IBBI Information Utilities Regulations 2017 Complete Guide – Amended up to 02 June 2026

📋 IBBI Regulations • Amended up to June 2, 2026

IBBI (Information Utilities) Regulations, 2017 — Complete Guide [Amended upto 02-06-2026]

The definitive framework governing India's financial data infrastructure for insolvency proceedings — covering registration, shareholding, governance, core services, default authentication, disciplinary proceedings, and major 2026 amendments. Everything you need to know, in plain language.

8Chapters

42Regulations

₹50CrMin Net Worth

5 YrsRegistration Term

2026Latest Amendment

The Insolvency and Bankruptcy Board of India (Information Utilities) Regulations, 2017, notified vide IBBI/2016-17/GN/REG009 on March 31, 2017 (effective April 1, 2017), establish the complete legal framework for Information Utilities (IUs) in India — the critical digital infrastructure entities that store, authenticate, and disseminate financial information related to debts, defaults, and insolvency proceedings under the Insolvency and Bankruptcy Code, 2016 (IBC). These regulations have been amended multiple times since 2017 — with the most recent significant amendment being Notification No. IBBI/2026-27/GN/REG146 dated June 1, 2026 (effective June 2, 2026), which introduced the concept of "Information of Dispute," replaced static form-based references with circular-notified formats, expanded the scope of financial institutions covered, and restructured the authentication table.

💡 Regulations at a Glance

Regulation Name	IBBI (Information Utilities) Regulations, 2017
Notification No.	IBBI/2016-17/GN/REG009 dated March 31, 2017
Effective From	April 1, 2017
Amended Upto	June 2, 2026 (Notification IBBI/2026-27/GN/REG146 dated June 1, 2026)
Legal Authority	Sections 196, 209–216 read with Section 240 of IBC, 2016
Total Chapters	8 Chapters (Chapter I to VIII)
Total Regulations	42 Regulations
Applies To	All persons seeking registration as Information Utility + Registered IUs
Current IU in India	NeSL (National e-Governance Services Limited) — only registered IU

🔗 Official IBBI Sources You Should Bookmark

Primary Documents

When drafting opinions, board notes or internal SOPs, always cross-check these primary sources:

Consolidated IU Regulations (Amended upto 02‑06‑2026): The latest official PDF of the IBBI (Information Utilities) Regulations, 2017 available under “Regulations → Information Utilities” on ibbi.gov.in.
Notification No. IBBI/2026‑27/GN/REG146 dated 01‑06‑2026: IBBI (Information Utilities) (Amendment) Regulations, 2026, bringing in “Information of Dispute”, circular‑based formats, the unified table in Reg. 21 and expanded coverage for financial institutions, w.e.f. 02‑06‑2026.
IBBI Press Release PR/2026/12 (4 June 2026): Plain‑language explanation of how the amendment aligns IU Regulations with the IBC (Amendment) Act, 2026 – especially the treatment of records of default from financial institutions and the new “Information of Dispute” output.
Technical Standards Guidelines & Discussion Papers: IBBI guidelines on Technical Standards for core and other services, and related discussion papers, which flesh out practical aspects such as user authentication, evidence of default and e‑mail tracking.

🏦 What is an Information Utility (IU)? — The Basics

An Information Utility (IU) is a digital infrastructure company — registered with IBBI — that functions as a central repository for financial information relating to debts, defaults, and insolvency proceedings in India. Think of it as a credit registry specifically for insolvency — it stores information that creditors, debtors, and insolvency professionals need when a company or individual faces financial distress.

⚠️ Before IUs Existed (Pre-2017 Problem)

When a creditor filed for insolvency under IBC, they had to manually gather proof of debt and default from scattered records — bank statements, loan agreements, court orders — creating massive delays. Debtors could dispute defaults with impunity since there was no authoritative record. The CIRP process was slow and document-heavy.

✅ With IUs (Post-2017 Solution)

IUs provide a pre-authenticated, digitally signed Record of Default that creditors can directly attach to their insolvency application before the NCLT. The authentication process is completed at the IU — dramatically reducing disputes and delays at the NCLT stage. Financial information is stored, authenticated, and made accessible in a standardised format.

📌 Key IBC Cross-Reference — Section 3(13): "Financial Information"

Under IBC Section 3(13), "financial information" includes: (a) records of debt and default; (b) records of security interest; (c) the liabilities of individuals; (d) assets of individuals; and (e) such other information as the Board may specify. All five categories can be stored with and authenticated by an IU under these Regulations.

📋 Chapter Index

Chapter I (Reg. 1–2)

Preliminary — Definitions

Chapter II (Reg. 3–7)

Registration of IUs

Chapter III (Reg. 8–12)

Shareholding & Governance

Chapter IV (Reg. 13–16)

Technical Standards & Bye-laws

Chapter V (Reg. 17–27)

Core Services

Chapter VI (Reg. 28–37)

Duties of IUs

Chapter VII (Reg. 38)

Services to IPs

Chapter VIII (Reg. 39–42)

Surrender / Cancellation

Chapter I — Regulations 1 & 2

📖 Preliminary — Key Definitions

Chapter I establishes the foundational definitions that run through the entire regulatory framework. Understanding these definitions is essential for reading any other regulation correctly.

