MASTER CIRCULAR FOR ESG RATING PROVIDERS

1 · 1. SEBI has operationalized SEBI Intermediary Portal (https://siportal.sebi.gov.in) for the intermediaries to submit all the registration applications online. The SEBI Intermediary Portal shall include online application for registration, processing of application, grant of final registration, application for surrender / cancellation, submission of periodical reports, requests for change of name/ address/ other details, etc., Link for SEBI Intermediary Portal is also available on SEBI website – www.sebi.gov.in .

1 · 2. All applications for registration/ surrender/other requests will be made through SEBI Intermediary Portal. The applicants will be separately required to submit relevant documents viz. declarations/ undertakings required as a part of application forms prescribed in relevant regulations, in physical form, for records without impacting the online processing of applications for registration. In case of any queries and clarifications with regard to the SEBI Intermediary Portal, intermediaries may contact on 022-26449364 or may write at portalhelp@sebi.gov.in .

1 · 3. However, till operationalisation of SEBI Intermediary Portal for ERPs, an entity desirous of registering with SEBI as an ESG rating provider may file an application with SEBI, as per the format prescribed in CRA Regulations, along with the application fees and relevant documents, in hard copy, addressed to "Chief General Manager, Department of Debt and Hybrid Securities, SEBI", as well as in soft copy, via email to erp@sebi.gov.in. The same process shall also apply for submission of periodical reports, requests for change of name / address / other details, etc.

1 · 4. Fees and other charges payable to SEBI are subject to Goods and Services Tax (GST) that is at present 18%.

2 · 1. As per Regulation 28H(c) of CRA Regulations, all registered ERPs are required to obtain prior approval of SEBI in case of change in control.

2 · 2. To streamline the process of providing approval to the proposed change in control of an ERP (hereinafter referred to as intermediary or applicant), the following is mandated:

2 · 2.1. An ERP shall make an application to SEBI for prior approval through the SEBI Intermediary Portal (https://siportal.sebi.gov.in). However, till operationalisation of SEBI Intermediary Portal for ERPs, an ERP may submit such application, in hard copy, addressed to "Chief General Manager, Department of Debt and Hybrid Securities, SEBI", as well as in soft copy, via email to erp@sebi.gov.in .

2 · 2.2. The abovementioned application by an ERP shall be accompanied by the following information/ declaration/ undertaking about itself, the acquirer(s) / the person(s) who shall have the control and the directors/ partners of the acquirer(s) / the person(s) who shall have the control:

2 · 2.2.1. Current and proposed shareholding pattern of the applicant

2 · 2.2.2. Whether any application was made in the past to SEBI seeking registration in any capacity but it was not granted? If yes, details thereof.

2 · 2.2.3. Whether any action has been initiated / taken under the Securities Contracts (Regulation) Act, 1956 (SCRA) / Securities and Exchange Board of India Act, 1992 (SEBI Act) or rules and regulations made thereunder? If yes, status thereof along with the corrective action taken to avoid such violations in the future. The acquirer/ the person who shall have the control shall also confirm that it shall honour all past liabilities / obligations of the applicant, if any.

2 · 2.2.4. Whether any investor complaint is pending? If yes, steps taken and confirmation that the acquirer/ the person who shall have the control shall resolve the same.

2 · 2.2.5. Details of litigation, if any.

2 · 2.2.6. Confirmation that all the fees due to SEBI have been paid.

2 · 2.2.7. Declaration cum undertaking of the applicant and the acquirer / the person who shall have the control (in a format enclosed at Annexure

2 · 2.3. The prior approval granted by SEBI shall be valid for a period of six months from the date of such approval within which the applicant shall file application for fresh registration pursuant to change in control .

2 · 2.4. If the ERP has rated any product or issuer, which falls within the ambit of another regulator or authority, as specified at Para 5.5, then such ERP shall obtain approval/ NOC from such regulator or authority and submit a selfattested copy of the same to SEBI along with the request for change in control. If the ERP has not handled any such product or issuer, it shall provide a confirmation to that effect.

2 · 3. To streamline the process of providing approval to the proposed change in control of an intermediary in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal ("NCLT") in terms of the provisions of the Companies Act, 2013, the following shall be applicable:

2 · 3.1. The application seeking approval for the proposed change in control of the intermediary shall be filed with SEBI prior to filing the application with NCLT.

2 · 3.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI;

2 · 3.3. The validity of such in-principle approval shall be three months from the date issuance, within which the relevant application shall be made to NCLT.

2 · 3.4. Within 15 days from the date of order of NCLT, the intermediary shall submit an online application in terms of paragraph 2.2 of this circular along with the following documents to SEBI for final approval:

2 · 3.4.1. Copy of the NCLT Order approving the scheme;

2 · 3.4.2. Copy of the approved scheme;

2 · 3.4.3. Statement explaining modifications, if any, in the approved scheme visà -vis the draft scheme and the reasons for the same; and

2 · 3.4.4. Details of compliance with the conditions/ observations, if any, mentioned in the in -principle approval provided by SEBI.

3 · 1. SEBI has been receiving registration applications pursuant to transfer of business (SEBI regulated business activity) from one legal entity which is a SEBI registered Intermediary (transferor) to other legal entity (transferee). In this regard, following is clarified:

3 · 1.1. The transferee shall obtain fresh registration from SEBI in the same capacity before the transfer of business if it is not registered with SEBI in the same capacity. SEBI shall issue new registration number to transferee different from transferor's registration number in case business is transferred through regulatory process (pursuant to merger / amalgamation / corporate restructuring by way of order of primary regulator /government / NCLT, etc.) or non-regulatory process (as per private agreement /MOU pursuant to commercial dealing / private arrangement) irrespective of transferor continues to exist or ceases to exist after the said transfer.

3 · 1.2. In case of change in control pursuant to both regulatory process and nonregulatory process, prior approval and fresh registration shall be obtained. While granting fresh registration to same legal entity pursuant to change in control, same registration number shall be retained.

3 · 1.3. If the transferor ceases to exist, its certificate of registration shall be surrendered.

3 · 1.4. In case of complete transfer of business by transferor, it shall surrender its certificate of registration.

3 · 1.5. In case of partial transfer of business by transferor, it can continue to hold certificate of registration.

