Technology Law Analysis
August 25, 2022
Stricter cybersecurity norms and reporting requirements - why MNCs and start-ups alike are gearing up for rippling change

Summary

In this article, we analyse the new cyber security compliance and reporting regime under the directions and FAQs recently issued by the Indian Computer Emergency Response Team (CERT-In), which is the national agency for cybersecurity related functions in India, and operates under the Ministry of Electronics and Information Technology (MeitY). The directions provide for additional compliance requirements such as maintenance of logs, know your customer (KYC) requirements, in addition to stipulating a strict 6-hour reporting timeline for certain kinds of cyber security incidents.

The article provides an insight into what global businesses need to know if they have tech infrastructure or subsidiaries in India, or are even remotely targeting Indian users.

The online version of the article was published on OneTrust DataGuidance - Insights, and can be accessed here.

The article was also published in the Data Protection Leader Magazine (Volume 4 Issue 4, July 2022), of which the full issue can be downloaded here.


Varsha Rajesh, Aniruddha Majumdar & Aaron Kamath

You can direct your queries or comments to the authors

Disclaimer

The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.

This Hotline provides general information existing at the time of preparation. The Hotline is intended as a news update and Nishith Desai Associates neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this Hotline. It is recommended that professional advice be taken based on the specific facts and circumstances. This Hotline does not substitute the need to refer to the original pronouncements.

This is not a Spam mail. You have received this mail because you have either requested for it or someone must have suggested your name. Since India has no anti-spamming law, we refer to the US directive, which states that a mail cannot be considered Spam if it contains the sender's contact information, which this mail does. In case this mail doesn't concern you, please unsubscribe from mailing list.

NDA Connect

Connect with us at events, 
conferences and seminars.

Technology Law Analysis

August 25, 2022

Stricter cybersecurity norms and reporting requirements - why MNCs and start-ups alike are gearing up for rippling change

Summary

In this article, we analyse the new cyber security compliance and reporting regime under the directions and FAQs recently issued by the Indian Computer Emergency Response Team (CERT-In), which is the national agency for cybersecurity related functions in India, and operates under the Ministry of Electronics and Information Technology (MeitY). The directions provide for additional compliance requirements such as maintenance of logs, know your customer (KYC) requirements, in addition to stipulating a strict 6-hour reporting timeline for certain kinds of cyber security incidents.

The article provides an insight into what global businesses need to know if they have tech infrastructure or subsidiaries in India, or are even remotely targeting Indian users.

The online version of the article was published on OneTrust DataGuidance - Insights, and can be accessed here.

The article was also published in the Data Protection Leader Magazine (Volume 4 Issue 4, July 2022), of which the full issue can be downloaded here.


Varsha Rajesh, Aniruddha Majumdar & Aaron Kamath

You can direct your queries or comments to the authors

Disclaimer

The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.

This Hotline provides general information existing at the time of preparation. The Hotline is intended as a news update and Nishith Desai Associates neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this Hotline. It is recommended that professional advice be taken based on the specific facts and circumstances. This Hotline does not substitute the need to refer to the original pronouncements.

This is not a Spam mail. You have received this mail because you have either requested for it or someone must have suggested your name. Since India has no anti-spamming law, we refer to the US directive, which states that a mail cannot be considered Spam if it contains the sender's contact information, which this mail does. In case this mail doesn't concern you, please unsubscribe from mailing list.

NDA Connect

Connect with us at events, 
conferences and seminars.