A legal understanding of wild animal wet markets

By

-

October 5, 2021

This article is written by Aryan, from the School of Law, Christ University. This is an exhaustive article that seeks to explore the regulation of wet markets in different countries with a particular emphasis on improving sanitation and hygiene in wet markets.

Table of Contents

Introduction

The term wet markets first emerged in the 1970s. Wet markets are public marketplaces that sell perishable goods like meat, fish often in an open air-setting. Various wet markets also slaughter animals on sight including chicken, fish and other domesticated animals. However, few of the wet markets also have a wild animals section where live animals like snakes, baby crocodiles and beavers are sold. This term was used to distinguish open markets from air-conditioned supermarkets. Although all wet markets do not deal with wild animals, those markets that deal with them have contributed significantly to the spread of zoonotic illnesses like SARS, monkeypox and COVID-19 as most of the wet markets fail to comply with sanitation and hygiene conditions.

This article explores the regulation of wet markets in various countries throughout the world with the primary focus on improving sanitation and hygiene at wet markets. It also discusses whether a permanent ban on wet markets can be beneficial in the long run. In addition to sanitation laws, the article also discusses laws on free and sustainable trade with an aim to eradicate illicit trafficking. Furthermore, certain recommendations are made for improving the enforcement of national and international regulations to ensure that these markets have no harmful consequences. Lastly, this article explores the fact that despite having so many rules, the number of endangered species continues to grow.

Wild animal wet markets : an insight

Wet markets are large facilities consisting of open-air stalls selling perishable goods such as fish, meat, vegetables, fruits and other food items. The term “wet” mainly refers to wet floors caused by the washing of perishable goods, or the melting of ice used to protect meat or meat-related goods from rotting and keeping the items fresh. Wet markets are prevalent in parts of Asia and Africa, and are the most prominent source of meat in parts of China, Japan, Mexico, Indonesia, and parts of Africa. Wet markets and other types of local markets serve as a platform for the supply of meat from both domestic and wild animals. This industry is believed to be responsible for dwindling animal populations and potential viral outbreaks such as avian influenza, bird flu, swine flu and many others as they operate in open-air conditions, in close vicinity and with no health or sanitation safeguards. In fact, there is strong evidence that coronavirus originated at live animal marketplaces or wet markets in Wuhan, China. Many wet markets engage in live slaughtering of animals, which involves keeping animals in unsanitary and cramped conditions for extended periods of time. In such circumstances, the spread of viruses can be facilitated, and this was also suspected to be the primary reason for the spread of Covid-19 in the first place. In cases related to respiratory diseases, it is possible for these viral pathogens to spread to customers or food handlers caused by animal’s bodily fluids.

There is sufficient evidence to suggest that urbanization has increased demand for wildlife products because urban inhabitants pay relatively higher prices for such products in these markets. In some Asian countries particularly China, Japan, Indonesia, and Thailand it is believed that consuming certain species of wild animals can enhance a person’s strength, even though it also carries a considerable risk for the transmission of zoonotic diseases. As wild animals interact with different species from time to time, it is clear that such interactions may enhance the spread of zoonotic infections, and wet markets serve as perfect locations for the transmission of diseases like SARS, MERS, Ebola and Covid-19 being the most recent one. These instances have repeatedly called for government actions to regulate such markets. In the past, even the World Health Organisation (hereinafter referred to as WHO) has urged countries to stop the sale of wild animals in wet markets, to avoid the spread of deadly diseases. The WHO has enacted various guidelines regarding prohibitions on trading, sale and consumption of wild animals, but these guidelines have been implemented haphazardly. Therefore, adequate public health rules must be followed and wet markets must operate in accordance with government directions, otherwise, diseases will continue to emerge and rapidly spread in the future.

Limitations of wet market laws in China

The term wet market was unfamiliar to the majority of people around the world, but the coronavirus outbreak has brought it to the spotlight. Covid-19 is believed to have originated in a wet market in Wuhan, China called the Huanan Seafood Market. China has been the epicentre of wet markets throughout the world.

Wildlife protection laws and wet markets

There are wildlife protection laws in China that explicitly ban hunting and trading certain endangered species. Article 26 of the China Wildlife Law Regulation governs the breeding of wild species protected by the state. The government enforces penalties on anyone planning to breed wildlife without following proper norms such as ensuring that they have adequate living areas and facilities in accordance with the animal’s habits and necessary conditions for the movement, reproduction, sanitation, and health of animals. Such people shall also make sure that they adhere to all technical measures and norms like licenses for trade to ensure that wildlife is not exploited.

Sanitary norms imposed on wet markets

In 2003, the Chinese government enacted State Food and Drug Administration, currently known as National Medical Products Administration mandating wet markets to follow sanitary norms, which included the distance between two stores to be more than 5 meters, and regular inspection of such markets by the Chinese Health Authority. Additionally, these guidelines ensured wet markets to be regularly inspected by the Health Authority and must adhere to the Animal Epidemic Prevention Law. Furthermore, Article 27 of Laws governing People’s Republic of China states that supervision of sanitary production in handling of food shall be carried out by relevant health authorities, which includes veterinary examinations by relevant fishery, animal husbandry or agricultural authorities. However, despite such laws, wet markets in China are exceptionally unclean and operate in proximity thereby posing a greater danger of creating unsafe conditions in which viruses can pass from animals to humans. These conditions led to the Covid outbreak which resulted in the closure of wet markets across the country.

Trade of wild animals banned

In response to Covid-19, the Chinese Government banned the trade of wild animals for food, but within a month almost ninety percent of China’s wet markets started operating. The simple reason is that wet markets provide enormous revenue for the government, as they are a daily stop for Chinese people providing delicacies derived from wild animals and for their medicinal properties. Hence, the government avoids enforcing tighter regulations on such prohibitions.

Traders frequently engage in illicit trading of vulnerable species like pangolins, bluefin tuna, Chinese giant salamanders, and yellow-breasted buntings for their meat, skin, and medicinal uses despite various laws restricting the trade of such species. The Protection of Wildlife under the People’s Republic of China states that wild animals are state property and are protected by China’s list of Fauna under the Special State Protection. Any trader convicted of illegally trafficking wild or endangered animals on the list can face a conviction of up to fifteen years, with a fine and forfeiture of property. However, such regulations have not been executed effectively as illicit trafficking has increased and a rising number of species have been classified as endangered or vulnerable. It is now time for the Chinese Government to start mandating more stringent laws and guaranteeing their effective implementation throughout the country.

Laws governing Indian wet markets

Similar to China, India has a plethora of wet markets. West Bengal is considered the primary centre for the trade of India’s wet markets, with turtles being the most common one. However, India’s condition is distinct from China, as it lacks sufficient legislature governing wet markets. The Wildlife Protection Act, 1972 protects endangered species, enlisting them as state properties, and prohibits illegal purchase and sale of these animals. Additionally, the Food Safety and Standards Authority of India (hereinafter referred to as FSSAI) regulates licensing of all kinds of food enterprises including registration of all food businesses as well as the issuance of proper licencing to carry out any food-related operation in a hygienic manner. The effect of such a law was the closure of illegal slaughterhouses and butcher shops in India that failed to comply with the FSSAI’s sanitation standards. The law further permits the slaughtering of only fish, poultry, goats, pigs and sheep.

The Prevention of Cruelty to Animals, Rules 2001 states that a veterinarian must confirm that the animal is in a fit state to be slaughtered. Section 407 of the Delhi Municipal Corporation Act, 1957 also specifies that an animal may only be slaughtered at a certified slaughterhouse, and killing of animals at a separate location is strictly prohibited as per the Rules.

Despite such stringent rules, there is a deficiency in the implementation of such rules. As per the report of the Comptroller and Auditor General of India(CAG), it has been found that in almost half of the cases in various states, licenses were issued to enterprises carrying incomplete documents. A report of the Supreme Court also stated that many slaughterhouses in the country operate without a license and even licensed slaughterhouses in many states do not follow the requisite guidelines set forth by FSSAI. Furthermore, illicit trafficking of illegal and endangered species like pangolins, turtles etc are still carried out in many states.

The on-ground implementation of these rules are lacking. It is speculated that almost 90 percent of state food laboratories throughout the country entrusted with food testing and certification were ill-equipped as well as did not have the National Accreditation Board for Testing and Calibration Laboratories (NABL). Additionally, even the FSSAI has no evidence to claim that all the notified food laboratories have well-qualified food analysts. Therefore, authorities that are primarily responsible for protecting public health shall start taking their role seriously, noncompliance of which would otherwise have a significant impact on the health of individuals. Therefore, there needs to be proper coordination between the relevant agencies and government ministries. Since businesses related to wet markets will be carried out notwithstanding the conditions, strict implementation of the guidelines shall be followed as animal-based food businesses can surely give rise to another zoonotic outbreak in the coming future.

Regulating provisions : a sneak peek

The Covid-19 pandemic has demonstrated that human health is indirectly linked with animal health, as about seventy per cent of viral infections diagnosed in people have been connected to wild animals in some manner. Most East and South-East Asian countries, particularly China and Indonesia, despite being parties to several international conventions have continuously disobeyed international norms regarding the trade of illicit and endangered species. Although the International Union for Conservation of Nature (hereinafter referred to as IUCN) has recognized all eight species of pangolins to be on the verge of extinction, the pangolin continues to be the most trafficked animal in the world. These practices have been condemned worldwide and as per the recent World Health Organisation (WHO) report, almost 70 percent of wild animals are responsible for infectious diseases in humans. In addition to that, there is no way to determine whether these animals are virus-infected or not. Such actions have led global leaders including the United Nations (hereinafter referred to as UN) to call for a permanent ban on all wet markets, stating that the risk to human health is too great and the only way out is to impose a permanent ban on worldwide wet markets.

A permanent solution to the issue of wild wet markets

Even though various leaders around the world including the UN biodiversity Chief Murma called for a permanent ban on wet markets there are several complications associated with the ban. Wet markets have been a part of the tradition for East Asian and African nations, and it regulates almost 30-60 percent of their food. A complete ban on the wet markets can lead to the emergence of the black market and considering the vast numbers of farmers and consumers involved, this can create even greater complications in the global food market, even worse than what we are experiencing today.

According to the United Nations Environment Programme (hereinafter referred to as UNEP), the risk of zoonotic illness arising out of wild animals is more as viruses arising from them are the ones humans have not developed immunity against, and therefore legislation governing their trade must be implemented. However, several low-income groups, significantly in Africa, have relied on wild animals for their livelihood, and such a ban can have a significant impact on their livelihoods. They can be forced to seek an alternate means of income. Therefore, a complete ban is not the permanent solution. Countries should make laws concerning safe and sustainable trade such that transmissions of such diseases can be managed effectively.

