SEBI's framework for retail participation in algorithmic trading came into effect on April 1, 2026. If you trade using a broker API — whether through TradingView, AmiBroker, Python or any automated system — these rules apply to you directly.

This article covers exactly what changed, what compliance requires, and how the infrastructure behind your algo setup needs to be structured.

Why SEBI Introduced This Framework

For years, retail traders in India accessed broker APIs with minimal standardisation. Dynamic IPs, untracked order flows, and vendor-provided algos running without accountability created gaps in market surveillance. SEBI's circular (SEBI/HO/MIRSD/MIRSD-PoD/P/2025/0000013, February 2025) addressed this by placing clear accountability on brokers for every algo-generated order flowing through their systems — and clear requirements on traders for how those orders originate.

The result: every retail algo trader using a broker API must now meet specific infrastructure and authentication standards.

The Static IP Requirement — The Most Important Change for Retail Traders

The rule: Brokers are required to whitelist the IP address from which API orders originate. Orders from non-whitelisted or dynamic IPs are blocked.

This is the single most operationally significant change for retail algo traders. Here is what it means in practice:

Your home broadband has a dynamic IP — it changes every time your router reconnects. This IP cannot be whitelisted. Even if your broker could whitelist it today, the next time your IP changes, your algo stops working. You need a static IP — a fixed, permanent IP address that you register in your broker's API developer portal.

How to get a static IP:

From your ISP — some residential and business plans offer a static IP as an add-on (typically ₹200–500/month). Not always available in all cities. From a cloud VPS or algo platform — cloud infrastructure hosted in India can assign a dedicated static IP that routes your API orders. This is the more reliable approach for traders who want always-on execution.

Important: SEBI permits one primary static IP per client, with one backup IP allowed. The IP can be shared within a family unit (self, spouse, dependent children or parents) with 2FA-verified consent.

The 10 Orders Per Second (OPS) Threshold

SEBI draws a line at 10 orders per second per exchange per client:

Below 10 OPS: No algo registration is required. However, the static IP and authentication requirements still apply — this is a common misunderstanding. Above 10 OPS: The strategy must be registered as an algorithm with the broker and exchange. The broker becomes liable for the algo's market behaviour.

Most retail traders — including those running TradingView alerts, AmiBroker strategies, or options automation — operate well below 10 OPS. The registration requirement is unlikely to affect you. The static IP requirement, however, applies regardless.

Authentication Requirements

SEBI mandates OAuth-based authentication for all broker API access. What this means:

Username/password-based API logins are no longer sufficient API sessions must use token-based OAuth flows Two-factor authentication (2FA) is mandatory All API sessions must automatically log out before each trading day (before market pre-open)

Most major Indian brokers — Zerodha, Fyers, Angel One, Mastertrust, Kotak Neo and others — have already updated their APIs to comply with these requirements.

Audit Trail and Order Log Requirements

Every algo-generated order placed from April 1, 2026 must carry an exchange-assigned Algo-ID — a unique identifier that links every automated order back to its source strategy. This allows exchanges and SEBI to trace market activity to specific algorithms in the event of unusual trading patterns.

Brokers are required to maintain detailed logs of all API activity for a minimum of 5 years.

For traders, this means:

Your algo infrastructure must generate and preserve order logs The algo platform or VPS you use must maintain execution records You should be able to produce an audit trail of your strategy's orders if asked

What You Need to Be Compliant

If you are a retail trader using a broker API to automate your strategies in India, here is the compliance checklist:

Infrastructure:

Static IP assigned and whitelisted on your broker's API portal API hosted on Indian servers (SEBI requires all retail algos to run on India-based infrastructure) Automatic session logout before market pre-open configured

Authentication:

OAuth-based API token authentication in use 2FA enabled on your broker account API credentials never shared outside permitted family members

Order management:

Orders staying within your broker's API rate limits Execution logs and audit trail maintained Algo-ID captured and stored per order

How AlgoSys Handles This for You

AlgoSys was built with this infrastructure model from the ground up. Here is what the platform handles on your behalf:

Unique static IP per user. Every AlgoSys paid plan user receives a dedicated static IP address. You register this IP once in your broker's API developer portal — and your algo orders originate from that IP permanently, regardless of your home internet connection or location.

