The Impact Of Indian Cybersecurity Laws On The Business Sector

New technological development in the online space has produced new ways of committing online crimes. According to a report by Trellix, ransomware in India has increased by 70%. To counter such cybersecurity attacks, the Indian government has recently updated the 70B section of the Information Technology Act, 2000. The changes were made in April, and the application of the rule began in June. The changed rules have already started impacting businesses across the globe. The Government of India is strongly supporting the new directives. However, the same cannot be said for the big tech companies like Microsoft, Google and Apple. Further, the impact of these new directions was burdensome for the VPN companies. 
The New Cybersecurity Directive Of India
Before understanding the impact of the new cybersecurity direction on businesses, it is important first to understand it. The first changes are made in Section 70B of the IT Act. With this new directive, the service providers, data centres, intermediaries and body corporate can collect, analyze and disseminate information based on cyber incidents. This move is especially opposed by the VPN providers who prefer to give its users the right to privacy. Many users use VPN to hide their IP, which you can check on What Is My IP to maintain their privacy. Further, one can generate forecasts and alerts based on the data collected. The government will also now have the power to take emergency measures if required to handle cybersecurity incidents. The second directive is made on IT Rules 2013. According to the new directive, the duties and functions of CERT-In are defined. By introducing the new rule, the government has empowered CERT-In to seek whatever information it needs to function properly from the companies. 
Impact Of Cyber Security Directives On Businesses
With the rollout of the new rules, many businesses have already started feeling the impact of the new directive. For instance, ExpressVPN has pulled servers out of the country due to the new directives. Many VPN companies functioning in the country have refused to store the user data that the new directives have asked them to. VPN mainly works in providing its users with privacy and freedom of expression. However, logging the user activity will snatch these rights from the users. The government is currently at loggerhead with such VPN companies. In fact, Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, said that the companies who do not want to obey the newly created rules are free to leave India. 

The new VPN rules of the country require the companies to store the following information of the users: real name, IP address of the device and usage pattern. It further includes other identifying data too. 

Further, the Government of India also issued penalties for companies that won’t comply with the new regulations. Breaching the new regulation shall be punishable with imprisonment up to one year or a fine of INR 1000,000 or both. Further, the Government of India also issued penalties for companies that won’t comply with the new regulations. The new rules apply to data centres, VPN service providers and cloud computing service providers. 
Why Were The New Cybersecurity Directives Issued?
The newly imposed regulations were issued to fight the misuse of VPNs in the country and punish those who misused VPNs. Internet penetration has increased dramatically in the country in the past few years. This has given rise to many new forms of cyber crimes. With the new directive, the organization will have to report cyber incidents within six hours. This is an important step in tackling the country’s rising cases of cyber crimes. 

Rajeev Chandrasekhar has assured that there will be no impact of the new directives on the business viability. The restrictions will only pose problems for the people who are involved in criminal activities. The only thing that the VPN operators need to do is produce the relevant data of the person who has used their service to commit a crime. 

In India, more than 80 crore people are currently actively using the Internet. In 2020 alone, 500,035 cybercrimes were reported, increasing with each passing year. The new regulation is expected to reduce cases of criminal activities like data breaches, data leaks, spoofing, phishing, DDoS attacks and the spread of computer containment. With the enforcement of the new rules, such crimes will be compulsorily reported, and the criminal will also be identified and punished.