Term	Definition / Meaning	Source
Application Programming Interface (API)	A mechanism that allows a system or service to access data or functionality provided by another system or service	Reg. 2(1)(a)
Board	The Insolvency and Bankruptcy Board of India established under Section 188 of IBC	Reg. 2(1)(aa) — inserted 2018
Certificate of Registration	Certificate granted or renewed by IBBI under Section 210 read with these Regulations	Reg. 2(1)(b)
Code	IBC, 2016 (including all rules, regulations, guidelines, and directions issued thereunder)	Reg. 2(1)(c)
Control	As defined in Section 2(27) of Companies Act, 2013	Reg. 2(1)(d)
Financial Information	Any public announcement made under the Code for purposes of Section 3(13)(f) — inserted Nov 2020	Reg. 2(1)(da)
Governing Board	Board of Directors (as per Companies Act, 2013, Section 2(10)) of the company registered as an IU	Reg. 2(1)(e)
Host Bank	The financial institution hosting the repayment account	Reg. 2(1)(f)
Information	Financial information as defined in Section 3(13) of IBC	Reg. 2(1)(h)
Record of Default	Status of authentication of default issued in such format as notified by IBBI through circular — amended June 2026 (earlier: "Form D of the Schedule")	Reg. 2(1)(la) — amended Jun 2026
Information of Dispute ★ NEW 2026	Status of authentication of default (when debtor disputes) issued in such format as notified by IBBI through circular — entirely new definition inserted June 2026	Reg. 2(1)(lb) — inserted Jun 2026
Repayment Account	Bank account to which a debtor is obliged to repay its debt, as recorded in an IU	Reg. 2(1)(m)
Secure Systems	As defined in Section 2(1)(ze) of the Information Technology Act, 2000	Reg. 2(1)(o)
Technical Standards	Standards laid down by IBBI through guidelines issued under Regulation 13	Reg. 2(1)(r)
User	A person who avails of the services of an information utility	Reg. 2(1)(s)

⚠️ 2026 Amendment — "Schedule" Definition Omitted

Clause (p) which defined "Schedule" as the schedule attached to the Regulations was omitted by June 2026 amendment. The entire physical Schedule (Forms A, B, C, D) has been replaced by a flexible circular-based format regime — giving IBBI operational flexibility to update forms without amending the Regulations. An Explanation was also inserted in Reg. 2(2) clarifying that "debtor" includes "corporate debtor" for all purposes of these Regulations.

Chapter II — Regulations 3 to 7

📋 Registration of Information Utilities

Regulation 3 — Eligibility for Registration

Only a public company is eligible for registration as an IU. In addition, the company must satisfy ALL of the following conditions:

Sole object: Its sole purpose must be to provide core services and other services under these Regulations
Shareholding compliance: Shareholding and governance must comply with Chapter III
Bye-laws compliance: Its bye-laws must be in accordance with Chapter IV
Minimum net worth: Must have a minimum net worth of ₹50 crore at all times
Fit and Proper: The IU itself, its promoters, directors, KMPs, and persons holding more than 5% of equity/voting power must all be fit and proper persons

📌 "Fit and Proper" — What Does It Mean?

IBBI evaluates fit and proper status based on: (i) integrity, reputation and character; (ii) absence of conviction — note: conviction for less than 6 months is NOT disqualifying; conviction for 6 months to 7 years disqualifies for 5 years after sentence expiry; conviction for 7+ years is a permanent disqualifier; (iii) absence of any in-force restraint order from a financial sector regulator or Adjudicating Authority; and (iv) financial solvency.

Regulation 4 — Application for Registration / Renewal

Parameter	Detail
Application Mode	In such format as notified by IBBI through circular (earlier: Form A of Schedule — omitted June 2026)
Application Fee	₹10 lakh (non-refundable) — revised from ₹5 lakh in Sept 2022
Renewal Timing	At least 6 months before expiry of existing registration
Renewal Fee	₹10 lakh (non-refundable)
Acknowledgement	IBBI to acknowledge receipt within 7 days

Regulation 5 — Disposal of Application (Timeline)

Registration Application Process Flow

Application Filed

→

7 Days: IBBI Acknowledges

→

IBBI Examines; May Request Clarification

Satisfied → Grant Certificate (within 60 days)

Prima Facie Against → 45 Days: Communicate Reasons

Applicant: 15 Days to Respond

→

Accept + Issue Certificate

Reject + Reasons (within 30 days)

Key Point: The 60-day / 45-day timelines exclude time given to the applicant for removing deficiencies, submitting additional documents, or appearing in person. If renewal is rejected, the IU must discharge pending obligations and continue functions until users can transfer information.

Regulation 6 — Conditions of Registration

Validity: Certificate of registration valid for 5 years from date of issue
Registration Fee: Pay ₹1 crore to IBBI within 15 days of receipt of registration/renewal intimation (revised from ₹50 lakh in Sept 2022)
Annual Fee: 10% of turnover from IU services in preceding financial year — payable by April 30 each year. Illustration: ₹75 crore turnover in FY 2022-23 → ₹7.50 crore fee due by April 30, 2023. Late payment attracts 12% per annum simple interest
Prior IBBI approval required for: Acquisition of >5% shares/voting power by any person; change of control; merger/amalgamation/restructuring; sale/disposal of substantially the whole undertaking; voluntary liquidation or dissolution
Intimation obligation: Notify IBBI within 15 days if any person holding >5% equity/voting falls below that threshold
Grievance redressal: Must take adequate steps for redressal of user grievances
Direction compliance: Must take over information from other IUs and provide core services to their users on IBBI direction

Regulation 7 — In-Principle Approval

Any person seeking to establish an IU may first apply for in-principle approval — before the company is fully formed
Application fee: ₹5 lakh (non-refundable)
IBBI checks (a) fit and proper status of applicant and (b) ability of proposed company to meet eligibility criteria under Reg. 3
In-principle approval valid for up to 1 year subject to conditions
During validity, the proposed company may apply for registration certificate without paying the separate application fee

Chapter III — Regulations 8 to 12

👥 Shareholding and Governance

Regulation 8 — Shareholding Limits

Shareholder Category	Maximum Permitted Holding
Any person (individual/entity) — General Rule	10% of paid-up equity / total voting power (directly or indirectly, including concert parties)
Privileged Entities (Government companies, Stock Exchanges, Depositories, Banks, Insurance Companies, Public Financial Institutions)	Up to 25% (directly or indirectly, including concert parties)
Any person — Special Transition (within 3 years of registration, if registered before Sep 30, 2018)	Up to 51%
Listed Indian Company OR Indian company with no single person >10% — Transition (within 3 years, if registered before Sep 30, 2018)	Up to 100%
Central / State Government	Exempt — no cap applies

Regulation 9 — Composition of the Governing Board

Governing Board comprises: (a) Managing Director; (b) Independent Directors; and (c) Shareholder Directors
Citizenship requirement: More than half of directors must be citizens of India and residents in India
Balance requirement: Number of independent directors must be not less than the number of shareholder directors (i.e., at least 50%)
Quorum: No board meeting shall be held without the presence of at least one independent director
Chairperson: Directors must elect an independent director as Chairperson of the Governing Board
Managing Director: Not counted as independent director OR shareholder director for composition purposes
Employee Directors: Any employee (other than MD) appointed as director is deemed a shareholder director
Conflict disclosure: Directors with any interest (direct/indirect, pecuniary/otherwise) in any matter must disclose at the meeting and must NOT participate in deliberation or decision

Regulation 9 — Independent Director Criteria

An independent director must be an individual who is all of the following:

A person of ability and integrity
Has expertise in finance, law, management, or insolvency
Not a relative of the directors of the Governing Board
No pecuniary relationship with the IU, its directors, or shareholders holding >10% of share capital — during the immediately preceding two financial years or current financial year
Not a shareholder of the IU
Not a member of the Board of Directors of any shareholder holding >10% of the IU's share capital

Regulation 9 — Independent Director Tenure and Nomination

Nomination: Independent directors must be nominated by IBBI from a list of names proposed by the IU
Maximum tenure: Two terms of 3 years each (or part thereof), or up to age of 75 years, whichever is earlier
Second term condition: Subject to satisfactory performance review of first term by Governing Board
Cooling-off period: 3 years before an independent director can become a shareholder director in the same or another IU

Regulation 9A — Managing Director

Selection process: Must be through open advertisement in all editions of at least one national daily newspaper
Age at joining: Must not be above 55 years at time of joining (Governing Board may relax up to 60 years with recorded reasons)
Maximum age in office: Cannot serve after attaining 65 years
Tenure: Not less than 3 years and not exceeding 5 years
Maximum terms: Two terms; second term appointment must be conducted afresh through a new selection process
Remuneration: Approved by compensation committee constituted by Governing Board
IBBI approval required: For appointment, renewal of appointment, and termination of service of MD
Removal: Governing Board may remove MD (with IBBI prior approval) for failure to follow directions, misconduct, or incapacity. IBBI may suo motu remove MD in public interest after hearing.