Regulations carried out by different nations

Regulations carried out in Zambia

To ensure safe and sustainable trade, it is imperative that strict sanitary requirements along with restrictions for wild and domestic animals are properly imposed, as wildlife and domesticated animals are somehow equally responsible for the spread of zoonotic diseases. In countries like Zambia, all forms of animal meat, whether wild or domesticated, are classified as meat. The statute also gives authority to the minister to regulate the trading of meat nationally as well as internationally. Such authorities directly regulate the sale of meat in markets, and strictly adhere to sanitation requirements for all types of animals. However, since such legislations have a partial approach, they fail to address the control of zoonotic diseases.

Regulations in Sierra Leone

In some other countries like Sierra Leone, all kinds of animals are included under wildlife by the Wildlife Conservation Act, 1972, and sales of animal meat are regulated as per the respective Minister’s orders stipulated in Section 37 of the Wildlife Conservation Act, 1972.

Regulations in Botswana

In Botswana, the designated minister has the authority to adopt laws requiring livestock to be tested and analyzed for the presence of microorganisms, antimicrobial agents, or other pesticide-containing chemicals. Additionally, the designated minister can also prescribe standards for the quality and grades of meat, as well as direct the methods of storing and transporting meat to be used by the consumers. Even Argentina has proper laws regulating the trade of wild animals including inspection of products along with essential sanitation conditions associated with the trade. Such regulations, particularly legislations carried out by Botswana and Argentina can definitely help in reducing zoonotic illness to some extent.

Apart from strict trade and sanitation laws, countries must have proper food laws for better control of the zoonotic disease. Food laws are comparable to animal health laws in terms of application, as well as enforcement procedures. Such laws are important to analyze the sale of wildlife and control of zoonotic disease. Each country has its own set of guidelines regarding food laws based on geography, local practices and demography, with the intent to include animals fit for consumption. The food laws in countries like Antigua and Barbuda explicitly exclude the consumption of dogs, birds, turtles and cats. Similarly, countries like Mauritius ban the consumption of endangered species and only include wildlife that is consumed by human beings.

Scope for reform

It is apparent that markets that sell live animals, and especially wild species pose the biggest threat to human health as most of the zoonotic illness arises from them. Lawmakers have to confine themselves to regulating laws especially upon the hygiene, consumption and trade of such wild species, or else diseases like Covid 19 will continue to spread throughout the world. Despite the existence of legislation regulating wet markets, it is very difficult to regulate them due to the impossibility of monitoring each vendor’s compliance with the rules.

Raising consumer awareness of the regulations coupled with coordinated efforts from Non-Government Organisations can result in more effective enforcement of such laws. Consumers must be required to follow social distancing norms, and the competent authority shall make efforts to confirm the same. Vendors at wet markets shall also follow all the rules related to food safety standards and sanitary requirements. Each stall must have access to basic sanitation with each product being sanitized carefully. Furthermore, stalls must be set at an adequate distance from the other which must be mandated by the competent authority. Additionally, regular inspections by the appropriate authority must be conducted to ensure that the vendors comply with such regulations.

With regard to trade and consumption of wild animals like pangolins, bats, bluefin tuna, and many others, a global law enforcement system can be made, which can cooperate with regional law enforcement organizations (law enforcement for each nation) to address the issue of illicit trading of wildlife. However, such regulations are not easy to determine because evidence from some nations suggests that even illegal products eventually end up in legal markets. Investigators have concluded that the majority of the illegally trafficked wildlife ends up in legal marketplaces.Therefore, greater attention must be given to tracking such activities. Furthermore, since most of these trades occur through ports particularly in free trade zones in Asia, proper surveillance and investigation of such ports must be held at regular intervals. Finally, the competent authority shall grant harsher punishments to individuals engaging in such illicit trade deterring the commission of such crimes in the future.

Conclusion

It is evident that a blanket ban on wild and live wet markets is not a long-term answer, and may even worsen the problem, similar to the case following the SARS outbreak. It is also clear that there are sufficient national as well as international laws governing such regulations, the authorities simply lack competent enforcement of such laws. International organizations including the WHO stated that COVID-19 and all previous pandemics have occurred as a result of inadequate sanitation and improper healthcare in wild animal wet markets and have called for proper implementation of such regulations time again.

One issue associated with such implementation is that not all vendors are well equipped to buy sanitisers due to economic backwardness and lack of support from the government. Since it is assertive that proper sanitation will reduce the impact of zoonotic illness to a great extent, it is imperative that the government and other agencies support these people, as even a slightly negligent act in even one of the stalls can result in another pandemic.

References

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

What are the steps you can take if you are cryptojacked

By

Shoronya Banerjee

-

October 5, 2021

0

What-Can-Cryptocurrencies-Provide-to-the-World-696x449 — Image source - https://bit.ly/3cIXj1p

This is written by Aryan Kashyap, a student of LloydLaw College pursuing a Diploma in Cyber Law, Fintech Regulations, and Technology Contracts from LawSikho.com. In the article, he has talked about cryptojacking growing as a trend and has answered what people can do to protect themselves. This article has been edited by Dipshi Swara (Senior Associate, Lawsikho).

Table of Contents

Introduction

Various companies in recent times have been the target of some of the other kinds of cyberattacks. While hacking and data breaches are one of the most commonly prevalent cybercrimes, now with the world witnessing the rising of crypto-currencies, it has started encountering new offences that directly target cryptocurrencies. Cryptojacking is one such crime that has the capability of affecting one’s entire business activity. And what makes it more dangerous is that it can easily evade detection. Therefore, the companies and their professionals need to have effective measures in place for dealing with the offence of crypto-jacking.

What is cryptojacking?

Cryptojacking is defined as the act of mining a cryptocurrency using someone else’s computer without their permission. Kaspersky defines cryptojacking as a cybercrime where someone gets unauthorised access to someone else’s devices and they use these resources to mine cryptocurrencies. Like most forms of cybercrime, the attacker has the same motive here and that is money. The unique thing about this form of attack is that the victim is unaware of the attack. The only sign users can notice is when the system gets slower and starts lagging a bit.

How do people get cryptojacked?

Usually, hackers use two (2) methods to cryptojack people, they are:

The injection method,
The non-injection method,
The Injection method.

The hacker tricks a victim to load certain codes on their computers. These codes are known as crypto mining codes. This is usually done by phishing.
The victim may receive a very genuine-looking email or text containing a link in which the code is embedded. As soon as the user clicks on the link the crypto mining script is transferred to the computer without the user’s knowledge.
The script keeps working in the background and the user stays completely blind to what’s happening.

The Non-Injection method

This method uses a website as a form of transmission. A crypto mining script is inserted on a website or a digital advertisement.
When a user visits the website or an infected pop-up advertisement comes, the script comes into action.
In this method, no codes are stored locally on the victim’s computer.

Despite which method is being used, the crypto mining code runs a set of mathematical problems on the victim’s devices and sends the collected data to a server that is controlled by the hacker. The end goal is always profit maximisation.

How common is cryptojacking?

Alex Vaystikh, the co-founder and CTO of SecB, estimated that for every 100 devices which are doing unauthorised crypto mining for a hacker, the majority of data comes from web browsers and advertisement whereas only a small fraction of data comes from the user.
No one exactly knows how much cryptocurrencies are mined as the hackers are very discreet. But one thing the community agrees on is that it’s very prevalent.
Browser-based crypto mining appears to be the most common method as it is where the users are most vulnerable.
As per the SonicWall Cyber Threat Report, 2020 crypto hacking attacks reduced by a whopping 78% in the latter half of 2019 after Coinhive was closed. Coinhive used to be the most popular javascript miner.
Positive Technology’s Cybersecurity Threat Scapes early 2019 report reveals that there was already a reduction in the mining activities and that it only accounts for 7% of all the attacks. This is also suggestive of the fact that the hackers have shifted to using more ransomware as it undoubtedly increases their profits.
Marc Laliberte, the Network Security solutions provider for WatchGuard Technologies stated that crypto mining is still in its native stages and will develop a lot over time.

Why is cryptojacking famous in the hacker’s community?

Digital Shadows in their report called The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud found out that cryptojacking does not even require you to be a technology expert.
The main reason this has become a famous trend in the crypto community is that it is quite easy to do and helps hackers make easy money compared to other more technical crimes. Ransomware will make a hacker money once whereas cryptojacking helps them keep generating money over some time.
The hackers are safer when committing crypto-jacking as the victim doesn’t even know that they are under attack. Even if it is discovered it is very difficult to find the source of the attack.
Hackers also prefer crypto-jacking the lesser-known cryptocurrencies, as the popular ones like bitcoin may have more safety mechanisms.

How can you detect if you are cryptojacked?

You need to look out for the following signs on your computer:

Your device’s performance will be slower than usual.
Your devices will start overheating and will discharge faster than usual.
As crypto-mining takes a huge toll on your computer’s processor, it may start shutting down unexpectedly due to reduced processing power.
The overall productivity of your device will reduce significantly.
Your electricity bills will start skyrocketing unexpectedly.
A good test would be to check the CPU activity monitor or task manager on your computer. If the CPU usage is peculiarly high even when no applications are running on the forefront, it might be a sign of crypto-jacking.

Famous examples of cryptojacking

Prometei cryptocurrency botnet exploits Microsoft exchange vulnerability

Promote, a multi-stage botnet that was designed to mine the Monero cryptocurrency and has been around since 2016.
It uses a variety of means to infect devices and increase its network.
Earlier in 2021, Cybereason found out that Prometei was taking advantage of the vulnerabilities in Microsoft Exchange.
After it infected the devices it used them to mine Monero.

PowerGhost steals Windows credentials

The Cyber Threat Alliance in their Illicit Cryptocurrency Mining Threat report has described PowerGhost.
PowerGhost is a stealth malware that camouflages itself from detectors.
It further uses the spear-phishing method to attack selected individual’s systems and then steal their Windows credentials.
It further used the data collected to disable the computer’s antivirus software and remove competing crypto mining codes to make the most for themselves.

BadShell uses Windows

Comodo Cybersecurity discovered malware in one of their client’s computers, it was named as BadShell.
It was using Windows processes in mining.
It injected malware codes in the usual running processes.
It worked with a scheduler to have consistency.
It had a registry that held the malware’s binary codes.

Cryptojacking through GitHub

Recently Avast Software reported that some hackers were using GitHub to mine cryptocurrency.
The hackers would look for real projects on the platform and would then branch out to other smaller projects within them.
The malware codes were hidden in these smaller projects directories.
These crypto hackers would then use a phishing scheme to have people download these directories by doing them as some adult software.

