Structured Digital Database (SDD) Certificate by PCS under SEBI

Structured Digital Database (SDD) Certificate by PCS under SEBI. The Structured Digital Database (SDD) is one of the most significant compliance need introduced under the SEBI (Prohibition of Insider Trading) Regulations, 2015 (“PIT Regulations”) with the intent behind mandating SDD is to curb insider trading by creating a permanent, tamper-proof digital trail of how Unpublished Price Sensitive Information (UPSI) originates, moves within an organisation, and is ultimately disclosed to the public. Over the years, enforcement actions by the SEBI  have clearly shown that failure to maintain a compliant SDD is treated as a standalone violation, even if no actual insider trading is established. 
As a result, SDD compliance certificate and quarterly SDD Compliance Certification, particularly by a Practicing Company Secretary (PCS), have become mandatory for listed entities, intermediaries, and fiduciaries.
The Four Pillars of PIT Regulations (SEBI)
Who is a Connected Person?
A Connected Person means any person who is or has, during the six months immediately preceding the relevant act, been associated with a company, whether directly or indirectly, in any capacity that reasonably permits access to Unpublished Price Sensitive Information (UPSI). Such association may arise, inter alia, from an employment relationship, directorship, or any contractual, fiduciary, professional, or business relationship with the company. The term also extends to persons who, by reason of frequent communication with the officers of the company or by holding any position, temporary or permanent, are expected to be in possession of or have access to UPS.
Who is a Deemed Connected Person ?
A Deemed Connected Person refers to certain categories of persons who are presumed to be connected with a company by virtue of their relationship or position, unless the contrary is proved. Such presumption arises irrespective of actual access to information, include:

Immediate relatives of connected persons

Holding, subsidiary, or associate companies

SEBI-registered intermediaries and their employees or directors

Asset management companies, trustees, and investment companies

Officials of stock exchanges, clearing corporations, or self-regulatory organisations

Directors or employees of public financial institutions

Bankers of the company

Firms, trusts, HUFs, companies, or associations where a director or his immediate relative has a material interest

What is Unpublished Price Sensitive Information (UPSI) ?
Unpublished Price Sensitive Information (UPSI) means any information, directly or indirectly relating to a company or its securities, which is not generally available and which, upon becoming generally available, is likely to materially affect the price of the securities.
Ordinarily, UPSI includes, but is not limited to, information concerning the company’s financial results, declaration of dividends, changes in capital structure, mergers, demergers, acquisitions, delisting, disposals, expansion of business, and changes in key managerial personnel.
For information to qualify as UPSI, two essential conditions must be satisfied simultaneously: first, there must be identifiable information; and second, such information must be of a nature that is capable of materially influencing the price of the securities.
Accordingly, every communication of UPSI, whether made internally within the organisation or externally to any person, attracts a mandatory obligation to record such sharing in the Structured Digital Database (SDD).
Who is a Designated Person
As per Regulation 9, Designated Persons include:

Employees designated based on functional role or access to UPSI

Employees of material subsidiaries with UPSI access

Promoters and promoter groups

Chief Executive Officer and employees up to two levels below CEO

Directors and officers irrespective of functional role

Support staff such as IT or secretarial staff who have access to UPSI

History of Structured Digital Database (SDD)
The concept of the Structured Digital Database (SDD) has evolved in a phased and progressive manner, reflecting SEBI’s increasing focus on strengthening insider trading surveillance and ensuring traceability of Unpublished Price Sensitive Information (UPSI).