Regulation 10 — Regulatory Committee

IU may (not mandatory) constitute a Regulatory Committee from amongst independent directors
If constituted, it shall oversee the IU's compliance with the Code
The compliance officer shall report to the Regulatory Committee (if constituted)

Regulation 11 — Compliance Officer

Every IU must designate or appoint a Compliance Officer
Responsible for ensuring compliance with all IBC provisions applicable to the IU
Must immediately and independently report to IBBI any non-compliance observed — without waiting for board approval
Must submit an annual compliance certificate to IBBI — verifying compliance with Code requirements and redressal of customer grievances
Appointment/removal of compliance officer only by board resolution at a board meeting

Regulation 12 — Grievance Redressal Policy

Every IU must have a formal Grievance Redressal Policy (for users and other persons as determined by the Governing Board) which must provide for all of the following:

Constitution of a Grievance Redressal Committee
Functions of the Grievance Redressal Committee
Format and manner for filing grievances
Maximum time for acknowledging receipt of a grievance
Maximum time for disposal (dismissal, resolution, or initiation of mediation)
Details of the mediation mechanism
Provision of grievance proceedings report to parties upon dismissal or resolution
Action against malicious or false complaints
Maintenance of a register of grievances and resolutions
Public disclosure of receipt and disposal of grievances in the manner directed by IBBI
Periodic reporting to the Governing Board
Periodic review of the Grievance Redressal Mechanism by the Governing Board

Chapter IV — Regulations 13 to 16

⚙️ Technical Standards and Bye-laws

Regulation 13 — Technical Standards

IBBI may lay down Technical Standards through guidelines for performance of core and other services. The standards may cover all or any of:

API Standards

Standard Terms of Service

User Registration

Unique Identifiers

Information Submission

Identity Verification

Authentication & Verification

Data Integrity

Consent Framework (Third-Party Access)

System & Information Security

Risk Management Framework

Porting & Interoperability

Preservation of Information

Purging of Information

Regulation 14 — Technical Committee

IBBI lays down Technical Standards based on recommendations of a Technical Committee constituted by it
Committee comprises at least 3 members with special knowledge in law, finance, economics, IT, or data management
IBBI may invite CEOs/MDs of IUs to attend Technical Committee meetings

Regulation 15 — Bye-laws of Information Utilities

Every IU must have bye-laws for conduct of operations — consistent with the Code and Technical Standards. Bye-laws must mandatorily provide for:

Manner and process of providing core services and other services
Risk management
Minimum service quality standards including timelines for: (i) registration of users; (ii) issuance of Record of Default; (iii) issuance of annual statement to registered users; and (iv) issuance of Information of Dispute — [NEW — inserted June 2026]
Adoption of quality standards and quality standards certifications
Rights of users
Grievance redressal
Bye-laws must be published on the IU's website

Regulation 16 — Amendment to Bye-laws

Bye-laws can be amended by Governing Board resolution passed by votes in favour being not less than 3 times the votes cast against
Resolution must be filed with IBBI within 7 days for approval
Amendment becomes effective on the 7th day of IBBI's approval (unless otherwise directed)
Printed copy of amended bye-laws to be filed with IBBI within 15 days of amendment becoming effective
IBBI may direct an IU to amend any bye-law provision

Chapter V — Regulations 17 to 27

🔑 Core Services — The Heart of IU Operations

Chapter V is the operational heart of the Regulations — it governs everything from user registration to authentication of defaults. This is where the most significant June 2026 amendments are concentrated.

Regulation 17 — Provision of Services

IU shall provide core services (defined in Section 3(9) of IBC — accepting, storing, authenticating financial information) and other services under these Regulations
IU may provide services incidental to the above with IBBI permission
All services must comply with applicable Technical Standards

Regulation 18 — Registration of Users

Any person must register with an IU to submit information to or access information stored with any IU
IU verifies identity and grants registration; provides a unique identifier to each registered user
Register only once: A person registered with one IU shall not register with any other IU — unique identification across the ecosystem
IU must provide registered user a functionality to authorise representatives to act on their behalf
IU must maintain list of registered users, unique identifiers, and unique identifiers assigned to debts — and make this list available to all other IUs and IBBI

Regulation 19 — Use of Different Information Utilities

A registered user may submit information to any IU
Different parties to the same transaction may use different IUs — creditor A can submit to IU X while debtor B submits to IU Y for the same debt
A user may access information stored with any IU through any other IU

Regulation 20 — Acceptance and Receipt of Information

IU shall accept information in such format as notified by IBBI through circular — amended June 2026 (was "Form C of the Schedule")
Pre-filing obligation [inserted June 2022]: Before filing an application to initiate CIRP under Section 7 or 9, the creditor must first file information of default with an IU — and the IU shall process it for issuing Record of Default
On receipt, IU shall: (a) assign unique identifier; (b) acknowledge receipt and notify the user of unique identifier, authentication terms and conditions, and access manner

Regulation 21 — Authentication of Default ★ MOST AMENDED in 2026

This is the most critically important — and most heavily amended — provision in the entire Regulations. It governs the process by which defaults are authenticated and Records of Default or Information of Dispute are issued.

⚠️ Major 2026 Change — Unified Table + New "Information of Dispute" Category

The June 2026 amendment replaced the earlier two-table system (Table 1 for all creditors and Table 2 for banks in RBI's Second Schedule) with a single unified authentication table for all creditors. The earlier “deemed to be authenticated / yellow” status has been folded into a consolidated Authenticated outcome, and all colour code references are removed. A new informational output — “Information of Dispute” — is formally created as a distinct document alongside the Record of Default, with a separate proviso giving special treatment to financial institutions as defined in section 3(14) of the Code for partial disputes.