Exploiting rTorrent’s vulnerabilities

Hackers had found out about some vulnerabilities in rTorrent’s configurations.
Due to this, there was some glitch in clients accessibility and anyone could have entered without proper authentication.
Thus these jackers hunted for the clients who were victims of this misconfiguration and deployed a Monero Cryptominer on them.
This vulnerability was reported by F5 Networks and they advise rTorrent to make sure that their clients do not accept connections from outside to prevent any losses.

Are there any laws regulating cryptojacking?

There are no solid laws regulating this space. However, if we think logically the hackers in the case of cryptojacking are trespassing and committing the intentional tort of conversion at the least. Trespassing is entering somebody else’s property without their permission and conversion happens when someone uses someone else’s private property without their consent or knowledge. The Courts and the legislature are yet to work on it. The only thing companies and people can do right now is to take precautions and try to be safe from such attacks. Thus there are no remedies as well if someone is cryptojacked as it is very difficult tracking the individual doing it.

Is banning cryptocurrency the solution?

Nasscom says that banning cryptos would have the same effect as banning alcohol in some states, the activities will just continue underground. By keeping crypto legal the government will have the option of regulating it.
To enforce a ban the government will need a very advanced and elaborate surveillance system. Unfortunately, the Indian infrastructure is not there yet. This would give rise to a huge black market.
Other than this all Indian citizens will be deprived of all the benefits cryptocurrencies have to offer. Experts are of the view that the government should not haste this decision and rather think it through.
When India liberalized its economy in the 90s, it became the world leader in the IT sector. We are at a crossroads again where the government needs to think about the future’s bigger picture.

How can you protect yourself?

It would be a good idea to invest in nice cybersecurity software. Make sure that you pick up software that is updated frequently and purchase it from a genuine source. Good places to start would be Kaspersky, Avast, Norton etc.
Keep yourself up to date about the new techniques hackers may be using. You can follow newsletters and tech platforms that publish such information regularly. Thus you can dodge some of those attacks.
You can use browser extensions that alert you against such attacks or block them out completely.
Using a nice ad-blocking software for your browser can also shield you from some attacks.
You can disable your browser’s JavaScript. It is the code on which the hackers mining codes will be executed. Most browsers give you the option of disabling them, but this can also lead to reduced performance on other websites.
Try keeping your operating system and other applications installed updated to the latest version. Companies keep trying to detect such malicious activities and block them out.

Conclusion

You must have realised the genius of these hackers by now. They keep coming up with new means to best others. It appears that this trend is here to stay for a while, thus the best we can do is to keep ourselves abreast of what these attacks are and how they take place and try to protect ourselves. No software can guarantee a cent percent that nothing will happen but we can still pursue it to the best of our abilities. Some steps that companies take on their part would be: installing the right technology that can keep a check on such attacks, keeping the systems updated and patched, and educating the staff about such attacks so that any suspicion can be immediately reported.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

The problem of excessive government litigation

By

Diva Rai

-

October 5, 2021

0

This article is written by Oishika Banerji of Amity Law School, Kolkata. This article deals with the problem of excessive government litigation and its repercussions in India.

Table of Contents

Introduction

For over a decade now, Indian courts have been dealing with a backlog of cases that have contributed to the retardation of the efficiency of the Indian Judicial system. Introduction of fast track courts, Lok Adalats have been made in order to clear the backlog of cases. But with a slow rate of success in these institutions, the obvious step that the judicial system can adopt to avoid this deceleration is to reduce the number of cases entering the judicial system. The 2017 report released by the Ministry of Law and Justice shows that 46% of the cases entering the judicial system are coming from the government that also includes the public sector undertakings and other associated autonomous bodies.

This data is significant enough to reflect the excessive government litigations taking place over the years that are majorly delaying speedy dispensation of justice. It is unclear from the percentage of government-related cases knocking on the doors of the Indian courts what amount of cases are coming from which tier of the Indian government. This ambiguity is not only detrimental for the judiciary but also for the executive organ of the government as delayed disposal of cases is directly proportional to the delay in policymaking, and execution of administrative functions. This article aims to provide a view on the problem of excessive government litigation that is overburdening the courts of the nation, the reasons behind such issues, and the possible solutions to deal with these growing hurdles.

What is government litigation?

The term “litigation” signifies a legal action or a lawsuit. Any individual who is involved in the legal action or the lawsuit will be known as a litigant. The litigant can either be a person who is suing someone or an individual who is being sued by someone. Now, the understanding of these two terms will help us devolve into the concept of government litigation. When the government is a party to legal action and is either being sued by someone or is suing someone, the government becomes the litigant thereby coining the term government litigation. With government litigation constituting approximately half of all other litigations in the judiciary and being responsible for majorly contributing to the problem of pending cases in the Indian Judiciary, the concept has attracted debates and discussions. The majority of the government litigations involve one department of the government suing the other or being sued by the other and many of them lays back in the courts as the parties fail to prove their reason behind suing each other. Further, there exists no indicator which can keep track of the number of cases filed by or against the government in a year thereby eliminating the presence of any kind of evidence-based on which action can be taken. This issue has remained static in its position for several years now.

The existing policies on government litigation in India

To understand the existing policies on tackling government litigation in India, the timeline provided hereunder needs a reference:

The 126th Report of the Law Commission of India which was prepared on the basis of Government and Public Sector Undertaking Litigation Policy and Strategies had first expressed the need to have a dispute disposal mechanism for disputes related to government matters in order to avoid unnecessary load on the judicial system. This recommendation was further taken up by the Ministry of Law and Justice in 2009 as a consequence of which the first step of establishing a National Litigation Policy for reasonable decision-making in resolving government disputes and ensuring responsible litigation on the part of the Central Government and the State Governments, was laid down.
National Litigation Policy was first formulated in the year 2010 with the aim to make the government an efficient and responsible litigant thereby ensuring the protection of the citizens’ fundamental rights whose implementation is an obligation on the part of the State. Unfortunately, the 2010 policy lacked application in reality.
The loopholes existing in the implementation of the 2010 policy were taken up in 2015 with a reviewed and modified National Litigation Policy. But, it is necessary to note that although different states of the nation have their own government litigation policy, a uniform National Litigation Policy remains uncertain.
In 2017, the Ministry of Law and Justice brought in the “Action Plan to Reduce Government Litigation” the purpose of which is to ensure the breakdown of the burden of cases that each department carries with itself. But, the functioning of this Plan remains unclear even after four years of its introduction by the government. Whether the Action Plan is effectively working to attain its purpose, or it remains an unused tool in the government’s hand is not unambiguous till now.

Indian judicial system’s take on government litigation

It was in the case of Dilbagh Rai v. Union of India (1974) where Justice Krishna Iyer made an observation about the lack of a litigation policy on the State’s part. The Supreme Court of India laid down certain observations concerning government litigation which are as follows:

The State is the largest litigant and the huge amount of expenditure involved in the litigation process “makes a big draft on the public exchequer.”
Taking into account the immense amount of responsibility, and obligations vested on the State, it will not be wrong to expect the presence of a reasonable amount of fairness in the government as a litigant.
India being a welfare state, the government of the nation must not act in a way that defeats the purpose behind the constitution of a welfare state. By suing a poor employee, the government authority by itself defeats the purpose of framing any policy aids for the poor individuals of the nation.

Justice Krishna Iyer made the purpose of government litigation clear by stating that, “The State is a virtuous litigant and looks with unconcern on immoral forensic successes so that if on the merits the case is weak, the government shows a willingness to settle the dispute regardless of prestige and other lesser motivations which move, private parties to fight.”

The observation made by the Supreme Court of India on the government litigation policy in the noteworthy case of State of Punjab v. Geeta Iron & Brass Works Ltd (1978) calls for a discussion as well. The Apex Court opined that a litigation policy for the government should be such that the government resolves disputes with citizens of the State in a conciliation manner by means of logical understanding, and not like two rivals seeking revenge from each other. The Court further went ahead to mention the need for a law officer who will be appointed by the government itself to resolve the dispute that has arisen without approaching the courts every time there is a fallout. Another important point taken into account by the Court in the present case was the responsibility of the government for being responsible for overburdening the Indian judiciary. On this ground, the top court while disclosing its interest mentioned that the Parliamentary social audits must hold the government responsible for the expenditure spent on litigation that eventually flows down the drain. With these observations, the Court concluded its viewpoint on government litigation with the hope of a responsive behavior on the part of the government thereby avoiding wastage of public money unnecessarily.

The 2003 case of Forests v. Collector that appeared before the Apex Court of India threw light on the cases that involved one department of the government against the other. The Court observed that it appears to be not reasonable enough for inter-departmental controversies to appear before the court of law and be responsible for wasting public money, and the precious time of the Court. The Court also referred to the intention of the framers behind the framing of the Indian Constitution, and the Code of Civil Procedure, 1908 which was never to resolve a tussle between the departments of the same organ of the government as the same was never expected to take place. When a department of the government files a writ petition against the other thereby invoking extraordinary jurisdiction of the High Courts under Article 226 of the Indian Constitution, the same goes against the basic principles of law which require a juristic person for being sued or suing someone. A significant part of the observation made by the Supreme Court of India, in this case, was the recommendation on the formation of an effective mechanism by the government itself to resolve any kind of inter-departmental disputes, and ensuring the functioning of the departments in harmony with each other.

The case laws that have been discussed above reflect on the judiciary’s take on excessive government litigation. In all these three notable cases, the Supreme Court of India has laid down measures to curb the steep rise in government litigation which has excessively affected public money and the time of the courts. But, has the government accepted and followed the Supreme Court’s guidelines remains a matter of concern.

Why is excessive government litigation an issue

To understand why excessive government litigation is an issue for both the Judiciary and the Executive, the following points need to be taken into consideration:

Excessive government litigation burdens the courts of India with an unnecessary workload which affects the functioning of the courts thereby slowing down the delivery of justice to the citizens of the nation.
Litigation involves a huge amount of expenditure and the same increases with an increase in the time period. In case of government litigation, the expenditure is carried out by using the public’s money which they pay to the government by means of tax. Prolonged government litigation is therefore wastage of the public’s hard-earned money by the government.
If the government of the nation is constantly involved in a tussle with the citizens of the country, then in that case the basic fundamentals of a welfare state are defeated thereby restricting the working of a democratic nation.
When various departments of the government sue each other, the overall functioning of such departments is affected which impacts the working of the government as a whole. With litigation taking away all their time, the departments will put a brake on the discussions on the formulation of various policies which will subsequently affect the citizens of the nation.

