Rachana Rautray Senior Associate
India revamps space policy to enable private participation in the satellite sector
In April 2023, the Indian government released the new and much-awaited Indian Space Policy – 2023 (Space Policy), replacing the existing policy governing space-based communications that had been in effect since 1997. The Space Policy has been in development over the past decade, with the focus of changes on allowing non-government entities (NGE) to carry out end-to-end activities in the space domain and provide them with a level playing field. It aims to increase private participation in the sector and create a predictable regulatory framework to facilitate it.
Under the Space Policy, NGEs may offer national and international space-based communication services, establish and operate ground facilities for the functioning of space objects, use Indian and/or non-Indian orbital resources to establish space objects, establish and operate remote sensing satellite systems within and outside India, and disseminate satellite-based remote sensing data. In this respect, the Space Policy defines a ‘space object’ as any object launched or intended to be launched into an orbital or sub-orbital trajectory around the earth or to a destination beyond earth orbit, or any constituent element of such an object, or any other object as may be notified. The Space Policy also delineates the roles of the Indian National Space Promotion and Authorisation Centre (IN-SPACe), Indian Space Research Organisation (ISRO), NewSpace India Limited (NSIL) and Department of Space (DoS). Of these, IN-SPACe is of particular relevance to NGEs looking to enter this industry, as it will act as the single window agency for authorisation of the aforementioned space activities. The Space Policy is also expected to be supplemented by guidelines issued by IN-SPACe going forward.
The Space Policy marks a significant departure from the position over the last two decades where satellite operations were by and large the government’s domain and private parties would leverage existing state satellite capacity to undertake space operations. The new framework would now enable private parties to apply for permissions to undertake end-to-end commercial space activities through the establishment and operation of space objects, ground-based assets and related services, such as communication, remote sensing and navigation.
Karnataka High Court holds that blocking orders issued by the Ministry of Electronics and Information Technology can be account specific and need not be tweet/content specific
In a recent order dated 30 June 2023, the Karnataka High Court dismissed Twitter’s challenge against orders issued by the Ministry of Electronics and Information Technology to block certain tweets and accounts citing security concerns. In doing so, the High Court noted that the government can order intermediaries to block a user account entirely (i.e., not just the specific tweet or content) and that this does not fall foul of the principle of proportionality.
The High Court’s finding that Section 69A of the Information Technology Act, 2000 envisages account level restrictions in addition to content level restrictions, may now require platforms (particularly foreign entities serving a global audience) to rethink their policies on content moderation and account for the government’s exercise of this power. The finding may also have implications on other aspects of the online user experience, such as where the user account enables not only the ability to create content but also entitles the user to other benefits such as receiving services, engaging in e-commerce or monetisation.
Insurance entities are subject to new cybersecurity compliances and audit requirements
Insurers and insurance intermediaries, such as brokers and third-party administrators, are now required to undertake heightened cybersecurity obligations such as deploying security controls, preparing incident response plans, and conducting frequent audits.
The Insurance Regulatory and Development Authority of India (IRDAI), on 24 April 2023, issued the Information and Cybersecurity Guidelines, 2023 (2023 Guidelines) prescribing cybersecurity compliances on insurers and insurance intermediaries. These include organisational measures such as appointing specific C-suite personnel dedicated to information and cybersecurity, as well as other measures such as conducting security audits, adopting internal information technology policies and exercising control over third-party vendors. The IRDAI has exempted certain entities, such as insurance and micro-insurance agents, from the scope of the 2023 guidelines.
Under the earlier norms issued in 2017, the IRDAI had also prescribed certain risk mitigation measures for insurers (later extended to intermediaries), but the 2023 Guidelines are more extensive and targeted, as they envisage graded compliance for insurance intermediaries based on the level of access to an insurer’s systems/databases and the entity’s gross insurance revenue. The new guidelines are accordingly an upgrade on the earlier norms from 2017, both in terms of increased preparedness for cyber incidents as well as being flexible to accommodate insurance intermediaries of all sizes and capabilities.
Telecom service providers are now required to deploy artificial intelligence-based tools to filter spam communications
In its ongoing efforts to prevent unsolicited commercial communications (UCC), the Telecom Regulatory Authority of India (TRAI) has directed telecom service providers to deploy artificial intelligence (AI) and machine learning (ML) based tools to detect, identify and prevent spam communications.
These directions have been issued by TRAI on 13 June 2023 in exercise of its powers under the Telecom Commercial Communications Customer Preference Regulations, 2018. All access providers (i.e., the telecom operators enabling calls and sending of messages) are now required to deploy AI/ML based ‘UCC Detect’ systems capable of evolving constantly to address new signatures, patterns and techniques used by unregistered telemarketers to send spam communication. Such tools should allow the detection of senders of bulk UCC and enable reputation-based analysis of the message sender as well as sharing of intelligence with other access providers using a distributed ledger technology platform. Access providers should also take necessary action against such UCC and share information with law enforcement agencies. These directions are a significant step forward, both as a measure to curb the proliferation of spam messages as well as to demonstrate the government’s willingness to adopt emerging technologies, such as AI-based filtering and distributed ledger technology, for the benefit of the public.
This quarter saw several key developments across the sector. In the cybersecurity space in particular, in addition to the IRDAI, the Indian Computer Emergency Response Team issued new cybersecurity guidelines for government entities, and the Securities and Exchange Board of India issued a consultation paper on consolidated cybersecurity guidelines for its regulated entities. We anticipate further developments along these lines in the coming quarters as well. The Karnataka High Court’s ruling on the government’s powers to block accounts and content also raises interesting issues for the future of internet regulation in India – issues that will come to the fore with the Digital India Bill anticipated to arrive in the coming quarter. The much-awaited Digital Personal Data Protection law has been enacted, and the Indian Telecommunication Bill is also likely to be re-introduced by the central government in due course after accounting for stakeholder comments. Separately, India’s G20 presidency has seen an emphasis by the government on the global adoption of digital public infrastructure, and it will be interesting to see if any strategic engagements in this space will be formalised over the coming quarters.