Authentication Process Step-by-Step:

Creditor Files Information of Default with IU

→

IU Delivers to Debtor (within 7 days)

Debtor Doesn't Respond → 3 Reminders (7 days each)

→

AUTHENTICATED → Record of Default Issued

Debtor Confirms Default → AUTHENTICATED → Record of Default

Debtor Disputes → DISPUTED → Information of Dispute Issued

Regulation 21 — Authentication Table (as amended June 2, 2026):

S.No.	Response of the Debtor	Authentication Status	Nature of Record Issued
1	(a) Debtor confirms the information of default, OR (b) Debtor does not respond even after three reminders	Authenticated	Record of Default
2	Debtor disputes the information of default	Disputed	Information of Dispute

⚠️ Special Rule for Financial Institutions (Reg. 21, Proviso)

For financial institutions as defined in Section 3(14) of IBC (the June 2026 amendment expanded coverage from "banks in RBI's second schedule" to the broader "financial institutions" category): when a debtor disputes only a part of the default amount, or disputes only non-financial information — the IU shall record the status as 'Authenticated' in respect of the undisputed default amount and issue an Information of Dispute only for the disputed portion.

Regulation 21A — Verification Before Issuance of Record of Default / Information of Dispute ★ AMENDED June 2026

Before issuing Record of Default, IU must verify: (a) e-mail address of debtor; (b) document showing proof of debt; (c) latest acknowledgment of debt by the debtor; and (d) proof of default
[New — 2024 amendment, extended June 2026]: If debtor disputes any default amount, debtor must upload reasons and evidence for dispute
For financial institutions (amended June 2026 from "banks in RBI's second schedule"): IU shall issue Information of Dispute for the amount for which dispute evidence has been received and verified; issue Record of Default (Authenticated) for the balance undisputed amount

Regulation 21B — Dissemination of Public Announcement

IU must disseminate every public announcement it receives (or has access to) to its registered users who are creditors of the corporate debtor undergoing insolvency proceedings — on the date of its receipt or access
This enables creditors to be immediately aware of CIRP commencement, liquidation orders, and other public announcements that affect their interests

Regulation 22 — Storage of Information

All information stored by an IU must be in a facility located in India
The facility must be governed by the laws of India
No data localisation exemptions — all data stays in India

Regulation 23 — Access to Information

Access to information stored with an IU is restricted to specifically permitted persons only:

The user who submitted the information
All parties to the debt and the host bank (for debt/security/default information under S.3(13)(a)(c)(d))
The corporate person and its auditor (for information under S.3(13)(b)(e))
The Insolvency Professional — to the extent provided in the Code
The Adjudicating Authority (NCLT/DRT)
IBBI
Any person authorised to access under any other law
Any person the above persons have consented to share information with

Important: Information provided to the Adjudicating Authority and IBBI is free of charge. For all information accessed, the IU must display: date last updated, status of authentication, and status of verification.

Regulation 24 — Accessing Information from Other IUs

An IU must provide a functionality to enable users to access information stored with any IU (not just the one they registered with)
This enables cross-IU interoperability — a user registered with IU X can access information submitted to IU Y
The functionality must ensure privacy and confidentiality

Regulation 25 — Annual Statement

Every IU must provide every user an annual statement of all information pertaining to that user — completely free of charge
IU must provide a functionality for the user to mark information as erroneous and correct it

Regulation 26 — Porting Information from Registries

An IU may import information from registries notified by IBBI (e.g., MCA21, CERSAI)
For imported information, the IU must provide core services including authentication and verification as per these Regulations

Regulation 27 — Duties of the User

Monthly update obligation: Users who have submitted information must submit updated information as on the last day of every month — in the first week of the following month
Default update — urgent: Information of default must be updated within 7 days of occurrence of default
User must expeditiously correct erroneous information as soon as found, with reasons

Chapter VI — Regulations 28 to 37

⚖️ Duties of Information Utilities

Regulation 28 — General Duties

IU must provide services with due and reasonable care, skill, and diligence
IU holds information as a custodian — not as the owner of the data

Regulation 29 — Non-Discrimination

IU must provide services without discrimination of any kind
Specifically cannot deny services based on: (a) place of residence or business; or (b) type of personality (natural or artificial person)

Regulation 30 — Other Duties (What IU Must Do / Must Not Do)

✅ Must Do

Provide services based on user's explicit consent
Guarantee protection of user rights
Establish procedures to protect records against loss or destruction
Adopt secure systems for information flows
Protect data processing systems against unauthorised access, alteration, destruction, disclosure, or dissemination
Transfer all user information to another IU on the user's request

❌ Must NOT Do

Outsource provision of core services to a third-party service provider
Use stored information for any purpose other than providing services under these Regulations — without IBBI prior approval
Seek data or details of users beyond what is required for the provision of services

