New Cybersecurity Rules May Create 'Environment Of Fear Rather Than Trust' Say Tech Firms

As the new cybersecurity rules by the Indian government come to force later in June, IAMAI (a body that represents top tech companies) believes the rules may create an "environment of fear rather than trust".

The body which represents top companies like Facebook, Google, and Reliance wrote an email to India’s IT ministry critising the directive on cybersecurity put out in April.

Among other changes the directive from the Indian Computer Emergency Response Team (CERT) requires tech companies to report data breaches within six hours of noticing such incidents and to maintain IT and communications logs for six months. In the email to the IT Ministry, IAMAI proposed to extend the six-hour window, noting the global standard for reporting cyber-security incidents is generally 72 hours.

CERT-In, which comes under the Indian IT ministry, has also asked cloud service providers such as Amazon (AMZN.O) and virtual private network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company's services.

The cost of complying with such directives could be "massive", and proposed penalties for violation including prison would lead to "entities ceasing operations in India for fear of running afoul," the IAMAI letter said.

(Reuters)