In 2024, a widely-used algo-trading platform Tradetron, gained popularity among retail traders and small investors. The platform offered easy API integration via brokers to automate trading strategies — a powerful offering for anyone seeking returns with minimal effort. But as usage grew, so did the regulatory concern.
In October 2024, regulators issued show-cause notices to over 120 stock brokers for their continued association with Tradetron. The issue: the platform allegedly offered strategies via APIs that promised assured returns — a red flag under SEBI’s rules.
Many brokers had earlier declared they’d severed ties, but regulatory findings suggested otherwise. This incident starkly illustrated the risks of unregulated API-based algo models and the need for exchange approval, proper certification, transparent communication, and compliance.
In response, and after years of consultation and market changes, SEBI issued a comprehensive directive on February 4, 2025. The circular laid down a firm, enforceable framework for safer participation in algo-trading by retail investors.
Today, algo-trading in India isn’t banned — but it is regulated. If you are an exchange member, broker, or algo-provider, you need to understand exactly what the new rules demand.
This post covers the framework, the responsibility of the stakeholders and the questions asked by the algo providers.
What the 2025 Framework Requires?
#1 – Exchange Approval & Unique Algo-ID
- Mandatory Approval: Every algorithmic strategy, whether built in-house or by a third-party vendor, must be submitted to a recognised stock exchange for approval before execution in a live environment. Brokers can no longer offer “plug-and-play” strategies that haven’t been vetted.
- Unique Algo-ID: Each approved strategy is assigned a unique Algo ID. Every order placed through that strategy must be tagged with this ID, creating a clear audit trail for regulators to track malfunctioning or manipulative algorithms. Brokers ensure only approved strategies and IDs are used.
#2 – Strict API & Connectivity Controls
One of the biggest shifts under the new framework: The end of “Open APIs”
- Static IPs mandatory: Brokers are required to ensure that all API-based trading for algos must originate from whitelisted, static (fixed) public IP addresses. Dynamic or rotating IPs are not acceptable.
- No open/unrestricted APIs: Previously, brokers provided “Open APIs” that allowed third-party vendors to connect freely. This has been discontinued. Brokers must now ensure that only vetted, authenticated algos can connect.
- API Key + Authentication: Each client or algo-provider must use unique API keys (or credentials). Two-Factor Authentication (2FA) is now mandatory for every API session login to prevent unauthorized automated access.
- Order & Connectivity Mapping: Every order must be traceable to Client → Algo-ID → Static IP → API Key/user, facilitating audit, compliance & tracing.
#3 – Algo Categorisation: White-Box vs Black-Box
SEBI has classified algorithms into two distinct categories:
- White Box (Execution Algos): Strategies where the logic is fully transparent and disclosed – It allows easy interpretation on how it was able to produce its output and draw its conclusions. The user (trader) will have access to the logic, decision making processes and underlying rules.
- Black Box (Non-disclosed Algos): Strategies where the logic is proprietary or hidden – This has lower transparency and interpretability. The user will not be able to view the internal workings and rationale of the Algo and how the output is generated.
Who Is Responsible?
The framework has clearly stated the responsibilities of the stakeholders i.e. brokers, algo providers and exchanges.
Brokers’ Responsibilities — Gatekeeper & Risk Manage
Brokers now have an elevated role in compliance:
- They must ensure that only exchange-approved algos (with valid Algo-IDs) are used by clients or vendors.
- Brokers must implement infrastructure and controls — API gateway restrictions, static-IP whitelisting, authentication, order logging, monitoring & kill-switch capability.
Algo-Providers’ Responsibilities — Build, Certify, Comply
Algo-providers must:
- Submit each strategy to an exchange for approval and obtain a unique Algo-ID before any live deployment.
- Maintain infrastructure compliant with static-IP and secure API connectivity.
- Ensure compliance documentation, version logs, and be ready for audits.
- If offering black-box strategies, undertake the required registration / empanelment for regulatory compliance.
Exchanges’ Responsibilities – Supervisory Role
- Exchanges are tasked with supervising algo trading, including testing algos, monitoring their behaviour, and maintaining the ability to halt trading if necessary.
- They establish criteria for empanelling algo providers and ensure brokers can distinguish between algo and non-algo orders.
Timelines — Compliance Deadlines
- Originally, the rules came into effect from 1 August 2025.
- Following industry feedback, SEBI extended the deadline — the compliant framework must now be in place by 1 October 2025.
- Exchanges (equity, derivatives, commodities) have since issued operational-modalities guidelines, and trading members (brokers, algo-platforms) are expected to implement systems accordingly.
FAQs — What Brokers & Algo-Providers Keep Asking
Q1 – Do Algo providers need to get registered with SEBI?
A: While the circular mentions that algo providers will not be regulated by SEBI, providing Black Box Algos will require a Research Analyst License from SEBI.
Any algo provider, providing the facility to place algo orders with Brokers through API, will require to be empaneled with Exchanges.
Q2 – Do individuals trading for themselves need to get registered as algo providers?
A: No, as per the SEBI circular and the Stock Exchanges, any “Tech Savvy retail investor” having less than 10 orders per second (10 OPS) does not need to get registered as an algo provider. Further, once the threshold is crossed, the individual will be required to register the algo with the trading member and his family including – self, spouse, dependent children and dependent parents, can trade using this registered algo.
Q3 – Can an individual use their own algo strategy for other investors as well?
A: No. If you develop your own algo and get it approved by the exchanges, it can be used only by you and your immediate family members (self, spouse, dependent children/parents). You cannot sell, rent, or distribute it to others.
Q4 – What happens if a broker continues to use unapproved algo or open APIs?
A: The broker will risk enforcement action, including show-cause notices, de-empanelment, regulatory sanctions — as seen in recent industry examples.
Conclusion — Compliance Is the New Competitive Advantage
SEBI’s 2025 algo-trading regime marks a shift from unregulated experimentation to a structured, transparent, and accountable environment. Brokers and algo-providers now share clear, non-negotiable compliance responsibilities: exchange approval, static-IP API connectivity, secure authentication, order-level audit trails, and vendor empanelment.
The “open-API era” for retail algo-trading is effectively over. But for firms that act fast, build compliant infrastructure, and partner with regulators and exchanges proactively — this change presents a real opportunity. Not just to continue offering algo services — but to build trusted, scalable, regulation-ready platforms that can stand the test of time.
The move by SEBI to formalize the 2025 framework can be seen as a direct reaction to industry-level violations — making compliance not a recommendation, but a requirement.
How can exisiting SEBI RAs sell white box Algos to clients?
Hi, can you pls share details of whether the RA is an individual or non-individual entity? Please send an email to kruti@cskruti.com