The Policy Wrap is ADIF’s weekly newsletter on all things policy in the Indus Valley Ecosystem and beyond. Share your feedback and comments with us at amanat@adif.in.

Data Protection 

Cisco’s Duo launches data centre in India to meet data localisation requirements 

Cisco’s Duo has launched its first data centre in India to meet customer demands for data localisation and cyber defence. 

Cisco says the data centre will enable all functionality from Duo’s zero-trust platform, including multi-factor authentication (MFA), single sign-on (SSO), VPN-less remote access, device trust, ‘passwordless’ (in public preview), and adaptive risk-based policies.

The local data centre will allow businesses to enhance their performance by improving connection stability. This India data centre is a part of a global network spread across APAC, Europe, and the United States. 

Daisy Chittilapilly, President, Cisco India & SAARC stated: “We are bringing Duo to more customers to help them not only prevent and respond to breaches but also be certain that their data is held securely within the region.”

India's Personal Data Protection Bill may threaten innovation, growth: United States Trade Representative (USTR)

The United States has raised concerns over India’s Personal Data Protection (PDP) Bill and draft non-personal data governance framework, claiming these could potentially threaten innovation and economic growth. 

The US Trade Representative (USTR) in its Special 301 Report on the adequacy and effectiveness of U.S. trading partners’ protection and enforcement of intellectual property (IP) rights has kept India on the priority watch list, maintaining the country remains one of the world’s most challenging major economies with respect to protection and enforcement of intellectual property (IP).

India has over the years rejected the observations in the ‘Special 301’ Report, maintaining it was a unilateral report of the US government and that India was fully compliant with multilateral IP regulations.

The 2022 Special 301 Report can be viewed here. 

Information Technology (IT) Act

‘Need to update IT Act', says Union minister for electronics and IT Ashwini Vaishnaw

The government is working on a fresh set of amendments to the Information Technology Act, 2000 – the country’s core legal framework that regulates entities on the internet such as social media platforms and e-commerce companies – and would come up with a consultation process “soon”, Union Minister for Electronics and IT Ashwini Vaishnaw told Indian Express. 

Vaishnaw said, “We definitely need an updated version of the IT Act. Yes, we are working on a new version. It cannot be the same IT Act of 2000, a lot of things have changed. The world has changed. We are working on it and will come up with a consultation process soon.”

Key Provisions from new Indian Computer Emergency Response Team (CERT-In) reporting guidelines

New directions issued by Cert-IN, mostly relate to reporting cyber incidents and are applicable to ISPs, intermediaries, data centres etc. They go into effect on June 27, 2022. 

The main provisions include:

• Connecting to the Network Time Protocol (NTP) server of NIC or NAtl Physical Laboratory (NPL), or with NTP servers traceable to these NTP servers, for synchronisation of all their ICT systems clocks.

• Reporting of cyber incidents to CERT-IN (within 6 hours).  The incidents can be reported to CERT-In via email (incident@cert-in.org.in), Phone (1800-11-4949) and Fax (1800-11-6969).

• Taking protective and preventive actions against cyber incidents as directed/ordered by Cert-IN. The order/direction may include the format of the information that is required (up to and including near real-time), and a specified timeframe in which it is required, which should be adhered to and compliance provided to CERT-IN, else it would be treated as non-compliance of this direction.

• Designation of a point of contact (PoC) for coordination with CERT-IN.

• Mandatorily enable logs of all ICT systems and maintain them securely for a rolling period of 180 days. These shall be maintained within the Indian jurisdiction.

• The provisions also contain specific compliances for Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network (VPN) service providers. These mostly deal with the registration of info related to subscribers etc. 

• Non-compliance with these directions carry potential criminal liability (imprisonment/fine) under Section 70B(7) of the IT Act 2000. This criminal liability for not complying with CERT-IN directions has existed since 2009. It is important to note that there have been very few, if any, prosecutions under this section. 

Competition Commission of India

Parliamentary Panel to summon Google, Twitter, Facebook, Amazon, and other big tech firms to discuss their competitive conduct

As the Competition Commission of India (CCI) is investigating a number of global tech giants for alleged anti-competitive practices, a key parliamentary panel decided to summon representatives from Big Tech firms, including Google, Amazon, Facebook, Twitter, and others to examine their competitive behaviour. 

The CCI informed the panel that the regulator was forming a ‘Digital Markets and Data Unit’ to properly deal with big tech companies’ anti-competitive actions, as well as introducing a new Bill to alter the CCI Act.

The discussion takes place against a backdrop of growing concern in India, about alleged actions by big tech giants and technology platforms that could harm market competition. Similar issues have been raised in the West also targeting such companies.

The panel’s next meeting is expected to take place on May 12.

E-commerce

Government to launch Open Network for Digital Commerce (ONDC) in 100 cities

The Open Network for Digital Commerce (ONDC) – an e-commerce network which will be rolled out by October 2022 – will offer consumers an alternative to Amazon and Flipkart, said Union commerce and industry minister Piyush Goyal.

He added that: “After UPI (Unified Payment Interface), another game-changing idea to democratise commerce - ONDC soft launch today to select consumers, sellers and logistics providers. Get ready for a world of choice, convenience and transparency.” 

