New cyber security rule to make doing business in India tougher, say global tech bodies

Sharanya Sinha
Sharanya Sinha May 28, 2022
Updated 2022/06/23 at 8:23 AM
Cyber security

In a joint letter to the government, 11 international organizations with tech giants like Google, Facebook, and HP as members said that India’s new cyber security directive requiring notification of cyber attack incidents within six hours and storage of user logs for five years will make it more difficult for companies to do business in the country. On May 26, 11 groups, largely representing technology businesses in the United States, Europe, and Asia, issued a combined letter to Sanjay Bahl, Director General of the Computer Emergency Response Team of India (CERT-In).

International organizations have expressed concern that the directive, as written, will have a negative impact on cybersecurity for Indian businesses and will create a fragmented approach to cybersecurity across jurisdictions, undermining India’s and its allies’ security posture in the Quad countries, Europe, and beyond. “The onerous nature of the standards may also make doing business in India challenging for firms,” the letter stated. The Information Technology Industry Council (ITI), the Asian Securities and Financial Markets Industry Association (ASIFMA), the Banking Policy Institute, BSA – The Software Alliance, Coalition to Reduce Cyber Risk (CR2), Cyber Security Coalition, Digital Europe, techUK, US Chamber of Commerce, US-India Business Council, and US Strategic Partnership Forum are among the international organizations that have expressed concern. USA-India.

15 Critical Cyber Security Tips for Business

Internet service providers routinely gather user information, according to the joint letter, but extending similar duties to VSP, CSP, and VPN providers is costly and onerous. According to the worldwide bodies, storing the data locally for the customer’s life cycle and for the next five years would necessitate storage and security resources, thus the costs must be passed on to the client, who has not specifically asked that it be stored. After your service is terminated, keep this info. CERT-FAQs, In’s according to Lang, do not address the problematic requirements, such as the six-hour reporting deadline.

For more such updates, keep reading on

Share this Article