 "India to press ahead with strict cybersec rules despite industry concerns")
By Munsif Vengattil and Aditya Kalra
NEW DELHI (Reuters) - India will not change upcoming cybersecurity rules that force social media, technology companies and cloud service providers to report data breaches swiftly, despite growing industry concerns, the government said on Wednesday.
The Indian Computer Emergency Response Team issued a directive in April asking tech companies to report data breaches within six hours of "noticing such incidents" and to maintain IT and communications logs for six months.
They also mandated cloud service providers such as Amazon and virtual private network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company's services.
The measures have raised concerns within the industry about a growing compliance burden and higher costs.
India's junior IT minister Rajeev Chandrasekhar said there will be no changes despite the worries, saying tech companies have an obligation to know who is using their services.
India has tightened regulation of Big Tech firms in recent years, prompting pushback from the industry and in some cases even straining trade ties between New Delhi and Washington.
New Delhi has said the new rules were needed as cybersecurity incidents were reported regularly but the requisite information needed to investigate them was not always readily available from the service providers.
But the rules have caused widespread discontent. In a closed-door meeting this week, many social media and tech company executives discussed strategies to urge New Delhi to put the rules on hold, according to a source with direct knowledge.
The source said European authorities require data breaches to be reported within about 72 hours, adding that it was difficult to report incidents in six hours.
Chandrasekhar, however, said India was being generous, as some countries mandate immediate reporting.
The rules are set to be enforced from end of June. After they were announced, NordVPN, one of the world's largest VPN providers, said it may remove its servers from India.
Privacy activists have said the rules contradict the idea of VPN, which is to safeguard identity of individuals such as whistleblowers from surveillance.
"If you don't want to go by these rules, and if you want to pull out, then frankly ... you have to pull out," Chandrasekhar told reporters.
(Reporting by Munsif Vengattil and Aditya Kalra in New Delhi; Editing by David Clarke)
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app