India to press ahead with strict cybersecurity rules despite concerns
India will not change upcoming cybersecurity rules that force social media, technology companies and cloud service providers to report data breaches swiftly, despite growing industry concerns, the government said on Wednesday.
The Indian Computer Emergency Response Team issued a directive in April asking tech companies to report data breaches within six hours of “noticing such incidents” and to maintain IT and communications logs for six months.
They also mandated cloud service providers such as Amazon and virtual private network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company’s services.
The measures have raised concerns within the industry about a growing compliance burden and higher costs.
India’s junior IT minister Rajeev Chandrasekhar said there will be no changes despite the worries, saying tech companies have an obligation to know who is using their services.