India: Implemented CERT-In's Information Security Practices Directive including cybersecurity measures for MSMEs
Description
Implemented CERT-In's Information Security Practices Directive including cybersecurity measures for MSMEs
On 25 September 2022, the Indian Computer Emergency Response Team (CERT-In) "relating to information security practices, procedure, prevention, response and reporting of cyber incidents" enters into force for Micro, Small & Medium Enterprises (MSMEs). The directive introduces obligations regarding the notification and mitigation of data breaches, data storage and user identification. Regarding data breaches, all service providers, intermediaries and data centres must report cyber incidents within 6 hours of noticing or being notified of a breach, and must implement protective and preventive actions mandated by CERT-In.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2022-04-28
adopted
2022-06-27
in grace period
2022-06-27
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All