SEBI Guidance
SEBI Digital Accessibility Circulars: A Practical Guide for Regulated Entities
A practical guide to SEBI digital accessibility circulars for regulated entities, covering readiness status, C3 audit reports, C4 remediation, and evidence.
What changed and why it matters
SEBI's circulars move digital accessibility from a design-quality topic into a regulated operating requirement. The July 31, 2025 circular created the core obligation. The August 29, 2025 circular extended timelines and updated reporting authorities. The September 25, 2025 circular defined the compliance formats. The December 8, 2025 clarification added the readiness status step and clarified investor complaint handling through SCORES.
For regulated entities, this means accessibility work needs ownership, evidence, and a report trail. A polished interface is not enough if keyboard users, screen reader users, low-vision users, or users relying on accessible documents cannot complete investor-facing tasks.
The timeline teams should plan around
The circulars create a sequence. Treat it as a compliance workflow, not as a one-time scan. Dates should still be checked against the latest SEBI publication before external submission.
- September 30, 2025: submit the investor-facing digital platform inventory in C1-style format.
- March 31, 2026: submit platform-wise readiness and compliance status as clarified on December 8, 2025.
- April 30, 2026: complete and submit the C3 initial accessibility audit report.
- July 31, 2026: complete remediation and submit the C4 final accessibility audit report or status.
- From April 30, 2027: submit annual accessibility audit compliance within 30 days of each financial year.
Reporting authority must be correct
A strong report can still be delayed if the submission route is wrong. The circulars identify different reporting authorities by regulated entity type.
- Stock brokers and depository participants report to the relevant stock exchanges or depositories.
- Investment advisers and research analysts report to BSE Ltd.
- MIIs and the remaining regulated entities report to SEBI, with the circulars referring to digital_acc@sebi.gov.in for SEBI submissions.
- Direct-to-SEBI categories include AIFs, clearing corporations, depositories, KRAs, merchant bankers, mutual funds and AMCs, portfolio managers, RTAs, stock exchanges, and other listed categories.
What readiness status should show
The December clarification asks for platform-wise readiness and compliance status for investor-facing digital platforms. The format focuses on the platform URL, whether the minimum accessibility level is AA as per latest WCAG guidelines, and remarks on readiness and compliance.
This should not be treated as a rough internal note. It is the point where platform ownership, known blockers, and accessibility status become visible to the reporting workflow.
- Website, mobile app, portal, PDF, form, disclosure, and authenticated journey inventory.
- AA-level accessibility status and known exceptions for each platform.
- Current blockers, remediation owner, and expected resolution path.
- Evidence location so C3 and C4 reporting can reuse the same audit trail.
What C3 and C4 reports need to prove
C3 is the initial audit report. It should identify the auditor, audit date, platforms covered, terms of reference, scope, key findings, observations, and remediation plan. For multiple digital platforms, the September circular expects consolidated reports.
C4 is the final or remediation-stage report. It should show final audit status, remediation measures, compliance status, and supporting evidence. The strongest C4 reports connect each closure item back to the original finding and show retest evidence.
- C3 needs scope, findings, evidence, severity, standards mapping, and remediation timelines.
- C4 needs final status, remediation measures, retest evidence, screenshots, URLs, certificates, or reports where applicable.
- Both reports should avoid broad compliance language that the actual audit scope does not support.
Where audit packages fit
A limited platform can start with an automation-led Starter audit when the scope is narrow and the buyer needs structured C3/C4-style reporting support. More complex products usually need deeper coverage because login journeys, role-based workflows, documents, mobile behavior, assistive technology checks, and multi-platform estates cannot be reduced to a simple scan.
The right scope is the one that matches reporting risk. If the submission depends on manual behavior, documents, authenticated journeys, or assistive technology output, those items need to be included in the audit scope from the beginning.
Common mistakes to avoid
Weak submissions usually fail because scope is unclear, evidence is thin, or remediation status is not traceable. A defensible report should be specific enough for compliance review and practical enough for delivery teams to act on.
- Listing only the public website and missing portals, apps, PDFs, forms, or authenticated investor journeys.
- Using a scan score without user impact, screenshots, selectors, severity, WCAG mapping, or remediation direction.
- Preparing C4 without retest evidence that links back to C3 findings.
- Using certification-style wording when the audit scope supports only a limited review.