1 April 2019 – Introduction of the concept of SDD

17 July 2020 – Regulatory amendments strengthening SDD requirements

29 April 2021 – SEBI FAQs clarifying practical aspects

5 August 2022 – Stock exchanges sought SDD compliance certificates

28 October 2022 – SOP and FAQs issued on SDD compliance

4 November 2022 – Circular on consequences of non-compliance

The foundation was laid on 1 April 2019, when SEBI formally introduced the requirement of maintaining a Structured Digital Database under the SEBI (Prohibition of Insider Trading) Regulations, 2015 and marked a significant shift from policy-based controls to a system-driven mechanism for tracking the flow of UPSI.
Subsequently, on 17 July 2020, SEBI amended the PIT Regulations to reinforce the SDD framework by prescribing stricter requirements such as maintenance of an audit trail, time-stamping of entries, and ensuring the non-tamperable nature of the database and amendments clarified that SDD must be an internal compliance system and not a mere record-keeping formality.
To address practical implementation issues, SEBI issued detailed FAQs on 29 April 2021, providing guidance on the scope of UPSI, responsibility for maintaining the SDD, manner of recording entries, and retention of records. 
Thereafter, on 5 August 2022, stock exchanges initiated active monitoring by calling upon listed entities to submit SDD compliance certificates, thereby operationalising quarterly verification of compliance rather than one-time implementation. This was followed by the issuance of a comprehensive Standard Operating Procedure (SOP) and additional FAQs on 28 October 2022, which standardised the format, timelines, and verification process for SDD compliance across stock exchanges.
Finally, on 4 November 2022, a circular was issued specifying the consequences of non-compliance, including public identification of non-compliant entities on stock exchange websites and exposure to monetary penalties under the SEBI Act, 1992 and effectively elevated SDD compliance to an important governance and disclosure obligation for all listed entities.
Restriction on Communication of UPSI
Regulation 3 of the SEBI (Prohibition of Insider Trading) Regulations, 2015 imposes strict prohibitions on the communication and procurement of Unpublished Price Sensitive Information (UPSI). It mandates that an insider shall not communicate, provide, or allow access to UPSI to any person, except where such communication is made in furtherance of a legitimate purpose, in the performance of duties, or in discharge of legal obligations.
Correspondingly, the Regulations also prohibit any person from procuring, or causing the communication of, UPSI from an insider, except for the same limited and legally permissible purposes. Any unauthorised exchange of UPSI, whether direct or indirect, is treated as a regulatory violation irrespective of whether trading has actually occurred.
In this context, the Structured Digital Database (SDD) functions as a critical evidentiary record, documenting the nature, purpose, timing, and recipients of UPSI communications, and thereby demonstrating that any such sharing was justified, authorised, and capable of regulatory scrutiny.
What Does a Structured Digital Database Contain?
A Structured Digital Database (SDD) is designed to comprehensively record the complete lifecycle of Unpublished Price Sensitive Information (UPSI). It captures the nature of the UPSI, along with the exact date and time at which such information is shared. The database identifies the person who has communicated the UPSI and the recipient of such information, including the recipient’s PAN or other unique identifier, thereby ensuring precise attribution.
In addition, the SDD records the purpose or reason for sharing the UPSI, whether for legitimate business requirements, performance of duties, or discharge of legal obligations. Through these records, the SDD enables continuous tracking of UPSI from its point of origination until it becomes generally available to the public, clearly establishing the chain of persons through whom the information has passed and ensuring transparency, accountability, and regulatory traceability.
Why SDD Is Mandatory
The primary purpose of mandating a Structured Digital Database (SDD) is to improve SEBI regulatory surveillance and enforcement in matters relating to misuse of Unpublished Price Sensitive Information (UPSI). In cases where SEBI suspects insider trading or improper dissemination of UPSI, the Surveillance Department of the Securities and Exchange Board of India may require the listed entity to produce its SDD for examination.
In such circumstances, the company is expected to demonstrate a clear, complete, and tamper-proof trail of how the UPSI originated, the manner in which it was shared, the persons involved at each stage, and the legitimate purpose for such sharing. Therefore the SDD certificate serves as the primary documentary evidence to establish compliance with SEBI Regulation 3 of the PIT Regulations.
Importantly, the non-maintenance of an SDD certificate, maintenance of an incomplete or defective SDD, or failure to produce the SDD when called upon, is treated as an independent violation under the PIT Regulations. Such lapses can trigger regulatory action even in the absence of proven insider trading.
Accordingly, the SDD is not a procedural formality but a defensive compliance mechanism, intended to protect listed entities and their officers by providing verifiable evidence of lawful and controlled handling of UPSI.
Mandatory Requirements of SDD
A Structured Digital Database (SDD) is required to be maintained in strict conformity with the SEBI (Prohibition of Insider Trading) Regulations, 2015 and the related circulars and FAQs issued thereunder. At a minimum, the SDD must comprehensively capture the nature of the Unpublished Price Sensitive Information (UPSI) that is shared and record the identity of the person communicating the UPSI and the person to whom it is communicated, including their Permanent Account Number (PAN) or other unique identifiers.
The database is required to be maintained internally by the listed entity and must not be outsourced or hosted on third-party or cloud-based platforms. Further, the SDD must be supported by robust internal controls, including system-driven date and time stamping of entries, a reliable audit trail that records every modification or access, and technological safeguards to ensure that the database is non-tamperable.
In addition, all records contained in the SDD are required to be preserved for a minimum period of eight years from the date of entry or until the completion of any regulatory or judicial proceedings, whichever is later and these requirements collectively allows the integrity, traceability, and evidentiary value of the SDD for regulatory scrutiny.
Audit Trail – Meaning and Importance in the Context of SDD
An audit trail refers to a systematic, step-by-step digital record that enables every entry, access, and modification to be traced back to its original source. In the context of a Structured Digital Database (SDD), an audit trail is a critical compliance feature that records when an entry relating to Unpublished Price Sensitive Information (UPSI) is created, accessed, or altered, along with the identity of the person responsible for such action.
The presence of a proper audit trail establishes the authenticity and integrity of SDD entries, allows that information has not been altered or manipulated after its initial recording, and prevents any post-facto modifications. During regulatory inspections or enforcement proceedings, audit trails significantly enhance the evidentiary value of the SDD by providing SEBI with a transparent and verifiable record of UPSI handling.
In the absence of a reliable audit trail, an SDD fails to meet the prescribed regulatory standards and is treated as non-compliant, exposing the listed entity and its officers to regulatory action and penalties under the SEBI Structure..
Who Is Responsible for Maintaining SDD?
Although Regulation 3(5) places responsibility on the Board of Directors, the Board may assign the task to:

