The SEBI algo trading rules April 2026 framework moves algorithmic trading in India from a lightly governed broker-API ecosystem to a strictly registered, fully traceable regime. From April 1, 2026, every order generated by code, by a vendor strategy, or by a self-written Python script must carry an exchange-assigned Algo-ID, originate from a registered IP, and live inside a broker-approved framework.
The implications for Indian retail are real. Casual API integrations, untracked Excel order routers, and unregistered third-party vendor algos no longer have a legal path to the exchange. At the same time, the framework opens a structured route for serious DIY traders to keep running their strategies, provided they engage with their broker.
This guide walks through what the rule actually says, which orders are classified as algo, what to do with a Python script, and how the regime fits with the wider 2026 F&O package. Standard caveat: F&O carries leveraged risk and is unsuitable for most retail investors; algorithmic execution does not improve a losing strategy, it only repeats it faster.

The Rule In One Page
SEBI’s algo framework, building on circulars dating from February 2025 onward, was extended to April 1, 2026 as the final implementation date. By that date, every broker offering API access, every vendor selling a strategy product, and every retail trader running an algo had to be inside the new structure.
Algo-ID For Every Automated Order
The single most important concept in the framework is the Algo-ID. Each registered algorithm carries a unique identifier issued by the exchange. Every order generated by that algorithm must carry the Algo-ID in the order message. Orders without a valid Algo-ID, or with a mismatched one, are rejected at the gateway.
Broker Owns The Algo
The framework places the registration and oversight burden squarely on the broker. The broker registers each algorithm with the exchange, attests to its risk controls, and remains accountable for any breach. Algo vendors cannot connect directly to the exchange; they must partner with a registered broker. This is the structural change that ends the era of plug-and-play algo marketplaces.
OAuth, 2FA, And Static IPs
API access is now gated by OAuth-style authentication, mandatory two-factor authentication for each session, and registered static IPs. Sessions must expire and re-authenticate at least once per trading day. Long-lived API tokens running from variable IP addresses no longer work.
Who The Framework Touches
The rule is broad. If a trade is generated by anything other than a human pressing a button on the broker’s official terminal, it is algorithmic and falls under the framework.
Vendor Algos
The classic “black-box” vendor algo, where a third-party seller offers ready-made strategies that connect to a broker account, is most affected. The vendor must register the algo through a partner broker, the broker must take attestation responsibility, and the end-user must be onboarded with disclosures. Vendors who cannot complete this loop cannot legally onboard new retail clients.
Broker In-House Algos
Many brokers offer in-house algo products such as bracket orders, GTT (Good Till Triggered) orders, basket order automation, and condition-based execution. These are now treated formally as broker-registered algos, each with their own Algo-ID lineage. For most retail traders, these are the simplest legal route to any form of automation.
DIY Scripts
The category that affects the largest number of retail tinkerers is the self-coded script. Python notebooks, simple cron-based order schedulers, Excel macros that hit broker APIs, all fall under the framework. The trader must disclose the script to the broker and operate it inside the broker’s registered envelope.

The 10 Orders Per Second Threshold
One nuance that matters for retail is the order-rate threshold. SEBI’s framework distinguishes between low-frequency and high-frequency automated activity, and the dividing line for many practical purposes is roughly 10 orders per second (OPS).
Below 10 OPS
Most retail strategies generate well under 10 orders per second. For such strategies, separate SEBI registration is typically not required, and the broker handles Strategy ID tagging at the platform level. The trader still needs to disclose the strategy to the broker and obtain the Algo-ID, but the regulatory burden is lighter than for true high-frequency systems.
Above 10 OPS
Strategies that generate more than 10 OPS, or that connect via dedicated co-location infrastructure, enter the formal high-frequency lane. The broker, the vendor, and in some cases the user must complete more granular disclosures and risk controls. This lane is structurally outside the scope of typical retail activity.
Practical Reading For Most Retail
For a salaried Indian running, say, a Python script that places one to five orders per minute, the framework is real but workable. The right step is to engage the broker, fill the disclosure form, register the strategy, and obtain the Algo-ID through the broker’s onboarding flow.
Static IP And 2FA Requirements
Two of the operational changes have caused the most retail confusion: static IPs and two-factor authentication for API sessions.
Why Static IP
A registered static IP allows the exchange and broker to confirm that order traffic is coming from an approved origin. A typical home-broadband IP changes frequently, which is incompatible with the requirement. Retail users running scripts from home often need either a virtual private server (VPS) with a static IP or a broker-provided cloud environment.