The need for an effective National Litigation Policy

As of the data collected in 2016 regarding the number of cases pending in different courts across the nation based on government litigation, the pendency in the Supreme Court of India was about 60,750 cases whereas High Courts were burdened with 40 lakhs cases on government matters. The number in District and Subordinate Courts was 2.74 crores. It has been observed over the years that the department of the government that has the majority of the cases pending before the courts is the Railway Department with 66,685 cases among which 10,464 cases are pending for over ten years now. Comparatively, it is the Ministry of Panchayati Raj that has the lowest number of cases pending.

As we have noticed previously, the promulgation of a National Litigation Policy terribly failed due to default in implementation, the need for the nation to have such a policy stands indispensable to execute the following functions provided hereunder:

The National Litigation Policy will provide effective mechanisms that can work with two-goal motives which are to reduce government litigation thereby reducing courts’ burden, and provide a logical medium of disposing of disputes related to government matters.
The National Litigation Policy will promote the development, and adoption of Alternative Dispute Resolution by the government thereby reducing the approach of the government to drag the court of law in every minute dispute.
The National Litigation Policy will cover all three stages of dispute which are the pre-litigation, litigation, and post-litigation stages. This will help the government, and associated bodies to resolve their disputes in a systematic manner. Disposal of cases will be easier in this case and subsequently, the backlog will be reduced to a significant extent.

Though these are not the only reasons why there arises a need for a National Legal Policy in India, these grounds are indeed the major ones.

Conclusion

The government must indeed take the issue of overburdening the courts with excessive government litigation on a serious note. The responsibility of letting the judicial system function with efficiency in order to render justice to the people of the nation, the government must not interrupt the functioning of the courts with disputes that can be resolved by government-made mechanisms only. Formulation of a National Litigation Policy as soon as possible will help both the Executive and the Judiciary to function in a constructive way without disrupting the working of each other.

References

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Crypto as a means of funding for corporate houses

By

Shoronya Banerjee

-

October 5, 2021

2

Cryptocurrency — Image source: https://rb.gy/evrynm

This article is written by Jubal Raj Stephen, pursuing a Diploma in Cyber Law, Fintech Regulations, and Technology Contracts from LawSikho.com.This article has been edited by Dipshi Swara (Senior Associate, Lawsikho).

Table of Contents

Introduction

The crypto market, reaching the recent peak of $1 trillion market capitalisation, has scope for exponential growth in the legal market. This has not been a purely speculative enterprise with more than 2,300 businesses across the US accepting bitcoin (without including bitcoin ATMs) and major traditional final institutions such as JP Morgan and Goldman Sachs, who were once famously critical towards bitcoin and cryptocurrencies in general had changed their tune. The time has not been ripe for the adoption of cryptocurrencies by businesses and corporate houses in either funding, payment, and beyond.

Why should corporate houses venture into crypto?

The blockchain, the underlying technology behind cryptocurrencies, has the potential to be a collaborative technology that promises to improve the business processes that occur between companies, radically lowering the “cost of trust.” Thus, offering substantially higher returns for each dollar of investment spent than most traditional internal investments. Widespread adoption from financial institutions could potentially upend everything from clearing and settlement to insurance.

Large payment companies such as Visa, Mastercard, and PayPal have embraced cryptocurrency in various ways, after considering the reduction in transaction fees from around 1.5% – 3.5% in conventional payment methods to the 0.5% – 1% provided by crypto. While currently, Indian companies are unlikely to attract domestic investors, they seem to have a very good chance of attracting foreign investors for funding.

According to Deloitte the following benefits could also be gained from adopting crypto:

Cryptocurrencies may provide access to younger and tech savvy demographic groups. Such customers tend to value transparency in their transactions. One recent study found that up to 40% of customers who pay with crypto are new customers of the company, and their purchase amounts are twice those of credit card users.
Introducing crypto now may increase awareness within the company on crypto-based technologies. It also may help position the company in this important emerging space for a future that could include central bank digital currencies.
Crypto could provide firms access to new capital and liquidity pools through traditional investments that have been tokenized, as well as in virtual asset classes.
Cryptocurrencies provide certain opportunities that are unavailable with traditional fiat banking transactions. As example crypto can be used as programmable money that enables real-time and accurate revenue-sharing while ensuring transparency to facilitate back-office reconciliation.
Cryptocurrencies provide important opportunities with pre-existing clients and vendors who want to engage by using crypto. Thus, it becomes essential for firms to enable themselves to receive and pay-out crypto to assure smooth experience for key stakeholders.
Crypto provides a new avenue for enhancing a host of more traditional treasury activities, such as:
- Enabling simple, real-time, and secure money transfers.
- Helping strengthen control over the capital of the enterprise.
- Managing the risks and opportunities of engaging in digital investments.
Crypto may serve as an effective alternative or balancing asset to cash, which may depreciate over time due to inflation. Crypto is an investable asset, and some, such as bitcoin, have performed exceedingly well over the past five years. There are, of course, clear volatility risks that need to be thoughtfully considered.

Routes of funding

There are multiple ways to fund a corporate business such as:

Directly receiving crypto funds in the form of payments and grants,
Tokenized issuance of crypto in return for funding through ICOs (Initial Coin Offerings), IEOs (Initial Exchange offerings).
Through DEFI (Decentralised finance) loans if the firm is already in possession of crypto assets or more recently through issuance of NFTs (Non fungible tokens).

While these are some known ways through which companies can receive which will be discussed in the article, it is the nature of cryptocurrencies being a cutting-edge technology there are infinite customizable means of funding that can be tailored to each firm needs, especially on the basis of smart contracts.

While crypto funding is a novel means of funding, corporations and businesses must remember that crypto projects can still be funded through traditional means of funding and the use of crypto for funding still reflect traditional forms of funding such as venture capital, grants, and crowdfunding. Thus, funding through cryptocurrencies still requires efforts to be made to show the investor that the firm is capable of being successful.

Payments

The most direct way to get crypto funds is to start by receiving crypto in the form of payments for goods and services. There exist fundamentally two approaches in employing crypto payments, “hands-off” approach which is the 1^st simpler approach and is based on using a third-party vendor to handle payments and immediately converting crypto payments to fiat. This shifts the burden of most technical and compliance risk to the vendor providing the crypto payments, while the firm might still be on the hook for AML(Anti Money Laundering) and KYC (Know your Client) compliance issues especially for large payments from foreign sources. It is important for the firm availing such services to do its due diligence on the vendor’s capabilities particularly with their ability to handle the volatility of crypto prices and compliance with global jurisdictions.

The 2^nd more complicated approach is for the firm to directly take crypto payments into their possession. This can be done either by creating their own digital wallets or by relying on custodial service, in either case, this approach is helpful if the firm has a goal to deploy cryptocurrencies more than just as a tool to receive payments. This approach requires the development of in-house crypto treasury management expertise to handle the crypto assets of the firm, this also opens up the business to multiple compliances and technical risks and the firm might need to obtain a license to handle crypto depending on the jurisdiction. Further Tax & accounting concerns, thus the firms should maintain a systematic and rational methodology for establishing and tracking basis and for keeping detailed and appropriate documentation.

This is not a far-off reality for India with small businesses and gig workers already accepting cryptocurrency payments from foreign clients. At least for small businesses, it makes sense to reserve cryptocurrency payments only for big-ticket luxury purchases rather than frequent smaller payments. Firms taking up crypto payments must also make sure that they keep up with laws and regulations given the quick pace of change in the industry.

Grants

If the firm or business is working in research and development or a field of public interest it might be able to acquire grants for such new technology or initiative in the form of cryptocurrencies. A few examples of such grants that could be claimed are Ethereum research grants for work being done in the Ethereum ecosystem, The UNICEF crypto fund for crypto-based projects that have the potential to impact children on a global scale,and the Human Rights Foundation.

ICOs, STOs & IEOs

Initial coin offerings (ICOs) are the IPOs of the world of cryptocurrencies. Start-ups and existing firms who are unable to raise capital through conventional sources such as Banks or traditional investors, find refuge through ICOs. The firm or start-up issues a token representing equity in the blockchain like an IPO. The investors, hoping for an increase in the value of the token in the short term purchase of these tokens, provided a solid and valid business idea typically described by the ICO issuers in a white paper. However, ICOs have had a reputation of being used for fraudulent activities perpetrated by unscrupulous actors, as unlike conventional modes of funding there is very little accountability. The ICO market has topped $22 billion since its beginning in 2017 but 76% if ICOs did not even meet their minimum funding goal. So, firms should accordingly weigh their options in proceeding with an ICO.

Some other mechanisms of crypto fundraising similar to ICOs, are as follows:

STO (Security token offering) – Security tokens represent an investment contract into an underlying asset such as stocks, bonds, funds and real estate investment trusts (REIT). They are regulated as securities and are popular among long term investors.
IEO (Initial Exchange Offering) – An alternative to ICOs in which the tokens of the offeror are sold directly through a centralised cryptocurrency exchange. IEOs are thus only open to those with accounts in the exchange, this can operate as a layer of safety against frauds as the exchange might be able to perform due diligence on the tokens offered.
IDO (Initial Decentralised Offering) – It is identical to an IEO, except that it occurs on a decentralised exchange.

Firms need to be aware that such offerings might be regulated in certain jurisdictions such as the US, increasing the compliance burden on the firm.

NFTs

NFTs(Non-Fungible Tokens) are a unique representation of objects as a token in a blockchain, not interchangeable like cryptocurrencies and the blockchain token is the verifiable provenance of the object. Though used mainly in digital art sales, it is a potential avenue for corporations young and old to raise funds for specific projects by selling the NFT for some cryptocurrency. A few ingenious attempts by institutions to raise funds highlighting the possibility are Edward Snowden selling an NFT for $7M in support of the Freedom of the Press Foundation and New York Times journalist Kevin Roose raised nearly $1M for the sale of an article about minting an NFT. More recently by UC Berkeley University by selling NFTs of internal forms on the discovery of Nobel-Prize-winning Cancer research for almost $50,000.

This has not been something unique to the US, Indian crypto-enthusiasts have also started a similar venture called Fable to sell NFT art and collect funds for COVID relief. Another venture with a more radical monetization of NFTs would be Omi Iyamu’s venture ACE which is poised to allow talented performers to sell access tokens to their fans which allow them to have varying levels of access to the performer.

DeFi loans

The true revolutionary promise of blockchain and cryptocurrencies is to replace regular financial institutions with decentralized money, DeFi (decentralised finance) loans are a step in that direction. DeFi loan or loans that can be taken on the use of cryptocurrencies as collateral. Such loans are issued without the need for disclosure of identity to a bank or any legal paperwork. This form of funding might be useful for corporations who have pre-existing crypto-assets in their balance sheet and would like to use the same without selling.

