Security News > 2022 > May > Global tech industry objects to India’s new infosec reporting regime

Eleven significant tech-aligned industry associations from around the world have reportedly written to India's Computer Emergency Response Team to call for revision of the nation's new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy.

The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers' names, dates on which services were used, and even customer IP addresses, and store that data for five years.

The new rules attracted plenty of local criticism on grounds that a six-hour reporting window is too short, the requirement to record VPN users' details is an attack on privacy, and that the requirements are too broad and therefore represent an onerous compliance burden.

"CERT-In responded by publishing an FAQ that addressed some of the criticism directed at the new rules. But the FAQ remains very vague, offering only limited guidance without addressing matters such as what represents reportable"suspicious activities.

Indian outlet MediaNama on Saturday reported, along with numerous other Indian outlets, that eleven tech or tech-adjacent lobby groups have written to CERT-In to voice their objections to the new rules.

The groups call for new consultation to revise the rules.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/29/global_opposition_india_infosec_plan/