On February 24, 2019, the government released the national ecommerce policy draft with a focus on securing critical personal data arising in India and treating it as a \u2018national asset\u2019. The draft suggested that every bit of payments data originating from India has to be stored within the country.\r\n\r\nWhile these guidelines can be seen as a stepping stone towards the nation\u2019s data sovereignty, it will also lead to some inherent technology and business challenges.\r\n\r\nHere\u2019s how different industries\/segments will be impacted by the implementation of the new ecommerce policy:\r\n\u00a0Application Developers\r\nIndia is evidently the world\u2019s fastest-growing market for mobile applications for both, Apple iOS and Google\u2019s Android Play Store. And hence, resulting in the most number of mobile app downloads across both the platforms. There is an abundance of talent and intense competition among infrastructure providers to offer best in class services at the most competitive prices.\r\n\r\nThe regulatory requirements to store data on-soil would mean that the developers, instead of choosing the best, fastest, and cheapest providers to store and compute data, will now hunt for domestic providers. Traditionally, the domestic IT infrastructure and storage providers have been laggards in terms of pricing, tech specifications and an end to end support.\r\n\r\nHence, their services are often opted by less agile enterprises instead of startups. With the change in regulation, the mandate for high quality and cost-effective services could be reduced due to the lack of competition. On the flip side, there is an opportunity for Indian IT companies to set-up their own data centres which will further lead to an increase in employment and investment at the domestic level.\r\nFintech Startups\r\nIn the last 4-5 years, India has seen an absolute boom in terms of entry of fintech startups. Highlighting the potential of India\u2019s fintech ecosystem, Prime Minister Narendra Modi said last year: "I say this to all the fintech companies and startups \u2013 India is your best destination.\u201d\r\n\r\nHowever, the new data storage guidelines could hamper the potential of fintech companies starting or operating in India to scale up globally. This is because earlier, they did not have to bother much while choosing the cloud service provider.\r\n\r\nThey could simply choose the one with the best pricing and flexibility. However, with reduced competition, cloud services by domestic providers could create a competitive disadvantage for fintech startups, in case they are looking to build their machine learning on Indian and global data. Similarly, for startups from other parts of the world, data localisation regulations could be a big dampener and a reason not to scale up in India.\r\n\r\nFurther, its often not easy for small startup teams to manage product re-engineering based on complex regulations, especially while factoring in any possible revenue advantages that may arise. The government should lay down some regulations to balance pricing, else they are at the risk of losing genuine business opportunities while they figure out a way to comply.\r\n\r\nFor example, at the onset of GDPR regulations, many IT infrastructure providers had blocked all EU originated incoming requests to their platform until they were sure that they could comply with the same.\r\nMultinational Technology Companies\r\nThe technology boom in the '90s opened the door of the Indian market for several global tech giants. Over the years, these companies have interacted with a lot of Indian consumers and accumulated petabytes of data. A large chunk of this data might be stored overseas due to different techno-commercial reasons.\r\n\r\nThe new data storage guidelines may need many of these companies to change their business model as they look for on-soil storage. This is because if their data cannot leave the shores at any point of time, many value-added services provided by such companies will have to be stopped.\r\n\r\nThink of a payments network that compares millions of transactions flowing through their system, around the world to detect any fraudulent activities. If the payments data originating within India will have to remain within the country, it cannot be compared against global cybercrime trends. As a result, Indian consumers will not have the advantage of being safeguarded against any future threats regarding the safety of their payments.\r\nBringing It All Together\r\nFor all the above segments, backup and recovery sites are planned at a location far from main servers. This provides better protection in case of any natural disaster, geo-political movements, and cyber threats. However, the new guidelines require both the sites to be within India.\r\n\r\nThis makes planning for data redundancy and disaster recovery much more complex. But India has the potential and the required skill-set to develop these complex infrastructures\r\n\r\nWhile there is no doubt about RBI\u2019s intent to protect the Indian consumers against potential cyber threats, there will be near term challenges when it comes to the implementation of the guidelines. While businesses chalk out their roadmap to move ahead, the regulator should work in consultation with businesses and provide an adequate timeframe to make the required changes.\r\n\r\nFor local IT infrastructure providers, this is a breakthrough opportunity to raise their game, provide an enhanced bouquet of services, at competitive prices. This will bring them at par with their global peers and usher a new IT era in India.