Regulations in India

The Indian government has had a history of ambiguous regulation in the cryptocurrency space. Recently it has shifted from a ban-everything approach to a “calibrated approach” towards digital assets. This was followed by a note from the Reserve bank of India (RBI) reaffirming the 2020 Supreme Court order, that its old circular banning payments related to cryptocurrencies is no longer valid. Though more clarification is required on the regulation of cryptocurrencies this is a much more hopeful starting point.

While no overarching regulation exists, entities engaging with cryptocurrencies should ensure compliance with know your customer (KYC), and anti-money laundering (AML) and foreign exchange management Act (FEMA) laws. ICOs are the next technology that requires legislation, while currently, no concrete regulation exists the Inter-Disciplinary Committee chaired by the Special Secretary (Economic Affairs) is contemplating enforcing compulsory cryptocurrency norms on entities investing in crypto. ICOs bring a whole host of legal issues that need to be addressed as they can function as a ‘security’ thus requiring SEBI intervention. A possible future path for Indian regulation can be seen in the Swiss Financial Market Supervisory Authority, FINMA guidelines regarding ICOs. FINMA has divided cryptocurrency tokens into four categories:

Payment tokens,
Utility tokens,
Asset tokens, and
Hybrid tokens.

Each needing its own regulations and Hybrid tokens indicating the non-mutually-exclusive tokens needing the cumulative application of regulations. A core norm to which FINMA bases its regulation is, “assessment on the underlying economic purpose of an ICO, most particularly when there are indications of an attempt to circumvent existing regulations.” The Indian government could emulate this norm in regulating crypto in India and the government should also consider regulations such as Prevention of Money Laundering, Collective Investment Schemes, Deposits under the Companies Act in finalizing its approach towards ICOs.

Another regulatory concerns that corporates must consider is the Ministry of Corporate Affairs(MCA) requirement that the corporates must disclose cryptocurrencies in which they have traded, profit and losses in such trades, and deposits or advances taken from other persons in these currencies. This is essential to corporate houses in India as this is the first regulation squarely aimed at corporates. Also while engaging with NFTs firms must consider the general principles of the Indian Contract Act and should consider using peer-to-peer decentralized exchanges to prevent the adverse consequences of NFTs being considered as derivatives under the Securities Contract Regulation Act.

Indian Crypto Relief : an Indian success story?

An example of successful deployment of crypto in India has been the ‘Crypto Relief’ Covid fund started by Sandeep Nailwal, co-founder of Polygon, initially receiving 22 crores Rupees with nowhere to go.The project has presently successfully deployed more than $1.8 million into NGOs working in COVID relief.

Though not a corporate house, the project’s ability to handle the present lacuna and bringing in such large funds into India can serve as a model to firms hoping to work with crypto. The potential for the Crypto relief fund to be revolutionary is clear when the world-famous Ethereum Co-Founder Vitalik Buterin donated $1 billion in SHIB coin. The fund was able to transfer crypto into funds in Indian bank accounts within 7-8 days and co-operated with the Indian navy in providing oxygen cylinders to people in need. The process through which the Crypto Relief Fund was converted into rupee donations is as follows:

Receive crypto donations from around the world.
Convert various cryptocurrencies into stable coins.
Register as a legal entity in the UAE backed by a US bank to convert stable coins into US dollars.
Send the US dollars to FCRA-approved NGOs through their bank accounts too.
NGOs disperse the funds on the ground to COVID patients and other projects

The multi-jurisdictional approach taken by the Crypto Relief Fund with crypto conversions being undertaken in a foreign jurisdiction and then the funds being sent to India could be emulated by corporate houses. This approach will definitely be more helpful when the corporate house is not in a place to complete KYC and AML due diligence on every crypto transaction or until clear regulations are seen in India.

Regulations in other Jurisdictions

Other Jurisdictions outside India also offer interesting opportunities for firms willing to engage in crypto. El Salvador has become the first country to declare bitcoin as legal tender leading to projects such as ‘Bitcoin Beach’, a small coastal community that has experimented with bitcoin payments, and potential projects such as ‘volcano mining’, Bitcoin mining using geothermal power. El Salvador thus can be useful for corporations who want to use cryptocurrencies actively as cash in their daily transactions.

Various regulators and states in the US are updating their policies regarding cryptocurrencies. The Federal Deposit Insurance Corporation (FDIC) has officially published its request for information about how banks are using digital assets and what the federal regulator could do to assist entities. The Federal Reserve chairman Jerome Powell reminded that the Fed’s first research paper about a digital dollar would be published this summer, reiterating that a U.S. central bank digital currency should prioritize consumer privacy and protection. The SEC(Securities and Exchange Commission) Chairman Gary Gensler warned bad actors in crypto of enforcement actions. The Treasury Department devoted an entire section of its Tax plan to cryptocurrencies, warning there was a “significant detection problem” with crypto use for illicit activities. It suggested that exchanges receiving over $10,000 in crypto in a single transaction should report it. Nebraska and Illinois also passed laws that allowed for the creation of chartered digital asset banks and special purpose trust charter for digital assets, respectively. Corporate houses need to pay attention to changes in the US regulation if they need to survive in a multi-jurisdictional crypto works

Conclusion

The various means of dealing in cryptocurrencies have been elaborately discussed along with examples of corporation houses that undertake payment or donations in cryptocurrencies. With large corporations like Facebook, Google, and Coinbase actively engaging in crypto, it is only time before Indian corporate houses do the same. This is clearly evident from the immensely positive effect of India’s Crypto Relief Fund.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

How to write, draft, and negotiate important clauses in a technology agreement : an analysis

By

Oishika Banerji

-

October 5, 2021

0

1553032958563 — Image source - https://bit.ly/2ZHhVUD

This article has been written by Mihir Sinai Kakodkar pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. This article has been edited by Prashant Baviskar (Associate, Lawsikho) and Dipshi Swara (Senior Associate, Lawsikho).

Table of Contents

Introduction

The drafting of a technology agreement entails the understanding of the technical jargon which must be incorporated into the agreement, and to translate the commercial intentions of technology-driven transactions into enforceable legal obligations. While the basic structure of a technology agreement emanates from the structure of an ordinary agreement, technology agreements are almost always executed in the electronic mode wherein the first party is usually common, and the second party comprises millions of end-users, usually individuals. Such technology agreements like ‘TERMS OF SERVICE ‘, ‘USER POLICY ‘, and ‘TERMS OF USE‘, are invariably pre-drafted, identical, independent contracts, executed by Click-Wrap or Browse Wrap, and their terms are non-negotiable. Negotiated technology agreements are entered into mostly for providing Cloud Computation Services and IT Professional Services. In electronic contracts, a vast volume of data is generated in an online database. Even negotiated IT Professional Services agreements require handling and storage of data. Consequently, Data Management, Confidentiality, Data Security, and Data Privacy is of utmost importance. Hence, technology agreements have certain Operative Clauses with an objective to safeguard the data, which clauses are specific to technology agreements. While most Boilerplate Clauses are common to technology and ordinary agreements, their drafting in relation to technology agreements requires a deeper technical understanding of the sector and the full spectrum of the peculiar facts of each transaction, to enable their customization to the needs of the agreement being drafted.

Usage of grammar

Technology Agreements are usually of high value, are often across geographies, and executed by parties with cultural differences and different usages and meanings of words. In case of dispute, the text of the agreement could be left to the scrutiny and interpretation of arbitrators based in third geography with an entirely different cultural ethos. In such a situation, it is absolutely essential that the usage of grammar and punctuation be absolutely meticulous. Verbs like ‘ Will ‘ and ‘ Shall ‘, ‘ May’ ‘ Might ‘ and ‘ Must ‘, ‘ Would ‘ and ‘ Could ’ , ‘ only ‘, ‘ and ‘ or ‘ or ‘ or ‘ and/or ‘ must be carefully used to convey the precise intention. Even a wrong placement of the word ‘ only ‘ in the same sentence can convey a vastly different meaning.

Structure clauses

Specific attention should be paid to the drafting of key clauses like-

Consideration Clause
Recitals vs background
Headings of Clauses
Definitions and Interpretations

Clauses of a Technology Agreement

Title

This should clearly capture the specific nature and essence of the relationship between the parties.

Date

These comprise the Date of execution of the agreement and the Effective Date of its commencement.

Names and Information of the Contracting Parties

Brief details and legal status of each of the Parties is enumerated herein so that each of the parties is uniquely identified along with their legal authority to enter into the binding agreement.

Recitals

The introduction and brief background of each party along with their respective competencies in relation to their role in the subject matter of the agreement is recorded.

Preamble

This states the principal objective of the parties to enter into the instant agreement.

Definitions

This provides definitions to any terms that have a technical meaning or to which a technical meaning or a limited scope of meaning or an expanded scope of meaning is intended to be given in the agreement.

Interpretation

This interprets the inclusions, limitations, and exclusions of any general words that may be used in the agreement.

Obligations and Payment

These clauses state the obligations and tasks to be undertaken by each party towards the other which constitutes the basis of the transaction between the parties, and the generic details, quality specifications and scheduled timelines for the supply of Goods or Services which form the objective of the agreement.

With respect to Supply –

the mode of Measurement of Performance for measuring the commercial transaction ;
Performance Guarantee / Success Rate ;
Delivery of Goods & Services and the Criteria for Acceptability.

With respect to the Recipient-

Total consideration payable for the goods and services to be provided along with stage-wise milestones linked payment schedule ;
Penalty clause.

With respect to the commercial aspect of the transaction –

Computation of value payable ;
Mode of invoicing ;
Processing of Invoices and time lines ;
Payment of Invoices including currency, mode of payment;
Advances, Deductions & Recoveries.

Term and Termination

The clauses herein state the –

Effective date of commencement on which date the mutual obligations of the parties is activated. This could be the date of the agreement or retrospectively, or prospectively upon the completion of an event specified in a separate Conditions Precedent Clause ;
Scheduled date of End of Agreement, which could either be a fixed date or upon the actual completion of a contractual event ;
Whether the agreement is Renewable, and if so, the details thereof including whether it is automatic, or at whose option, whether it is binding on the other party, the period for such renewal, the terms, including any that can vary on renewal ;
Termination of Agreement Clause laying down the various specific causes thereto, option of termination for convenience, and the mode for termination of the agreement ;
Reverse Transaction Services and Terms regarding Handover of technology and belongings at End of the Agreement or upon its prior termination.

Covenants

They specify every action that each of the parties commits to undertake or abstain from.

Breach of Agreement, Consequences of Breach, and Remedies.

They define the ‘Event of Default ‘ constituting ‘Breach of Agreement’, and the remedies available to the injured Party including Rescission of Agreement, Damages, Specific Performance, and Injunction.

