, pending litigation or claims, repayment obligations, and proposed transition or exit plans. The framework reflects SEBI’s continued emphasis on transparency and investor visibility in relation to infrastructure assets undergoing post-concession transition or restructuring.

The Reserve Bank of India (“RBI”)

RBI Introduces Foreign Exchange Management (Authorised Persons) Regulations, 2026

On May 06, 2026, the Reserve Bank of India (“RBI”) has issued the Foreign Exchange Management (Authorised Persons) Regulations, 2026, with the objective of rationalising the existing framework governing Authorised Persons under the Foreign Exchange Management Act, 1999 (“FEMA”). The revised framework seeks to improve delivery of foreign exchange services while simultaneously easing compliance requirements applicable to RE’s. 

The notification reflects RBI’s broader effort to modernise India’s foreign exchange regulatory architecture in light of evolving cross-border transaction ecosystems, increasing digitisation of payment infrastructure, and expanding participation of fintech and non-bank entities within the foreign exchange and remittance landscape.

Pursuant to the issuance of the new regulations, RBI has also amended existing instructions contained in the Master Direction – Money Changing Activities and Master Direction – Other Remittance Facilities. Further, several earlier A.P. (DIR Series) Circulars issued between 2000 and 2015 have been superseded under the revised framework.

The framework is expected to have significant implications for Authorised Dealer banks, Full Fledged Money Changers (“FFMCs”), non-bank AD Category-II entities, remittance intermediaries, and other entities operating within India’s foreign exchange services ecosystem.

Key Highlights

1. Rationalisation of Framework Governing Authorised Persons

RBI has reviewed and rationalised the regulatory framework governing entities authorised to undertake foreign exchange activities under FEMA. The revised framework has been introduced with the stated objective of improving delivery of foreign exchange services while easing compliance requirements applicable to regulated entities.

The development reflects RBI’s attempt to streamline and modernise the regulatory structure applicable to authorised persons operating within India’s foreign exchange ecosystem.

2. Amendments to Existing Master Directions

Consequent to the issuance of the 2026 Regulations, RBI has amended instructions contained in the “Master Direction – Money Changing Activities” and the “Master Direction – Other Remittance Facilities.”

The amendments include omission and modification of several provisions relating to money changing activities, authorisation structures, and remittance-related operational requirements.

3. Gradual Discontinuation of Franchisee Arrangements

One of the significant changes introduced under the revised framework relates to franchisee arrangements involving AD Category-I banks, AD Category-II entities, and FFMCs.

RBI has clarified that authorised persons shall not enter into any fresh franchisee arrangements going forward, and all existing franchisee arrangements are required to be discontinued gradually within two years from May 06, 2026. 

4. Revised Reporting and Compliance Requirements for FFMCs and Non-Bank AD Category-II Entities

The framework revises reporting obligations applicable to FFMCs and non-bank AD Category-II entities.

Under the amended framework, such entities are now required to submit annual audited balance sheets along with statutory auditor certificates confirming net worth by October 31 each year and annual forex turnover certificates by April 30 each year. 

5. Supersession of Earlier FEMA Circulars

RBI has superseded multiple A.P. (DIR Series) Circulars issued between 2000 and 2015 pursuant to the issuance of the revised regulations. 

The consolidation and replacement of earlier circulars appears aimed at reducing fragmentation within the regulatory framework and creating a more streamlined compliance structure for authorised persons operating under FEMA.

6. Continued Regulatory Focus on Governance and Oversight

The revised framework reflects RBI’s continuing focus on strengthening governance standards, operational oversight, and regulatory supervision within India’s foreign exchange and remittance ecosystem.

The regulations are likely to assume particular significance in light of increasing cross-border transaction volumes, growing participation of fintech entities in payment ecosystems, and evolving international financial infrastructure.

Operating Framework for Facilitating Outward Remittance Services by Non-Bank Entities through Authorised Dealer (Category-I) Banks in India

On May 13, 2026, The Reserve Bank of India (“RBI”) has issued a circular introducing an operating framework for facilitating outward remittance services by non-bank entities through Authorised Dealer (“AD”) Category-I banks in India. The framework marks a significant regulatory development for India’s cross-border payments and remittance ecosystem and reflects RBI’s evolving approach towards fintech participation in foreign exchange and remittance-related activities. 

Under the earlier framework, non-bank entities facilitating outward remittance services through AD Category-I banks were required to obtain specific approval from RBI for such tie-up arrangements. Pursuant to the present circular, RBI has now dispensed with the approval requirement and instead prescribed a principle-based operational and compliance framework to be followed by Authorised Dealers while facilitating such arrangements. 

