In a modern and global business world, technological advancement is both an essential factor and driving force. Emerging technologies such as cryptocurrency, blockchain and artificial intelligence have transformed traditional mindsets and ideals and led to the development of new and innovative business models.
The changing face of technology makes it necessary for technology law and policy to be equally adaptive and transformative. This is particularly important in a jurisdiction such as India, where information technology and relative services make up a major part of the economy. The Indian government in particular has risen to this challenge and the legislative changes brought about by the government in recent years, in the technology law space, clearly showcase the same.
By way of brief background, the principal statute governing the technology law space in India is the the Information Technology Act, 2000 (‘IT Act’). While the IT Act itself was brought in force at the time of the advent of the internet in India (with the aim of facilitating governance in the technology law and policy space in the country), the Indian Ministry of Electronics and Information Technology (‘MeitY’) has since rolled out subordinate legislation (under the ambit of the IT Act) for regulating the latest emerging technologies seen in the technology law and policy space. Such legislation includes the following technology laws and regulations:
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘Intermediary Rules’): The Intermediary Rules are applicable to all intermediaries functioning in India. For reference, an intermediary (per the IT Act) can be understood as ‘person who receives, stores or transmits any electronic record and provides any service relating to such record on the behalf of another person.’. The Intermediary Rules classify intermediaries into various different categories (including publishers of news and current affairs, OTT platforms and social media intermediaries) and prescribe various compliances for each category of intermediary. Notably, there has been a recent major amendment to the Intermediary Rules, which provide for regulation of online gaming and recognize a new category of intermediary (viz. ‘online gaming intermediary).
Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (‘CERT-In Rules’): The Indian Computer Emergency Response Team or ‘CERT-In’ (set up under the ambit of these rules) is the national nodal agency for responding to computer security incidents as and when they occur and preforms various functions in area of cyber security, cyber incidents, information security practices, etc. CERT-In is also authorized for issuing various directions, guidelines, whitepapers and advisories. Notably, in a series of guidelines issued in 2022 concerning the reporting of cyber security incidents, Cert-In has imposed various compliances in this regard upon intermediaries, body corporates, governmental entities and various categories of service providers (including VPN service providers, among others). Among other things, the Directions impose a stringent 6-hour timeline for reporting a cybersecurity incident and broaden the ambit of the kinds of cybersecurity issues that must be reported by the relevant entities.
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘RSP Rules’): The RSP Rules are presently the predominant legislation in India that governs the collection, storage, transfer, disclosure, and other processing of the ‘personal information’ as well as ‘sensitive personal data and information’ of ‘providers of information’ (being Indian individuals) by a body corporate via its online platform.
As mentioned, the principal statute governing the technology law space in India is the IT Act (and the subordinate technology laws and regulations thereunder). Stakeholders operating in specific industry and business sectors are also subject to observe technology regulations of regulatory bodies such as the Reserve Bank of India (‘RBI’), Securities and Exchange Board of India (‘SEBI’) and Insurance Regulatory and Development Authority of India (‘IRDAI’).highlight a few, the RBI (Outsourcing of Information Technology Services) Directions, 2023 have been issued this year (as of April 10, 2023) with the aim of reducing the degree of risks associated with outsourcing information technology services. These are applicable to RBI regulated entities (such as the commercial banks, urban co-operative banks, non-banking financial companies, credit information companies). Similarly, the IRDAI (Insurance Web Aggregators) Regulations, 2017 regulate ‘insurance web aggregators’ or insurance intermediaries, who ‘maintain a website for providing interface to the insurance prospects for price comparison and information of products of different insurers and other related matters.’. In furtherance, the IRDAI has recently issued the IRDAI Information and Cyber Security Guidelines, 2023 (as of April 24, 2023) for insurance intermediaries.
To highlight a few, the RBI (Outsourcing of Information Technology Services) Directions, 2023 have been issued this year (as of April 10, 2023) with the aim of reducing the degree of risks associated with outsourcing information technology services. These are applicable to RBI regulated entities (such as the commercial banks, urban co-operative banks, non-banking financial companies, credit information companies). Similarly, the IRDAI (Insurance Web Aggregators) Regulations, 2017 regulate ‘insurance web aggregators’ or insurance intermediaries, who ‘maintain a website for providing interface to the insurance prospects for price comparison and information of products of different insurers and other related matters.’. In furtherance, the IRDAI has recently issued the IRDAI Information and Cyber Security Guidelines, 2023 (as of April 24, 2023) for insurance intermediaries.
In light of the above, it is clear that the Indian government is particularly active in recent years, in rolling out amendments and creating technology laws and regulations to cater to the changing requirements in the technology law and policy space. In fact, MeitY is currently working on the finalising the ambitious Digital India Act (not currently in the public domain), which is proposed to repeal and replace existing technology laws and regulations in the country.
0+
Years of Experience
0+
Clients Served
0Bn+
Deal Value Handled
0+
Expert Professionals
Ever since the emergence of blockchain technology a decentralized, distributed ledger that
Read MoreA&A’s expertise in the Fintech sector is second to none. Our team regularly advises multi-national
Read MoreAt Ahlawat & Associates, we offer specialized client solutions in the field of Edtech Law in India.
Read MoreA&A is among the top corporate law firms in India. At A&A, we believe that we are as good as our team, Our principle has guided us to ensure that we have the best corporate lawyers in India based at our main offices while the leading corporate lawyers in other parts of the world run our various practices across the nation, thus ensuring optimum management and service of even the most complex transactions. It is due to our standards of professional responsibility when dealing with our clients and various matters, which we stringently abide by that has enabled us to qualify as one of the reputed corporate law firms in India.
Whilst A&A commercial law services has been able to cater to legal needs pan India as well as globally, its main founding office and headquarters is in Delhi and it is due to this foothold. A&A corporate lawyer in India has played a vital role in providing advice to the government on various legal and policy-related issues and is amongst the few corporate law firms in India to have the experience and optimal understanding of interpretation and drafting of policy matters.
A&A adopts an approach that demands the highest levels of knowledge, technical skill and service delivery allowing us to provide accurate, reliable, timely, and cost-effective advice while maintaining international standards of excellence and create a bespoke approach for every client and their business. Our commercial law solicitors unique perspective of working on our client’s matters as a critical part of their team allows us to address their problems like our own. We believe that each client comes with different requirements and concerns – and we work tirelessly to achieve their goals and pursue their objectives.
We make sure that our fee structure and the legal costs involved are very transparent and predictable for our clients. We believe that client relationships are based on trust and a sense of common purpose and we never falter on our promise making us one of the best corporate law firms in India. Our priority has been to deliver the best legal & business solutions and our fee arrangements are tailored to the needs of the client, the client’s goals, and the nature of the matter.
The primary legislations governing the broad ambit of technology law includes the Information Technology Act, 2000 along with the rules framed thereunder including the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; the directions prescribed by the Indian Computer Emergency Response Team; various directions framed by the Reserve Bank of India (RBI); etc.
The primary legislation governing data privacy aspects in India is the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (which is framed under the Information Technology Act, 2000). This statute governs compliances associated with collection, processing, transfer, sharing and ensuring that the personal data of users is adequately protected. As regards breaches, the Indian Computer Emergency Response Team (CERT-In) has framed directions pertaining to ‘information security practices, procedure prevention, response and reporting of cyber incidents for Safe & Trusted Internet’, which needs to be complied by every intermediary.