Representations & Warranties

This lists down the underlying statements of fact or assertions about quality by each party to the other based on which the respective parties have entered into the agreement. Misrepresentation can lead to cancellation of agreement and invite a legal suit. Erroneous Warranty can lead to Claim for Damages. It is necessary to define clearly what the Warranty Clause will cover and the Monetary Cap.

Indemnity

This safeguards the interests of one party arising due to breach of contractual responsibility by the other, which can lead to losses for the non-defaulting party. In technology agreements, some of the most common form of indemnities include –

IP indemnity for third party claims made for IP infringement ;
Personal and property damage ;
Disclosure of confidential information ;
Misuse of licenced software for unlawful activities ;

This also states –

the Cause of Action for invocation of Indemnity ;
Mode and process for invocation of Indemnity ;
Specific aspects covered ;
Limitation of Liability Clause does not apply ;
Ways and means for Mitigation of Issues under Indemnification;
Insurance to cover claims.

Limitation of Liability

This limits the liability for breach to a predetermined amount. In technology agreements, there can be huge claims of Direct Damages and Indirect Damages. The Monetary Limit on the liability arising out of such claims is limited by this clause. Typically in technology agreements, the value of all such claims is limited to –

A predetermined lump sum value or
The Value of Invoice or its percentage.

This clause will include ‘ Exclusion of Consequential Damages ‘.

Liquidated Damages

This specifies the amount of money that will be payable in the event of default in performance of contractual obligations.

Specific Performance

This has to be granted by a Court. Courts will grant specific performance in cases where the actual damage from the non-performance of the contract cannot be ascertained, or where monetary compensation would not be adequate relief.

Escrow Mechanism

This provides for nomination of a third party as Escrow Agent to store and hold the critical ‘ Source Code ‘ in trust so that the licensee of the Software is not in difficulty in the event that the owner of the ‘Source Code’ ceases functioning.

Confidentiality

Technology agreements involve transfer of know-how, sensitive business information, and Personally Identifiable Information. In case of breach, licensee might face financial harm.
It is necessary to identify and clearly define what constitutes ‘Confidential Information ‘
This clause specifies the standard of care to be taken by the licensee in handling the data including provisions for physical security, signing of non-disclosure agreements with its employees, internal security protocols and procedures, and compliances stipulated to minimize the risk of information breach.
The consequences, obligations and remedies of both parties in case a breach happens is specified.
Provisions for indemnity, subject to cap, in case of breach.
Exceptions to this clause should be clearly stated

Data Security

This is essential as they invariably involve transfer and storage of sensitive technical and commercial information.

Data Security Policies

Data Security being important, it is necessary to specify in detail the security policy for handling, transfer, storage, and preserving of data between the parties as also by each of the parties. The primary Data Security Policies are Access Control Policy, Data Encryption Policy, Clean Desk Policy, Bring Your Own Device Policy, Employee Background Checks, Audits and Testing, Certification, and Insurance to cover the claims arising out of any breaches in Data Security matters.

Data Management

This states how the data will be accessed, and the ownership of data

Disaster Recovery

Where critical data is stored on a cloud a disaster can lead to shut-down. To avoid this, technology agreements require the Vendor to keep the operations running even in the face of Force Majeure situations, and restore the service functions after a disaster. A detailed Disaster Recovery Plan is incorporated.

Assignment of Contract

This places restrictions by the Licensor on the licensee with respect to assignment of the contract or engagement of third parties for execution of any part of the contractual work so that the licensed technology or sensitive information is not accessible to competitors

Intellectual Property

This clearly states who owns the Intellectual Property that is created out of the agreement, and the mode and details of its transfer

Exclusivity

This states that for the duration of the agreement or the discussions leading to a possible agreement, the contracting parties will not enter into negotiations or an agreement with a third party for similar nature of work / product / services.

Variation / Amendment

The purpose of this is to formally effect the amendments, if any, necessitated on account of various extraneous reasons.

Force Majeure

This specifies all the unforeseen situations beyond the control of the parties, and under which the parties cannot be compelled to perform under the agreement, except for making payments.

Waiver

The Non Waiver Clause enables to keep a contract flexible in case of tolerable infringements

Notice and Communication

This creates the framework for the parties for inter-party communication, and the mode for addressing of Notice, the time period for its issue, the mode and process for its dispatch, service, evidence of delivery, deemed delivery, etc.

Severability

This states that agreement will not end because certain clauses of the agreement have become unenforceable or void, and that the balance will remain valid.

Joint and Several Liability

This specifies the liability of each of the members constituting a party

Governing Law

This specifies the law applicable to the agreement and sets out the legal framework that will govern any sort of disputes that may arise between the parties. There should be some nexus between the contracting parties or the transaction, and the chosen Governing Law.

Dispute Resolution

This sets out the framework how a dispute between the parties will be resolved, the mode of resolution (Litigation or Alternate Dispute Redressal mechanism like Consultation, Mediation, and Arbitration ), the venue, Rules of which jurisdiction shall be applicable and the number of Arbitrators ( to Arbitration Proceedings), the Time Period, and the Language.

Jurisdiction

This provides which Court will have jurisdiction in the matter, preferably ‘ Exclusive Jurisdiction‘.

Non-Compete

This provides that a person with whom a relationship is entered into does not directly compete or work with the competitors.

Non-Solicit

This ensures that the people who work with clients do not engage client’s employees or consultants to work with them.

Independent Contractor

This states that the parties are working on a principal-to-principal basis.

Entire Agreement

This states that the Agreement is the entire agreement between the parties and all other previous oral and written arrangements between the parties are not enforceable.

Construction

This precludes the Court from holding any unclear term or clause of the agreement against the party who has drafted the clause

Survival Clauses

Some clauses need to survive the termination of agreement up to a certain period of time after the termination to make the agreement complete and effective

A technology agreement, in electronic mode, shall end with the acknowledgement of acceptance by the Second party by clicking of a ‘Tick’ to an ‘I Agree’ button, whereas in physical mode it would be signed by all the parties on one document or in counterparts

Conclusion

In the world of technology contracts, lawyers need to make sure that each and every clause is negotiated carefully, and the specifications must be given proper attention. Technology contracts often fail to explain the actual capabilities of the subject matter of the agreement. The above-mentioned list of unique clauses is present in almost every technology agreement. Lawyers need to keep in mind that while drafting such contracts, there should be transparency, use of plain language, and unnecessary technical jargon must be avoided. It is also advisable to keep the Information Technology contracts comprehensive and short, yet they should cover every important component reducing the risk and liability associated with the contract.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Insuring hacking attacks

By

Oishika Banerji

-

October 5, 2021

0

This article has been written by Harshita Shah pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. This article has been edited by Dipshi Swara (Senior Associate, Lawsikho).

Table of Contents

Introduction

Cyber insurance is no longer a fancy option but a need of time. Hackers are on the lookout to hack your systems and demand ransom. The ransom attacks have been shooting up across the globe since 2020. A report by Check Point research suggests that ransomware attacks around the globe have gone up to 102 percent in 2021. India is also rising top in the list of countries which are prone to ransomware attacks. Since the beginning of the year 2021, organizations in India have reported nearly 213 weekly ransomware attacks per organization. Hence, insurance companies have witnessed a rise in insurance policies against cyber risks. Cyber insurance policy helps an organization to bear the brunt of “the aftermath of hacking”. A potential hack can disrupt the computer systems of organizations, damage the hardware, software, result in loss of data and goodwill of the organization. One of the infamous cases that can be recalled at this point is the colonial pipeline ransomware attack, wherein the company had paid ransom to recover the decryption keys from attackers; the cost of ransom was covered by the insurance policy.

Cyber-insurance policy

Cyber insurance policy, like all other insurances, is a mechanism through which companies safeguard themselves from the brunt of cyber-attack. Many insurance companies are now providing a completely separate package that covers cyber risks. A cyber insurance policy would indemnify the insured against costs arising out of business interruption, extortion and ransom, breach notifications, investigation of the attack, and determining the loss. However, unlike other insurance policies, a cyber-risk insurance policy would not indemnify the insured if it is found that the breach was a result of haphazard security practices adopted by the insured, or any willful fraudulent act or violation on its part. Typically, a cyber-insurance policy would cover for the immediate loss after such a cyber-attack and it will not account for any future loss of goodwill or intellectual property on account of such attack.

Before buying any cyber-insurance policy any organization needs to check the types of losses that are covered by the insurance policy. In recent times, hackers most commonly infuse malware in computer systems, which is then clicked by some employee of the company, and thereafter hackers gain complete control over the system including data, and promise to give away the decryption keys only if the ransom is paid. Even if organizations have a backup of data, chances are high that if the ransom is not paid, the data will be sold on the dark web. Hence, ransomware must be included in the insurance policy along with other risks.

Should you consider buying a cyber insurance policy?

Cyber insurance policy premiums can be expensive, depending upon the risks associated with the data of your organization or business. Also, broad coverage of cyber insurance policy may not be required by your organization. Before buying a cyber insurance policy, you should ideally evaluate the requirement, inclusions, and exclusions in the policy and assess the risks associated with the data. The categorization below will help you in deciding an ideal policy fit for your company.

1. Processing large volumes of data– If your business is something that deals with large volumes of personal or sensitive personal data then you must get an insurance policy. Organizations in the finance industry that keep a record of card details, transaction values, and amounts, or in the healthcare industry, must obtain a cyber insurance policy. How much data do you store or process, the nature of data, what would be the effect on business or supply chain if any cyber-attack is attempted are all such questions that should be answered. E.g. in the colonial pipeline ransomware attack case, the ransomware attack had disrupted the operations of the company. The company is in the business of supplying fuel, diesel, and petrol. Due to the attack, many airlines had to change their schedules because fuel could not be supplied and a state of emergency was declared across many states of the USA. Companies that operate their supply and logistics chain using data must obtain an insurance policy.

In any case, even if your company does not process large volumes of personal or sensitive personal data and is a small company still you may opt-in to buy a cyber insurance policy to safeguard loss resulting from damage to your computer hardware and software system. Premiums in cyber-insurance policy would vary as per the risks associated. It will also help to cover the cost of breach notifications, investigations, additional security safeguard that has to be taken post-investigation and for compliance with any state or national or international law post-security breach.

2. Heavy fines for security breaches- If your organization or business is one that stores, processes large volumes of personal or sensitive personal data and as per the laws/regulations is subjected to fines, penalties, investigations, cyber-security reports, then a cyber-insurance policy would cover those costs for you. E.g. Under the General Data Protection Regulation (GDPR), it is mandatory to report a data breach to a data protection officer of the company and the DPO will inform the supervisory authority. Additionally, if the breach involves significant harm to the user, then users will have to be informed about the data breach, thus, a cyber insurance policy will help you to cover costs for such notification.

