A broken Ethernet cable is seen in front of binary code and the words ‘cybersecurity’ in this illustration taken March 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

NEW DELHI, June 3 (Reuters) – India’s cybersecurity rules due to come into force later this month will create an “environment of fear rather than trust”, the government has warned a body representing the biggest companies technologies, calling for a one-year deadline. before the rules come into effect.

The Internet and Mobile Association of India (IAMAI), which represents companies such as Facebook (FB.O), Google (GOOGL.O) and Reliance (RELI.NS), wrote to India’s IT Ministry this week to criticize a cybersecurity directive established in April.

Among other changes, India’s Computer Emergency Response Team (CERT) directive requires technology companies to report data breaches within six hours of noticing such incidents and to retain computer logs and communications for six months.

In the letter seen by Reuters, IAMAI offered to extend the six-hour window, noting that the global standard for reporting cybersecurity incidents is generally 72 hours.

CERT, which reports to the IT Department, has also asked cloud service providers such as Amazon (AMZN.O) and virtual private network (VPN) companies to keep their customer names and IP addresses on file. for at least five years, even after they stop. using the company’s services. Read more

The cost of adhering to these guidelines could be “enormous”, and the proposed penalties for violation, including prison, would lead “entities to cease operations in India for fear of making a mistake”, the IAMAI letter said.

On Thursday, VPN service provider ExpressVPN pulled its servers from India, saying it “refuses to participate in the Indian government’s attempts to limit internet freedom.”

IAMAI’s letter follows one from 11 prominent tech-aligned industry associations earlier this week, which said the new requirements made it difficult to do business in India.

India has tightened regulations on big tech companies in recent years, causing an industry pushback and, in some cases, even strained trade relations between New Delhi and Washington.

New Delhi said the new rules were necessary because cybersecurity incidents were reported regularly, but the information required to investigate them was not always readily available from service providers.

Reporting by Munsif Vengattil in New Delhi; Editing by David Holmes

Our standards: The Thomson Reuters Trust Principles.