The Internet and Mobile Association of India (IAMAI), which represents firms including tech giants like Facebook and Google, has warned the centre regarding India’s new cybersecurity rules.
The body said that India’s cybersecurity regulations set to take effect later this month would foster a climate of “fear rather than trust” while writing to the IT ministry.
The Indian Computer Emergency Response Team (CERT-In), which is part of the IT ministry, has issued a rule that compels IT companies to report data breaches within six hours of detection and to keep IT and communication logs for six months.
However, IAMAI proposed that the six-hour limit should be extended, citing that the global standard for reporting cyber-security incidents is 72 hours, according to a report by Reuters.
Earlier on April 26, CERT issued recommendations requiring virtual private network (VPN) service providers, as well as data centres and cloud service providers, to keep information such as names, e-mail IDs, contact numbers, and IP addresses (among other things) for a period of five years.
The government claimed that it needs these facts to fight cybercrime, but the industry claims that anonymity is one of VPN services’ primary selling factors and that such a move would violate VPN platforms’ privacy policies.
In the letter, IAMAI said that the expense of complying with such directives may be “massive,” and suggested that the penalties for violations of law, including prison time, could force companies to stop doing business in India.
Some VPN service providers have already started taking significant steps.
For example, ExpressVPN has pulled its servers out of India, making it the first major VPN provider to do so in the wake of the new regulations. While ExpressVPN was the first to withdraw its services from India, other VPN companies, such as NordVPN, have followed suit.
However, IAMAI’s letter follows one issued earlier this week by 11 major tech-aligned sector organisations, which stated that the new restrictions made it difficult for them to do business in India.
Eleven industry groups from the European Union, United Kingdom and the United States, including the US Chamber of Commerce and US-India Business Council, said the directive’s “onerous nature” might make it more difficult for companies to do business in India.
Big tech corporations such as Facebook, Google, Apple, Amazon and Microsoft, as well as others are among the signatories to that letter. It also includes Asia Securities Industry & Financial Markets Association (ASIFMA), Bank Policy Institute, BSA, Coalition to Reduce Cyber Risk, Cybersecurity Coalition, Digital Europe, Information Technology Industry Council (ITI), techUK, US Chamber of Commerce, US-India Business Council (USIBC), and US-India Strategic Partnership Forum (USISPF).
Read all the Latest News , Breaking News and IPL 2022 Live Updates here.