3. Contractual requirement under the agreement– Sometimes, a party to an agreement may specifically ask you to cover the risk associated with data breach with a cyber-insurance policy. Secondly, if you fail to deliver the services or products as per the terms and conditions mentioned under the agreement because of any cyber-attack, the other party to the contract can be indemnified for the loss arising out of non-performance of the contract

4. No Cybersecurity measures are guaranteed– Even though your organization has robust cyber-security measures, there will always be chances of bad actors penetrating your systems, hence a periodic security audit is also important. Nonetheless, due to the evolving nature of cyber threats, indemnify your company from the consequences of attacks.

5. Confidentiality obligations– Are you in a business that deals with large amounts of confidential information? A piece of confidential information may not fit into the “Sensitive Personal Data” column, however, it is what the parties to a contract agree to keep confidential. Moreover, more and more people now use online mediums to communicate, exchange files and confidential information. Most of the time companies adopt loosely encrypted platforms to share such data and the passage of such information over such networks may risk the privacy of confidential information.

Not only that, sharing information over such unencrypted platforms can risk the system with viruses, malware, and other bad actors. Such organizations can also be the prime target for cyber attackers. Hence, in case of a cyberattack, which puts you at risk of breach of confidential information or confidentiality obligations, a cyber insurance policy can cover up several costs that follow such breach or disclosure.

6. Do you collect login credentials of your customer?– If your company runs a website or other platforms which let users create their account and use the website, then you should regularly keep scanning the health and safety of your website application. Some common forms of web-based cyber attacks include cross-site scripting, denial of service attacks, SQL injection, etc. These kinds of attacks mainly originate from networks of weak computer systems or those whose security is compromised. Hence, if you are into the business of e-commerce or someone for whom a website is an integral part of marketing, delivery, revenue, then you must have an insurance policy in place.

7. Third-Party Services– We are all aware of the recent cyber attack which compromised the personal and sensitive personal information of Air India passengers. Air India uses the services of SITA (Société Internationale de Télécommunications Aéronautiques), a data processor that processes passenger details on behalf of Air India and it accounts for providing services to 90% of airlines across the world. The data breach had happened at the end of SITA. Thus, in case your company also uses third-party services for processing of data, then ideally you should opt for a cyber insurance policy because a breach at the end of a third-party service provider will be followed by an investigation into the incident, and you will need a reputation management personnel to be on the ground.

Also, when entering into a contract with any third-party service providers, you must take extra pain to review the contract, security practices followed by the third party, and the timeline for breach notification. In the case of Air India, SITA had informed about the breach in March and the full disclosure was revealed in April, whereas the cyber attack took place in February itself. These delayed notifications increase the cost of dealing with the magnitude of cyber attacks. Hence, a cyber insurance policy can help in such cases, where loss is compounded due to negligence or breach of obligation by a third-party service provider.

What all should you include in your cyber insurance policy?

A good cyber insurance policy addresses all possible consequences that may be the result of such cyber attacks. Depending upon the requirement of your business, the data and confidential information, and the magnitude of harm that can result on account of such breach you should negotiate your cyber insurance inclusions and seek the assistance of your cybersecurity team, and lawyers who can guide you well. There are certain key clauses that you must address in your cyber insurance policy.

Cybersecurity Incident Response Plan– Post a cyberattack, a company or business would hire an incident response team to know the vulnerabilities in the system that were exploited to do a cyber attack or would have its homegrown incident response committee. The incident response committee will conduct a detailed investigation and audit the loss that must have been caused due to such a breach. The IT specialist will review your systems, figure out the cause of the attack, measure the extent of the breach, review your backups and produce an investigation report. The object of such a plan is to act immediately and thereby try to minimize the harm, protect the data and enable your business to recover from the disruption. A cyber insurance policy can cover the cost of such investigations.
Reputation management– Post a cyberattack, the one thing that will spread like wildfire is your inability to protect the data of your customers. Sometimes even the biggest corporations are vulnerable to cyber-attacks and despite good cybersecurity governance, they fall victim to such attacks. It is also because these big corporations can pay out a huge ransom to get all the data back. Hence, in such cases, it is essential to deploy employees or you may outsource these services to an agent who would help you in preventing your reputation and goodwill from crumbling down.
Legal Expenses– If you stay in a country that respects data protection and strong enforcement for breaches of data, cyber insurance will help you cover these expenses and provide any compensation to your customers.
Loss arising out of identity theft– If the cyberattack is followed by identity theft, then it may risk the credibility of your customers and put them in financial crisis and other social media crises. A cyber insurance policy will help you cover such compensation and remedy for your customers.

Problems with the current landscape of cyber insurance practices

Bodily injury and property damage– A Cyber insurance policy does not cover bodily injury and damage to tangible property. In a 5G world, where physical properties are interconnected with each other, any cyber attack on such infrastructure can not only damage the property but may take life or injure someone`s body. Ever since lockdown, ransomware demands have risen.

Until the company pays for it, the hacker would not give the decryption keys and the procedure for recovering data is tedious as the network infrastructure becomes weak post-attack. Imagine if a critical infrastructure of a nation is targeted by hackers, then any physical damage or loss of life caused by such an attack is not attributable. Imagine if a critical infrastructure such as Air traffic controller is attacked by hackers, it will leave the state in chaos, there will be no real-time update on the movement of airlines and the air traffic. This can risk the life of air passengers. However, currently, the cyber insurance policy does not account for any loss of life in case any critical operations operating on computer systems are attacked.

Exclusion for Hostile or warlike action– NotPetya was a malware that encrypted the files on a network of computers and demanded 300$ to decrypt the same. The Petya attack was the subsequent Wanna Cry ransomware attack. Some research suggests that Notpetya first emerged in a tax filing software used by several companies in Ukraine, and followed from there to infect other networks. Mondelez had also been the victim of the NotPetya cyber attack. As many as 1700 servers and 24000 laptops of Mondelez company were damaged due to this cyber-attack. Mondelez had an insurance policy with Zurich Insurance company, USA. The terms of Mondelez’s property insurance policy covered “physical loss or damage to electronic data, programs, or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction”. However, the policy had an exclusion for hostile or warlike action in times of peace or war by a government or sovereign power. Zurich insurance company claimed that the NotPetya attack was backed by the state government and as a result of hostility and war.
Future risks– Cyber insurance policy does not consider the evolving nature of cyber attacks and is limited to widely recognized forms of cyber-attacks only. E.g. crypto-jacking is another evolving cyber attack. Cryptojacking is the process where crypto-miners use the computing resources of a business to mine cryptocurrency transactions and get a reward in return. Crypto Jacking does not lead to breach or loss of data or identity, hence it can be difficult to detect if any such activity is running in the background. It only uses the device computing power to mine cryptocurrency and this can result in overheating of systems, slowing down of the processor, and huge consumption of electricity. Cyber insurance presently does not account for such inclusions. Cyber insurance comes into the picture only after a cyber attack is performed which results in a breach of data or threat related to such breach.

Security Practices – Currently, if any company faces a ransomware attack, the insurance policy covers the ransom amount. In 2020, across the world, there was a steep rise in ransom demands. Attacks have also become frequent since employees are working from home and using their own devices, which makes them more vulnerable and easy to attack. The ordinary practices of using VPN are not anymore helpful. Hence, an insurance company must access the security practices adopted by companies to match the evolving trends in cyber attacks. Else, rolling out ransom amounts from the insurance companies will dissuade the insured from adopting and implementing best security practices.

Absence of Regulations– Currently, the IT Act or the rules thereunder on ‘Reasonable security practices” does not lay down provisions for cyber insurance. Companies recover the amount paid as ransom from their insurance companies. In the absence of unified cybersecurity standards under statutory rules, companies do not adopt the new age cybersecurity practices and rely on the same age-old methods.

In the state of New York, the government has proposed a ban on paying ransom amounts where the attackers targeted the systems of government agencies. The regulation proposed to create a Cybersecurity Enhancement Fund so that government agencies can upgrade their security practices. The U.S. Department of the Treasury has added multiple crimeware gangs to its sanctions program, prohibiting U.S. entities or citizens from doing business with them. India as well needs to have deliberations on this front. The Data Security Council of India reports that post-GDPR Indian companies have started to take cyber insurance policy as data security obligations under GDPR are very robust. In the UK, the cyber insurance framework encourages to have better risk mitigation and risk management in place along-with active recovery plan and financial resilience.

Conclusion

Cyber Insurance will soon turn into a hot sector and every industry will have to make place for it. However, industries also need to make room for robust cyber-security initiatives. Small startups and companies can share their cybersecurity design, implementation, and infrastructure. Some zero trust initiatives also need to be in place so that in case if there’s any computer system that is compromised then requests may not be accepted from such a server. Companies and governments shall pool their resources to map data and cyber disaster scenarios so that they can better determine the liability of insurance companies and insure the premiums, and inclusions in the cyber insurance policy.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

What should every product manager know about GDPR

By

Sneha Mahawar

-

October 5, 2021

0

This article is written by Vanya Verma from O.P. Jindal Global University. This article will discuss what product managers should know about GDPR compliance.

Introduction

A product manager entails collaborating with a wide range of stakeholders, including customers, senior management, departments, vendors, the engineering team, and the design team, to name a few. Fundamentally, all of this is done to achieve a single goal: to solve users’ issues, or to satisfy their requirements, or to empower users to achieve their objectives.

Though the goal is to solve users’ problems or, in other words, to meet their wants. After 2011, the EU Commission discovered that tech giants were tampering with EU citizen’s personal information. And this is a violation of an individual’s fundamental rights because the data they possess is their own. As a result, the EU Commission published the GDPR (General Data Protection Regulations) law in January 2016, which has been in effect since May 25, 2018.

About GDPR

GDPR stands for General Data Protection Regulation, and it applies to every company that has customers in Europe. Even if one’s company isn’t based in the EU. GDPR will apply if one delivers products and/or services within the EU as a non-EU entity. GDPR’s purpose is to protect the European Union (EU) citizens personal data and restrict how it can be used. On May 25th, 2018, the GDPR rule came into effect. The EU regulators have made it clear that any explanation for non-compliance after this date would be rejected. Especially in circumstances when sensitive data has been leaked or personal information has been stolen from one’s system. Because of Brexit, the United Kingdom is exempted from GDPR. They expect the UK to have its GDPR version.

GDPR attempts to bring all data protection laws under one umbrella. The ones who do not comply may face fines of up to 4% of their annual global revenue or a fine of up to € 20 million (whichever is higher) per infringement.

When one gathers data linked to an EU person, they have the right to know what data is maintained, why it is kept, and how long it is kept. Users have the right to access (“Right to Access”), export (“Right to Data Portability”), change, and permanently delete all of their data from one’s systems (“Right to Be Forgotten”). They should be able to access their information as readily as they entered it in the first place.

