[Sharnam Agarwal is a 3rd year B.A. LL.B. (Hons.) student at National Law Institute University, Bhopal]
Recently, the Securities and Exchange Board of India (“SEBI”) released a Consultation Paper titled, “Review of Framework to address the ‘technical glitches’ in Stock Brokers’ Electronic Trading Systems.” This paper proposes a comprehensive revision of SEBI’s 2022 framework which was established to address issues stemming from technical glitches. This is a laudable move toward an equitable and practical regulatory regime by easing compliance for smaller brokers and exempting minor or third-party induced glitches from penalties.
However, a closer examination reveals that the proposed framework may not adequately address existing shortcomings. The overly broad definition of a ‘Technical Glitch’ presents significant compliance challenges, further compounded by the absence of a definition for ‘minor’ glitches. Additionally, despite some glitches being exempt from penalties, all incidents, regardless of their materiality, still require reporting, thereby causing a significant compliance burden. These shortcomings, particularly the lack of a clear materiality threshold in the core definition, risk undermining the very balance the new framework resolves to achieve.
This article critically analyses these recent amendments, evaluating the SEBI’s positive steps while also highlighting gaps that could impede effective enforcement. By comparing SEBI’s framework with international best practices, such as the Regulation Systems Compliance and Integrity (“SCI”) of the US Securities and Exchange Commission (“SEC”), this analysis will suggest curative measures to build a more proportionate, effective, and resilient regulatory regime for India’s dynamic capital markets.
The 2022 Framework and Its Deficiencies
SEBI’s initial 2022 framework for technical glitches was a strict response to protect investors, defining a glitch as almost any system malfunction lasting over five minutes. This broad definition, coupled with a stringent three-stage reporting process with uncapped penalties, created a climate of fear, often discouraging brokers from reporting issues.
In response to broker representations, the Stock Exchanges like NSE and BSE issued circulars on March 28, 2025 (“SE Circular”) with accompanying FAQs (“SE FAQs”) offering much-needed relief. It created a “reportable but not penalizable” category for glitches caused by external factors like cloud providers or exchange-level failures. Crucially, it capped the previously unlimited penalties for non-reporting and relaxed business restrictions, linking them to the percentage of clients affected.
Despite these positive changes, brokers contended that fundamental issues persisted. The definition of a “Technical Glitch” remained overly broad, forcing them to report issues even when there was no material impact on trading. This interpretation deviated from the objectives of SEBI’s 2020 circular, which aimed to address glitches that “..Impact on the investors’ opportunity to trade….” Moreover, requests to exclude incidents where an alternative platform remained operational, where third-party vendors were responsible, and to implement a progressive penalty structure were not adopted.
This has led to a new round of discussions between SEBI, exchanges, and brokers to further refine the norms. Brokers are now proposing a bifurcation of glitches into “soft” and “critical” categories, another attempt to include the missing concept of materiality into the rules. While the regulator has shown a “positive response,” it remains firm that any failure in core trading, settlement, or risk management systems will not be tolerated, setting the stage for a crucial negotiation to find a true and lasting balance.
Therefore, responding to brokers’ concerns over the framework’s broad scope, reporting obligations, and severe penalties, SEBI proposed amendments to its Technical Glitch Framework in September 2025. According to SEBI, the new changes aim to introduce proper materiality thresholds, segregate glitches by severity, and balance investor protection with operational flexibility.
Unaddressed Concerns
The core concern lies in the overly expansive definition of a “Technical Glitch,” which captures almost any malfunction exceeding five minutes, including minor slowdowns. Reporting obligations apply to all such incidents, regardless of materiality, third-party fault, or MII involvement, thus causing a heavy compliance burden. Moreover, SE FAQs imply that only if an MII self-reports an issue will it not count against the broker. For instance, if an exchange’s server failure disrupts trading but the MII fails to report it, the broker may still be fined for a glitch entirely beyond its control. To address this, the framework should exclude immaterial glitches caused by MIIs without broker fault, define a minimum number of affected clients, and revisit penalties for third-party system failures.
A significant lacuna, arising from this broad definition, is the lack of a materiality threshold. Brokers had requested a practical standard, suggesting that an event should only be classified as a glitch if it affects a minimum percentage of clients, such as 10%. This request was declined, with the framework maintaining that an incident is a glitch “irrespective of the number of clients or orders affected”. This creates a disproportionate regulatory control where a system error impacting a single user is equivalent to a mass outage, compelling brokers to utilise resources to cure trivial incidents.
