August 04, 2010

STRINGENT RULES FOR FOREIGN TELECOM VENDORS

Background

The telecom sector has always been a sensitive and highly regulated sector in India. While economic liberalization has led to the opening up of this sector to foreign investment, there have been growing concerns on the part of the government with respect to security of the telecom networks in India and their vulnerability to threats. Over the past few months, the government has introduced   various measures  in view of these concerns such as inter alia1,

(i)       the requirement for telecom operators to obtain security clearance from the Department of Telecommunications (“DoT”) for core equipment supplied to them by foreign vendors; and

(ii)     the requirement that telecom operators are required to include a clause in their purchase orders to such foreign manufacturers to the effect that the foreign manufacturers shall effectuate a transfer of technology of all critical equipment and software to Indian manufacturers within a period of three years from the date of the purchase order. Criminal liability has been linked to non-compliance.

Though these measures attempt to address national security concerns, they have become the source of a lot of controversy and opposition due to their harsh and one-sided nature.

The DoT has now issued notification dated July 28, 2010 which amends the terms of the telecom licenses under which the telecom operators provide services and imposes certain specific obligations on the telecom operators (“Notification”) 2. More importantly, this Notification provides clarification on the scope and nature of technology transfer; it is now clear that the scope of technology transfer being considered by the Government is much wider than was earlier perceived upon issue of the March 18, 2010 notification

Analysis of the Salient Features of the Notification

Some of the salient features of the Notification are:

1.         Security Policy. Within thirty (30) days of the date of the Notification, the telecom operators are to submit to the DoT their organizational policy on security and security management.

The telecom licenses currently contain detailed security provisions which the telecom operators have to necessarily comply with including terms and conditions for the inspection of network equipment, monitoring of traffic, provision of call data records and encryption norms. Since the DoT has not mandated any minimum standards or models to be followed by the telecom operators in framing such organizational policies and it is not yet clear whether such policies will be made public, the benefits of this requirement remain to be seen. 

2.         Network Audit. Telecom operators have to engage the services of internationally accredited agencies to conduct audit and certification of core equipment such as routers, switches, firewall, intrusion detection and prevention systems, VOIP and all software associated with all the telecom operations and services. In order to eliminate any risk of conflict, the telecom operators have to ensure that such audit agencies should not be from the same country as that of the vendors of the telecom operators. 

3.         Minimal dependence on foreign engineers. The telecom operators are to ensure that dependence of foreign engineers shall be made minimal and/or almost nil within a period of two (2) years from the date of the Notification.

The telecom licenses already contain provisions which make it mandatory for the telecom operators to obtain security clearance in respect of foreign nationals to be deployed for installation, operation and maintenance of the telecom network.  The Government has now gone a step further and has made provisions to ensure that the there is no dependence on foreign expertise in network management.

4.         Location details. The telecom operators have to ensure that within one (1) year from the date of their existing equipment are upgraded so as to ensure that the telecom operators are able to provide location details of mobile customers within a precision of upto fifty (50) meters.

The telecom licenses authorize the DoT to issue directions to the telecom operators on the precision of the data regarding subscriber locations which should be provided by the DoT. The DoT has exercised this right and has provided very specific location details which should be provided by the telecom operators.

5.         Security and Business Continuity Agreement Template. The DoT has approved the template of a Security and Business Continuity agreement (“Security Agreement”) which has to be executed by the telecom operators and their vendors. This Security Agreement will be executed in addition to the main supply/ procurement/ license agreement which may be signed between the telecom operator and the vendors; it is to be noted that in case of any conflict, the terms of the Security Agreement would prevail.

While the Security Agreement has been eagerly awaited by the industry, it  is perhaps the most stringent and disturbing of all the new policies.  It is disheartening to note the somewhat haphazard manner in which it has been drafted  and mandatorily enforced on operators and vendors. It contains numerous provisions on security related tests, access to network systems and transfer of intellectual property. We discuss some of the important ones below;

(i)             Transfer of Technology While the March 18, 2010 notification did state that the vendors would have to sign up to a transfer of technology clause, there was hope that the government would come out with reasonable guidelines on the scope of such transfer. However the only provision of the Security Agreement which relates to technology transfer reads as follows:

“4.6.2          At the time of termination of contract or as and when required by the TSP, the vendor shall ensure making over all tools, procedures, documents, skills, softwares etc. using which TSP system were maintained operated, analysed, attended etc, by the Vendor.” 3

This provision is particularly controversial since the intellectual property that vests in technology provided by vendors is perhaps the most important and valuable asset for the vendor. This provision read in line with the requirements of the March 18, 2010 notification is in effect asking for an outright transfer of the vendors   intellectual property  to a third party. Such a provision is highly objectionable and against the basic principles of commerce between private parties. 

