On Wednesday, the minister of state for electronics and IT, Rajeev Chandrasekhar said that VPS providers could not provide their services in India to meet the new set of cybersecurity guidelines.
The government released rules pertaining to the recent EDPS report. Rules for companies on how to handle data and comply with internet regulations are also available.
“You have no opportunity to be against the rules and codes of India,” he said. “If you do not keep the logs, take ownership for your actions and start maintaining them–if you want to leave, there is only one other option–to leave.”
Due to recent law changes, all user data submitted to cloud service providers, VPN firms, data center companies, or virtual private server providers must be stored for at least five years.
Reporters from The New York Times say that some VPN providers believe that the new rules would lead to security flaws. The minister disagrees with this concern.
The US-based technology industry body ITI has tapped into the request for cyber security breach reports from India, beseeching India to revise their request.
ITI warned that implementing the National Security Council’s public order mandates might put organizations, and by extension, the general cybersecurity of the country at risk.
The publishing industry body has called for a public forum to decide on the final directive.
The Indian Computer Emergency Response Team (CERT-In) issued an order requiring government and private institutions to notify CERT-In of any cyber security breaches within six hours. This includes internet service providers, social media platforms, and data centers.
The government launched a governmental circular that requires keeping records of access to IT systems for three months in India. This new policy, which comes with guidelines for each industry, will enable law enforcement agencies to take action against those who misuse ICT facilities.
The IT industry body, the Information Technology Industry (ITI) has voiced concerns over the new cyber security report requirement in which all cyber breaches must be reported to Indian government within six hours of notification. Other concerns include the extended timelines of data logs and maintaining systems within India.