The Compliance Officer, or

Any other designated person

Under Regulation 3(5) of the SEBI (Prohibition of Insider Trading) Regulations, 2015, the primary responsibility for ensuring the maintenance of a Structured Digital Database (SDD) rests with the Board of Directors of the listed entity. However, the Board is permitted to formally delegate the operational responsibility for maintaining the SDD to the Compliance Officer or to any other person(s) specifically designated for this purpose.
Once such responsibility is duly assigned, the obligation to ensure accurate, timely, and compliant maintenance of the SDD vests with the designated person(s). Any failure in maintaining the SDD in accordance with regulatory requirements may result in penal consequences not only for the company but also for the officers in default, in line with the enforcement provisions of the SEBI Act, 1992 and the PIT Regulations.
SDD Compliance Certificate and Purpose 
The SDD Compliance Certificate is a formal confirmation of compliance with the requirements relating to maintenance of the Structured Digital Database (SDD) under the SEBI (Prohibition of Insider Trading) Regulations, 2015. The certificate affirms that the entity has duly maintained an SDD in accordance with the prescribed regulatory framework and that all instances of sharing of Unpublished Price Sensitive Information (UPSI) during the relevant quarter have been appropriately recorded in the database.
It further confirms that the entity has implemented and maintained adequate internal controls, including access restrictions, time-stamping mechanisms, audit trails, and non-tampering safeguards, as mandated under the Regulations and SEBI circulars.
The SDD Compliance Certificate is required to be submitted on a quarterly basis to the stock exchanges and serves as an official affirmation of ongoing compliance, enabling exchanges and SEBI to monitor adherence to insider trading controls on a continuous basis.
Who Can Issue the SDD Compliance Certificate?
The certificate may be issued by:

The Compliance Officer of the listed entity, or

A Practicing Company Secretary (PCS)

Certification by a PCS carries higher assurance value due to independent professional verification.
Submission of SDD Compliance Certificate

BSE: Submitted through BSE Listing Centre → Compliance Module → SDD Compliance Certificate

NSE: Submitted through email to the designated NSE email ID

Consequences of Non-Compliance
As per the NSE circular dated 4 November 2022:

The company is displayed as “Non-Compliant with SDD” on the exchange website

Such status continues until compliance is verified

Under the SEBI Act, 1992:

Section 15A(b)

Minimum penalty: Rs.1 lakh

Continuing default: Rs.1 lakh per day

Maximum penalty: Rs.1 crore

Section 15HB

Minimum penalty: Rs.1 lakh

Importantly, penalties apply even without proof of insider trading.
Stage at Which UPSI Must Be Entered into SDD
Unpublished Price Sensitive Information (UPSI) is required to be recorded in the Structured Digital Database (SDD) at the time of its communication, and not retrospectively and obligation to make an entry arises immediately upon the sharing of UPSI, whether such sharing occurs internally or externally.
Accordingly, SDD entries are required in situations such as the sharing of financial information by the Chief Financial Officer with the Company Secretary for preparation of agenda notes, inter-departmental circulation of information for preparation or finalisation of financial statements, and any sequential dissemination of UPSI from insiders to other insiders or to external persons for legitimate purposes.
As a matter of sound compliance practice, entities are also expected to implement systems whereby automated email or electronic intimation is generated to the recipient at the time the UPSI is recorded in the SDD, further strengthening traceability and accountability.
SDD and SEBI Regulation 30 of LODR
While Regulation 30 deals with material event disclosures, SDD applies before public disclosure. Until information becomes generally available, material events often qualify as UPSI and must be recorded in the SDD.
The “Structured Digital Database” has transformed insider trading compliance into a technology-driven accountability system. For listed entities and intermediaries, maintaining a compliant SDD and obtaining a PCS-issued SDD Compliance Certificate is no longer optional but essential to avoid regulatory exposure.
How Compliance Calendar LLP Will Help in SDD Compliance
Compliance Calendar LLP provides end-to-end, compliance-driven support to listed companies, intermediaries, and fiduciaries for effective implementation and ongoing compliance of the Structured Digital Database (SDD) requirements under the SEBI (Prohibition of Insider Trading) Regulations, 2015. At the implementation stage, Compliance Calendar LLP assists in designing and structuring an SDD framework that is fully aligned with Regulation 3(5), SEBI FAQs, and stock exchange SOPs. This includes advising on the appropriate internal architecture of the SDD to ensure that it is maintained in-house, non-tamperable, supported by audit trails, time-stamping, access controls, and long-term record preservation in line with regulatory expectations.
From a governance and process perspective, the firm supports the Board of Directors and Compliance Officers in drafting and updating internal policies, SOPs, and delegation frameworks relating to UPSI identification, legitimate purpose determination, and responsibility allocation for SDD maintenance. Practical guidance is provided on identifying UPSI events, determining the correct stage of entry into the SDD, and ensuring consistency between SDD records and Regulation 30 disclosures.
On an ongoing basis, Compliance Calendar LLP undertakes quarterly verification and review of SDD entries, ensuring that all instances of UPSI sharing a internal and external, have been accurately captured with complete particulars, including names, PANs, timestamps, and purpose of sharing. The firm also assists in rectification of gaps, strengthening internal controls, and readiness for SEBI or stock exchange inspection.
Importantly, Compliance Calendar LLP offers issuance of the SDD Compliance Certificate through a Practicing Company Secretary (PCS), providing independent professional assurance to stock exchanges. The firm also handles end-to-end support for timely submission of SDD Compliance Certificates on BSE and NSE platforms, thereby mitigating the risk of non-compliance tagging and penal consequences.
Through its structured approach, regulatory expertise, and practical implementation support, Compliance Calendar LLP helps organisations not only meet SDD requirements but also build a defensible compliance framework that withstands regulatory scrutiny and reduces insider trading exposure.