Regulation 31 — Insurance

IU must make adequate arrangements — including insurance — for indemnifying users for losses caused by wrongful act, negligence, or default of the IU, its employees, or any other person whose services are used

Regulation 32 — Fee Structure

Uniform fee: Same fee for the same service to different users — no discriminatory pricing
Disclosure: Fee structure must be published on the IU's website
Advance notice: Any proposed fee increase must be disclosed on the website at least 3 months before the increase takes effect
Proportionality: Fees must be a reasonable reflection of the service provided
Access fee cap: Fee for providing access to information must NOT exceed the fee charged for submission of information

Regulation 33 — Risk Management

IU must establish an appropriate Risk Management Framework as per Technical Standards, covering:
Reliable, recoverable, and secure systems
Provision of core services during disasters and emergencies
Business Continuity Plans — including disaster recovery sites

Regulation 34 — IT Framework Audit

IU must appoint an external auditor to audit its IT framework, interface, and data processing systems every year
Auditor submits report to Governing Board
IU must submit the report (with Governing Board comments) to IBBI within 1 month of receiving it from the external auditor

Regulation 35 — Preservation Policy

IU must have a Preservation Policy specifying the form, manner, and duration of preservation of: (a) information stored with it; and (b) details of transactions with each user in respect of information stored
Policy must be consistent with Technical Standards

Regulation 36 — Provision of Information to IBBI

IU must provide any information required by IBBI
Annual report to IBBI covering: number and types of records, registered users, unique debts, security interests, volume of debts, secured debts, instances of defaults, disputes, and accesses by Adjudicating Authority and IBBI

Regulation 36A — Publication of Statistical Information [Inserted April 2021]

IU must publish statistics relating to debt-related information — quarterly
Statistics must show distribution of debts by: currency, geography, sector, size, tenor, type, lending arrangement, and incidence of default
This is a significant transparency requirement — enabling researchers, policymakers, and market participants to track aggregate debt and default trends

Regulation 37 — Inspection

IBBI may inspect an IU with such periodicity as considered necessary — without prejudice to Section 217-220 of IBC
IU must extend all assistance and cooperation to IBBI for carrying out an inspection

Chapter VII — Regulation 38

👨‍💼 Services to Insolvency Professionals (IPs)

An IP may submit reports, registers, and minutes of insolvency resolution, liquidation, or bankruptcy proceedings to an IU for secure storage
Restricted access: IU can provide access to these documents ONLY to: (a) the concerned IP who submitted; (b) IBBI; and (c) the Adjudicating Authority (NCLT/DRT) — no other party
All duties under Chapter VI (data protection, non-discrimination, risk management, etc.) apply equally to IP-submitted information
This enables IPs to securely archive process documents, protecting them from loss and ensuring accessibility for regulatory oversight

Chapter VIII — Regulations 39 to 42

🚪 Surrender or Cancellation of Registration

Regulation 39 — Exit Management Plan

Every IU must at all times maintain an Exit Management Plan (EMP) including: (a) mechanisms for users to transfer information to other IUs; (b) mechanisms for preservation and transfer of information; and (c) timelines and cost estimates for implementing the plan
EMP cannot be amended without prior IBBI approval

Regulation 40 — Surrender of Registration (Voluntary)

Surrender Application

IU submits application to IBBI with reasons, details of pending activities, and EMP implementation plan

7 Days — IBBI Publishes Notice

IBBI publishes notice of receipt on its website, inviting objections within 14 days

14 Days — Objection Window

Any person may submit objections to the surrender of registration

30 Days from Last Objection Date — IBBI Decision

IBBI may approve surrender (subject to conditions — discharge obligations, continue functions if directed) after considering application and objections

Final Notice

After IBBI is satisfied that conditions are complied with, it publishes a notice on its website confirming that the surrender of registration has taken effect

Regulation 41 — Disciplinary Proceedings

If IBBI has prima facie reason (from inspection, investigation, or other material) that cause exists to take action under Section 220 of IBC:

Show-cause notice (SCN) issued in writing — must state: provisions under which issued, alleged facts and evidence, provisions allegedly violated or public interest affected, proposed actions, manner of response, and procedure for disposal
SCN must enclose copies of relevant documents and inspection/investigation report extracts
SCN served by: (a) registered post with AD to registered office; and (b) electronic means to registered email
Disciplinary Committee disposes of SCN — must adhere to principles of natural justice; endeavour to dispose within 6 months of issue
Orders that may be passed: No action; Warning; Actions under Section 220(2) to (4) (including suspension/cancellation of registration, financial penalty); Reference to IBBI for Section 220(5) action
If registration suspended/cancelled: IU must discharge pending obligations; continue functions only to enable user information transfer; comply with other directions
Order published on IBBI's website immediately

Regulation 42 — Appeal

Appeal against disciplinary order may be preferred under Section 211 of IBC
Must be filed within 30 days of receipt of the order
Filed in the manner prescribed in Part III of the National Company Law Appellate Tribunal Rules, 2016