The revised framework is particularly significant for fintech platforms, digital remittance service providers, payment intermediaries, online financial service platforms, and entities operating technology-enabled cross-border transaction interfaces. The circular also reflects RBI’s attempt to balance innovation and ease of doing business with customer protection, data governance, transparency, and regulatory oversight within India’s rapidly expanding outward remittance ecosystem.

The framework applies to outward remittance arrangements facilitated through third-party online interfaces including websites, online platforms, software applications, mobile applications, and similar digital transaction interfaces. 

Key Highlights

1. Removal of Prior RBI Approval Requirement for Tie-Up Arrangements

RBI has dispensed with the earlier process requiring specific approval from the regulator for tie-up arrangements between AD Category-I banks and non-bank entities facilitating outward remittance services.

The move represents a significant shift towards a more facilitative and operationally flexible regulatory framework for cross-border remittance arrangements involving fintech and technology-enabled intermediaries.

2. Continued Compliance Responsibility on Authorised Dealers

Although non-bank entities may facilitate outward remittance services through digital platforms, RBI has clarified that the Authorised Dealer shall remain solely responsible for ensuring compliance with FEMA requirements and applicable Know Your Customer (“KYC”) obligations. 

3. Enhanced Transparency Requirements for Customers

The circular introduces extensive customer transparency obligations applicable to outward remittance transactions facilitated through third-party interfaces. Authorised Dealers are required to ensure prominent disclosure of key transaction-related information including exchange rates, mark-ups, service charges, timelines for credit, grievance redressal details, and the exact foreign exchange amount receivable by the beneficiary. 

4. Strengthened Governance Framework for Third-Party Arrangements

The circular prescribes detailed contractual and governance requirements governing arrangements between Authorised Dealers and third-party entities. RBI has clarified that agreements with third-party service providers shall not dilute or absolve the AD of its regulatory obligations.

5. Increased Focus on Data Privacy and Cybersecurity

The framework places significant emphasis on data protection, privacy safeguards, and cybersecurity compliance. RBI has clarified that collection and sharing of customer data must be need-based and supported by prior and explicit customer consent.

The circular also specifically references compliance with the Digital Personal Data Protection Act and requires adherence to RBI-prescribed cybersecurity standards and technology-related safeguards. 

6. Restrictions on Handling of Customer Funds

RBI has clarified that remitter funds must remain protected and appropriately ringfenced from insolvency-related risks. Importantly, the circular expressly states that remitter funds must not, at any stage, flow into the account of the third-party entity in India.

7. Reinforcement of Customer Protection and Grievance Redressal Mechanisms

The circular requires Authorised Dealers to maintain formal grievance redressal frameworks compliant with RBI guidelines and ensure that customer protection standards remain central to all third-party remittance arrangements.

The framework further requires customers to be provided with transaction tracking capabilities in cases involving delays in remittance processing or beneficiary credit timelines. 

8. Broader Regulatory Recognition of Fintech Participation in Cross-Border Payments

The notification reflects RBI’s broader policy direction towards enabling greater participation of technology-driven entities within India’s cross-border payments ecosystem while preserving regulatory oversight through banking channels.

The framework may therefore be viewed as an important step towards formalising fintech-bank partnerships in outward remittance services while simultaneously strengthening governance, transparency, compliance, and customer protection safeguards.

Insolvency and Bankruptcy Board of India (“IBBI”)

Insolvency and Bankruptcy Board of India (Model Bye-Laws and Governing Board of Insolvency Professional Agencies) (Amendment) Regulations, 2026

On May 13, 2026, the Insolvency and Bankruptcy Board of India (“IBBI”) has notified the Insolvency and Bankruptcy Board of India (Model Bye-Laws and Governing Board of Insolvency Professional Agencies) (Amendment) Regulations, 2026, introducing significant governance reforms for Insolvency Professional Agencies (“IPAs”). The amendments are aimed at enhancing regulatory oversight, strengthening board independence, and improving governance standards within institutions that play a critical role in the administration and supervision of insolvency professionals under the Insolvency and Bankruptcy Code, 2016.

The reforms come at a time when the insolvency ecosystem is undergoing substantial transformation through the implementation of the Insolvency and Bankruptcy Code (Amendment) Act, 2026. Against this backdrop, IBBI’s focus on institutional governance reflects a broader regulatory objective of reinforcing accountability, transparency, and effective oversight within entities responsible for maintaining professional standards across the insolvency framework.