The Structured Digital Database (SDD) is one of the most significant compliance need introduced under the SEBI (Prohibition of Insider Trading) Regulations, 2015 (“PIT Regulations”) with the intent behind mandating SDD is to curb insider trading by creating a permanent, tamper-proof digital trail of how Unpublished Price Sensitive Information (UPSI) originates, moves within an organisation, and is ultimately disclosed to the public. Over the years, enforcement actions by the SEBI have clearly shown that failure to maintain a compliant SDD is treated as a standalone violation, even if no actual insider trading is established.

As a result, SDD compliance certificate and quarterly SDD Compliance Certification, particularly by a Practicing Company Secretary (PCS), have become mandatory for listed entities, intermediaries, and fiduciaries.

The Four Pillars of PIT Regulations (SEBI)

Who is a Connected Person?

A Connected Person means any person who is or has, during the six months immediately preceding the relevant act, been associated with a company, whether directly or indirectly, in any capacity that reasonably permits access to Unpublished Price Sensitive Information (UPSI). Such association may arise, inter alia, from an employment relationship, directorship, or any contractual, fiduciary, professional, or business relationship with the company. The term also extends to persons who, by reason of frequent communication with the officers of the company or by holding any position, temporary or permanent, are expected to be in possession of or have access to UPS.

Who is a Deemed Connected Person ?

A Deemed Connected Person refers to certain categories of persons who are presumed to be connected with a company by virtue of their relationship or position, unless the contrary is proved. Such presumption arises irrespective of actual access to information, include:

Immediate relatives of connected persons
Holding, subsidiary, or associate companies
SEBI-registered intermediaries and their employees or directors
Asset management companies, trustees, and investment companies
Officials of stock exchanges, clearing corporations, or self-regulatory organisations
Directors or employees of public financial institutions
Bankers of the company
Firms, trusts, HUFs, companies, or associations where a director or his immediate relative has a material interest

What is Unpublished Price Sensitive Information (UPSI) ?

Unpublished Price Sensitive Information (UPSI) means any information, directly or indirectly relating to a company or its securities, which is not generally available and which, upon becoming generally available, is likely to materially affect the price of the securities.

Ordinarily, UPSI includes, but is not limited to, information concerning the company’s financial results, declaration of dividends, changes in capital structure, mergers, demergers, acquisitions, delisting, disposals, expansion of business, and changes in key managerial personnel.

For information to qualify as UPSI, two essential conditions must be satisfied simultaneously: first, there must be identifiable information; and second, such information must be of a nature that is capable of materially influencing the price of the securities.

Accordingly, every communication of UPSI, whether made internally within the organisation or externally to any person, attracts a mandatory obligation to record such sharing in the Structured Digital Database (SDD).

Who is a Designated Person

As per Regulation 9, Designated Persons include:

Employees designated based on functional role or access to UPSI
Employees of material subsidiaries with UPSI access
Promoters and promoter groups
Chief Executive Officer and employees up to two levels below CEO
Directors and officers irrespective of functional role
Support staff such as IT or secretarial staff who have access to UPSI

History of Structured Digital Database (SDD)

The concept of the Structured Digital Database (SDD) has evolved in a phased and progressive manner, reflecting SEBI’s increasing focus on strengthening insider trading surveillance and ensuring traceability of Unpublished Price Sensitive Information (UPSI).

1 April 2019 – Introduction of the concept of SDD
17 July 2020 – Regulatory amendments strengthening SDD requirements
29 April 2021 – SEBI FAQs clarifying practical aspects
5 August 2022 – Stock exchanges sought SDD compliance certificates
28 October 2022 – SOP and FAQs issued on SDD compliance
4 November 2022 – Circular on consequences of non-compliance

The foundation was laid on 1 April 2019, when SEBI formally introduced the requirement of maintaining a Structured Digital Database under the SEBI (Prohibition of Insider Trading) Regulations, 2015 and marked a significant shift from policy-based controls to a system-driven mechanism for tracking the flow of UPSI.

