NSE Issues New Guidelines to Ensure Safer Retail Participation in Algorithmic Trading

In a significant move to enhance the safety of retail investors in algorithmic trading, the National Stock Exchange (NSE) has issued a comprehensive circular outlining new implementation standards. These measures, aligned with SEBI’s February 2025 directive, aim to regulate access to API-based trading systems and create a more secure environment for tech-driven trading.

Why These Guidelines Matter

While algorithmic trading offers speed, precision, and automation, it also introduces risks—especially when accessed by individual retail traders without institutional-grade infrastructure or compliance awareness.

These new NSE norms are designed to:

• Enhance transparency

• Enforce security protocols

• Maintain auditability

• Protect market integrity from potential misuse

Key Highlights of the NSE Circular

A. API Access Control

• Static IPs are now mandatory for clients accessing trading APIs.

• Brokers may issue multiple API keys per client for various segments or strategies, with restricted usage rights.

• Static IPs can be updated only once a week (with exceptions).

• Family accounts may share IPs after proper validation.

• Daily API session logouts are now compulsory.

B. Unregistered Algo Usage

• Traders can use APIs without registering algos, provided they do not exceed 10 orders per second (OPS).

• Orders beyond the 10 OPS threshold require algo registration.

• All such unregistered algo orders will be tagged using generic identifiers for exchange-level monitoring.

C. Registered Client-Generated Algos

• Algos crossing the 10 OPS limit must be registered with the exchange.

• Exchanges will issue a unique Algo ID for tracking all related orders.

• Updates or strategy modifications must be re-registered and approved.

D. Broker-Generated Algos

• Brokers offering pre-built strategies must register them with the exchange.

• Any modification in logic or execution parameters will require re-approval.

E. Third-Party Algo Providers

• Providers must be empanelled and their algos registered with exchanges.

• Brokers must disclose all commercial or technical arrangements with these providers.

• Compliance responsibility lies solely with the broker.

F. OPS (Orders Per Second) Limit

• A hard cap of 10 OPS per exchange has been enforced.

• Brokers may define lower OPS thresholds per client based on risk appetite.

G. Algo Tagging & Audit Trail

• All algo orders—registered or unregistered—must carry unique tags.

• Brokers must maintain 5 years of trading logs to ensure traceability and audit compliance.

Security & Risk Management Protocols

All trading systems interacting via API must adhere to SEBI’s cybersecurity guidelines, including:

• Two-Factor Authentication (2FA)

• Mandatory password expiry and change protocols

• Prohibition of open APIs

• Access only from whitelisted static IP addresses

Importantly, brokers are fully accountable for all API-based trades executed under their infrastructure.

Additional Notes

• Direct Market Access (DMA) is not governed by these standards.

• Brokers may charge clients additional fees for API access and infrastructure.

• Exchanges retain the authority to disable rogue algos that pose a risk to market integrity.

Final Thoughts

With the rising adoption of algorithmic trading among retail investors, these regulatory safeguards are a welcome step toward fostering innovation without compromising safety. Whether you’re a retail trader, algorithm developer, or broker, staying informed and compliant with these standards is essential for building a resilient and trustworthy trading ecosystem.