Trai recommends applying trusted source procurement rule on data centres

Telecom regulator Trai on Friday recommended trusted source procurement rule be applied on data centres to discourage the use of insecure equipment in the network.

The Telecom Regulatory Authority of India (Trai) under its recommendation for "Regulatory Framework for Promoting Data Economy Through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges in India" has suggested registration of content delivery networks, which includes entities like Google Cloud CDN, Amazon CloudFront, Azure CDN etc with the Department of Telecom.

"The Authority recommends that trusted source procurement applicable for licensees under section 4 of India Telegraph Act 1885, should also be made applicable for DCs (data centres) for security sensitive equipment," Trai said.

The trusted source norms bars telecom networks from procuring any equipment from entities that are not notified as trusted sources by the National Cyber Security Coordinator.

Trai has recommended the centre should define certain fiscal and non-fiscal incentives for the data centre sector The as part of Data Centre Incentivization Scheme (DCIS), that should be made applicable across all states while leaving the flexibility to the states to announce further fiscal and non-fiscal incentives through their policies.

The regulator has suggested CDN players should be registered with the Department of Telecommunications through a simple online registration process. Data Centres hosting CDNs are connected to each other and the internet cloud via internet exchanges (IXPs).

Demand for CDN services in India is growing with the emergence of new players in the over-the-top category like Netflix, Amazon Prime Video, e-commerce, online education, gaming etc.

Trai has recommended to bring IXPs under a separate authorization in Unified License that are much less onerous than internet service providers license authorization.

"The Authority also recommends that any entity that intends to provide IXP services in India can do so either under ISP license/ UL-ISP authorization or under standalone UL-IXP authorization.

The Authority also recommends that all existing players, including NIXI should be brought within this licensing framework in a stipulated time not exceeding six months," the regulator said.

As part of the recommendations, Trai has recommended the formation of the Data Digitization and Monetization Council (DDMC) to oversee all issues related to data digitization, data sharing, and data monetization in the country.

Trai said that DDMC should also be entrusted with responsibility of putting in place an overarching framework for ethical use of data both by the Government as well as by the corporates in India.