Technology Law Analysis
August 25, 2022
Stricter cybersecurity norms and reporting requirements - why MNCs and start-ups alike are gearing up for rippling change
In this article, we analyse the new cyber security compliance and reporting regime under the directions and FAQs recently issued by the Indian Computer Emergency Response Team (CERT-In), which is the national agency for cybersecurity related functions in India, and operates under the Ministry of Electronics and Information Technology (MeitY). The directions provide for additional compliance requirements such as maintenance of logs, know your customer (KYC) requirements, in addition to stipulating a strict 6-hour reporting timeline for certain kinds of cyber security incidents.
The article provides an insight into what global businesses need to know if they have tech infrastructure or subsidiaries in India, or are even remotely targeting Indian users.
The online version of the article was published on OneTrust DataGuidance - Insights, and can be accessed here.
The article was also published in the Data Protection Leader Magazine (Volume 4 Issue 4, July 2022), of which the full issue can be downloaded here.
You can direct your queries or comments to the authors
The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.