Search Your Queries Related To Trilegal

How to comply with CERT-In’s new six-hour time frame to report cyber incidents

05 Jul 2022

Trilegal X Legal 500 Crisscross Banner Image
By Karthik Koragal (Senior Associate) and Pratibha Sharma (Senior Executive)
This article was first published in LiveLaw

The Indian Computer Emergency Response Team (CERT-In) recently issued a set of new directions under the Information Technology Act, 2000 (IT Act), in relation to information security practices, procedure prevention, response and reporting of cyber incidents for safe and trusted internet (CERTIN Directions), followed by Frequently Asked Questions (FAQs) dated 19 May 2022 issued by CERTIN, to clarify the requirements under the directions.

CERT-IN Directions mandate service providers, intermediaries, data centres and body corporates (Applicable Entities) to mandatorily report cyber incidents (as defined under the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (CERT-IN Rules)) within: (a) six hours of noticing such incidents; or (b) such incident being brought to such Applicable Entities. Prior to this update, CERT-In had stipulated reporting cyber security incidents (as defined under CERT-IN Rules) as early as possible, and within a reasonable time of occurrence or noticing the incident.

In addition to the Applicable Entities being mandated to report cyber incidents, within the prescribed time and in the prescribed manner, they are also required to report cyber security incidents (prescribed under CERT-IN Directions), on meeting the following threshold (as laid out in the FAQs):

Download PDF to read more

Trending News


Under the rules of the Bar Council of India, Trilegal is prohibited from soliciting work or advertising in any form or manner. By accessing this website,, you acknowledge that:

  • You are seeking information about Trilegal of your own accord and there has been no form of solicitation, advertisement or inducement by Trilegal or its members.
  • This website should not be construed as providing legal advice for any purpose.
  • All information, content, and materials available on this website are for general informational purposes only.
  • Any information obtained or material downloaded from this website is completely at the user’s volition, and any transmission, receipt or use of this website is not intended to, and will not, create any lawyer-client relationship.
  • Information on this website may not constitute the most up-to-date legal or other information. Trilegal is not liable for the consequences of any action taken by any person based on any material or information available on this website, or for any inaccuracy in or exclusion of any information or interpretation thereof.
  • Readers of this website or recipients of content or information available on this website should not act based on any or all such content or information, and should always seek advice of competent legal counsel licensed to practice in the appropriate jurisdiction.
  • Third party links contained on this website re-directing users to such third-party websites should neither be construed as legal reference / legal advice, nor considered as referrals to, endorsements of, or affiliations with, any such third party website operators.
  • The communication platform provided on this website should not be used for exchange of any confidential, business or politically sensitive information.
  • The contents of this website are the intellectual property of Trilegal.

We prioritize your privacy. Before proceeding, we encourage you to read our privacy policy, which outlines the below, and terms of use to understand how we handle your data:

  • The types of information we collect and why we collect them.
  • How we use your information to provide a personalized experience.
  • The measures we take to ensure the security of your data.
  • Your rights and choices in managing your personal information.
  • How we may share information with trusted partners for specific purpose.

For more information, please read our terms of use and our privacy policy.

Up arrow