Glitch at NSDL Bares Cracks in India’s Market Machinery

The technical glitch at the National Securities Depository Limited on February 5 and subsequent disruption of critical settlement services spanning several days has exposed the operational frailty of a vital market infrastructure institution in the Indian securities markets. 

Amid uncorroborated news, NSDL issued a cryptic statement on February 6, admitting to facing an unspecified network issue causing a temporary delay in services and operations shifting to disaster recovery site. Further it extended the pay-in deadline for February 5 trades to 11.20 AM, and the pay-in was executed at 1.41 PM on February 7. Its market impact is evident from shortages for the equity T+1 settlement at NSE Clearing, jumping from 0.01% on February 3 to 0.08% on February 6. Likewise, securities shortfalls requiring auction surged from 348 symbols on February 5 to 725 on February 9, before declining to 316 on February 10 and 249 on February 11.

Fissures in Operations
NSDL is yet to disclose the underlying reason and corrective measures undertaken, leaving investors and intermediaries anxious about the reliability of depository services, exposing them to increased operational and financial risks. And this is certainly not the first time the investors have witnessed technical glitches affecting depository services.

The other depository, Central Depository Services India too has its share of technical glitches and service outages. On November 18, 2022, CDSL detected malware in internal machines, delaying settlement activities of the business day until November 20, 2022. Further, CDSL’s service disruption on May 21, 2024 and December 18, 2024 affected investors’ sell order transaction verification across brokers.

Business Continuity Risk
The SEBI’s March 2021 Business Continuity Plan and Disaster Recovery guidelines, revised in September 2024, set the framework ensuring high availability and resilient functioning of critical systems of MIIs. For a depository, the settlement process and the inter-depository transfer system constitute critical systems. These guidelines stipulate MIIs to declare a ‘disaster’ within 30 minutes of critical system disruption, restore operations within 45 minutes, and maintain a near site ensuring the recovery point objective of near‑zero data loss.

CSDs’ frequent service disruptions breach SEBI BCP/DR guidelines and contradict depositories’ self-assessment as a part of Principles for Financial Market Infrastructure qualitative disclosures, especially relating to operational risk and inter-linked system. Critically, PFMI principles require the MII to restore critical IT systems within two hours of disruption from a secondary site and complete settlement by the end of the day, even under extreme circumstances.

Preventive Measures Missing
While the resiliency of critical market platforms remains on the SEBI’s supervision radar, market confidence erodes due to minimal preventive regulatory interventions, leaving lapses and disruptions largely unchecked. A close review of post-facto enforcement actions presents a run-of-mill approach adopted by depositories and the regulator in the whole episode. After delayed root cause analysis and SEBI technical advisory committee review, adjudication imposes nominal penalties with assurances of improved practices, only to repeat the cycle, undermining the accountability and trust in resiliency of critical services.

Repeated regulatory actions on depositories, though seemingly symbolic, speak volumes about the lack of a holistic approach to address underlying issues. In December 2025, NSDL settled non-compliance issues, including a backdated outsourcing agreement with the IT services provider, by paying ₹155.7 million as settlement. Likewise, CDSL faced three SEBI penalties in recent times: ₹1 million for cybersecurity failure in November 2022, ₹5 million for delayed settlement pay-in in January 2024, and ₹30 million for technical glitches that occurred between 2021 and 2024.

Misplaced Priorities
Despite capacity scaling and technology upgrade, nearly three-decade-old IT systems of depositories built on prior-generation configurations remain vulnerable to breakdowns. These critical market platforms are turning more fragile, unable to adapt to frequent business and regulatory changes or sustain growing processing requirements. The evolving market ecosystem’s scale, speed and sophistication and interconnected complexities further expose their inability to keep pace with technological advancements.

Vanity initiatives diverting operational, technological and managerial resources strain the governance capacity and exacerbates the operational resilience of depositories. A rigid regulatory drive imposes a Hobson’s choice, often yielding outcomes of lesser significance for the broader market ecosystem. Outcomes of the T+0 settlement cycle, introduced in March 2024, reveals that it overstretches CSDs’ system capacity and processes, despite a miniscule trading interest and market volume.

Recently, SEBI has constituted a working group to formulate a short-term and long-term technology roadmap for MIIs, particularly focusing on the adoption of AI/ML, distributed ledger technology, cloud computing, SupTech and RegTech solutions, tokenisation, and quantum-safe systems.

A strong present sets the foundation for the future. If the foundation is shaky, innovation alone cannot secure resilient market operations and its stability. Importantly, the contours of the futuristic technology capabilities roadmap cannot be disconnected from the ground realities of MIIs’ legacy technology landscape. Augmenting the core of current critical systems is vital not only for sustaining resilient operations but also for fortifying strong foundations that enable futuristic innovations for anchoring future ready market platforms.