🆕 June 2, 2026 Amendment — Consolidated Summary

The IBBI/2026-27/GN/REG146 notification dated June 1, 2026 (effective June 2, 2026) introduced the following changes across the Regulations:

Regulation	Nature of Change	Impact
Reg. 2(1)(la) — Record of Default	MODIFIED Format reference changed from "Form D of the Schedule" to "such format as notified by IBBI through circular"	Operational flexibility — IBBI can update formats by circular without amending Regulations
Reg. 2(1)(lb) — Information of Dispute	NEW Entirely new definition inserted — "status of authentication of default issued in such format as notified by IBBI through circular"	Creates formal legal basis for the "Information of Dispute" document type, distinct from Record of Default
Reg. 2(1)(p) — Schedule definition	DELETED Omitted entirely	The entire physical Schedule (Forms A, B, C, D) is superseded by the circular-based format regime
Reg. 2(2) — Explanation	NEW Explanation inserted: "debtor" includes "corporate debtor"	Removes any interpretive ambiguity regarding applicability to corporate debtors
Reg. 4(1) — Application format	MODIFIED "Form A of the Schedule" → "such format as notified by IBBI through circular"	Circular-based application format replaces fixed statutory form
Reg. 4(2) — Renewal format	MODIFIED "Form A of the Schedule" → "such format as notified by IBBI through circular"	Same — circular-based renewal form
Reg. 5(4) — Certificate format	MODIFIED "Form B of the Schedule" → "such format as notified by IBBI through circular"	Certificate of Registration format now circular-based
Reg. 15(3)(ba)(iv) — Bye-laws	NEW Minimum service quality standards in bye-laws now include "issuance of information of dispute" in addition to earlier items	IUs must specify timelines for issuing Information of Dispute in their bye-laws
Reg. 20(1) — Information format	MODIFIED "Form C of the Schedule" → "such format as notified by IBBI through circular"	Debt information submission format now circular-based
Reg. 21(2)(c)(iii)(A) — Financial institution coverage	MODIFIED Expanded from "banks included in the second schedule of the RBI Act, 1934" to "financial creditor which is a financial institution as defined in clause (14) of section 3 of the Code"	Broader coverage — all financial institutions (not just schedule banks) get the simplified authentication treatment
Reg. 21(3) — Authentication Table	MODIFIED Replaced two-table system (Table-1 general + Table-2 for banks) with single unified table with two outcomes: Authenticated → Record of Default; Disputed → Information of Dispute	Simplification and unification — eliminates "Deemed to be Authenticated" / "Yellow" colour code; streamlines outcomes
Reg. 21(4) — Colour code reference	DELETED Words "of the relevant colour, as indicated in column (4) of the Tables 1 or 2, as the case may be" omitted	Colour-coded records abolished — all records now format-based per IBBI circular
Reg. 21(4) — Document reference	MODIFIED "a record of default in Form D of the Schedule" → "a record of default or information of dispute in such format as notified by the Board through circular"	Formally introduces "information of dispute" as a separate issuable document
Reg. 21A(1) — Verification format	MODIFIED "Form D of the Schedule" → "such format as notified by IBBI through circular"	Circular-based format for verified record of default
Reg. 21A(3) — Financial institution coverage	MODIFIED Coverage expanded from "banks in RBI's second schedule" to "financial institutions as defined in clause (14) of section 3 of the Code"	All IBC-defined financial institutions now get the partial authentication/partial dispute treatment
Reg. 21A(3) — Document name	MODIFIED "a record of default with the status of authentication as 'disputed'" → "information of dispute"	Uses the new formal terminology consistently
Reg. 27(1) — User duties format	MODIFIED "Form C of the Schedule" → "such format as notified by IBBI through circular"	Monthly update format now circular-based
Schedule (Forms A, B, C, D)	DELETED Entire Schedule with all four forms omitted	All forms are now governed by IBBI circulars — giving operational flexibility for format updates

❓ Frequently Asked Questions

Q1. What is an Information Utility (IU) and how does it fit into the IBC ecosystem?

An Information Utility is IBBI-registered digital infrastructure entity that stores, authenticates, and disseminates financial information related to debts, defaults, and insolvency. Under the IBC, when a creditor wants to initiate CIRP (Corporate Insolvency Resolution Process) at NCLT under Section 7 or 9, they must first obtain a Record of Default from an IU — which serves as the authenticated, digitally-signed proof of default. Currently, NeSL (National e-Governance Services Limited) is the only registered IU in India. The IU system ensures that proof of default is pre-authenticated before insolvency proceedings begin, dramatically reducing disputes and delays at NCLT.

Q2. What is the difference between a "Record of Default" and an "Information of Dispute" after the June 2026 amendment?

Both are formally issued documents from the IU regarding the authentication of a debt default — but they arise from different outcomes of the authentication process. A Record of Default is issued when the debtor either confirms the default or fails to respond after three reminders — it carries the status "Authenticated" and is what creditors need to file for CIRP. An Information of Dispute is a new document type (formally created by the June 2026 amendment) issued when the debtor disputes the information of default — it carries the status "Disputed." For financial institutions (as defined in IBC Section 3(14)), if a debtor disputes only part of the default amount, the IU issues an Information of Dispute for the disputed portion and a Record of Default (Authenticated) for the undisputed portion.

