India: Issued CERT-In Information Security Practices Directive including cybersecurity measures
Description
Issued CERT-In Information Security Practices Directive including cybersecurity measures
On 28 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued a directive introducing cybersecurity obligations. The directive includes obligations regarding the notification and mitigation of data breaches, data storage and user identification. Regarding data breaches, all service providers, intermediaries and data centres must report cyber incidents within 6 hours of noticing or being notified of a breach, and must implement protective and preventive actions mandated by CERT-In. The directive will enter into force after 60 days.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2022-04-28
adopted
2022-06-27
in grace period
2022-06-27
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All