Govt May Extend CERT-In Compliance Deadline By Three Months

Govt May Extend CERT-In Compliance Deadline By Three Months

SUMMARY

The possible extension comes after the government extended the original deadline of June 28 to September 25

The government does not want SMEs or MSMEs to bear the burden of additional compliance until they are ready to do so

On April 28, CERT-In issued new cyber security guidelines, mandating the reporting of a data breach within six hours of becoming aware of it

The government might extend the deadline for complying with the new cyber security directives issued by the Indian Computer Emergency Response Team (CERT-In) by another three months. The extension would apply to micro, small and medium enterprises (MSMEs) along with small and medium enterprises (SMEs).

The development comes after the government extended the original deadline of June 28 to September 25, after several companies, including MSMEs, requested more time to become compliant with the norms. 

Further, data centres, virtual private servers (VPS), cloud service providers and virtual private networks (VPNs) had also sought more time to implement KYC norms such as the validation of subscribers and their customers.

The Minister of State for Electronics and IT Rajeev Chandrasekhar was cited in an ET report stating that the government does not want SMEs or MSMEs to bear the burden of additional compliance until they are ready to do so.

While the government has not been flexible with the needs of VPNs and VPS, it has done so with SMEs and MSMEs, given that this might be the second extension for them to comply with the new cybersecurity norms.

While larger companies have complied with the guidelines, SMEs and MSMEs have found it harder to do so because of a lack of human resources to comply.

The CERT-In Guidelines In A Nutshell

On April 28, CERT-In issued new cyber security guidelines for all companies, intermediaries, data centres and government organisations. The guidelines mandated, among other things, that organisations have to report any data breach to the government within six hours of becoming aware of the breach.

While there was initial apprehension regarding the small window of time in which cybersecurity incidents had to be reported, the government pressed on with it.

The guidelines also required VPN service providers to collect data from their customers as part of KYC norms and provide the same to the government when required. The data to be collected included sensitive data including IP addresses, verification addresses and contact details.

This was seen as counterproductive by several VPNs operating in India who subsequently exited the country. Most recently, Proton VPN exited the country, calling the CERT-In guidelines regressive.

However, the government does not appear too fazed by the exodus of VPN providers, with Chandrasekhar stating in a press conference in May that VPNs failing to adhere to the guidelines were free to leave.

The guidelines have attracted criticism from international forums as well. 

In May, several international trade bodies, including the US Chamber of Commerce, the US-India Business Council, the US-India Strategic Partnership Forum and techUK, among others, wrote a letter to Sanjay Bahl, the director general of CERT-In, stating that the guidelines may have a ‘detrimental impact’ on cybersecurity.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Govt May Extend CERT-In Compliance Deadline By Three Months-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Govt May Extend CERT-In Compliance Deadline By Three Months-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Govt May Extend CERT-In Compliance Deadline By Three Months-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Govt May Extend CERT-In Compliance Deadline By Three Months-Inc42 Media
Govt May Extend CERT-In Compliance Deadline By Three Months-Inc42 Media
You’re in Good company