Q3. Must every creditor file information with an IU before approaching NCLT for CIRP?

Yes — since the June 2022 amendment to Regulation 20, filing information of default with an IU is a mandatory pre-requisite before filing an application to initiate CIRP under Section 7 (financial creditor) or Section 9 (operational creditor) of IBC. The IU processes the information and issues a Record of Default, which must be attached to the CIRP application. This requirement ensures all defaults are pre-authenticated in a standardised format, reducing disputes at NCLT and accelerating the insolvency process.

Q4. What shareholding limits apply to investors in an IU?

The general limit is 10% of paid-up equity / total voting power for any person (directly or indirectly, including concert parties). Privileged entities — government companies, stock exchanges, depositories, banks, insurance companies, and public financial institutions — may hold up to 25%. Special transition provisions (applicable only to IUs registered before September 30, 2018) allowed higher holdings (up to 51% or even 100%) for up to 3 years from registration. Central and State Governments are completely exempt from shareholding caps.

Q5. Why were the physical forms (Form A, B, C, D in the Schedule) removed by the June 2026 amendment?

The June 2026 amendment replaced all references to static forms (Form A, B, C, D of the Schedule) with a flexible format system — forms are now specified by IBBI through circulars. This change was made because amending statutory forms embedded in a regulation requires a formal regulatory amendment process (Gazette notification), which is time-consuming. By moving forms to circulars, IBBI can update, revise, and modernise form formats quickly in response to operational needs, technology changes, or feedback from stakeholders — without requiring a formal regulatory amendment. This is consistent with IBBI's broader approach of rule-making flexibility through circulars and guidelines.

Q6. How does the authentication process differ for financial institutions after the June 2026 amendment?

Prior to June 2026, the "special treatment" for disputed defaults applied only to banks specifically listed in the Second Schedule of the RBI Act, 1934 — a relatively narrow set of banks. The June 2026 amendment significantly expanded this to cover all "financial institutions as defined in clause (14) of section 3 of IBC" — a much broader category that includes banks, financial institutions, asset reconstruction companies, and other financial creditors. The key benefit: when a debtor partially disputes a default, the IU can now issue a Record of Default for the undisputed amount (enabling CIRP for that amount) while separately issuing an Information of Dispute for the contested portion — rather than treating the entire default as disputed.

Q7. What fees does an Information Utility pay to IBBI?

Three types of fees: (1) Application/renewal fee — ₹10 lakh (non-refundable); (2) Registration/renewal fee — ₹1 crore, payable within 15 days of receipt of registration/renewal intimation; (3) Annual fee — 10% of turnover from IU services in the preceding financial year, payable by April 30 each year. Late annual fee payment attracts simple interest at 12% per annum. Example: An IU with ₹75 crore FY 2022-23 turnover would pay ₹7.50 crore by April 30, 2023.

Q8. What quarterly statistics must an Information Utility publish?

Under Regulation 36A (inserted April 2021), every IU must publish quarterly statistics on debt-related information showing distribution across: currency (INR/foreign), geography (state/region-wise), sector (industry classification), size (of debts), tenor (duration of debts), type (financial/operational), lending arrangement (consortium, sole banking, multiple banking), and incidence of default. This transparency requirement enables researchers, regulators, and market participants to track aggregate credit and default trends in the economy — making IU data a valuable macroeconomic indicator.

📝 Bottom Line — Why These Regulations Matter for India's Insolvency Ecosystem

The IBBI (Information Utilities) Regulations, 2017 — as amended up to June 2, 2026 — are the backbone of India's digital insolvency infrastructure. The IU system (currently represented by NeSL) has fundamentally transformed how insolvency proceedings begin in India: instead of litigating the very fact of default at NCLT, creditors arrive with a pre-authenticated, digitally signed Record of Default issued by an IBBI-regulated entity — dramatically reducing the time and cost of insolvency proceedings. The June 2026 amendments represent a significant maturation of this framework — formally introducing the "Information of Dispute" as a distinct legal document, expanding the category of financial institutions that benefit from nuanced authentication outcomes, and replacing the rigid static forms regime with a flexible circular-based format system. For legal professionals, insolvency practitioners, financial institutions, and corporate borrowers alike, understanding these Regulations — and particularly the authentication process under Regulation 21 — is essential for navigating the IBC ecosystem effectively.

Primary Source: IBBI (Information Utilities) Regulations, 2017 — IBBI/2016-17/GN/REG009 dated March 31, 2017, as amended upto Notification IBBI/2026-27/GN/REG146 dated June 1, 2026 (effective June 2, 2026). Available at ibbi.gov.in. This article is for informational and educational purposes only and does not constitute legal advice. Readers are advised to refer to the original regulation and consult qualified insolvency professionals for specific guidance.