(ii)           Escrow The telecom operator and the vendor have to enter into an agreement with an escrow agent authorized by Controller of Certifying Agencies (“CCA”) or the National Informatics Centre, Department of Information Technology, Government of India. This arrangement covers all information and documentation relating to the supply and service obligations of the vendor (including all software source codes) (“Escrow Materials”). The CCA shall create an encryption key for the Escrow Materials; the encrypted Escrow Materials shall be deposited in escrow and the decryption key shall remain with the escrow agent. The Escrow Materials may be released on the occurrence of any of the release events such as (a) failure of the vendor to provide support, (b) corporate reorganization (c) inspection of source codes experts designated by the DoT, (d) in any event where the DoT is satisfied about the need and requirement of such release.

Some of the release events included in the escrow provision are draconian in the sense that DoT has been given the right to unilaterally obtain the source codes at its discretion. Coupled with the Transfer of Technology provision (which can be triggered not only by the DoT but also by the telecom operator), it seems that the vendor is effectively being asked to sign away all their rights in their intellectual property.

(iii)          Personal Data The Security Agreement imposes certain obligations on vendors where they process any sensitive or personal data in India inter alia that the vendor should be a registered safe harbor in India. The Notification also states that the vendors need to comply with the “Data Protection Legislation” which is defined as; “collectively the Directive  applicable local legislation, which includes in respect of Personal Data originating in the India, the IT ACT, 2000 and other relevant Laws”.4

The DoT had earlier issued a Direction dated February 26, 2010 to ensure compliance by the service providers regarding confidentiality of information of subscribers and privacy of communications. The telecom licenses also contain provisions for ensuring the privacy and confidentiality of information of subscribers. The Information Technology (Amendment) Act, 2008 has been brought into force from October 27, 2009, also includes a telecom service provider in the category of an intermediary and is liable for any offence under the said act.

It should also be noted that India does not have any regulations for safe harbor registration; as such the intention of Government in including requirements for safe harbor registration is not clear at this point. Moreover, it can be argued that provisions for processing of personal data cannot be made applicable to a vendor who is simply a supplier of hardware and software unless such vendor actually manages and control the telecom network. It remains to be seen if the Government comes up with new requirements for safe harbor registration.

6.       Penalty. In the event of any security breach, the affected equipment shall be taken out of service ad a penalty shall be levied on the telecom operator amounting to INR 50,00,00,000 for each affected purchase order and a penalty of 100% of the contract value.

Conclusion

It should be noted that while all the requirements  under the Notification (except the requirement for telecom operators and vendors to execute the Security Agreement)are in the nature of obligations cast on the telecom operator, in all likelihood, the telecom operators will execute back-to-back agreements with the vendors vide which the vendors would have to comply with these requirements. Accordingly, vide the Notification and other similar requirements promulgated by the DoT, the vendors are indirectly compelled to abide by the DoT regulations. Notwithstanding the foregoing, the requirement to execute the Security Agreement is an obligation that has been imposed by the DoT directly on the vendors.

The aim of the Government in implementing such regulations as stated in the March 18, 2010 notification is that there is a “need to reduce vulnerability in the long run”. It is true that while the telecom sector in India is very lucrative, India does not have a very strong indigenous telecom manufacturing industry. Since telecom is a security sensitive sector, the government’s concerns in this area are understandable. However, while some measures which have been adopted by the government such as security vetting of vendors may be welcome and desirable, the unilateral rights to take over the intellectual property rights of vendors without providing justification has met with widespread disapproval not only from the vendors but from telecom operators as well. If such measures are not changed it will cause great prejudice to Indian telecom since foreign vendors are likely to shy away from a regulatory set up which unfairly empowers the government to literally take over their assets.  Further, such complex and strict regulatory conditions may also be akin to the imposition of non- tariff barriers on free trade and may be viewed as potential WTO non-compliance.

If the telecom operators follow the DoT guidelines and obtain security clearance foreign vendors and the equipment, there is very little justification on the reasoning adopted by the government that such foreign vendors would continue to pose a security threat to the country. If the Government believes that it has justified reasons for believing that the operations of any such security vetted vendors poses a threat to national security, the Government can cancel the security clearance; such cancellation should off course only be resorted to upon observance of the principles of natural justice. Further a well formulated escrow mechanism can be considered which has well defined release events which do not operate at the mere discretion of the Government. Such release events could be in the form of imminent and grave national security threats. While the Government’s efforts to bolster the Indian telecom manufacturing industry is understandable, this aim cannot be effectively achieved by imposing regulations which compel foreign vendors to give their assets to indigenous entities.

