On February 24, 2019, the government released the national ecommerce policy draft with a focus on securing critical personal data arising in India and treating it as a ‘national asset’. The draft suggested that every bit of payments data originating from India has to be stored within the country.
While these guidelines can be seen as a stepping stone towards the nation’s data sovereignty, it will also lead to some inherent technology and business challenges.
Here’s how different industries/segments will be impacted by the implementation of the new ecommerce policy:
India is evidently the world’s fastest-growing market for mobile applications for both, Apple iOS and Google’s Android Play Store. And hence, resulting in the most number of mobile app downloads across both the platforms. There is an abundance of talent and intense competition among infrastructure providers to offer best in class services at the most competitive prices.
The regulatory requirements to store data on-soil would mean that the developers, instead of choosing the best, fastest, and cheapest providers to store and compute data, will now hunt for domestic providers. Traditionally, the domestic IT infrastructure and storage providers have been laggards in terms of pricing, tech specifications and an end to end support.
Hence, their services are often opted by less agile enterprises instead of startups. With the change in regulation, the mandate for high quality and cost-effective services could be reduced due to the lack of competition. On the flip side, there is an opportunity for Indian IT companies to set-up their own data centres which will further lead to an increase in employment and investment at the domestic level.
In the last 4-5 years, India has seen an absolute boom in terms of entry of fintech startups. Highlighting the potential of India’s fintech ecosystem, Prime Minister Narendra Modi said last year: “I say this to all the fintech companies and startups – India is your best destination.”
However, the new data storage guidelines could hamper the potential of fintech companies starting or operating in India to scale up globally. This is because earlier, they did not have to bother much while choosing the cloud service provider.
They could simply choose the one with the best pricing and flexibility. However, with reduced competition, cloud services by domestic providers could create a competitive disadvantage for fintech startups, in case they are looking to build their machine learning on Indian and global data. Similarly, for startups from other parts of the world, data localisation regulations could be a big dampener and a reason not to scale up in India.
Further, its often not easy for small startup teams to manage product re-engineering based on complex regulations, especially while factoring in any possible revenue advantages that may arise. The government should lay down some regulations to balance pricing, else they are at the risk of losing genuine business opportunities while they figure out a way to comply.
For example, at the onset of GDPR regulations, many IT infrastructure providers had blocked all EU originated incoming requests to their platform until they were sure that they could comply with the same.
Multinational Technology Companies
The technology boom in the ’90s opened the door of the Indian market for several global tech giants. Over the years, these companies have interacted with a lot of Indian consumers and accumulated petabytes of data. A large chunk of this data might be stored overseas due to different techno-commercial reasons.
The new data storage guidelines may need many of these companies to change their business model as they look for on-soil storage. This is because if their data cannot leave the shores at any point of time, many value-added services provided by such companies will have to be stopped.
Think of a payments network that compares millions of transactions flowing through their system, around the world to detect any fraudulent activities. If the payments data originating within India will have to remain within the country, it cannot be compared against global cybercrime trends. As a result, Indian consumers will not have the advantage of being safeguarded against any future threats regarding the safety of their payments.
Bringing It All Together
For all the above segments, backup and recovery sites are planned at a location far from main servers. This provides better protection in case of any natural disaster, geo-political movements, and cyber threats. However, the new guidelines require both the sites to be within India.
This makes planning for data redundancy and disaster recovery much more complex. But India has the potential and the required skill-set to develop these complex infrastructures
While there is no doubt about RBI’s intent to protect the Indian consumers against potential cyber threats, there will be near term challenges when it comes to the implementation of the guidelines. While businesses chalk out their roadmap to move ahead, the regulator should work in consultation with businesses and provide an adequate timeframe to make the required changes.
For local IT infrastructure providers, this is a breakthrough opportunity to raise their game, provide an enhanced bouquet of services, at competitive prices. This will bring them at par with their global peers and usher a new IT era in India.