Government To Extend Deadline For Cybersecurity Norms

The minister of state for electronics and IT Rajeev Chandrasekhar, reportedly said that, the government likely to extend the deadline for complying with its cyber security directives by three months. He also added that this will apply to micro, small and medium enterprises (MSMEs) as well as small and medium enterprises (SMEs).

"We are very clear. We will not make SMEs or MSMEs bear the burden of this additional compliance until they are ready," said Chandrasekhar in a statement.

According to reports, the Indian computer emergency response team (Cert-In)'s April 28 guidelines stated that it requires all companies, intermediaries, data centres and government organisations to report any data breach to the government within six hours of becoming aware of it. It has also mandated the virtual private network (VPN) service providers to maintain all the data and information they had gathered as part of know-your-customer (KYC) rules and should give it over to the government as and when required.

Later on, according to the sources, it is reported that though larger companies and VPN providers have complied with the directive released by the government, some SMEs and MSMEs have reasoned out that there were adequate human resources to comply with the cybersecurity norms.

A government official, in a news report was quoted as saying, "One problem that we have been made aware of several times is that there is a lack of cost-effective human resources in the country. Some of the other requirements, such s maintaining data for three years, is also adding to their operational cost. While it is difficult to relax these norms, we have given additional time and will meet them to figure out a solution."

However, the government is more flexible to the needs of the SMEs in compliance with the new directive and as per reports, this is the second extension in the compliance of deadline for SMEs and MSMEs by the ministry.

Comments are closed.