ONDC is based on interoperability where all platforms will talk to each other. The system will have multiple choices for both retailers and customers in terms of cataloguing, inventories, warehousing, suppliers, logistics and payments. 

As a spokesperson from Amazon India said: “We remain committed to the government’s vision of digitizing kiranas, local stores and creating opportunities for businesses across India by simplifying technology adoption to help local stores and businesses contribute to India becoming a $5 trillion economy. We are closely engaging with the ONDC team to better understand the proposed model and evaluate the role Amazon can play to better serve Indian customers and sellers.”

Appstore ecosystem

The United Kingdom plans to set security, and privacy requirements for app stores

The U.K. government has published proposals under which app stores could be asked to commit to a code of practice setting security and privacy requirements. It comes alongside a new government report on app security, that reveals malicious apps downloaded by hundreds of thousands of users put people’s data and money at risk, and a call for tech companies to voice their opinions.

The proposed code would require stores to have a “vulnerability reporting process for each app so flaws can be found and fixed quicker,” the Department for Digital, Culture, Media and Sport said in an emailed statement Wednesday. The guidelines would affect developers and store operators, including Apple Inc., Google parent Alphabet Inc., Amazon.com Inc., Huawei Technologies Co., Microsoft Corp. and Samsung Electronics Co.

Cyber Security Minister Julia Lopez emphasised that no app “should put our money and data at risk. That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect U.K. consumers.” 

The government is now seeking opinions from companies and experts until June 29.

A full text of the threat report on app stores can be found here. 

A full summary of the open consultations can be found here.

With Apple fight ongoing, Netherlands watchdog Authority for Consumers and Markets (ACM) to investigate Google Play store practices

The ACM also remains locked in a two-year fight with Google competitor Apple over alternative means of payment for dating apps on the App Store. Apple has received 50 million euros in fines — the maximum possible under a current court decision — for failure to comply with an ACM order to make it possible for dating app developers to offer customers non-Apple payment methods.

On Monday the ACM said the most recent proposals by Apple to remedy the situation, on March 30, were still not sufficient and it is preparing a new order with new payment penalties.

Meanwhile, a competition complaint against Google’s Android Play Store by the Match Group has led to a preliminary investigation by the Netherlands’ Authority for Consumers and Markets (ACM) into whether the tech giant is abusing a dominant position. 

Match Group declined to comment on the substance of its complaint — but the ACM confirmed it has received a request for enforcement regarding the Google Play Store.

In a short press statement, ACM also stated that “Dating-app providers allegedly are no longer able to use a payment system other than Google’s payment system. In addition, dating apps claim they are no longer allowed to refer to other payment methods either.” 

Startup ecosystem

Delhi government announces new Startup Policy 

Delhi Chief Minister Arvind Kejriwal announced on May 6, 2022, that the Cabinet had passed a Delhi Startup Policy to turn the capital into an international startup hub.

The Delhi Government stated that the vision is to enable Delhi to emerge as a “Global Innovation Hub and the most preferred destination for Startups by 2030” by creating an “enabling ecosystem for the innovation-based economy and fostering entrepreneurial spirit through a robust support mechanism”.

For this, the government intends to “encourage, facilitate and support” 15,000 startups by 2030.

Three committees will be set up for the implementation and governance of the policy: the Startup Policy Monitoring Committee, a Startup Task Force, and a Nodal Agency.

The Delhi Government plans to provide various fiscal incentives, including reimbursement on lease rentals, reimbursement grants for filing patent/ trademark/ copyright/ industrial design; reimbursement for exhibition stall/rental cost, monthly allowance towards operational/ employee cost etc.

Non-fiscal incentives include developing a conducive curriculum for students; facilitating strong linkages between the startup and industry association; facilitating the participation of companies for subsidised subscriptions of technology offerings; organising fundraising events; relaxing the government procurements process for startups and access to government data to drive e-governance pilot projects.

Kejriwal during the press conference also added, "I hope the youth of Delhi will create unicorns of their own. I expect to see a boom in startups over the coming years."

Focus on tier 2 and 3 cities: Department for Promotion of Industry and Internal Trade (DPIIT) secretary to startups

The government has taken several steps to strengthen the startup ecosystem and startups should focus on tier 2 and 3 cities, which holds huge business opportunities, DPIIT Secretary Anurag Jain said on Thursday. 

India's startup ecosystem is the third-largest in the world and the country is the second highest in adding the number of unicorns. He added, “Now we are adding 80 startups every day and that pace is the highest in the world... We can hope to become the largest startup ecosystem in the world in the times to come... More than half of the startups come from tier 2-3 cities." 

Prime Minister Narendra Modi: India has the fastest growing startup ecosystem in the country 

Speaking at the Semicon India 2022 Conference, Prime Minister Narendra Modi said India has the world's largest growing startup ecosystem. He said India is set to lead the next technology revolution and investments are being made in developing capabilities in 5G among other things.

He also stated that the country is heavily investing in the skilling and training of its youth, and has undertaken reforms to improve the ease of doing business.