The Indian Computer Emergency Response Team (“CERT-In”), by way of its order dated June 27, 2022 (“Order”) has decided to extend the timelines for implementation of its directions dated April 28, 2022 (“Cyber Security Directions”) in respect of Micro, Small and Medium Enterprises (“MSMEs”) and to a limited extend, for Data Centres, Virtual Private Server (VPS) providers, Cloud Service Providers and Virtual Private Networks (VPN).
The Cyber Security Directions provide, inter-alia, that all service providers, intermediaries, data centres Government organisations and enterprises engaged in commercial or professional activities (“Stakeholders”) shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents. Additionally, the Cyber Security Directions provide for synchronisation of all ICT systems clocks by the Stakeholders, enablement of logs of all Stakeholders’ ICT systems, and maintenance of data by Data Centres, Virtual Private Server (VPS) providers, Cloud Service Providers and Virtual Private Network (VPN). The Cyber Security Directions were required to be implemented within 60 (sixty) days of introduction of the Cyber Security Directions.
The extension of the deadline for implementation of the Cyber Security Directions followed the receipt of various requests from MSMEs for such extension. Additional time for implementation was also sought with respect to implementation of mechanism for validation of subscribers/ customers by Data Centres, VPS providers, Cloud Service Providers and VPN service providers.
Pursuant to the request by the above-mentioned Stakeholders, the CERT-In, by way of the Order provided that the Cyber Security Directions will become effective on September 25, 2022 for MSMEs which are covered as per the criteria for MSME classification notified by the Ministry of Micro Small and Medium Enterprises vide its notification no. 2020 S.O. 1702(E) dated June 1, 2020. Furthermore, the requirement relating to the aspects of registration and maintenance of validated names of subscribers/ customers hiring the services and validated addresses and contact numbers by Data Centres, VPS providers, Cloud Service providers and VPN service providers, specifically referred to in paragraphs (v)(a) and (f) of Cyber Security Directions will become effective from September 25, 2022.
Please find a copy of the order, here and further information on the Cyber Security Directions, here.
This update has been contributed by Aryan Mohindroo (Associate).
Argus Knowledge Centre is now on WhatsApp! Send us a message on +91 8433523504 to receive updates from our Knowledge Centre.
7A, 7th Floor, Tower C, Max House,
Okhla Industrial Area, Phase 3
New Delhi – 110020
The rules of the Bar Council of India do not permit advocates to solicit work or advertise in any manner. This website has been created only for informational purposes and is not intended to constitute solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work in any manner. By clicking on 'Agree' below, you acknowledge and confirm the following:
a) there has been no solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
b) you are desirous of obtaining further information about us on your own accord and for your use;
c) no information or material provided on this website is to be construed as a legal opinion and use of this website will not create any lawyer-client relationship;
d) while reasonable care has been taken in ensuring the accuracy of the contents of the website, Argus Partners shall not be responsible for the results of any actions taken on the basis of information provided in this website or for any error or omission in the website; and
e) in cases where the user has any legal issues, the user must seek independent legal advice.