Tech companies say India’s cyber rules risk creating an ‘environment of fear’
/cloudfront-us-east-2.images.arcpublishing.com/reuters/CYPOAUOENRNYPBQVETMVX54KXE.jpg)
A broken Ethernet cable is seen in front of binary code and the words ‘cybersecurity’ in this illustration taken March 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
Join now for FREE unlimited access to Reuters.com
NEW DELHI, June 3 (Reuters) – India’s cybersecurity rules due to come into force later this month will create an “environment of fear rather than trust”, the government has warned a body representing the biggest companies technologies, calling for a one-year deadline. before the rules come into effect.
The Internet and Mobile Association of India (IAMAI), which represents companies such as Facebook (FB.O), Google (GOOGL.O) and Reliance (RELI.NS), wrote to India’s IT Ministry this week to criticize a cybersecurity directive established in April.
Among other changes, India’s Computer Emergency Response Team (CERT) directive requires technology companies to report data breaches within six hours of noticing such incidents and to retain computer logs and communications for six months.
Join now for FREE unlimited access to Reuters.com
In the letter seen by Reuters, IAMAI offered to extend the six-hour window, noting that the global standard for reporting cybersecurity incidents is generally 72 hours.
CERT, which reports to the IT Department, has also asked cloud service providers such as Amazon (AMZN.O) and virtual private network (VPN) companies to keep their customer names and IP addresses on file. for at least five years, even after they stop. using the company’s services. Read more
The cost of adhering to these guidelines could be “enormous”, and the proposed penalties for violation, including prison, would lead “entities to cease operations in India for fear of making a mistake”, the IAMAI letter said.
On Thursday, VPN service provider ExpressVPN pulled its servers from India, saying it “refuses to participate in the Indian government’s attempts to limit internet freedom.”
IAMAI’s letter follows one from 11 prominent tech-aligned industry associations earlier this week, which said the new requirements made it difficult to do business in India.
India has tightened regulations on big tech companies in recent years, causing an industry pushback and, in some cases, even strained trade relations between New Delhi and Washington.
New Delhi said the new rules were necessary because cybersecurity incidents were reported regularly, but the information required to investigate them was not always readily available from service providers.
Join now for FREE unlimited access to Reuters.com
Reporting by Munsif Vengattil in New Delhi; Editing by David Holmes
Our standards: The Thomson Reuters Trust Principles.