Indian CERT’s Directions will weaken cybersecurity and privacy: experts call for deferral and public consultation

Access Now supports cybersecurity experts from around the world who are calling on the Indian Computer Emergency Response Team (CERT-In) to defer implementation of the contentious new Directions issued in April. The letter states the Directions will have a negative impact on cybersecurity and privacy, and public consultation must be undertaken to ensure that the views of all stakeholders, including subject matter experts, are taken into account.

“The Directions, as they stand, will have the unintended consequence of weakening cyber security, and its crucial component, online privacy,”  the letter states, “we are cognisant of the need for a framework to govern cyber incident reporting, but the reporting timelines and excessive data retention mandates prescribed in the Directions, will have negative implications in practice and impede effectiveness, while endangering online privacy and security.”

The 22 experts urge CERT-In, and the Ministry of Electronics and Information Technology, to conduct in-depth consultations and make suitable amendments to the Directions, noting that “it is crucial that CERT-In and MeitY ensure that the regulations advance systemic and user-centric approaches to cybersecurity, focusing on effective cyber incident response — which is also the specific, limited rulemaking power given to CERT-In by the Indian Parliament in this section of the Information Technology Act.”

Read the full letter