Technology Law Analysis

Stricter cybersecurity norms and reporting requirements - why MNCs and start-ups alike are gearing up for rippling change

Summary

In this article, we analyse the new cyber security compliance and reporting regime under the directions and FAQs recently issued by the Indian Computer Emergency Response Team (CERT-In), which is the national agency for cybersecurity related functions in India, and operates under the Ministry of Electronics and Information Technology (MeitY). The directions provide for additional compliance requirements such as maintenance of logs, know your customer (KYC) requirements, in addition to stipulating a strict 6-hour reporting timeline for certain kinds of cyber security incidents.

The article provides an insight into what global businesses need to know if they have tech infrastructure or subsidiaries in India, or are even remotely targeting Indian users.

The online version of the article was published on OneTrust DataGuidance - Insights, and can be accessed here.

The article was also published in the Data Protection Leader Magazine (Volume 4 Issue 4, July 2022), of which the full issue can be downloaded here.

– Varsha Rajesh, Aniruddha Majumdar & Aaron Kamath

You can direct your queries or comments to the authors

Disclaimer

The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.

This hotline does not constitute a legal opinion and may contain information generated using various artificial intelligence (AI) tools or assistants, including but not limited to our in-house tool, NaiDA. We strive to ensure the highest quality and accuracy of our content and services. Nishith Desai Associates is committed to the responsible use of AI tools, maintaining client confidentiality, and adhering to strict data protection policies to safeguard your information.

This hotline provides general information existing at the time of preparation. The Hotline is intended as a news update and Nishith Desai Associates neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this Hotline. It is recommended that professional advice be taken based on the specific facts and circumstances. This hotline does not substitute the need to refer to the original pronouncements.

This is not a spam email. You have received this email because you have either requested for it or someone must have suggested your name. Since India has no anti-spamming law, we refer to the US directive, which states that a email cannot be considered spam if it contains the sender's contact information, which this email does. In case this email doesn't concern you, please unsubscribe from mailing list.