The 2FA Session Cycle
Each trading day, API sessions must re-authenticate with a fresh 2FA step. A long-running cron job that started two months ago and has been placing orders ever since is no longer compliant. The standard pattern now is a daily morning login, a generated session token valid for the day, and an auto-logout before the next day’s pre-open.
Logging And Audit Trails
Brokers must maintain detailed audit trails of every algo order, including the Algo-ID, the strategy parameters, and the user session. SEBI inspections can call for these records. From the retail user’s side, the practical implication is that “deniable” automation is no longer possible; the order trail is permanent.
What To Do If You Run A Python Script
This is the single most common retail question since the framework was announced. The answer has three steps.
Step 1: Talk To The Broker
Every major retail broker in India (Zerodha, Upstox, Angel One, ICICI Direct, HDFC Securities, Kotak Securities, 5paisa, and others) has published an algo onboarding flow. The first step is to identify the broker’s algo registration form, complete the strategy disclosure, and request inclusion in the registered algo programme.
Step 2: Move To A Compliant Environment
The script needs to run from a registered static IP. A simple cloud VPS in Mumbai with a static IP, or one of the broker-hosted algo environments now offered, is the common solution. Local-machine execution with rotating residential IPs is no longer compliant for live order routing.
Step 3: Adopt The Algo-ID In The Order Path
Once registered, the strategy receives an Algo-ID from the exchange via the broker. Every order placed by the script must include this Algo-ID. The broker’s API documentation explains where this field sits in the order message. Once integrated, the strategy can route live orders again.

Vendor Algos And The Marketplace Cleanup
The 2026 framework substantially reshaped the third-party algo marketplace in India. Hundreds of unregistered “guaranteed profit” algos that operated through retail API integrations were shut out of live trading.
What Vendors Now Must Do
To continue offering retail products, an algo vendor must partner with one or more registered brokers, submit each strategy for broker-led registration, attest to defined risk parameters, and provide audit-trail data. The vendor cannot connect directly to the exchange.
Retail-Side Diligence
Before subscribing to any vendor algo, the retail user should ask three questions. Is the algo registered with the broker under the SEBI framework. Does it carry a valid Algo-ID. What does the broker’s algo onboarding flow look like. If the vendor cannot answer cleanly, the product is operating outside compliance and should be avoided.
Watch For “Guaranteed Profit” Language
Any algo vendor promising fixed monthly returns, guaranteed performance, or “no-loss” strategies is making claims that no compliant product can support. SEBI and the exchanges have flagged such marketing patterns as red flags. A common rule of thumb in Indian retail finance is that the louder the promise, the deeper the fine print.
The Framework Side By Side
The table below summarises what changed at the operational level for retail algo activity.
| Element | Before April 2026 | From April 1, 2026 |
|---|---|---|
| Order identification | Free-form, broker-tagged | Exchange-issued Algo-ID mandatory |
| Broker accountability | Light-touch, vendor-led | Full broker accountability for every algo |
| API authentication | Username and password tokens | OAuth + 2FA, daily session |
| Source IP | Any IP allowed | Registered static IP only |
| Vendor connectivity | Direct exchange connectivity possible | Must route through registered broker |
| Strategy disclosure | Optional | Mandatory at broker level |
| Audit trail | Broker-level, limited | Algo-ID linked, fully traceable |
How The Algo Framework Interacts With Other 2026 Rules
The algo framework does not sit alone. It overlaps with the suitability test, the cash margin rule, and the lot-size change in ways that matter for sizing and access.
Suitability Test First
An algo cannot legally trade on an account that has not cleared the F&O suitability assessment. If the underlying account is restricted to long options only, the algo can be configured only for that subset. Algos do not bypass suitability; they inherit it.
Cash Margin Compliance
The 50% cash margin rule applies to algo-generated positions identically. A high-frequency strategy that sells options without the cash side of margin is non-compliant in two ways at once: the strategy itself may not be registered, and the underlying margin composition is wrong. Both fail-states block live trading.
Lot Size And Position Limits
The lot-size rule and the 10% MWPL cap apply at the account level. An algo that scales up to many lots in a low-MWPL counter can quickly breach the retail cap, and the exchange’s intraday monitoring will trigger before the algo realises. Strategy design has to bake in current MWPL utilisation, not only price and volatility.

Common Misreads Of The Algo Framework
Three retail misconceptions have shown up across broker support tickets and online forums since the framework went live.
