The Indian Computer Emergency Response Team (CERT-In) recently issued a set of new directions under the Information Technology Act, 2000 (IT Act), in relation to information security practices, procedure prevention, response and reporting of cyber incidents for safe and trusted internet (CERTIN Directions), followed by Frequently Asked Questions (FAQs) dated 19 May 2022 issued by CERTIN, to clarify the requirements under the directions.
CERT-IN Directions mandate service providers, intermediaries, data centres and body corporates (Applicable Entities) to mandatorily report cyber incidents (as defined under the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (CERT-IN Rules)) within: (a) six hours of noticing such incidents; or (b) such incident being brought to such Applicable Entities. Prior to this update, CERT-In had stipulated reporting cyber security incidents (as defined under CERT-IN Rules) as early as possible, and within a reasonable time of occurrence or noticing the incident.
In addition to the Applicable Entities being mandated to report cyber incidents, within the prescribed time and in the prescribed manner, they are also required to report cyber security incidents (prescribed under CERT-IN Directions), on meeting the following threshold (as laid out in the FAQs):
Download PDF to read moreUnder the rules of the Bar Council of India, Trilegal is prohibited from soliciting work or advertising in any form or manner. By accessing this website, www.trilegal.com, you acknowledge that:
We prioritize your privacy. Before proceeding, we encourage you to read our privacy policy, which outlines the below, and terms of use to understand how we handle your data:
For more information, please read our terms of use and our privacy policy.