Subsequently, on 17 July 2020, SEBI amended the PIT Regulations to reinforce the SDD framework by prescribing stricter requirements such as maintenance of an audit trail, time-stamping of entries, and ensuring the non-tamperable nature of the database and amendments clarified that SDD must be an internal compliance system and not a mere record-keeping formality.

To address practical implementation issues, SEBI issued detailed FAQs on 29 April 2021, providing guidance on the scope of UPSI, responsibility for maintaining the SDD, manner of recording entries, and retention of records.

Thereafter, on 5 August 2022, stock exchanges initiated active monitoring by calling upon listed entities to submit SDD compliance certificates, thereby operationalising quarterly verification of compliance rather than one-time implementation. This was followed by the issuance of a comprehensive Standard Operating Procedure (SOP) and additional FAQs on 28 October 2022, which standardised the format, timelines, and verification process for SDD compliance across stock exchanges.

Finally, on 4 November 2022, a circular was issued specifying the consequences of non-compliance, including public identification of non-compliant entities on stock exchange websites and exposure to monetary penalties under the SEBI Act, 1992 and effectively elevated SDD compliance to an important governance and disclosure obligation for all listed entities.

Restriction on Communication of UPSI

Regulation 3 of the SEBI (Prohibition of Insider Trading) Regulations, 2015 imposes strict prohibitions on the communication and procurement of Unpublished Price Sensitive Information (UPSI). It mandates that an insider shall not communicate, provide, or allow access to UPSI to any person, except where such communication is made in furtherance of a legitimate purpose, in the performance of duties, or in discharge of legal obligations.

Correspondingly, the Regulations also prohibit any person from procuring, or causing the communication of, UPSI from an insider, except for the same limited and legally permissible purposes. Any unauthorised exchange of UPSI, whether direct or indirect, is treated as a regulatory violation irrespective of whether trading has actually occurred.

In this context, the Structured Digital Database (SDD) functions as a critical evidentiary record, documenting the nature, purpose, timing, and recipients of UPSI communications, and thereby demonstrating that any such sharing was justified, authorised, and capable of regulatory scrutiny.

What Does a Structured Digital Database Contain?

A Structured Digital Database (SDD) is designed to comprehensively record the complete lifecycle of Unpublished Price Sensitive Information (UPSI). It captures the nature of the UPSI, along with the exact date and time at which such information is shared. The database identifies the person who has communicated the UPSI and the recipient of such information, including the recipient’s PAN or other unique identifier, thereby ensuring precise attribution.

In addition, the SDD records the purpose or reason for sharing the UPSI, whether for legitimate business requirements, performance of duties, or discharge of legal obligations. Through these records, the SDD enables continuous tracking of UPSI from its point of origination until it becomes generally available to the public, clearly establishing the chain of persons through whom the information has passed and ensuring transparency, accountability, and regulatory traceability.

Why SDD Is Mandatory

The primary purpose of mandating a Structured Digital Database (SDD) is to improve SEBI regulatory surveillance and enforcement in matters relating to misuse of Unpublished Price Sensitive Information (UPSI). In cases where SEBI suspects insider trading or improper dissemination of UPSI, the Surveillance Department of the Securities and Exchange Board of India may require the listed entity to produce its SDD for examination.

In such circumstances, the company is expected to demonstrate a clear, complete, and tamper-proof trail of how the UPSI originated, the manner in which it was shared, the persons involved at each stage, and the legitimate purpose for such sharing. Therefore the SDD certificate serves as the primary documentary evidence to establish compliance with SEBI Regulation 3 of the PIT Regulations.

