Type to search

India Tech Firms Demand Delhi Delays New Cyber Rules

The country’s leading tech firms say the government’s new cybersecurity rules risk creating an ‘environment of fear’

India cyber rules plea
Broken Ethernet cable is seen in front of binary code and words "cyber security" in this illustration taken on March 8, 2022. Photo: Reuters


India’s top tech firms have slammed new cybersecurity rules due to come into force later this month and pleaded with New Delhi to postpone their introduction.

The new regulations will create an “environment of fear rather than trust,” a body representing the country’s leading tech companies has warned the government, calling for a one-year delay before the rules can take effect.

The Internet and Mobile Association of India (IAMAI), which represents firms including Facebook, Google and Reliance, wrote this week to India’s IT ministry criticising a directive on cybersecurity set out in April.


Also on AF: Musk Floats 10% Tesla Staff Cut Plan as Outlook Darkens


Among other changes the directive from the Indian Computer Emergency Response Team (CERT) requires tech companies to report data breaches within six hours of noticing them and to maintain IT and communications logs for six months. 

In the letter seen by Reuters, IAMAI proposed to extend the six-hour window, noting the global standard for reporting cyber-security incidents is generally 72 hours.

CERT, which comes under the IT ministry, has also asked cloud service providers such as Amazon and virtual private network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company’s services.

The cost of complying with such directives could be “massive”, and proposed penalties for violation including prison would lead to “entities ceasing operations in India for fear of running afoul,” the IAMAI letter said.


ExpressVPN Removes Servers

On Thursday, VPN service provider ExpressVPN removed its servers from India, saying it “refuses to participate in the Indian government’s attempts to limit internet freedom.”  

IAMAI’s letter follows one from 11 significant tech-aligned industry associations earlier this week, which said the new requirements made it difficult to do business in India.

India has tightened regulation of big tech firms in recent years, prompting pushback from the industry and in some cases even straining trade ties between New Delhi and Washington.

New Delhi has said the new rules were needed as cybersecurity incidents were reported regularly but the vital information needed to investigate them was not always readily available from service providers.


  • Reuters with additional editing by Sean O’Meara


Read more:

VPN Operator Pulls Servers Out of India Over New Data Rules

India Aims to Break Amazon, Walmart’s Grip on E-Commerce


Sean O'Meara

Sean O'Meara is an Editor at Asia Financial. He has been a newspaper man for more than 30 years, working at local, regional and national titles in the UK as a writer, sub-editor, page designer and print editor. A football, cricket and rugby fan, he has a particular interest in sports finance.


AF China Bond