SEBI-compliant API rate limiting. AlgoSys enforces each broker's API rate limits at the platform level. Orders are queued and routed within the permitted thresholds — your strategies never breach the OPS limits that would trigger compliance flags.

Audit logs and execution records. AlgoSys maintains the order logs and execution history that SEBI's framework requires. Every order routed through the platform is logged with timestamps, instrument details, and execution status — available for audit if needed.

OAuth-based broker connectivity. All broker connections on AlgoSys use token-based OAuth authentication — the standard SEBI mandates. Your login credentials are never stored; only the authorised API session token is used to route orders.

Cloud-native execution on Indian infrastructure. TradingView and AlgoSys-native strategies run fully in the cloud on infrastructure hosted in India — satisfying the SEBI requirement that retail algos run on Indian servers.

What You Still Need to Do

AlgoSys handles the infrastructure side. Two steps remain on your end:

Whitelist your AlgoSys static IP on your broker's portal. When you sign up and connect your broker, AlgoSys provides your dedicated static IP. Log into your broker's API developer console and add this IP to the whitelist. This is a one-time step. Ensure 2FA is enabled on your broker account. SEBI mandates 2FA for all API access. If you haven't enabled it, do so before connecting your broker to AlgoSys.

Frequently Asked Questions

Does the static IP requirement apply even if I trade below 10 OPS? Yes. The 10 OPS threshold determines whether algo registration is required — not whether the static IP rule applies. Static IP whitelisting is mandatory for all retail traders using a broker API, regardless of order frequency.

Can I use my home internet connection's IP for algo trading? Only if your ISP provides a static IP on your plan. Most residential broadband plans use dynamic IPs that change frequently — these cannot be reliably whitelisted. A cloud-based static IP is the standard approach.

What happens if I send orders from a non-whitelisted IP? Your broker's API will reject the orders. From April 1, 2026, brokers are required to block API requests from non-whitelisted IPs as part of SEBI compliance.

Does AlgoSys give me a different IP if I change plans? Your static IP is tied to your AlgoSys account, not your plan tier. You whitelist it once and it stays the same across plan changes.

Are my strategies considered "registered algos" under SEBI's framework? If you trade below 10 OPS, your strategies do not need to be registered as algorithms. AlgoSys routes orders within broker API rate limits, so standard retail strategies remain below this threshold. Your broker routes your orders through their exchange-approved systems — you do not register directly with the exchange.

Is algo trading legal for retail traders in India? Yes. SEBI's April 2026 framework explicitly defines and permits retail algorithmic trading through broker-approved APIs. The framework brings structure and compliance requirements — it does not restrict retail participation. Trading through a SEBI-compliant setup like AlgoSys keeps you within the permitted framework.

Summary

SEBI's 2026 algo trading framework does not make algo trading harder — it standardises what was already best practice for serious traders. The key requirements are:

A static IP whitelisted on your broker's API portal OAuth-based authentication with 2FA Orders within your broker's API rate limits Audit logs and execution records maintained Infrastructure hosted on Indian servers

AlgoSys provides the static IP, enforces rate limits, maintains logs, and runs on Indian infrastructure — so your setup is compliant from day one. You connect your broker, whitelist the provided IP, and trade.

[Start free trial →] [Talk to our team about your setup →]

This article is for informational purposes only and does not constitute legal or investment advice. For authoritative guidance, refer to SEBI's circular SEBI/HO/MIRSD/MIRSD-PoD/P/2025/0000013 and your broker's API documentation. AlgoSys does not guarantee returns and does not sell trading strategies.