As of January 2026, the SEBI framework for retail algorithmic trading is fully active, with the final compliance milestone for brokers having passed on January 5, 2026. For developers working with APIs like Zerodha Kite Connect or Fyers API, “business as usual” has ended—every script now exists within a regulated ecosystem.
Below is the definitive 2026 developer’s guide to building and deploying compliant algos.
1. The 2026 Compliance Architecture
SEBI’s 2026 mandate shifts the responsibility from the trader to the Broker (Principal) and the Developer (Agent). You can no longer simply connect a script to an API and go live without oversight.
Core Pillars of Compliance:
- Mandatory Exchange Approval: Every strategy (except for specific retail exemptions) must be approved by the exchange via your broker.
- Unique Algo ID: Every order sent to the exchange must carry a
TagorAlgoIDassigned during registration. Orders without this ID are flagged or rejected. - Static IP Whitelisting: API access is now restricted to 1 or 2 static IP addresses provided to the broker. This prevents unauthorized “cloud-hopping” and account sharing.
- Kill Switch Requirement: Brokers must provide (and developers must support) a “Kill Switch” that can instantly terminate all active orders and scripts.
2. Strategy Classification: White Box vs. Black Box
In 2026, how you code determines your legal status:
| Category | Definition | Requirement |
| White Box | Logical, rule-based scripts (e.g., EMA Crossover). | One-time registration with exchange. |
| Black Box | Proprietary, complex, or AI-driven logic. | Developer must have a SEBI Research Analyst (RA) license. |
| Retail Exempt | Self-developed for personal use < 10 OPS. | No formal registration required (in most cases). |
3. Step-by-Step Deployment Guide (Zerodha & Fyers)
Step 1: Secure Your Infrastructure
SEBI now prefers (and some brokers mandate) that retail algos be hosted on Indian Servers.
- Action: Move your Pine Script bridges or Python bots to India-based regions (e.g., AWS
ap-south-1Mumbai). - Static IP: Obtain a static IP for your VPS. Map this IP in your Zerodha Kite or Fyers API dashboard.
Step 2: The Registration Workflow
- Submit Logic: Provide a plain-English description of your strategy’s logic to the broker’s compliance desk.
- Mock Session: Participate in a mandatory mock trading session (usually held on Saturdays) to prove the algo doesn’t “loop” or spam the exchange.
- Receive Algo ID: Once approved, the exchange grants a unique ID (e.g.,
ALGO_JR_001).
Step 3: Coding the Order Payload
When sending an order via Python or a Webhook bridge, the tag or algo_id field is no longer optional.
Example (Python – Kite Connect):
Python
# 2026 Compliant Order Entry
kite.place_order(
variety=kite.VARIETY_REGULAR,
exchange=kite.EXCHANGE_NSE,
tradingsymbol="RELIANCE",
transaction_type=kite.TRANSACTION_TYPE_BUY,
quantity=10,
product=kite.PRODUCT_MIS,
order_type=kite.ORDER_TYPE_MARKET,
tag="ALGO_JR_001" # Mandatory Unique Algo ID
)
4. Avoiding the “10 OPS” Trap
Retail traders are generally exempt from registration if they stay below 10 Orders Per Second (OPS). However, if your strategy “hammers” the API during a volatile breakout:
- The broker will automatically classify your account as a “High-Frequency” user.
- Your API key will be suspended until formal exchange registration is completed.
- Pro Tip: Implement a
rate_limiterin your code to ensure you never exceed 5-8 OPS to stay safely within the retail exemption.
5. Why “Repainting” is Now a Legal Risk
In the past, repainting was just a technical error. In 2026, under the Transparency Audit rules, if a broker-approved strategy is found to be repainting (showing false historical entries), it can be flagged for Market Manipulation.
- Developer Requirement: You must provide “Audit Logs” showing that the entry price in the live market matched the entry price calculated by the logic.