India reaffirms commitment to new cybersecurity rules

Image: Ministry of Electronics and Information Technology

India has reaffirmed its commitment to new cybersecurity rules under a directive from the country’s computer emergency response team — known as Cert-In — that will force virtual private server providers, cloud service providers, and virtual private network service (VPN) providers to store customer information.

Service providers will be required to maintain a database that includes user IP addresses, names, period of subscription, user email addresses, validated addresses, and contact information.

India’s junior IT minister Rajeev Chandrasekhar released a frequently asked questions document on Wednesday addressing concerns aimed at the new rules — particularly around the requirement that tech companies provide information on data breaches to government within six hours of the incident occurring.

“The nature of user harms and risks in 2022 are different from what it used to be a decade back … Rapid and mandatory reporting of incidents is a must and a primary requirement for remedial action for ensuring stability and resilience of cyber space,” said Chandrasekhar.

According to Reuters, Chandrasekhar also said that tech companies should “pull out” of the country if they do not want to comply with the new government directive.

Meanwhile, VPN provider

Read More: