India reaffirms commitment to new cybersecurity rules
India has reaffirmed its commitment to new cybersecurity standards under a directive from the country’s computer emergency response team, known as Cert-In, which will require virtual private server providers to cloud service providers and virtual private network (VPN) service providers to store customer information.
Service providers must maintain a database that includes users ‘IP addresses, names, subscription period, users’ email addresses, validated addresses, and contact information.
Indian Minority Information Minister Rajeev Chandrasekhar on Wednesday released a frequently asked questions document addressing concerns about the new rules, especially regarding the requirement for technology companies to provide information on government data breaches within six hours of the incident.
“The nature of the damage and risks of users in 2022 is different from what it used to be a decade ago … Rapid and mandatory incident reporting is a necessity and a key requirement for corrective action to ensure the stability and resilience of cyberspace, “Chandrasekhar said. .
Seconds ReutersChandrasekhar also said that technology companies should “withdraw” from the country if they do not want to comply with the new government directive.
Meanwhile, VPN provider ProtonVPN expressed concerns with regard to the new rules, alleging that the regulations are “an attack on privacy and a threat to put citizens under a surveillance microscope”, and that the company remains committed to its “non-registration policy” .
The FAQ document states that those who do not comply with the rules, do not provide the information as specified, will be punished with imprisonment for up to one year, a fine of up to ₹ 100,000 or both. The new rules will take effect in late June after they were first announced on April 28th.