4 · 1. In order to facilitate orderly migration of ESG ratings pursuant to cancellation, suspension, or surrender of certificate of registration of an ERP to another SEBIregistered ERP, the following are hereby prescribed, subject to the requirements of corresponding cancellation or suspension order(s) passed by SEBI ("the Order"), if any:

4 · 1.1. On and from the date of the Order, or the date of submission of request for surrender of certificate of registration ("the Request") to SEBI, as applicable, the concerned ERP shall –

4 · 1.1.1. disclose prominently on its website, the Order or the Request, as the case may be, and communicate the same to its clients within 15 days of the Order or the Request;

4 · 1.1.2. not take any new clients or fresh mandates;

4 · 1.1.3. allow its clients to withdraw any assignment given to the ERP, without any additional cost to such clients;

4 · 1.1.4. facilitate an orderly migration of assignments as desired by clients to other ERP(s) holding a certificate of registration under CRA Regulations;

4 · 1.1.5. continue to comply with the provisions of the CRA Regulations and circulars issued thereunder, till the time the ERP holds the certificate of registration;

4 · 1.1.6. continue to co -operate with SEBI with regard to sharing of information when requested and payment of fees as required under CRA Regulations;

4 · 1.1.7. take such other action including providing any records or documents

4 · 1.2. The ERP , on and from the date of acceptance of the Request, or when it is commencing the winding up process, shall:

4 · 1.2.1. return the certificate of registration so cancelled to SEBI;

4 · 1.2.2. not represent itself to be a holder of certificate for carrying out the activity for which such certificate had been granted;

4 · 1.2.3. suspend undertaking activity for which such certificate had been granted;

4 · 1.2.4. until it is wound up, continue to co-operate with SEBI on matters pertaining to the activities of the ERP undertaken by it till it held the certificate of registration under CRA Regulations;

4 · 1.2.5. make provisions as regards liability incurred or assumed by it;

4 · 1.2.6. until it is wound up, take such other action including providing any records or documents within the time period and in the manner, as may be required under the CRA Regulations or as may be directed by SEBI

4 · 1.3. Additionally, in case of suspension of the certificate of registration, the ERP , during such period of suspension, shall –

4 · 1.3.1. suspend undertaking activity for which such certificate of registration had been granted;

4 · 1.3.2. continue to co -operate with SEBI on matters pertaining to the activities of the ERP undertaken by it under CRA Regulations;

4 · 1.3.3. make provisions as regards liability incurred or assumed by it;

4 · 1.3.4. take such other action including providing any records or documents within the time period and in the manner, as may be required under the CRA Regulations or as may be directed by SEBI.

4 · 1.4. In case of cancellation of certificate of registration, the ESG ratings assigned by the ERP shall be valid till such time the client withdraws the assignment and/or migrates the assignment to another ERP as specified or the ERP is wound -up, whichever is earlier.

4 · 1.5. Surrender of Certificate of Registration

4 · 1.5.1. If an ERP wishes to surrender the registration voluntarily, it shall transfer, wherever relevant, its existing business/ client accounts to another SEBI registered intermediary, before it makes a request to SEBI for accepting the surrender of the certificate of registration.

4 · 1.5.2. If, at the time of request for surrender of certificate, the ERP has any outstanding rating of any product or issuer, which falls within the ambit of another regulator or authority, as specified at Para 5.5, then such ERP shall obtain approval/ NOC from such regulator or authority and submit a self -attested copy of the same to SEBI along with the request for surrender of certificate. If the ERP does not have any outstanding rating of any such product or issuer, it shall provide a confirmation to that effect.

4 · 1.5.3. The ERP may, if it so desires, make a representation for dispensing with the procedure, along with the application, for surrender in terms of the first proviso to Regulation 33B of Securities and Exchange Board of India (Intermediaries) Regulations, 2008 in the prescribed format placed as Annexure 2 .

4 · 1.5.4. In all cases of transfer of business or client accounts to another registered intermediary, the clients shall not be subjected to any additional cost.

4 · 1.5.5. ERP shall maintain its records, documents, information obtained from its clients during the course of ESG rating from its clients, for at least three years after surrender of registration.

4 · 1.5.6. In its application to SEBI, the ERP shall also provide an undertaking that it shall continue to maintain confidentiality of the data obtained by it from its existing clients for the purpose of ESG rating, unless asked to share such information by operation of law.

4 · 1.6. In case of surrender of certificate of registration, the ESG ratings assigned by the ERP whose certificate of registration is being surrendered, shall be valid till such time the client withdraws the assignment and/or migrates to

4 · 1.7. In case of suspension of certificate of registration, the ESG ratings assigned by the ERP, whose certificate of registration is suspended, shall not be valid during the period of suspension.

4 · 1.8. Upon cancellation or surrender or suspension of certificate of registration of an ERP, the concerned ERP's services cannot be used by listed entities or issuers for compliance with requirements of various SEBI regulations which require ESG ratings from an ERP registered with SEBI.

4 · 1.9. Listed entities or issuers who have obtained ESG rating from an ERP whose registration is cancelled or suspended or surrendered, desirous of obtaining ESG rating for regulatory purposes, shall obtain ESG rating(s) from other SEBI -registered ERP(s) holding a valid certificate of registration under CRA Regulations .

5 · 1. CRA Regulations define "environmental, social, and governance ratings", or "ESG ratings" as the rating products that are marketed as opinions about an issuer or a security, regarding its ESG profile or characteristics or exposure to ESG risk, governance risk, social risk, climatic or environmental risks, or impact on society, climate and the environment, that are issued using a defined ranking system of rating categories, whether or not these are explicitly labelled as "ESG ratings". In this regard, ESG rating or score have been treated interchangeably in this circular. Any reference to ratings in this circular shall refer to ESG ratings, unless stated otherwise.

5 · 2. An ERP shall offer at least the following ESG rating products:

5 · 2.1. ESG Rating

5 · 2.2. Transition or Parivartan Score

5 · 2.3. Combined Score

5 · 2.4. Core ESG Rating

5 · 2.5. Core Transition or Parivartan Score

5 · 2.6. Core Combined Score

5 · 3. An ERP may provide additional ESG rating products subject to compliance with relevant provisions of the CRA regulations and circulars issued thereunder.

5 · 4. Further, the following is clarified:

5 · 4.1. If in any of the ESG rating products referred to at Para 5.2.1-5.2.3, the ERP relies only on third-party assured parameters, then the ERP shall not be required to provide separate ESG rating products referred to at Para 5.2.45.2.6, respectively, or a non-core variant thereof.

5 · 4.2. If an ERP incorporates transition assessment in its ESG ratings or Core ESG ratings, then the ERP shall not be required to separately offer Combined Score or a Core Combined Score (Para 5.2.3 and Para 5.2.6 above) respectively.

5 · 4.3. However, in the above cases, such ERP must disclose the said facts in ESG rating rationales and ESG rating methodologies.

5 · 5. The above six ESG rating products shall:

5 · 5.1. suitably incorporate the environmental, social and governance aspects that are contextual to the Indian market. An indicative list of India -specific ESG parameters is placed at Annexure 3 .

5 · 5.2. be assigned such that they allow comparison with companies in other sectors, i.e., such rating products must contain sector-agnostic ESG ratings.

5 · 5.3. adhere to guidelines specific to the rating product as detailed below in this circular.

5 · 6. Transition or Parivaratan Score

5 · 6.1. It is observed that various Indian companies may be rated on their current emission levels as they begin to align their strategies with India's commitment of emissions intensity reduction to Net Zero by 2070, despite substantial reduction year on year.

5 · 6.2. Evaluating Indian corporates on an absolute yardstick without recognizing the efforts they make, and results they achieve, in transition may not lead to the appropriate incentives for transition finance.

5 · 6.3. Hence, ESG rating providers shall provide two additional ratings:

5 · 6.3.1. ESG Transition or Parivartan score: measuring the velocity of and investments in making the transition to Net Zero Goals/improving ESG risk management. In other terms, the transition or Parivartan score would reflect the incremental changes that the company has made in its

5 · 6.3.2. Combined Score: incorporating ESG rating and transition rating, i.e. , measuring both the status and the ability to transition shall also be provided . A combined score shall be determined in the following manner:

5 · 7. Core ESG Rating

5 · 7.1. ERPs shall provide a rating called the "Core ESG Rating" that shall be based on third -party assured or audited data disclosed by the Company.

5 · 7.2. Further, core ESG rating rationales may contain an additional commentary / observations on data that may not be verified/ assured by a third-party. The same ensures that unverified data is not included in core ESG rating, but at the same time, users of core ESG rating are made aware of the unverified information as well, based on which they may take any action as they deem appropriate.

5 · 7.3. Further, a Core Combined score incorporating Core ESG rating and Core transition rating, i.e., measuring both the status and the ability to transition shall also be provided. A Core Combined score shall be determined in the following manner:

5 · 7.4. Core ESG rating, Core Transition or Parivartan Score, and Core Combined Score shall be offered by an ERP pursuant to availability of ' Business Responsibility and Sustainability Report (BRSR) Core' for the rated entity.

6 · 1. In the interest of clarity to market participants, it is mandated that ESG ratings shall be provided on a scale of 0 – 100, where 100 represents the maximum score .

6 · 2. For existing outstanding ESG ratings, the ERPs shall disclose new rating symbols and definitions on their websites and update their rating lists on their websites;

6 · 3. For various ESG rating products (ESG rating, core ESG rating, transition or Parivartan score, other ESG rating products), ERPs shall ensure use of suitable nomenclature (use of prefixes or suffixes, etc.) that enables the end user(s) to differentiate ESG rating products from each other.

7 · 1. CRA Regulations allow ERPs to undertake or offer ESG rating of any product or issuer, as may be required by another financial sector regulator or authority, as may be specified by SEBI, under the guidelines of such regulator or authority. In this regard, the following is being specified:

7 · 1.1. A list of financial sector regulators/ authorities has been specified at Annexure 4 .

7 · 1.2. [The ESG ratings undertaken by an ERP under the guidelines of the International Financial Services Centres Authority (IFSCA) shall be under the purview of IFSCA. Accordingly:

7 · 1.3. ERPs may also undertake research activities, incidental to ESG rating, such as research for economy , environment and ecology, society and social issues, industries and companies .

7 · 2. Client -group level segregation for ESG ratings and/or green debt certifications –

7 · 2.1. For the purpose of this provision, client group shall include the client company of an ERP and all the group companies of such client of the ERP .

7 · 2.2. For any client group, an ERP shall only offer one of the following two product categories (i) ESG ratings/ certification of green debt securities or (ii) audit of financial statements / assurance of sustainability disclosures .

7 · 2.3. In case an ERP wishes to migrate from offering ESG ratings/ green debt certification to offering audit/assurance to a client-group, or vice versa, a cooling period of one year shall be applicable .

8 · 1. ERPs shall follow either of the following two business models:

8 · 1.1. " Subscriber -pays" business model, where the ERP derives its revenues from ESG ratings from subscribers that may include banks, insurance companies, pension funds, or the rated entity itself.

1 · Circular No. SEBI/HO/DDHS/DDHS -

8 · 1.2. " Issuer -pays " business model , where the ERP derives its revenues from ESG ratings from the rated entity , in terms of a written contractual agreement between such entity and the ERP , which may contain such provisions as may be specified by SEBI.

8 · 2. In order to mitigate potential conflict of interests, it is mandated that ERPs shall not follow a hybrid business model, i.e. an ERP shall not assign certain ESG rating based on issuer -pay model, while assigning another ESG rating based on a subscriber -pays business model.

9 · 1. Each ERP shall frame detailed guidelines on the following and disclose the same on its website:

9 · 1.1. General nature of compensation arrangements with rated entities

9 · 1.2. Policy for request for review/appeal by Issuer against the rating being assigned to its securities

9 · 1.3. Guidelines on what constitutes non -cooperation, in case of ERPs following an issuer -pays business model .

9 · 1.4. Gift policy

9 · 1.5. Confidentiality policy

9 · 1.6. Policy on outsourcing of activities

9 · 1.7. FAQs on ratings

9 · 1.8. Disclosure on managing conflict of interest

9 · 2. Any change in the rating process or policies shall be disclosed on the ERP's website, while also providing a reference/ hyperlink to the original provision/ process/ policy, to enable the investors to discern the changes made to the same.

9 · 3. An ERP shall keep the records in support of each ESG rating and review/ surveillance thereof , as applicable, including but not limited to the following:

9 · 3.1. The important factors underlying the ESG rating and sensitivity of such ESG rating to changes in these factors;

9 · 3.2. Summary of discussions and copies of correspondences with the issuer, its management, auditors and bankers which have a bearing on the ESG rating , as applicable;

9 · 3.3. If a quantitative model is a substantial component of the ESG rating process, the rationale for any material difference between the ESG rating implied by the model and the ESG rating actually assigned;

9 · 4. The above records should be maintained as follows and be made available to auditors and regulatory bodies when sought by them:

9 · 4.1. ESG rating of listed entities: Records to be maintained at all times. However, upon withdrawal of ESG rating, records to be maintained till 5 years from the date of withdrawal.

