The Minister of State, IT and Electronics, Rajeev Chandrasekhar affirmed there will be no changes in India’s revised stricter IT policies despite the worries, saying tech companies have an obligation to know who is using their services.

India has tightened policies for Big Tech firms in recent years, prompting pushback from the industry and in some cases even straining trade ties between New Delhi and Washington.

In response to the context, a government statement recently highlighted that India will not change upcoming cybersecurity regulations that mandatorily puts social media, technology companies and cloud service providers in a framework to report data breaches swiftly, despite growing industry concerns.

The Indian Computer Emergency Response Team issued a directive for technology majors to report data breaches within six hours of “noticing such incidents” and to maintain IT and communications logs for six months.

They also mandated cloud service providers such as Amazon and Virtual Private Network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company’s services.

Herein, Union Minister of State, Rajeev Chandrasekhar emphasized amidst severe concerns from tech-giants on several aspects of India’s IT policy framework, there will be no changes in the upcoming policies and the government will move forward to implement them as it is. India has tightened regulation of Big Tech firms in recent years, prompting pushback from the industry and in some cases even straining trade ties between New Delhi and Washington.

The government highlighted that the new regulations were needed as cybersecurity incidents were reported regularly but the requisite information needed to investigate them was not always readily available from the service providers.

But the rules have caused widespread discontent. In a closed-door meeting this week, many social media and tech company executives discussed strategies to urge New Delhi to put the rules on hold, according to a source with direct knowledge. The source said European authorities require data breaches to be reported within about 72 hours, adding that it was difficult to report incidents in six hours.

In this context Chandrasekhar said India was being generous, as some countries mandate immediate reporting. The rules are set to be enforced from end of June.

“If you don’t want to go by these rules, and if you want to pull out, then frankly … you have to pull out,” Chandrasekhar told reporters.

 

Leave a Reply

Your email address will not be published. Required fields are marked *