Rejecting all speculations around a change in upcoming cybersecurity rules, the Union government has clarified that there is no relook on the upcoming cybersecurity rules that are set to come into force from the end of June.
The new cybersecurity rules mandate social media, technology companies, and cloud service providers to report data breaches swiftly. The Indian Computer Emergency Response Team issued a directive in April asking tech companies to report data breaches within six hours of “noticing such incidents” and to maintain IT and communications logs for six months.
The new rules also mandate cloud service providers such as Amazon and virtual private network (VPN) companies to retain the names of their customers and IP addresses for at least five years, even after they stop using the company's services.
Meanwhile, the Industry players have complained of a growing compliance burden and higher costs. Union MoS for IT Rajeev Chandrasekhar said that there will be no changes to the rules, arguing that technology companies have an obligation to know who is using their services.
Chandrasekhar, however, said India was being generous, as some countries mandate immediate reporting. “If you don't want to go by these rules, and if you want to pull out, then frankly, you have to pull out,” Chandrasekhar said.