The amendments introduce direct regulatory representation on the governing boards of Insolvency Professional Agencies, revise eligibility criteria for independent directors, strengthen the process governing reappointment of directors, and prescribe a more structured framework for appointment and renewal of Managing Directors. Collectively, these measures are expected to enhance governance standards and reinforce stakeholder confidence in the institutions supporting India's insolvency regime.

Key Highlights

1. Introduction of IBBI Nominee Director on Governing Boards

A notable feature of the amendment is the introduction of a nominee director appointed by IBBI on the Governing Board of every Insolvency Professional Agency. The nominee director will enjoy the same status, rights, powers, duties, and responsibilities as other directors on the board. This change is expected to strengthen regulatory oversight and facilitate closer engagement between the regulator and Insolvency Professional Agencies.

2. Strengthening Independence Standards for Directors

The amendment introduces additional eligibility requirements for independent directors serving on the governing boards of Insolvency Professional Agencies. Independent directors can no longer be associated with statutory regulators that have sponsored, promoted, or exercise control over an IPA, nor can they simultaneously serve as independent directors on the board of another Insolvency Professional Agency.

3. Performance-Based Reappointment of Independent Directors

The regulations provide that a second term for an independent director will be subject to a satisfactory performance review by the Governing Board and prior approval of IBBI. The introduction of a performance-based review mechanism aims to strengthen accountability and ensure continued effectiveness of board oversight.

4. Enhanced Oversight of Managing Director Appointments

The amendment introduces a more structured process for appointment and renewal of Managing Directors of Insolvency Professional Agencies. To obtain IBBI's prior approval, an IPA must submit at least two candidate names to the Board at least one month before the expiry of the incumbent's tenure. The requirement is expected to improve succession planning and promote greater transparency in leadership appointments.

5. Continued Focus on Institutional Governance within the Insolvency Ecosystem

The amendments reflect IBBI's broader effort to strengthen governance standards across institutions responsible for regulating insolvency professionals. By enhancing oversight mechanisms, improving board composition requirements, and introducing greater accountability in leadership appointments, the regulator continues to reinforce the institutional framework underpinning India's insolvency and restructuring ecosystem.

Insolvency and Bankruptcy Board of India (Liquidation Process) (Third Amendment) Regulations, 2026

On May 19, 2026, the Insolvency and Bankruptcy Board of India (“IBBI”) has notified the Insolvency and Bankruptcy Board of India (Liquidation Process) (Third Amendment) Regulations, 2026, introducing a significant relaxation for Micro, Small and Medium Enterprises (“MSMEs”) undergoing liquidation. The amendment modifies Regulation 35 of the IBBI (Liquidation Process) Regulations, 2016 and seeks to simplify the valuation process applicable to MSME corporate debtors.

Under the existing framework, liquidators are generally required to appoint two registered valuers for determining the value of assets during liquidation. The amendment creates a specific carve-out for MSMEs by permitting the appointment of a single registered valuer for each asset class of the corporate debtor.

The change reflects IBBI’s continued efforts to make insolvency and liquidation processes more efficient, proportionate, and cost-effective for smaller businesses. Given that valuation expenses can represent a significant cost component in MSME liquidations, the amendment is expected to reduce procedural costs and facilitate quicker disposal of assets while preserving flexibility for liquidators in appropriate cases.

Key Highlights

1. Single Valuer Permitted for MSME Liquidations

The amendment allows liquidators to appoint one registered valuer for each asset class of a corporate debtor classified as an MSME under the MSMED Act, 2006. This marks a departure from the general requirement of appointing two registered valuers.

2. Reduction in Liquidation Costs

By permitting the appointment of a single valuer, the amendment is expected to reduce valuation-related expenses incurred during liquidation proceedings. The measure is likely to be particularly beneficial for smaller enterprises where liquidation costs may disproportionately impact recoveries available to stakeholders.

3. Greater Procedural Efficiency

The revised framework may contribute to faster completion of valuation exercises and streamline liquidation proceedings for MSMEs. The amendment aligns with broader policy efforts aimed at reducing procedural burdens and improving efficiency within India's insolvency ecosystem.

4. Flexibility Retained for Liquidators

The amendment does not completely eliminate the option of appointing two valuers. Where considered appropriate, a liquidator may still appoint two registered valuers after consultation with the Stakeholders’ Consultation Committee and recording reasons in writing.

5. Continued Regulatory Focus on MSME Insolvency Reforms

The amendment introduces a differentiated valuation framework for MSMEs undergoing liquidation by permitting the appointment of a single registered valuer for each asset class, while retaining the flexibility to appoint two valuers where considered appropriate. The change is expected to reduce valuation-related costs and administrative requirements associated with liquidation proceedings involving MSME corporate debtors.