Misread 1: “It Only Applies To High-Frequency Traders”
The framework is order-source based, not order-rate based. Even a single automated bracket order placed by a script is algorithmic and requires Algo-ID compliance. The 10 OPS threshold reduces some paperwork; it does not exempt the activity from the rule.
Misread 2: “Excel-Based Order Routers Are Fine”
Excel macros, AutoIt scripts, or any non-human order generator are explicitly inside the framework. The technology used does not matter; the question is whether a human pressed each individual order button.
Misread 3: “My Broker Will Handle Everything”
Brokers handle registration mechanics, but the trader must complete disclosures, agree to risk parameters, and accept that the algo is logged. Treating the broker as a black box that silently absorbs compliance work leads to surprised suspensions when the broker requests information that was never provided.
A Worked Example: A Retail Python Script
Consider Anjali, a Bengaluru-based software engineer who runs a simple Python script that scans Nifty 50 stocks each morning for a momentum signal and places three to five bracket orders before 10:00 AM. Pre-2026, she ran this from her laptop with a saved API token.
What Changed For Her
From April 1, 2026, her script as designed is non-compliant on three counts: it runs from a non-static IP, it uses a long-lived API token, and the strategy is not registered with her broker. Any orders it places hit the exchange gateway without a valid Algo-ID and are rejected.
What She Did
She moved the script to a Mumbai-based VPS with a static IP, switched to OAuth-based authentication with a daily 2FA login, and completed her broker’s algo registration form, attaching a one-page description of the strategy. The broker registered the strategy, the exchange issued an Algo-ID, and she updated her script to include that ID in every order message. The strategy now runs in compliance.
The Cost Of Compliance
The VPS costs roughly Rs.500 to Rs.1,500 per month. The compliance paperwork was a one-time exercise. The broker did not charge an algo fee at her order rate. For a serious retail algo user, the cost is real but bounded.
Outlook: Algo Trading In FY 2026-27 And Beyond
The framework’s first year will be a stress test. Several effects are already visible across early industry reporting.
Vendor Consolidation
Unregistered algo vendors have either exited the retail market or partnered with brokers. The vendor count is smaller, and surviving products tend to carry clearer disclosures and tighter risk parameters.
Broker-Hosted Algo Environments
Several brokers have launched managed cloud environments where retail algos can run on broker-provided static IPs, with built-in 2FA, Algo-ID tagging, and audit logging. For most retail users, these are cheaper and simpler than running a personal VPS.
Quieter, Slower Markets
A non-trivial share of pre-2026 retail algo activity was effectively unregulated short-dated options speculation. Removing that flow has contributed to lower turnover in the most speculative pockets of the F&O segment, in line with SEBI’s broader objective.
The Retail Verdict
For most Indian retail traders, the algo framework is a non-event because they were never going to write or buy an algo. For the minority who do automate, it is a meaningful but workable compliance step. For unregistered vendors selling “guaranteed return” products, it is an existential barrier, which was the point.
Frequently Asked Questions
Do the SEBI algo trading rules April 2026 apply to my simple bracket-order script?
Yes. The framework is source-based, not rate-based. Any order generated by code, including a simple bracket-order or basket-order script, is algorithmic and requires a registered Algo-ID through your broker. The 10 OPS threshold lightens paperwork for low-frequency strategies but does not exempt the activity.
Can a third-party algo vendor connect directly to my broker account?
Not under the new framework. Algo vendors must partner with a registered broker, and the broker must register each strategy with the exchange. The vendor cannot bypass the broker. If a vendor claims direct exchange connectivity, treat it as a serious red flag.
What changes do I need to make to my Python script?
Three things: move the script to a registered static IP (a cloud VPS is the common solution), switch to OAuth-based authentication with daily 2FA logins, and register the strategy through the broker so each order carries a valid Algo-ID. Without these changes, orders are rejected at the exchange gateway.
What is the Algo-ID, exactly?
The Algo-ID is a unique identifier issued by the exchange for each registered algorithm. Every automated order placed by that algo must carry the Algo-ID in the order message. The ID provides full traceability from the order back to the strategy, the broker, and the user.
Does the algo framework apply to options strategies that fail the F&O suitability test?
No. The algo framework operates on top of the suitability assessment. If an account is restricted to long options only, the algo running on that account can be configured only for long options. The algo does not unlock segments the underlying account is not permitted to trade.
Related LearnFineEdge guides on the broader 2026 SEBI framework, the F&O suitability test, the 50% cash margin rule, and risk management for retail traders are forthcoming.



