India will give cloud service operators and VPN providers an additional three months to comply with new rules requiring they maintain their customers’ addresses and IP addresses.
The decision relieves firms as many scrambles to follow the new guidelines, and some explore the option of leaving India.
The Indian Computer Emergency Response Team (CERT), the body appointed by the government to protect India’s information infrastructure, said it was extending the enforcement of the new rules to September 25. The rules, unveiled in late April, were set to go into effect on Monday.
CERT announced it was extending the deadline because “additional time” had been sought by the industry players.
Its announcement follows sharp criticism from VPN providers, including ExpressVPN and NordVPN, who announced their intentions to remove local servers in the South Asian nation.
Almost two dozen cybersecurity experts and technologists from India and worldwide sent a joint letter to the Ministry of Electronics and IT and CERT on Monday, calling for the dangerous CERT-In cybersecurity directions not to be implemented.
CERT’s new directions require “virtual private server (VPS) providers, VPN service providers, cloud service providers, virtual asset providers, virtual asset exchange providers, custodian wallet providers, and government organizations” to store customers’ names, IP addresses, email addresses, know-your-customer records and financial transactions for a period of five years.
Beijing’s new trade blocks on Taiwan after Pelosi’s visit more political than economic
OLA electric to launch a new EV in India on August 15
India rejects privacy bill that scared big tech firms, works on new law
New chairman of Tsinghua Unigroup promises fresh beginning
Hong Kong suspends COVID flight bans as it eases lockdown rules
© 2022 CIO Bulletin. All rights reserved.