9 · 4.2. ESG rating of listed securities: Records to be maintained till 5 years from date of maturity of such securities . However, upon withdrawal of ESG rating, records to be maintained till 5 years from the date of withdrawal.

9 · 5. During the rating process, ERPs shall record minutes of the meeting with issuer management, if any.

9 · 6. The process of discussion of case by circulation must be avoided, unless there is urgency in taking a rating action.

9 · 7. The ERP shall, on an annual basis, undertake a review of the decisions taken by it in that year, which would, inter alia, include:

9 · 7.1. ESG Ratings assigned by the ERP, including ratings assigned based on best available information in cases of non -cooperation by the issuer.

9 · 7.2. Sharp changes in ratings.

9 · 8. The ERPs shall at all times observe high standards and fairness in conduct of the business and any act of omission or commission in contravention of the provisions of clauses 12 and/or 23 of Code of Conduct, as specified under Seventh Schedule of the CRA Regulations, in letter and spirit, may result in violation of the provisions of section 12A of the Securities and Exchange Board of India Act,1992 and SEBI

10 · 1. Material Events requiring a review

10 · 1.1. Regulation 28L(g) of CRA Regulations require an ERP to have efficient systems to track material developments related to environmental, social and governance factors to ensure timely and accurate ESG ratings.

10 · 1.2. Material developments in this respect shall be any event that results in a change of the ESG profile of the rated company. Such material developments shall include, but not be restricted to, publication of Business Responsibility and Sustainability Reporting (BRSR) or controversy/ penalty in environmental, social or governance areas.

10 · 1.3. ERPs shall carry out a review of the ESG ratings upon the occurrence of or announcement/ news of such material developments, and immediately, but not later than 10 days of occurrence of the said event. [However, review of the ESG rating pursuant to publication of BRSR by the rated entity shall be carried out immediately, but not later than 45 days of the publication of the BRSR . ] 2

11 · 1. ESG rating providers generally follow either a subscription-based business model or an issuer -pays business model. In either of the case, there is an ESG rating rationale or a report containing ESG rating of an entity, along with a detailed rationale behind the assigned ESG rating.

11 · 2. It is essential that the ESG rating rationale be articulated in detail to enable a stakeholder to assess the reasons behind an assigned ESG rating. This is further necessitated by the oft-occurring divergence in ESG ratings across providers.

2 · Circular No. SEBI/HO/DDHS/DDHS -PoD -3/P/CIR/2025/007 dated January 17, 2025

11 · 3. Therefore, in order to provide for greater transparency in the ESG rating process, it is proposed that the ESG rating rationale/ ESG report may contain the following minimum disclosures:

11 · 3.1. Current ESG rating/score

11 · 3.2. Change in rating/score from the previous evaluation (direction)

11 · 3.3. Last review date

11 · 3.4. Summary of key drivers both qualitative (including controversies and their impact) and quantitative factors considered for arriving at the overall ESG rating

11 · 3.5. Pillar wise E, S and G scores – key drivers (including industry comparison of material parameters) both quantitative and qualitative being considered for carrying out such assessment

11 · 3.6. Weights of E, S and G scores in the assigned ESG rating

11 · 3.7. Brief explanation of rating intent to clarify if it represents unmanaged risks/ performance against risks/ impact etc. In case this is available in a methodology document, cross-linking of the relevant document would suffice

11 · 3.8. Summary of or link to methodology used.

11 · 4. [ERPs following a Subscriber-Pays business model may share the detailed Rating Rationales/ Rating Reports, as specified in Para 11.3, only with their subscribers and may not disclose the same on their websites. However, ERPs following a Subscriber-Pays business model shall disclose the ESG ratings assigned on their website in the following format:

11 · 5. The rated entity/ issuer may provide its comments on the ESG rating report/ rating rationale to the ERP in the standardised format as devised by the ESG Rating Providers Association in consultation with SEBI. Further, the ESG Rating Providers Association, in consultation with SEBI, has framed the standards for the clarification to be provided by the ERP to the rated entity, balancing the minimum information that is to be provided while maintaining confidentiality of intellectual property of ERPs. The said format/ standards are enclosed as Annexure 5. ERPs following subscriber-pays business model shall ensure that the said format/ standards are disclosed on their websites and are shared with the rated issuer while sharing the ESG rating report/ rationale with the issuer.] 3

11 · 6. Disclosure of rating sensitivities in the rating rationale

11 · 6.1. The disclosure of factors to which the rating is sensitive, is critical for the end -users to understand the factors that would have the potential to impact the ESG profile of the entity.

11 · 6.2. Accordingly, in order to improve transparency, the ERP shall have a specific section on 'Rating Sensitivities' in the Rating Rationale which shall explain the broad level of environmental and/ or social and/or governance performance levels that could trigger a rating change, upward and downward.

11 · 6.3. Such factors shall be disclosed in quantitative terms to the extent possible, discernible to the investors, and should not read like a general risk factor.

12 · 1. Rating Agreement between issuer and ERP:

12 · 1.1. The ERP shall enter into a written agreement with each client who (or whose securities) the ERP proposes to rate, and such agreement shall include the following provisions, namely:

3 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

12 · 1.1.1. the rights and liabilities of each party in respect of the ESG rating shall be defined;

12 · 1.1.2. the fee to be charged by the ERP shall be specified;

12 · 1.1.3. the client shall co -operate with the ERP in order to enable the latter to carry out periodic review of the ESG rating during the tenure of the rated instrument or validity of ESG rating;

12 · 1.1.4. the client shall co -operate with the ERP in order to enable the latter to arrive at, and maintain, a true and accurate ESG rating of the client or clients securities and shall in particular provide to the latter, true, adequate and timely information for the purpose.

12 · 1.1.5. the ERP shall disclose to the client the ESG rating assigned to the latter (or its securities) through regular methods of dissemination;

12 · 1.1.6. The client (issuer) agrees to disclose the history and status (noncooperation, non-payment of fees etc.) of previous rating relation with the earlier ERP(s) to the new ERP along with reasons for noncooperation, etc. if applicable."

12 · 1.1.7. The client (issuer) agrees to provide the information sought by the ERP immediately, but not later than 7 days from the date of seeking such information by the ERP.