Importantly, the non-maintenance of an SDD certificate, maintenance of an incomplete or defective SDD, or failure to produce the SDD when called upon, is treated as an independent violation under the PIT Regulations. Such lapses can trigger regulatory action even in the absence of proven insider trading.

Accordingly, the SDD is not a procedural formality but a defensive compliance mechanism, intended to protect listed entities and their officers by providing verifiable evidence of lawful and controlled handling of UPSI.

Mandatory Requirements of SDD

A Structured Digital Database (SDD) is required to be maintained in strict conformity with the SEBI (Prohibition of Insider Trading) Regulations, 2015 and the related circulars and FAQs issued thereunder. At a minimum, the SDD must comprehensively capture the nature of the Unpublished Price Sensitive Information (UPSI) that is shared and record the identity of the person communicating the UPSI and the person to whom it is communicated, including their Permanent Account Number (PAN) or other unique identifiers.

The database is required to be maintained internally by the listed entity and must not be outsourced or hosted on third-party or cloud-based platforms. Further, the SDD must be supported by robust internal controls, including system-driven date and time stamping of entries, a reliable audit trail that records every modification or access, and technological safeguards to ensure that the database is non-tamperable.

In addition, all records contained in the SDD are required to be preserved for a minimum period of eight years from the date of entry or until the completion of any regulatory or judicial proceedings, whichever is later and these requirements collectively allows the integrity, traceability, and evidentiary value of the SDD for regulatory scrutiny.

Audit Trail – Meaning and Importance in the Context of SDD

An audit trail refers to a systematic, step-by-step digital record that enables every entry, access, and modification to be traced back to its original source. In the context of a Structured Digital Database (SDD), an audit trail is a critical compliance feature that records when an entry relating to Unpublished Price Sensitive Information (UPSI) is created, accessed, or altered, along with the identity of the person responsible for such action.

The presence of a proper audit trail establishes the authenticity and integrity of SDD entries, allows that information has not been altered or manipulated after its initial recording, and prevents any post-facto modifications. During regulatory inspections or enforcement proceedings, audit trails significantly enhance the evidentiary value of the SDD by providing SEBI with a transparent and verifiable record of UPSI handling.

In the absence of a reliable audit trail, an SDD fails to meet the prescribed regulatory standards and is treated as non-compliant, exposing the listed entity and its officers to regulatory action and penalties under the SEBI Structure..

Who Is Responsible for Maintaining SDD?

Although Regulation 3(5) places responsibility on the Board of Directors, the Board may assign the task to:

The Compliance Officer, or
Any other designated person

Once such responsibility is duly assigned, the obligation to ensure accurate, timely, and compliant maintenance of the SDD vests with the designated person(s). Any failure in maintaining the SDD in accordance with regulatory requirements may result in penal consequences not only for the company but also for the officers in default, in line with the enforcement provisions of the SEBI Act, 1992 and the PIT Regulations.

SDD Compliance Certificate and Purpose

The SDD Compliance Certificate is a formal confirmation of compliance with the requirements relating to maintenance of the Structured Digital Database (SDD) under the SEBI (Prohibition of Insider Trading) Regulations, 2015. The certificate affirms that the entity has duly maintained an SDD in accordance with the prescribed regulatory framework and that all instances of sharing of Unpublished Price Sensitive Information (UPSI) during the relevant quarter have been appropriately recorded in the database.

It further confirms that the entity has implemented and maintained adequate internal controls, including access restrictions, time-stamping mechanisms, audit trails, and non-tampering safeguards, as mandated under the Regulations and SEBI circulars.

The SDD Compliance Certificate is required to be submitted on a quarterly basis to the stock exchanges and serves as an official affirmation of ongoing compliance, enabling exchanges and SEBI to monitor adherence to insider trading controls on a continuous basis.

Who Can Issue the SDD Compliance Certificate?

The certificate may be issued by:

The Compliance Officer of the listed entity, or
A Practicing Company Secretary (PCS)

Certification by a PCS carries higher assurance value due to independent professional verification.