Another major issue is the continuing reporting burden. While the revised framework correctly exempts certain glitches from fines, the obligation to report them persists. This “reportable but not penalizable” category forces brokers to divert their resources from correcting active issues to complying with time-bound regulatory reporting, even for events with no real impact. This wastes valuable resources that could be used to enhance system resilience instead. A more balanced approach would exempt events with “no or a negligible impact on the entity’s operations or on market participants” from immediate reporting, allowing them to be logged and submitted later in a quarterly summary report to SEBI.
Finally, the proposal creates ambiguity by referring to a “minor” glitch, one with limited operational impact, without defining the term, merely asking stock exchanges to issue guidelines in consultation with SEBI. This approach could lead to inconsistency, where what is considered “minor” on one exchange may not be on another. A more pragmatic approach would be for SEBI to provide a clear, objective definition based on measurable user impact. For instance, a possible definition could be:
“A minor glitch shall mean a technical glitch that has a limited impact, affecting less than 2% of active users for a duration of under 30 minutes, or one that affects only non-core ancillary functions, such as user login or portfolio viewing, without disrupting core trading activities.”
Without addressing these core issues, the new framework, despite its positive intentions, risks creating a system where compliance burdens are skewed with actual market impact, ultimately defeating the goal of an active and resilient regulatory environment.
Taking Cues from Other Jurisdictions
To fill these gaps, SEBI could draw inspiration from securities regulators in countries like the US and Singapore, which have established more comprehensive and pragmatic frameworks to manage technical glitches effectively.
In US, the SEC adopts a zero-tolerance framework for technological failures in the systems of stock brokers through its comprehensive framework called Regulation Systems Compliance and Integrity (“Reg SCI”) which offers a clear definition of “glitch” by classifying systems into three categories: (i) SCI Systems- Core trading and market support systems, (ii) Critical SCI Systems- single-point-of-failure systems with strict recovery requirements, and (iii) Indirect SCI Systems- Non-core systems regulated mainly for security. Reg SCI exemplifies a framework with materiality thresholds, precise glitch definitions, and a balanced approach.
Crucially, rule 1002(b)(5) under Reg SCI provides a pragmatic solution to compliance burden through a tiered reporting framework. It requires immediate notification for major system incidents, followed by a written report within 24 hours, while exempting “de minimis” events, those with no major market impact, from real-time reporting. Such minor glitches are simply logged and submitted quarterly, ensuring oversight without overburdening entities. In contrast, SEBI’s recent “reportable but not penalizable” category still requires immediate reporting of non-impactful glitches, diverting resources unnecessarily. Adopting a formal quarterly reporting mechanism for de minimis incidents, mirroring the US model, would enable SEBI to maintain transparency while significantly easing the persistent compliance burden on market brokers.
Another key concern in SEBI’s 2025 proposal is the absence of a clear definition of “material,” which creates uncertainty for Indian brokers. US’ Reg SCI addresses this challenge more effectively by empowering regulated entities to define materiality themselves. Under rule 1003(a)(1), each SCI entity must “establish reasonable written criteria for identifying a change… as material ” and report based on its own framework. This strikes a judicious balance, offering flexibility while ensuring accountability. It acknowledges that what constitutes a material change for a large, multi-platform broker may differ from that for a smaller or specialized firm. Should SEBI adopt a similar modal, it could mitigate over-reporting, enhance regulatory efficiency, and ensure attention is focused on genuinely significant system changes.
Following the U.S, Singapore’s MAS Technology Risk Management (TRM) Guidelines offer valuable insights for SEBI. MAS mandates firms to report IT incidents within one hour only if “severe.” A severe incident is defined as one with significant customer impact or systemic risk. Furthermore, MAS mandates that firms define and test their Recovery Time Objectives (“RTO”) and Recovery Point Objectives (“RPO”), aligning with business priorities. Instead of focusing solely on glitch duration (the five-minute rule), SEBI could require brokers to establish their own RTOs/RPOs. This would shift the focus to whether systems were restored within pre-defined tolerances, aligning with MAS’ structured approach and the FCA’s principles-based framework.
SEBI can improve its technical glitches framework by combining the US’ tiered reporting and materiality approach with Singapore’s severity-based reporting. Incorporating proactive RTO/RPO standards would create a balanced and globally aligned regulatory system.
Conclusion
SEBI’s revision of its technical glitch framework is a commendable step toward a more balanced regime. However, as this analysis suggests, critical gaps concerning broad definitions and reporting burdens remain. By taking cues from the more mature, empirical frameworks in jurisdictions like the US and Singapore, SEBI can resolve these issues and create a truly effective and proportionate regulatory environment for India’s dynamic capital markets.
– Sharnam Agarwal