12 · 1.2. ERPs following an issuer-pays business model shall refrain from giving Indicative Ratings without having a written agreement in place. In case such Indicative Ratings are provided by the ERP, it shall be considered as aiding and abetting the Issuer in suppression of material information by the ERP which would be in contravention of Clause 12 of Code of Conduct of ERPs and may result in violation of the provisions of section 12A of the Securities and Exchange Board of India Act, 1992 and SEBI (Prohibition of Fraudulent and Unfair Trade Practices relating to Securities Market) Regulations, 2003 by the ERP.

12 · 2. Issuer -Not -Cooperating:

12 · 2.1. Regulation 28M provides that if the rated issuer or the issuer whose securities are rated by the ERP refuses to co-operate with the ERP regarding review of the ESG rating, despite being under a contractual obligation to do so, the ERP shall review the ESG rating on the basis of the best available information .

12 · 2.2. In case of non -cooperation by the issuer (such as not providing information required for rating, non-payment of fees for conducting surveillance), in line with the existing Regulations, the ERP shall continue to review the ESG rating, on an ongoing basis throughout the rating's lifetime, on the basis of best available information, in accordance with CRA Regulations and circulars issued thereunder as well as the ERP's ESG rating process and policies.

12 · 2.3. ERPs shall have a detailed policy in this respect which shall include (but not be limited to) the following:

12 · 2.3.1. The criteria/ methodology in respect of assessing the risk of nonavailability of information from the issuers including non-cooperative issuers.

12 · 2.3.2. The steps to be taken under various scenarios in order to ascertain the status of non -cooperation by the issuer company.

12 · 2.4. ERPs shall also formulate a policy on "Minimum/ Indicative Information requirement" in terms of various sectors or types of ratings (limited to ESG ratings of securities that are listed, or proposed to be listed, on a recognized stock exchange, and other ESG ratings that are required under various SEBI Regulations or circulars issued thereunder), etc. and disclose it on their website.

12 · 2.5. In case of non -cooperation by the issuer, the ESG rating symbol shall be accompanied by the suffix "ISSUER NOT COOPERATING*"in the same font

12 · 2.6. Information to be disclosed through the Rating Rationale: The rating action(s) in such cases shall be promptly disclosed through rating rationale(s), which shall mention, at least, the following:

12 · 2.6.1. Date of the Rating Rationale

12 · 2.6.2. Details of security / entity

12 · 2.6.3. Rating Action and Indicative/updated rating based on best available information

12 · 2.6.4. A brief write -up on the non-co-operation by the Issuer/ Borrower and the consistent follow -up done by the ERP for getting the information.

12 · 2.6.5. Hyperlink/ reference to the applicable "Criteria"

12 · 2.6.6. Limitations regarding information availability (shall have a suitable caveat cautioning the investors/lenders /public)

12 · 2.6.7. Rating History for last three years

12 · 2.6.8. Name and contact details of the Rating Analyst(s)

12 · 2.7. In case an issuer, having not co-operated with an ERP in the past, approaches another ERP, following an issuer-pays business model, for ESG rating, the new ERP shall, in its Rating Rationale, disclose the aspect of nonco-operation.

12 · 2.8. No ERP, following an issuer-pays business model, shall assign any new ratings to an issuer, if the issuer is categorized as non-cooperative with all the ERPs for a continuous period of preceding 12 months, until the issuer resumes cooperation or the rating is withdrawn.

13 · 1. Regulation 28M of CRA regulations prescribe, inter-alia, that an ERP shall not withdraw an ESG rating except in cases where the rated issuer, or the issuer whose security is rated, is wound up or merged or amalgamated with another company,

13 · 2. [In addition to the cases specified in Regulation 28M of the SEBI (Credit Rating Agencies) Regulations, 1999, the following is being specified:

13 · 2.1. For ERPs following a Subscriber-Pays business model:

13 · 2.2. For ERPs following an Issuer-Pays business model:

13 · 3. Rating Rationale for Withdrawal of Rating of a rated entity/ security: At the time of withdrawal of any ESG rating of entities/securities that are listed, or proposed to be listed, on a recognized stock exchange, and other ESG ratings that are required under various SEBI Regulations or circulars issued thereunder, the ERP shall assign a rating to such entity/security and issue a rating rationale, which shall also mention the reason(s) for withdrawal.

15 · 1. MD/ CEO of an ERP and any person within ERP who has business responsibility shall not interfere in the determination of ESG rating.

15 · 2. At least one third of the board of an ERP shall comprise of independent directors, if the board is chaired by a non-executive director. In case the board of the ERP is chaired by an executive director, at least half of the board shall comprise of independent directors.

15 · 3. The board of an ERP shall constitute the following committees:

15 · 3.1. ESG Ratings Sub-Committee

15 · 3.2. Nomination and Remuneration Committee

15 · 4. The Rating team of an ERP shall report to a Chief Ratings Officer (CRO).

4 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

15 · 5. The Chief Ratings Officer (CRO) shall directly report to the ESG Ratings SubCommittee of the board of the ERP .

15 · 6. The Nomination and Remuneration Committee shall be chaired by an independent director.

15 · 7. [Considering the challenges faced by Category II ERPs in the initial years of operation, the requirement for constitution of an ESG Ratings Sub-Committee and Nomination and Remuneration Committee (NRC), as mentioned in Para 15.3, shall become effective for Category II ERPs from April 29, 2027. Until the said time, the relevant issues under the purview of NRC and ESG Ratings Sub-Committee may be handled by the Board of the Category II ERP.] 5

16 · 1. Roles and responsibilities of the ESG rating analysts/team of ERPs shall be clearly laid out by the ERP .

16 · 2. Analysts or other members of the ESG rating team shall be responsible for undertaking the ESG rating process and adhering to the timelines as specified by the ERP.

17 · 1. An ERP shall formulate the policies and internal codes for dealing with the conflict of interest.

17 · 2. An ERP shall ensure:

17 · 2.1. that its analysts do not participate in any kind of marketing and business development including negotiations of fees with the issuer who is being rated or whose securities are being rated,

17 · 2.2. that the employees' involved in the ESG rating process and their dependents do not have ownership of the shares of the issuer.

5 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

17 · 2.3. prompt review of the ESG ratings of the entities/securities as and when any of its employees joins the respective issuer.

17 · 3. Guidelines for dealing with Conflict of Interest for investment/ trading by ERPs, Access Persons and other employees

17 · 3.1. These Guidelines shall be applicable in case of investment / trading by ERPs and Access Persons connected to ERPs and in case of disclosures to all employees of ERPs.

