Indian government extends timeline to implement new data collection rules for VPN service providers

The Indian government has given data centers, VPS providers, cloud service providers and VPN service providers additional time to implement these rules

The Government of India has announced that additional time will be given to data centers, VPS providers, cloud service providers and VPN service providers for the application of the new cybersecurity guidelines and for details validation aspects subscribers or customers. India’s Computer Emergency Response Team (CERT-In) has given until September 25, 2022 to Micro, Small and Medium Enterprises (MSMEs) to build the capacity needed to implement the cybersecurity guidance .

CERT-In has issued guidance on information security practices in exercising the powers under Section 70B(6) of the Information Technology Act to promote an open, secure, reliable and responsible in the country on April 28, 2022. The Indian Computer Emergency Response (CERT-In), under the Ministry of Information and Technology, the Government of India has recently made it mandatory for data centers , virtual private server (VPS) providers, VPN service providers, cloud service providers to store user data for five years. This decision was made to identify and address some gaps that were hampering the incident analysis process, CERT-in said.

“During the management of cyber incidents and interactions with the constituency, CERT-In has identified certain gaps that impede the analysis of incidents. To address the identified gaps and issues to facilitate incident response measures, the CERT-In has issued guidance for information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of subsection (6) of Section 70B. of the Information Technology Act 2000. These instructions will come into force after 60 days,” a statement from the organization read.

However, MeitY and CERT-In claim to have received requests to extend the deadlines for implementing these Cyber ​​Security Guidelines. “The issue was reviewed by CERT-In and it was decided to grant an extension until September 25, 2022 to Micro, Small and Medium Enterprises (MSMEs) to enable them to build the capacity needed to implement implementation of cybersecurity guidance. In addition, data centers, virtual private server (VPS) providers, cloud service providers and virtual private network (VPN service) service providers also benefit from a additional time until September 25, 2022 for the implementation of the mechanisms relating to the validation aspects of the subscriber/customer details”, indicates an official press release.

Ramon J. Espinoza