Indian Government has given data centres, VPS providers, cloud service providers and VPN service providers additional time to implement these rules
Indian Government has announced that additional time will be given to data centres, VPS providers, cloud service providers and VPN service providers for enforcement of the new Cyber Security Directions and for the validation aspects of subscribers or customers details. The Indian Computer Emergency Response Team (CERT-In) has given time until 25 September 2022 for Micro, Small and Medium Enterprises (MSMEs) to build the capacity required for the implementation of the Cyber Security Directions.
CERT-In issued directions relating to information security practices in exercise of powers bestowed u/s 70B(6) of the Information Technology Act to promote open, safe and trusted and accountable internet in the country on 28 April 2022. The Indian Computer Emergency Response Team (CERT-In), under the aegis of the Ministry of Information and Technology, Government of India recently made it mandatory for data centers, virtual private server (VPS) providers, VPN service providers, cloud service providers to store user data for five years. This decision has been taken to identify and close certain gaps that were hindering the process of incident analysis, said CERT-in.
“During the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days,” said a statement from the organisation.
However, MeitY and CERT-In claim to have received requests for the extension of timelines for implementation of these Cyber Security Directions. “The matter has been considered by CERT-In and it has been decided to provide extension till 25 September, 2022 to Micro, Small and Medium Enterprises (MSMEs) in order to enable them to build capacity required for the implementation of the Cyber Security Directions. In addition, Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers are also provided with additional time till 25 September, 2022 for implementation of mechanisms relating to the validation aspects of the of subscribers/customers details,” says an official statement.