17 · 3.2. Explanation: "Access Persons" means officials of ERP appointed as Chief Executive or by any other designation (such as CEO/MD/President or by whatever name called who are performing functions similar to those of the Chief Executive), the employees of ERP doing the function of analyst, or compliance, or heads of the departments or divisions or any other employee as decided by ERP .

17 · 3.3. These guidelines shall cover transactions for purchase or sale of securities either individually or jointly or in the name of their dependents or as a member of HUF.

17 · 3.4. With a view to adopting best industry practices and systems by ERPs for managing conflict of interest in case of investment/ trading in securities (except schemes of Mutual Funds) done by ERPs or their Access Persons as defined hereunder, the following guidelines, framed in consultation with ERPs are laid down:

17 · 3.4.1. ERPs shall adopt adequate systems, procedures and policies to ensure that they address conflict of interest while making their own investments in securities.

17 · 3.4.2. The ERPs, their employees and Access Persons shall not take undue advantage of any price sensitive information that they may have about any company.

17 · 3.4.3. Access Persons to seek prior approval for transactions

17 · 3.4.4. Disclosures

17 · 3.4.5. Restrictions on employees holding ownership of securities of the issuer: An ERP shall ensure that employees involved in the rating process shall not have ownership of the securities of the issuer.

19 · 1. An ERP shall make all the disclosures stipulated below on their websites. In case of listed entities/securities, the ERP shall also make disclosures to the stock exchanges as specified in the CRA Regulations. For ratings assigned and their periodic reviews, the ERP shall disclose ESG ratings on their websites. Where a specific format has been prescribed, the disclosures shall be made in that format.

19 · 2. An ERP can make additional disclosures other than those stipulated in CRA Regulations or circulars issued thereunder with the prior approval of its board.

19 · 3. Disclosures by ERPs on annual basis: ERP shall make following disclosures within 30 days from the end of each financial year (March):

19 · 3.1. Disclosures on ESG rating History and movement:

19 · 3.1.1. A Rating Summary Sheet presenting a snapshot of the rating actions carried out during the year shall be uploaded by the ERPs on their websites, in the format specified at Annexure 6 . The disclosure in the "Rating Distribution for outstanding ratings as on 31st March" section of Annexure 6 shall also include number of INC ratings outstanding in each category also, if applicable .

19 · 3.1.2. Details of new ESG ratings assigned during last year (Annexure 7)

19 · 3.1.3. Movement of ESG rating of all outstanding listed entities/ securities during the last year (Annexure 8),

19 · 3.1.4. The history of ESG rating of all outstanding listed entities/ securities (Annexure 9),

19 · 3.2. Disclosure of Average Rating Transition Rates

19 · 3.2.1. Regulation 28K of CRA Regulations requires an ERP to publish its average one -year ESG rating transition rate on its respective website, in a manner as may be specified by SEBI;

19 · 3.2.2. Transition studies are central to evaluating the performance of an ERP and provide an insight on the stability of ratings over a period of time. In order to promote transparency and to enable the market to best judge the performance of the ratings, the ERP should publish information about the historical average rating transition rates across various rating categories, so that investors can understand the historical performance of the ratings assigned by the ERPs.

19 · 3.2.3. ERPs shall publish their average one-year rating transition rate over a 3 -year period, on their respective websites, which shall be calculated as the weighted average of transitions for each rating category, across all static pools in the 3-year period.

19 · 3.2.4. The format of the disclosure of transition rates is enclosed as Annexure 10. For the said purpose, the following terms shall have the meaning as under:

19 · 3.2.5. ERPs shall also disclose two additional and separate rating transition matrices (limited to ESG ratings of entities or securities that are listed, or proposed to be listed, on a recognized stock exchange) using the following definition of static pool:

19 · 3.2.6. In the disclosure at para 19 . 3 . 2 . 5 (b) above, an ERP shall include an additional column to indicate the proportion of ratings that were withdrawn during the financial year.

19 · 3.3. Income: An ERP shall disclose:

19 · 3.3.1. An ERP shall disclose the general nature of its compensation arrangements with the issuers.

19 · 3.3.2. its total receipt from ESG rating services and non-ESG rating services,

19 · 3.3.3. issuer wise percentage share of non-ESG rating income of the ERP and its subsidiary to the total revenue of the ERP and its subsidiary from that issuer, and

19 · 3.3.4. names of the rated issuers who along with their associates contribute 10% or more of total revenue of the ERP and its subsidiaries.

20 · 1. An ERP shall make all the disclosures stipulated below on their websites and maintain the same at all times .

20 · 2. The rating history, Rating Rationales and Rating Reports, including those ratings which have been withdrawn, shall be available on the ERP's website.

20 · 3. Disclosures in case of delay in periodic review:

20 · 3.1. Regulation 28M of CRA Regulations prescribe that an ERP shall annually, or if required, more frequently, review each of the published ESG ratings, unless the ESG rating is withdrawn in accordance with these regulations.

20 · 3.2. Accordingly, each ERP shall promptly disclose on its website details of all such ratings where the review became due but was not completed by the due date. Details disclosed shall include the name of the company, security type (if applicable), date of last review, reasons for delay in periodic review, hyperlink to the last Rating Rationale etc.

20 · 4. Disclosure of guidelines for dealing with Conflict of Interest: The policies adopted by the ERPs for effective implementation of guidelines for dealing with Conflict of Interest for investment/ trading by ERPs, Access Persons and other employees, shall be disclosed on the ERPs' website.

20 · 5. Shareholding: An ERP shall disclose its shareholding pattern as prescribed by stock exchanges for a listed company under Regulation 31 of Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 .

20 · 6. Compliance with recommendations of the International Organization of Securities Commissions (IOSCO):

20 · 6.1. An ERP shall disclose the compliance status of:

20 · 6.1.1. Recommendations for ESG ratings products providers specified in IOSCO report FR09/21 dated November 2021.

20 · 6.1.2. Good practices for ESG rating providers specified in IOSCO call for action dated November 2022.

20 · 6.2. In case of any non-compliance with any provision of the above, the ERP shall disclose rationale for divergence from the IOSCO recommendations and good practices .

20 · 7. Disclosure of Rating Rationale on the website of Stock Exchange(s): 6

20 · 7.1. For ESG ratings of an issuer/ entity, the stock exchange where such issuer is listed shall prominently disclose the ESG rating on its website under a separate tab/ section on the listed company's page.

20 · 7.2. For ESG ratings of a debt security, the stock exchange where the security is listed shall prominently disclose the ESG rating on its website under a separate tab/ section on the listed security's page.

20 · 7.3. The format for disclosure of ESG ratings, as specified in Paras 20.7.1 and 20 . 7.2, shall be as under:

21 · 1. In order to facilitate enhanced transparency and usability of disclosures made by ERPs on their websites, the following is directed:

21 · 1.1. Disclosures required by ERPs on their websites under various SEBI circulars should be provided in excel / machine readable format.

21 · 1.2. An archive of all disclosures should be maintained by ERPs on their website, for at least 10 years. This also includes rating rationales by ERPs.

6 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

21 · 1.3. ERPs may add footnotes in the disclosures mandated by SEBI for purpose of better understanding of methodology of such disclosure by stakeholder's subject to methodology explained being in line with the SEBI Regulations and circulars issued thereunder.

22 · 1. The audit envisaged under Regulation 22S of the CRA Regulations shall include an internal audit to be undertaken in the following manner:

22 · 1.1. It shall be conducted on a yearly basis.

22 · 1.2. It shall be conducted by Chartered Accountants, Company Secretaries or Cost and Management Accountants who are in practice and who do not have any conflict of interest with the ERP .

22 · 1.3. It shall cover all aspects of ERP operations and procedures, including investor grievance redressal mechanism, compliance with the requirements stipulated in the SEBI Act, Rules and Regulations made thereunder, and guidelines issued by SEBI from time to time.

22 · 1.4. The report shall state the methodology adopted, deficiencies observed, and consideration of response of the management on the deficiencies.

22 · 1.5. The report shall include a summary of operations and of the audit, covering the size of operations, number of transactions audited and the number of instances where violations / deviations were observed while making observations on the compliance of any regulatory requirement.

22 · 1.6. The report shall comment on the adequacy of systems adopted by the ERP for compliance with the requirements of regulations and guidelines issued by SEBI and investor grievance redressal.

22 · 2. [Considering the challenges faced by Category II ERPs in the initial years of operation, the requirement to conduct internal audit shall become effective for Category II ERPs from April 29, 2027.] 7

23 · 1. Eligibility of Auditors for conducting the Internal Audit of the ERP:

7 · Circular No. SEBI/HO/DDHS/DDHS -PoD -

23 · 1.1. The audit firm shall have a minimum experience of three years in the financial sector.

23 · 1.2. The internal auditor of an ERP shall declare that:

23 · 1.2.1. The firm has not been employed by other ERPs for any other services (such as statutory audit, taxation, consultancy/ retainership etc.) in the past two years, and

23 · 1.2.2. The partners/ firm do not have any association with any other ERP .

23 · 1.3. The audit team must be composed of, at least, a Chartered Accountant (ACA/ FCA) [or a Cost Accountant (ACMA/ FCMA)] 8 and a Certified Information Systems Auditor/ Diploma in Information Systems Auditor/ [Diploma in Information System Security Auditor] 9 (CISA/ DISA/ DISSA).

23 · 2. Rotation of Internal Auditors: An auditor shall be appointed for a maximum term of five years, with a cooling-off period of two years.

23 · 3. Scope of the Internal Audit: The internal audit shall examine compliance of the ERP with CRA Regulations and this circular. Such examination shall include but not be limited to following checks:

23 · 3.1. Whether the ERP maintains the minimum net worth requirement under CRA Regulations.

23 · 3.2. Status of targets / projections submitted by the ERP to SEBI during its application for registration.

23 · 3.3. ERP and its employees, who are associated directly or indirectly with the rating business, have complied with the regulations and code of conduct.

23 · 3.4. ERP has defined processes for operations that have been followed during the rating exercise.

23 · 3.5. Policy in respect of non-cooperation by the issuer, if applicable, including procedures to be followed for the same, have been complied with.

23 · 3.6. Review of ratings has been carried out as per the review policy of the ERP .

8 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

9 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

23 · 3.7. Verify the rating disclosures made by the ERPs on their website.

23 · 3.8. Comment on the conflict of interest, if any .

23 · 3.9. The audit shall also cover adherence to the prescribed methodology for calculation of transition rates .

23 · 3.10. Compliance by ERP with the provisions of all the Circulars shall be verified during yearly Internal Audit.

23 · 4. Action on the Internal Audit Report:

23 · 4.1. The ERP shall receive the report of the internal audit within two months from the end of the year.

23 · 4.2. Upon receipt of the internal audit report, the Compliance Officer of the ERP shall provide detailed comments on each of the observations therein and place the same before the Board of the ERP .

23 · 4.3. The final action taken report, including the comments/ recommendations made by Compliance Officer and the Board of the ERP as well as the corrective steps taken by the ERP, shall be submitted to SEBI within 2 months from the date of receipt of the internal audit report or 1 month from the date of Board Meeting of the ERP, whichever is later, in the following format:

23 · 4.4. All ERPs shall report the following change(s) to SEBI while submitting the Action Taken Report:

23 · 4.4.1. Amalgamation, demerger, consolidation or any other kind of corporate restructuring falling within the scope of section 230 of the Companies Act, 2013 or the corresponding provision of any other law for the time being in force;

23 · 4.4.2. Change in Director, including managing director/ whole-time director;

23 · 4.4.3. Change in shareholding not resulting in change in control.

23 · 4.4.4. If there is no change during the relevant year, it shall be indicated in the report.

24 · 1. SEBI has been communicating with the registered market intermediaries inter-alia ERPs through circulars, letters, directions etc. In order to facilitate the issuance of digitally signed circulars, all registered ERPs are required to create a designated email ID for regulatory communications. This email ID shall be an exclusive email ID only for the above purpose and should not be a person centric email ID .

24 · 2. The Designated e-mail ID shall be communicated to SEBI by emailing a file in an excel format to intermediary@sebi.gov.in and erp@sebi.gov.in, as per the format prescribed below .

24 · 3. The name of the file and the subject of the email shall be in the following format: – " ESG Rating Provider – <name of the ERP> "

24 · 4. The file shall contain the following details:

25 · 1. For information of all investors who deal/ invest/ transact in the market, the information as provided below shall be prominently displayed in the offices of the ERPs:

26 · 1. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered ERP to perform the activities associated with services which the ERP offers.

26 · 2. The principles for outsourcing by ERPs have been framed (Annexure 11). These principles shall be followed by all ERPs registered with SEBI.

26 · 3. The SEBI registered ERPs desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions.

26 · 4. The SEBI registered ERPs shall be responsible for reporting of any suspicious transactions / reports to FIU or any other competent authority in respect of activities carried out by the third parties.

27 · 1. ERPs are presently governed by the provisions for avoidance of conflict of interest as mandated in the CRA Regulations read with relevant circulars issued from time to time by SEBI.

27 · 2. On the lines of Principle 8 of the International Organization of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, it has been decided to put in place comprehensive guidelines to collectively cover ERPs and their associated persons, for elimination of their conflict of interest, as detailed hereunder.

27 · 3. ERPs shall adhere to these guidelines for avoiding or dealing with or managing conflict of interest. They shall be responsible for educating their associated persons for compliance of these guidelines.

27 · 4. For the purpose of these guidelines "associated persons" have the same meaning as defined in Securities and Exchange Board of India Certification of Associated Persons in the Securities Markets) Regulations, 2007.

27 · 5. ERPs and their associated persons shall:

27 · 5.1. lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned;

27 · 5.2. at all times maintain high standards of integrity in the conduct of their business;

27 · 5.3. ensure fair treatment of their clients and not discriminate amongst them;

27 · 5.4. ensure that their personal interest does not, at any time conflict with their duty to their clients and client's interest always takes primacy in their advice, investment decisions and transactions;

27 · 5.5. make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services;

27 · 5.6. endeavor to reduce opportunities for conflict through prescriptive measures such as through information barriers to block or hinder the flow of information from one department/ unit to another, etc.;

27 · 5.7. place appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such issuer/security so as to avoid any conflict;

27 · 5.8. not deal in securities while in possession of material non published information

27 · 5.9. not to communicate the material non -published information while dealing in securities on behalf of others

27 · 5.10. not in any way contribute to manipulate the demand for or supply of securities in the market or to influence prices of securities;

27 · 5.11. not have an incentive structure that encourages sale of products not suiting the risk profile of their clients;

27 · 5.12. not share information received from clients or pertaining to them, obtained as a result of their dealings, for their personal interest;

27 · 6. The Board of ERPs shall put in place systems for implementation of these guidelines and provide necessary guidance enabling identification, elimination or management of conflict of interest situations. The Board of ERP shall review the compliance of this circular periodically.

27 · 7. These guidelines shall be in addition to the provisions, if any, contained in respective regulations/ circulars issued by SEBI from time to time regarding dealing with conflict of interest, in respect of such entities

28 · 1. The Market Data Advisory Committee (MDAC), a standing committee constituted by SEBI, comprising of representatives from stock exchanges, depositories and other market participants, examined the existing industry classification structures, across sectors, and developed a harmonised four level industry classification framework for adoption by all stakeholders and for all relevant processes/ purposes in Indian securities market.

28 · 2. As the standardized framework will help bring about uniformity in the classifications being used across sectors and in securities market, ERPs are advised to use this standardized industry classification published by recognized Stock Exchanges for the purpose of rating exercise, peer benchmarking, research activities including research for Economy, Industries and Companies etc.

28 · 3. Further, as the standardized industry classification will be reviewed and published by Stock Exchanges on periodical basis, in view of same, ERPs are directed to follow the standardized industry classification published by Stock Exchanges from time to time.

29 · 1. The following measures are mandated to strengthen the firewall between SEBIregistered ERPs and their non-ERP entities (i.e. associates or subsidiary or group entity of the ERP):

29 · 1.1. ERPs shall formulate a policy on separation or firewall practices with the non-ERP entities and document the same. Such policy, and revisions thereto, shall be ratified by the Board of Directors of the ERPs and the policy may cover inter -alia the following:

29 · 1.1.1. Nature and extent of sharing of infrastructure, officials/employees or resources, if any, between the ERP and the non-ERP entity, including specification on whether such arrangement is temporary.

29 · 1.1.2. Measures taken by ERP to ensure the independence of its ESG rating process in view of the above arrangement with the non-ERP entity.

29 · 1.1.3. Guidance to employees on sharing of information or resources, if any, between the ERP and the non -ERP entity in order to mitigate any potential or actual conflict of interest.

29 · 1.2. An ERP shall disclose on its website, details of any common director or Chief Executive Officer or Managing Director between the ERP and the nonERP entity. Such disclosure shall be updated by the ERP on the first working day of each month. The disclosure should include a reference to the date it was last updated by the ERP , along with a reference or hyperlink to archives of previous such disclosures.

29 · 1.3. The websites of SEBI -registered ERPs and their non-ERP entities shall be separate. An ERP's website may contain hyperlinks to the separate websites of the non -ERP entities .

10 · Circular No. SEBI/HO/DDHS/DDHS -PoD -3/P/CIR/2025/103 dated July 19, 2024

11 · Circular No. SEBI/HO/DDHS/DDHS -PoD -2/P/CIR/2025/59 dated April 29, 2025

1 · Purpose

2 · Scope of Clarifications pertaining to:

1 · 1 The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the ERP. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1 · 2 The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the ERP and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2 · 1 The ERP shall make an assessment of outsourcing risk which depends

2 · 2 While there shall not be any prohibition on a group entity / associate of the ERP to act as the third party, systems shall be put in place to have an arm's length distance between the ERP and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by the ERP while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2 · 3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the ERP and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the ERP .

2 · 4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall

3 · 1 The ERP shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided inhouse.

3 · 2 Outsourcing arrangements shall not affect the rights of an investor or client against the ERP in any manner. The ERP shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party.

3 · 3 The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered ERP. The ERP itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time.

3 · 4 Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the ERP .

4 · 1It is important that the ERP exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2 The due diligence undertaken by an ERP shall include assessment of:

5 · 1Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the ERP and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the ERP .

5 · 2 Care shall be taken to ensure that the outsourcing contract:

6 · 1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2 ERP shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; coordination of contingency plans at both the ERP and the third party; and contingency plans of the ERP in the event of non-performance by the third party.

6 · 3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the ERP to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the ERP's reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6 · 4 Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the ERP to confirm the adequacy of the third party's systems.

7 · 1ERP that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2 The ERP shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same.

7 · 3 In cases where the third party is providing similar services to multiple entities, the ERP shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

8 · 1 In instances, where the third party acts as an outsourcing agent for multiple intermediaries, it is the duty of the third party and the ERP to ensure that strong safeguards are put in place so that there is no comingling of information/documents, records and asset