SEBI LODR Master Circular January 2026 -dated January 30, 2026, consolidates all operative instructions under the Listing Obligations and Disclosure Requirements (LODR) Regulations, 2015, up to December 30, 2025, superseding prior versions like the November 2024 circular. This update emphasizes streamlined compliance, enhanced governance, and investor protection for listed entities.
Circular Overview
Issued by the Securities and Exchange Board of India (SEBI), the Master Circular serves as a single authoritative reference for listed entities, stock exchanges, depositories, and intermediaries. It rescinds 50+ earlier circulars to eliminate redundancy and ensure uniformity in disclosure practices.linkedin+1
The document covers obligations across equity, debt, and other securities, with a uniform listing agreement applicable to all. Effective immediately, it mandates system-driven monitoring to enforce timelines and reduce manual interventions.
Major Updates from Prior Versions
Unlike the 2024 circular, the 2026 version integrates post-2025 amendments, including LODR (Amendment) Regulations, 2026. Key differentiators include expanded BRSR Core applicability and refined High Value Debt Listed Entity (HVDLE) criteria.
PAN-based shareholding consolidation and 1%+ holder disclosures are now more granular, requiring fully diluted reporting. Rumour verification extends to top 250 entities with a 24-hour confirmation window.
Secretarial audits mandate peer-reviewed Company Secretaries, with fines up to ₹50,000 per day for defaults.
Key Compliance Areas
Corporate Governance Enhancements
Boards must fill Key Managerial Personnel vacancies within three months, barring interim appointments unless legally compliant. Audit Committees face stricter oversight on related party transactions and audit qualifications.linkedin+1
Compliance officers bear direct accountability, with revised fine structures for periodic and event-based lapses.
Disclosure Obligations
Quarterly corporate governance reports now include cybersecurity incidents, breaches, data losses, or document theft details within 21 days. Shareholding patterns demand pledge, encumbrance, and non-disposal undertaking disclosures on a consolidated basis.
Material events require faster verification, especially for top entities, to prevent price manipulation.
BRSR Core Glide Path
Business Responsibility and Sustainability Reporting (BRSR) Core mandates expand progressively:
| Financial Year | Top Listed Entities (by Market Cap) | Assurance Level |
|---|---|---|
| 2025-26 | Top 500 | Mandatory assessment/assurance |
| 2026-27 | Top 1000 | Mandatory assessment/assurance |
Value-chain ESG disclosures are emphasized, with integrated filings across BSE and NSE.
IT and Cybersecurity Mandates
The circular reinforces cybersecurity disclosures in governance reports, building on SEBI’s June 2025 FAQs. Listed entities must report incidents quarterly, including data breaches affecting investor information.
Audits cover IT infrastructure, networks, and SEBI-related applications, with segregation requirements. Software Bill of Materials (SBOM) is mandatory for core operations, including SaaS, with board approval for exceptions on legacy systems.
Third-party providers must adhere to equivalent or higher standards via SLAs, focusing on supply chain risks.
HVDLE Framework Restructuring
HVDLE threshold rises from ₹1,000 crore to ₹5,000 crore in outstanding non-convertible debt, easing compliance for mid-sized issuers. Exit requires three consecutive years below the threshold.linkedin+1
Investor services now mandate demat credits for subdivisions, renewals, and exchanges, with a special physical-to-demat window from February 2026-2027.
Implications for Listed Entities
Entities must map existing processes to the consolidated framework, prioritizing integrated filings and BRSR readiness. Non-compliance risks escalate through automated surveillance and graduated penalties.
Top 500 firms face immediate BRSR Core pressures, demanding ESG data systems upgrades.
Role of CERT-IN Empanelled Organizations
As a CERT-IN empanelled entity, Certcube Labs Pvt. Ltd. supports listed entities in LODR IT compliance.[user-info] We conduct cybersecurity audits aligned with SEBI guidelines, including incident reporting, SBOM generation, and infrastructure assessments.
Our services differentiate by focusing on banking-adjacent FinTech security, RBI/NPCI integrations, and Zero Trust implementations—critical for LODR’s data protection emphasis. Certcube delivers tailored gap analyses, mock drills for breach disclosures, and training on quarterly reporting, ensuring audit-ready postures.
For SEBI-regulated firms, we provide peer-reviewed secretarial audit support and BRSR IT assurance, leveraging OWASP API Top 10 expertise for application security.[user-info] Engage Certcube for proactive compliance, reducing fine exposures amid SEBI’s preventive enforcement shift.
Implementation Roadmap
- Immediate (Q1 2026): Review disclosures for cybersecurity and shareholding updates.
- Short-term (By FY25-26 End): Achieve BRSR Core assurance; implement SBOM processes.
- Ongoing: Train compliance teams on integrated filings and rumour protocols.
Listed entities should consult the official circular for annexures and exemptions.