E@ECIPE
Start your weekend right and have a look at our new podcast episodes, webinars and more! ✉️ https://t.co/I4O8mlTIfz https://t.co/OGnB3mMG8CRT IIEA @iiea: 7 years on from the #Brexit vote we're continuing to analyse the impact of the UK's withdrawal from the #EU. Join… https://t.co/cYlxTquavgThe EU is taking charge in regulating data and the digital economy, launching new regulations like the #DMA, #DSA,… https://t.co/jfOuY6kaPNLet's talk about #AI regulations in the #EU! It is important to understand and enhance the benefits, but also min… https://t.co/OU6PEWlg6j🎧 New global economy podcast episode! We talk about the US trade policy and America's role in the world economic o… https://t.co/DHHvBdKZ4M
  • FOLLOW ECIPE
x
Browse

Database

Browse Database
Restrictions on data

INDIA

Since January 2010

Chapter Data policies  |  Sub-chapter Data retention
Department of Telecommunications, Ministry of Communications & IT, Government of India, “License Agreement for Provision of Internet Services”

Department of Telecommunications, Ministry of Communications & IT, Government of India, "License Agreement for Provision of Unified Access Services after Migration from CMTS"
Retention requirements for service providers are found in the Internet Service Provider licence and Unified Access Services Licence (UASL), which are grounded in the Indian Telegraph Act of 1885. Internet Service Providers are required to retain a complete audit trail of the remote access activities pertaining to the network operated in India for a period of six months. Moreover, all commercial records with regard to the communications exchanged on the network must be maintained for a year.

In addition, the licences identify several categories of records that must be made available and provided for security purposes - which therefore implies that records should be kept. These include:
- a log of all users connected and the service they are using,
- a log of every outward login or telnet through an Internet Service Providers computer,
- copies of all packets originating from the Customer Premises Equipment of the Internet Service Provider,
- a complete list of subscribers must be made available on the Internet Service Provider website with password controlled access,
- a complete list of Internet leased line customers and their sub-customers (including, name of customer, IP address allotted, bandwidth provided, address of installation, date of installation/commissioning, and contact person with phone no./email),
- the geographical location of any subscriber,
- further information.
Coverage Internet Service Providers
Restrictions on data

INDIA

Reported in September 2018

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Draft Personal Data Protection Bill, 2018
Under a draft Personal Data Protection Bill, processing of personal data can only be done with a free, informed, specific and clear consent of the data subject which is capable of being withdrawn. For "senstive personal data", a subset of of personal data including passwords, financial data, and health data, among other, explicit consent is required. The bill defines explicit consent as consent that must be specific, having regard to whether the data principal can choose to not consent to certain purposes of processing of their personal data.

The bill does not apply to anonymsed data, but does apply to data processors not present within India, so long as they have a connection to any business in India.
Coverage Horizontal
Restrictions on data

INDIA

Since April 2011

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules provide that cross-border data flows of sensitive personal data or information can be made:
- provided that such transfer is necessary for the performance of a lawful contract between the body corporate (or any person acting on its behalf) and the provider of information, or
- provided that such transfer has been consented to by the provider of information.
Coverage Horizontal
Restrictions on data

INDIA

Since April 2018, due to come into force in October 2018

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Royal Bank of India Directive
In April 2018, the Royal Bank of India (RBI) issued a one-page directive stating that, within six months, all payment data held by payment companies should be held in local facilities. The Directive noted that this would help the RBI gain "unfettered supervisory access" to transaction data, which it needs to ensure proper monitoring.

Following a negative response from international payment companies such as MasterCard, Visa and American Express, the RBI has proposed to ease this restriction, so as to allow payment firms to store data offshore, as long as a copy was kept in India. In is not clear when the RBI's position will be clarified.
Coverage Payment firms
Restrictions on data

INDIA

Reported in September 2018

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Draft Personal Data Protection Bill, 2018
A draft Personal Data Protection Bill would require one copy of all personal data to which the law applies to be stored on a server located in India. The bill also gives the Indian government the authority to classify information as "critical personal data," which may only be stored within India. This would broadly apply to any data, "collected, disclosed, shared, or otherwise processed within the territory of India," meaning, for example that it could capture all personal data provided by foreign entities to Indian IT companies for processing, even if such foreign entities do not process Indian citizens' data.

