The Internet and Mobile Association of India (IAMAI), which represents companies such as Facebook, Google, and Reliance, wrote to India’s IT ministry this week to express its displeasure with a cybersecurity guideline issued in April.
A group representing leading internet businesses has warned the government that cybersecurity laws set to take effect later this month will create a “climate of fear rather than trust,” and has called for a one-year delay.
The Internet and Mobile Association of India (IAMAI), which represents companies such as Facebook, Google, and Reliance, wrote to India’s IT ministry this week to express its displeasure with a cybersecurity guideline issued in April.
The Indian Computer Emergency Response Team (CERT) has issued a rule that compels IT companies to report data breaches within six hours of becoming aware of them and to keep IT and communications logs for six months.
IAMAI advocated extending the six-hour timeframe in a letter seen by Reuters, adding that the global standard for reporting cyber-security problems is generally 72 hours.
CERT, which is part of the IT ministry, has also ordered cloud service providers like Amazon and virtual private network (VPN) providers to keep names and IP addresses of their customers for at least five years after they stop using the company’s services.
According to the IAMAI letter, the expense of complying with such guidelines may be “huge,” and suggested penalties for violations, which include prison time, might lead to “entities stopping business in India for fear of running afoul.”
ExpressVPN pulled its servers out of India on Thursday, claiming that it “refuses to assist in the Indian government’s attempts to impede internet freedom.”
IAMAI’s letter follows one issued earlier this week by 11 major tech-aligned sector organisations, which stated that the new restrictions made doing business in India difficult.
In recent years, India has increased oversight of giant digital businesses, causing industry backlash and, in some circumstances, damaging trade ties between New Delhi and Washington.
The new laws, according to New Delhi, are necessary because cybersecurity breaches are frequently reported, but the information needed to investigate them is not always easily available from service providers.
Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.