Submission of SDD Compliance Certificate

BSE: Submitted through BSE Listing Centre → Compliance Module → SDD Compliance Certificate
NSE: Submitted through email to the designated NSE email ID

Consequences of Non-Compliance

As per the NSE circular dated 4 November 2022:

The company is displayed as “Non-Compliant with SDD” on the exchange website
Such status continues until compliance is verified

Under the SEBI Act, 1992:

Section 15A(b)

Minimum penalty: Rs.1 lakh
Continuing default: Rs.1 lakh per day
Maximum penalty: Rs.1 crore

Section 15HB

Minimum penalty: Rs.1 lakh

Importantly, penalties apply even without proof of insider trading.

Stage at Which UPSI Must Be Entered into SDD

Unpublished Price Sensitive Information (UPSI) is required to be recorded in the Structured Digital Database (SDD) at the time of its communication, and not retrospectively and obligation to make an entry arises immediately upon the sharing of UPSI, whether such sharing occurs internally or externally.

Accordingly, SDD entries are required in situations such as the sharing of financial information by the Chief Financial Officer with the Company Secretary for preparation of agenda notes, inter-departmental circulation of information for preparation or finalisation of financial statements, and any sequential dissemination of UPSI from insiders to other insiders or to external persons for legitimate purposes.

As a matter of sound compliance practice, entities are also expected to implement systems whereby automated email or electronic intimation is generated to the recipient at the time the UPSI is recorded in the SDD, further strengthening traceability and accountability.

SDD and SEBI Regulation 30 of LODR

While Regulation 30 deals with material event disclosures, SDD applies before public disclosure. Until information becomes generally available, material events often qualify as UPSI and must be recorded in the SDD.

The “Structured Digital Database” has transformed insider trading compliance into a technology-driven accountability system. For listed entities and intermediaries, maintaining a compliant SDD and obtaining a PCS-issued SDD Compliance Certificate is no longer optional but essential to avoid regulatory exposure.

How Compliance Calendar LLP Will Help in SDD Compliance

Compliance Calendar LLP provides end-to-end, compliance-driven support to listed companies, intermediaries, and fiduciaries for effective implementation and ongoing compliance of the Structured Digital Database (SDD) requirements under the SEBI (Prohibition of Insider Trading) Regulations, 2015. At the implementation stage, Compliance Calendar LLP assists in designing and structuring an SDD framework that is fully aligned with Regulation 3(5), SEBI FAQs, and stock exchange SOPs. This includes advising on the appropriate internal architecture of the SDD to ensure that it is maintained in-house, non-tamperable, supported by audit trails, time-stamping, access controls, and long-term record preservation in line with regulatory expectations.

From a governance and process perspective, the firm supports the Board of Directors and Compliance Officers in drafting and updating internal policies, SOPs, and delegation frameworks relating to UPSI identification, legitimate purpose determination, and responsibility allocation for SDD maintenance. Practical guidance is provided on identifying UPSI events, determining the correct stage of entry into the SDD, and ensuring consistency between SDD records and Regulation 30 disclosures.

On an ongoing basis, Compliance Calendar LLP undertakes quarterly verification and review of SDD entries, ensuring that all instances of UPSI sharing a internal and external, have been accurately captured with complete particulars, including names, PANs, timestamps, and purpose of sharing. The firm also assists in rectification of gaps, strengthening internal controls, and readiness for SEBI or stock exchange inspection.

Importantly, Compliance Calendar LLP offers issuance of the SDD Compliance Certificate through a Practicing Company Secretary (PCS), providing independent professional assurance to stock exchanges. The firm also handles end-to-end support for timely submission of SDD Compliance Certificates on BSE and NSE platforms, thereby mitigating the risk of non-compliance tagging and penal consequences.

Through its structured approach, regulatory expertise, and practical implementation support, Compliance Calendar LLP helps organisations not only meet SDD requirements but also build a defensible compliance framework that withstands regulatory scrutiny and reduces insider trading exposure.