The bill does not apply to anonymsed data, but does apply to data processors not present within India, so long as they have a connection to any business in India.
Coverage Horizontal
Restrictions on data

INDIA

Since 2015

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Guidelines for Government Departments On Contractual Terms Related to Cloud Services
In 2015, India’s Ministry of Electronics and Information Technology (MEITY) issued guidelines for a cloud computing empanelment process under which cloud computing service providers may be provisionally accredited as eligible for government procurements of cloud services. The guidelines require such providers to store all data in India to qualify for the accreditation.
Coverage Cloud computing
Restrictions on data

INDIA

Since 2012

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
National Data Sharing and Accessibility Policy
India’s National Data Sharing and Accessibility Policy requires that “non-sensitive data available either in digital or analog forms but generated using public funds” must be stored within the borders of India. The policy states that data belongs to the "agency/department/ministry/entity which collected them and reside in their IT enabled facility.”
Coverage Horizontal
Establishment restrictions

INDIA

Since 2010

Chapter Business mobility  |  Sub-chapter Other restrictive practices related to business mobility
Minimum salary requirement
India relaxed the visa norms for hiring by Indian IT companies. This means that now the IT-industry can hire foreign professionals 'as per requirement' instead of the earlier cap of '20 employees per project'. However, in view of the fact that there was a large influx of low-skilled workers in the sector from the neighboring countries, the government has stipulated that the foreign service supplier in the sector will have to give a declaration to the effect that his/her annual salary is in excess of USD 25,000 per annum. This condition has been introduced to ensure the entry of only high-skilled foreign professionals into the industry.
Coverage IT-sector
Establishment restrictions

INDIA

Since 1946

Chapter Business mobility  |  Sub-chapter Quotas, Labour Market Tests, Limits of Stay
Foreigners Act, 1946 (No. 31 of 1946); The Passport (Entry into India) Rules Act (No. 34 of 1920)
In case a business visa is granted, which is required for independent service suppliers (ISS), the visa is awareded with a limit of six months each time separately the visitor enters, but it can be awarded for up to five years.
Coverage Horizontal
Sources
Establishment restrictions

INDIA

Since 1946

Chapter Business mobility  |  Sub-chapter Quotas, Labour Market Tests, Limits of Stay
Foreigners Act, 1946 (No. 31 of 1946); The Passport (Entry into India) Rules Act (No. 34 of 1920)
Employment visas are necessary for intra-corporate transferees (ICT) and contractual services suppliers. A business visa is only required for independent services suppliers (ISS). In case an employment visa (as opposed to a business visa), it is required an economic needs test: no employment visas should be granted for jobs for which qualified Indians are available, neither should the employment visa be granted to routine, ordinal and secretarial work.
Coverage Horizontal
Sources
Establishment restrictions

INDIA

Reported in 2017

Chapter Competition policy  |  Sub-chapter Competition
Burdensome licensing process
The US Trade Representative office (USTR) reports that India’s one-time licensing fee (approximately USD 500,000 for a service-specific license, or USD 2.7 million for an all India Universal License) for telecommunications providers serves as a barrier to market entry for small and medium-sized enterprises.
Coverage Telecommunication sector
Establishment restrictions

INDIA

Reported in 2013

Chapter Competition policy  |  Sub-chapter Competition
State-owened enterprise (SOE)
Bharat Sanchar Nigam Limited, the incumbent, is fully owned by the Government of India. BSNL (Bharat Sanchar Nigam Ltd.) provides all types of telecom services namely telephone services on landline, WLL and GSM mobile, Broadband, Internet, leased circuits and long distance telecom services.
Coverage Telecommunication sector
Establishment restrictions

INDIA

Since 2002

Chapter Intellectual Property Rights  |  Sub-chapter Other restrictive practices related to IPR
The Indian Patents Act of 1970, amendment in 2002
In 2002, the foreign filing license requirement was introduced in the Indian Patents Act of 1970. This requirement provides that any inventor who is a resident of India should file a patent application for his/her own invention first in India. Only after a period of six weeks after the date of filing of the patent application, the filing can be extended internationally. Alternatively, the inventor is required to obtain the controller’s permission for filing the patent application outside India. However, given that the process is reported as burdersome, filing an application first in India is the preferred way of complying with these provisions. There violation of such rule results in criminal liability under section 118 of the Indian Patent Act of 1970, with consequent monetary fine or imprisonment up to two years, in addition to the impossibility to proceed with the patent application.
Coverage Horizontal
Establishment restrictions

INDIA

Since 1996

Chapter Intellectual Property Rights  |  Sub-chapter Other restrictive practices related to IPR
Intellectual Property Management Policy of the Council of Scientific and Industrial Research
It is reported that the Intellectual Property Management Policy aims to protect the patent portfolio 'defensively and aggressively' to forge strategic alliances and international collaborations, to gain business advantage. The Council of Scientific and Industrial Research (CSIR) with its Internet Protocol (IP) policy aims "to maximise the benefits to CSIR from its intellectual capital by stimulating higher levels of innovation through a judicious system of rewards, ensuring timely and effective legal protection for its IP and leveraging and forging strategic alliances for enhancing the value of its IP".
Coverage Horizontal
Establishment restrictions

INDIA

Reported in 2017

Chapter Intellectual Property Rights  |  Sub-chapter Copyright
Inadequate enforcement of digital copyright
The US International Trade Commission reports that enforcement of India's copyright laws is weak, resulting in widespread digital piracy of movies, television shows, and unlicensed software. Additionally, the US Trade Representative office (USTR) reports that the value of losses from piracy of music and movies in India totals about USD 4 billion per year, while the commercial value of unlicensed software used in India is approximately USD 3 billion.
Coverage Digital content