It is hoped that the government will soon come out with positive and encouraging clarifications and amendments to the Notification and template agreement.

 

_______________

1 DoT Notification dated March 18, 2010 issued by the DoT; http://www.dot.gov.in/as/2010/as_22.03.2010.pdf

2 (i) Notification No. 10-15/2009-AS.III/Vol.II/(Pt.)/(25) amends the Unified Access Service License Agreement; (ii)  Notification No. 10-15/2009-AS.III/Vol.II/(Pt.)/(26) amends the Basic Service License Agreement; (iii) Notification No. 10-15/2009-AS.III/Vol.II/(Pt.)/(27) and Notification No. 10-15/2009-AS.III/Vol.II/(Pt.)/(28) and Notification No. 10-15/2009-AS.III/Vol.II/(Pt.)/(29) amends the Cellular Mobile Telephone Service License Agreement.

3 The Security Agreement defines TSP as follows: “TSP means  Telecom Service Provider licensed under section 4 of Indian Telegraph Act 1885 by the Licensor, Government of India”

4 The Security Agreement defines Directive as follows: “Directive of the LICENSOR with regard to the processing of personal data and on the free movement of such data, or any subsequent legislation in relation thereto”

 

 

 

- Rakhi Jindal, Vivek Kathpalia & Vaibhav Parikh

 

You may direct your comments to Ramya Krishnan-AniL

+91 900465 0363

 

Management by Trust in a Democratic Enterprise: A Law Firm Shapes Organizational Behavior to Create Competitive Advantage, Global Business and Organizational Excellence, Sep 2009

NDA: A different approach by Shyamal Majumdar, Business Standard, July 23, 2009.

A law firm head spends his time studying organisational behavior.

 

Chambers & Partners: Ranked no. 1 for Tax, TMT and Real Estate-FDI practices

IFLR : Winner of Indian Law Firm of the Year 2010 for Technology-Media-Telecom (TMT)

Nishith Desai: Voted ‘External Counsel of the Year 2009’ by Asian Counsel

Pacific Business Press: Winner of 'Asian-Counsel’s Social Responsible Deals of the Year 2009'

>>>

Impact of India's Takeover Regulations Advisory Committee Recommendations on Mergers & Acquisitions, July 29, 2010

Impact of India’s revised Direct Tax Code Discussion Paper on international business, June 21, 2010

Fund Structuring - Formal Embargo on Protected Cell Companies, April 21, 2010

 

Welcome to connect with us at interesting conferences, seminars and events.

>>>

 

Introducing NDA Dialawgue and Deal Destination.

Nishchal Joshipura on NDTV Profit: New norms to spark hostile takeovers?

Mr. Nishith Desai on CNBC TV18: Taxing capital gains fully a bad move: E&Y

Mr. Nishith Desai on CNBC TV18: Vodafone V/S Tax Department: Round 4!

Siddharth Shah on CNBC TV18: How will new public shareholding norms impact mkts?

>>>

 

Click here to view Hotline archives.

Bharti connects with Zain after two missed calls with MTN, May 17, 2010

The Battle For Fame - Part I, April 1, 2010

>>>

Indian Takeover Regulations up for Overhaul!, Bar & Bench, Arun Scaria, Sahil Shah & Nishchal Joshipura, July 29, 2010

Intellectual Property (IP) Audit - A Legal Perspective, IPost, Prerak Hora, July 2010

Gratuity Amendment, Human Capital, Vikram Shroff and Harshita Srivastava, July 2010

Doing Business in India

Joint Ventures in India

Mergers & Acquisitions in India

Dispute Resolution in India

Real Estate Investment

>>>

 

Our email newsletters – Hotlines are very popular for their insights and analysis. Sign-up to receive Hotlines on the following – Tax, CorpSec, HR, Dispute Resolution and our regular updates such as M&A Labs, IP, Pharma, Media, Telecom Updates and Budget and Policy Analyses.

 

Please visit www.nishithdesai.com to access our Research online.

 

Unsubscribe

 

Feedback

Disclaimer: The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.

This Hotline provides general information existing at the time of preparation. The Hotline is intended as a news update and Nishith Desai Associates neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this Hotline. It is recommended that professional advice be taken based on the specific facts and circumstances. This Hotline does not substitute the need to refer to the original pronouncements. 

This is not a Spam mail. You have received this mail because you have either requested for it or someone must have suggested your name. Since India has no anti-spamming law, we refer to the US directive, which states that a mail cannot be considered Spam if it contains the sender's contact information, which this mail does. In case this mail doesn't concern you, please unsubscribe from mailing list.