INDIA Trends and Developments Contributed by: Probir Roy Chowdhury and Shivani Bhatnagar, JSA
consent for data collection and imposing pen - alties of up to USD30 million. Complementing this, the Indian Computer Emergency Response Team (CERT-In)’s AI Security Advisory recom - mends measures to mitigate AI-related threats, including educating users, verifying domains, securing data, and preventing misuse. International collaboration has also been pri - oritised, with India’s membership in the Global Partnership on AI (GPAI) facilitating cross-border threat intelligence sharing and ethical AI stand - ardisation. India’s position on the global stage: pivotal role of CERT-in India has claimed a spot in the Tier-1 category in the latest Global Cybersecurity Index (GCI) 2024, released by the International Telecommunication Union. With a score of 98.49, India is one of 47 countries to be adjudged as a leading nation that has demonstrated commitment to robust cyber - security practices. Central to this success are the country’s progressive legislative frameworks and the operational efficacy of CERT-In. Among such frameworks, India’s legal frame - work for cybersecurity has also evolved signifi - cantly and contributed to this success, anchored by the Information Technology Act 2000 (the “IT Act”) and its subsequent amendments. The introduction of the DPDPA further strengthened this framework. By establishing stringent guide - lines for data controllers, enforcing organisa - tional and technical safeguards and standards, and imposing penalties for non-compliance, the DPDPA addresses growing concerns around data security in the digitised economy. These legislative measures have been instrumental in aligning India’s cybersecurity governance with global standards, earning high marks in the GCI’s legal pillar.
India’s technical capabilities, particularly through CERT-In, have been pivotal to its Tier-1 status. Established in 2004, CERT-In operates as the national nodal agency for cybersecurity and is tasked with safeguarding India’s digital infra - structure, co-ordinating incident responses, and fostering a secure cyber ecosystem. Its mandate spans across threat analysis, vulnerability man - agement, and collaboration with domestic and international stakeholders. CERT-In follows a structured approach to addressing reported inci - dents, which has significantly enhanced India’s capability to manage cybersecurity challenges, as follows. Incident reporting As per the CERT-In Cyber Incident Reporting Guidelines , organisations are legally obligated to report certain types of high-severity cybersecu - rity incidents within six hours. Upon notification, CERT-In may request access to logs, system records, and other forensic data to assess the breach’s scope and impact. This process ena - bles targeted mitigation strategies while main - taining a collaborative, non-punitive approach. By prioritising risk mitigation over penalties, CERT-In encourages transparency and proac - tive reporting among entities. Proactive organisational engagement Larger organisations with established cyberse - curity practices and significant customer bases in India often proactively report incidents to CERT-In. This is driven by the recognition that timely reporting can help mitigate risks and pre - vent further damage. CERT-In’s responsive and supportive approach encourages organisations to engage with the agency. Incident management support CERT-In is known for its proactive and efficient approach to handling reported cybersecurity
125 CHAMBERS.COM
Powered by FlippingBook