Ministry of Corporate Affairs (“MCA”)

“IBC 2.0” Comes into Force: MCA Operationalises Major Insolvency Reforms

On May 22, 2026, the Ministry of Corporate Affairs (“MCA”), through Notification No. S.O. 2625(E) dated 22nd May, 2026, issued by the Joint Secretary, MCA, has appointed 26th May, 2026 as the date on which specified provisions of the Insolvency and Bankruptcy Code (Amendment) Act, 2026 (6 of 2026) (“Amendment Act”) shall come into force, marking the advent of what is widely being referred to as “IBC 2.0.”

The reforms represent one of the most consequential overhauls of India’s insolvency framework since the introduction of the Insolvency and Bankruptcy Code, 2016. The amendments are aimed at addressing practical challenges that emerged over nearly a decade of implementation, including delays in resolution, value erosion of distressed assets, prolonged litigation, and procedural inefficiencies.

The coming into force of these provisions is expected to have a far-reaching impact on creditors, borrowers, insolvency professionals, resolution applicants, distressed asset investors, and other stakeholders participating in insolvency and restructuring transactions. The reforms also signal the Government’s continued commitment to strengthening India's credit ecosystem and improving the effectiveness of insolvency resolution mechanisms.

Key Highlights

1.Provisions Notified and Definitional Changes

 The provisions brought into force include Sections 2 to 6, 8 to 33, sub-clause (iii) of clause (a) and clause (b) of Section 34, Sections 35 to 39, Section 41, Sections 43 to 44, Section 46, Sections 48 to 59, Sections 61 to 66, Section 68, clause (a) of Section 69, clause (a) of Section 70, sub-clauses (i) to (xxvi) of clause (b) of Section 70 (except sub-clause (xx) thereof), and Section 72. In terms of definitions, new concepts such as “avoidance transaction,” “fraudulent or wrongful trading,” “registered valuer,” and “service provider” are introduced, and the definition of “security interest” is clarified to exclude interests arising solely by operation of law.

2. Procedural Amendments to CIRP Admission and Withdrawal   The Adjudicating Authority is now required to admit or reject applications under Sections 7, 9, and 10 within fourteen days, with mandatory written reasons for any delay. The withdrawal of admitted applications under Section 12A is now prohibited both prior to constitution of the Committee of Creditors (“CoC”) and after the first invitation for resolution plans, significantly narrowing the window for post-admission settlement exits.

3.Resolution Plan Framework: Minimum Recovery, CIRP Restoration, and Statutory Protections The Amendment Act strengthens the resolution plan framework in three key respects: (a) dissenting financial creditors are guaranteed a minimum recovery under revised Section 30(2)(ba); (b) the CoC is empowered to apply for restoration of the Corporate Insolvency Resolution Process (“CIRP”) for up to 120 days before a liquidation order is passed (Section 33(1A)); and (c) approved resolution plans are granted statutory protection against suspension or termination of licences, permits, and regulatory approvals (Section 31(5)).

4.Liquidation Reforms: RP Disqualification, CoC Supervisory Powers, and Timeline Cap

 In liquidation, the resolution professional is now prohibited from being appointed as liquidator (Section 34(4)), the CoC is vested with supervisory powers over the liquidation process and the right to replace the liquidator (new Sections 21(11) and 34A), and the timeline for dissolution is capped at 180 days with a 90-day extension available (Section 54(1)). These changes are aimed at ensuring greater oversight over liquidation proceedings and preventing indefinite delays in asset realisation.

5. Implications for Creditors, Debtors, and Insolvency Professionals Creditors, corporate debtors, insolvency professionals, resolution applicants, and lenders may need to reassess existing strategies, documentation, and transaction structures in light of the amended framework. As the reforms begin to be tested through implementation and judicial interpretation, stakeholders are expected to closely monitor their impact on ongoing and future insolvency proceedings.

The commencement of these provisions marks an important milestone in the evolution of India's insolvency regime. While the long-term success of the reforms will ultimately depend on implementation and stakeholder adoption, the operationalisation of IBC 2.0 represents a significant step towards creating a more efficient, predictable, and commercially viable insolvency resolution framework.

Disclaimer:-

The content provided in this update is for educational and informational purposes only and should not be construed as legal advice or the opinion of Tempus Law Associates. Tempus Law Associates disclaims any liability in connection with the use of this information without seeking appropriate legal counsel.