GDPR is not the monster it is made up to be, even though it places a lot of pressure on businesses. People are increasingly using the internet to communicate with friends and family, shop, read, and even manage their finances. This has enabled businesses to give individualised experiences to their customers by allowing applications and websites to capture client behaviour. GDPR enforcement has given EU residents more control over their personal data. This information belongs to one’s customers, according to GDPR. They own it and have the right to select who and how it is consumed. On the other side, it assists firms in becoming more customer-centric and establishing trust.

Product manager and GDPR

Since the product management team is aware of the end goal, a new parameter has been added that users should have data control. It’s been talked about data-driven decisions and hundreds of stories about them, but there are a few questions:

Where did the data come from?
Whose behaviour pattern(s) are we keeping an eye on?
Who are we segmenting/targeting?
Why are we profiling users and what are we profiling them for?
When are particular events triggered during the user journey?

The answer to above all is: users personal data

A product manager is responsible for establishing the GDPR mindset in the product in collaboration with their organization’s DPO (Data Protection Officer). There are a few rules that all Product Managers should be aware of, and new features/EPIC should be prioritised depending on them:

Data minimisation
User rights to data- Data Subject Access Request (DSAR).
Data is passed back and forth between departments and sub-processing companies.
Data Controller- the entity that collects data from users to provide their products and services.
Data Processor— the entity who process that data given by the Controller
Consent- is the king while defining any feature or the user journey. Also, this applies to any communication we do with our users across the department i.e. Marketing, Customer Support, Compliance.

Guide for product managers to comply with GDPR

Read and research about GDPR

As product managers, they are the experts on their products. This also qualifies them as the ideal person to translate GDPR into new product features that need to be implemented or mapped to.

When it comes to something as important as GDPR, a product manager should start by reading and researching it. It is beneficial to familiarise oneself with the law. Before diving into the legislation itself, read the summarised versions produced by industry specialists. This will give some context and a rudimentary knowledge of what GDPR was all about, which the product manager could work with before moving on to the more comprehensive version. Product managers must do both: start with a rudimentary version to obtain an overview, then move on to the formal version that is publicly accessible. That would be a reliable source of information.

The product manager will also be the point of contact for a variety of issues, including product, architecture, and the new legislation itself. This in-depth study assists in responding to the never-ending barrage of queries one receives from various sources both inside and outside the company (customers).

Familiarize with the architecture of the product

Use this opportunity to learn about the company’s technology stack if not done before. Learn everything there is to know about the product’s architectural plan, the frameworks in place, and which system components have access to client data.

Here are some of the main questions this exercise would help to answer if one is a product manager:

Where is the customer’s data stored?
What is the aim of data storage? Do we need the information we’ve gathered?
Is any personally identifiable information, such as a social security number, stored in my product?
What types of third-party apps are available for my product? What are they doing with my customers’ information?
What are the ramifications of deleting the data from my product?
Is the product equipped with all of the features we require to assist our clients in responding to data requests?

Think about how GDPR affects the customers

With B2B SaaS, it was critical to recognise early on that not only does one’s product need to be compliant, but they also need to enable their customers to be compliant. This tiny distinction affects how they approach product updates and what they make available to the customers. If they are a B2C company, for example, they can run a script in the background to delete data when a customer asks for it.

However, as a B2B company, it was critical that companies that used our products be able to erase their users’ data from our systems.

Keep an eye on industry experts and competitors

Sign up for newsletters and blog postings to stay informed about what’s going on in the industry. Listen to their speeches and PR releases, and keep a watch out for their updated terms and privacy agreements.

Many industry leaders, such as Microsoft, have hosted GDPR webinars. Attending these events not only helps one understand how they are approaching the legislation but also provides one with a good picture of what the market is expecting. Both are critical, and the best confirmation one can obtain is a combination of the two.

Start early implementation of GDPR

Allow adequate time for last-minute alterations and any unexpected situations that arise during testing or reflection. It is easier to make judgments and get them executed if one has a staff that understands the significance of the law. Alternatively, one can correct their course.

Perform end-to-end test runs before the big day to ensure the process doesn’t break at any point. If one is a B2B organisation, getting started early is especially vital because their customers must be compliant on the date the legislation takes effect. This implies clients will start asking questions much sooner, and they’ll need to allow them enough time to try out what they’ve produced for them.

Work closely with a legal team

Working closely with a legal team is the first step. The legal team in a company must be familiar with the law, the product, and the technology. They will decide how and to what extent to approach the regulation.

One should master their translation abilities. On one hand, one should get familiar with the important legal words and explain them to their coworkers who are unaware of the rules. On the other hand, one has to explain the product and technical aspects to his legal staff so that they can make the difficult decisions.

Research and look for inspiration

Know the domain

When dealing with cross-system product duties, domain expertise is one of their most valuable advantages. One will save a lot of time if one knows where the potential traps are.

Start by documenting everything one can about their system’s user data:

Does one have any users who might be EU citizens? It’s important to note that the user’s location has nothing to do with their citizenship or rights.
What is the location of data storage? Is the data kept in the European Union? Look for unfamiliar data storage such as logs, research data sets, backups and replications, and abandoned services.

What is the aim of data storage? GDPR emphasises data minimization, which means not keeping data one doesn’t need.
Is there any Personally Identifiable Information (PII) stored in one’s product? Does the product save personal data (e.g., name, address, birth date, Social Security number)?
What third-party service providers are employed (e.g. photographs, comments, blog posts, transactions)? Do they keep user information in their databases? If third parties do not comply, one’s legal team must decide how to respond.
What are the consequences of erasing data on a product? Is there anything that needs to be changed in terms of the user experience?

Competitor research

Investigate what other companies are doing, just as a person would for any other product. However, if the person started working early, this may be an issue, as many companies have a similar release deadline.

If there isn’t a live product to look at, consider looking for:

Support forums, where customers will ask questions about the new rule and how the company will handle it.
Support articles: These are occasionally made public before the real product is released to reassure customers.
Some companies provide information about their resolve to comply with legislation through blog postings and public relations announcements.
Conferences, lectures, and panels are all available.

Decision time

It’s time to decide how one will present his answer. As is customary, the product comes first, followed by technology and architecture. Some of the questions one should be asking himself include:

Which components can be manual and which must be automatic?
How does the support model appear?
If one is working on a large integration project, one should additionally consider: Whose responsibility is it to ensure that the entire integration process runs smoothly?

Kickoff

Combined Ownership

Depending on the size of a company, delving into the nuances of each product may be difficult. This is why one should identify domain owners and give them the authority to make their judgments. This can be accomplished by providing them with clear instructions and motivation. Establish security rules in collaboration with security professionals. When handling PII, an organisation should have a policy in place to deal with data breaches as well as general security requirements.

Guidelines

One’s duty now is to guide domain owners on how to execute the regulation. Allow the legal experts to explain how each component of the legislation will be interpreted and how the company will handle it. This will assist owners of various clubs in making their selections.

Communication

When communicating with distinct personas, use the appropriate channel, medium, and, most crucially, language and vocabulary. Slack is used by developers, while Hangouts is used by UX, PMs, and support agents, and emails are used by higher management. Lawyers, for example, would prefer not to utilise shared documents because they are afraid of agreeing to content that will later be modified.

To make this endeavour work, all of the above-mentioned personas are required; each of them focuses on a different aspect of the picture and contributes distinct perspectives and expertise. One will have to adjust and master his presentation and communication skills.

Execution

Communication

One should make themself and their staff available for queries through all lines of communication, no exceptions. There will be more edge instances, and some difficult legal decisions will have to be made. One will need to maintain translating between the legal team and the person on the other end of the line.

Keep a paper trail

Keep a record of all the slides, documents, and decisions one has made. This is good practice for any project, but it’s especially crucial when dealing with regulated items. It will assist in running a project more effectively and afterward in comprehending the decision-making process.

Major elements are as follows:

Who creates and processes data.

PII and Personal Data are the types of data that are stored.

Data is kept in both logical and physical locations (BI, logs, databases).

Who are the third-party service providers?

Pre-Release

Support Protocol

Work with support agents to create a methodology for processing requests, complaints, and system errors. In this scenario, establishing a clear identification and verification process is crucial, as an ill-defined method could result in personal data being shared with the wrong individual. Allow plenty of time for support agents to practise following this protocol.

Content

Helping the people whose data one store understands what they are doing with it is an important part of becoming GDPR compliant. This could mean they’ll have some support pages detailing the types of data they’re collecting and why they’re collecting it, depending on what their legal team decides. Make sure that any content that is released is thoroughly reviewed by the legal team to ensure that it is not deceptive or could expose one’s firm to legal liability.

Operations

According to the GDPR’s Right to Access article, data must be provided within 30 days. Consider the following:

How will one know if there is a problem? With their development team, discuss monitoring and alerting options.
How will issues be addressed, and when will they be resolved? An escalation policy for system failures must be discussed ahead of time.

Conclusion

Complying with the GDPR is challenging. It’s not, however, something one can ignore. Because the Act was new at the time, there were numerous obstacles. It may, however, be done correctly if one has the clarity and the proper individuals to assist them. Even if there are many different interpretations of this legislation, one will eventually figure it out. GDPR is paving the way for a more secure online environment; it is the forerunner of good things to come.

The product managers should start putting mechanisms in place immediately to detect data breaches if they haven’t already done so. Make sure to have a regulatory champion (or become one) who creates a checklist for all teams to refer to, including marketing, product, engineering, and support. Conduct frequent audits to ensure there have been no data breaches. Knowledge regarding GDPR will also grow over time. Continue to be aware of what may be overlooked and adapted.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Companies Act amendments : reasons as well as motivations

By

Sneha Mahawar

-

October 5, 2021

0

This article is written by S A Rishikesh, from the Institute of Legal Studies, Shri Ramswaroop Memorial University, Lucknow. This article looks into how the Companies Act 2013 came into existence and the criticism it faced. Also, seeing some of the major changes that were introduced in the new Act while replacing the earlier six-decade-old Act.

Introduction

With the end of World War II in 1945 and newly gained independence in 1947, the young nation India felt the need for a Companies Act of its own. To formulate this Act, a new committee was set up in 1950. The Committee is comprised of twelve members headed by H. C. Bhabha. The committee was also known as Bhabha Committee. The committee submitted its reports in 1952. The work of the committee became known as the Indian Companies Act, 1956. But as it is said, no Act is free of flaws and as a result, after going through many amendments it was finally replaced by the Companies Act, 2013.

An overview of amendments in the Companies Act from 1956-2013

Companies Act, 1956

Companies have a huge role in any developing economy. The Companies Act 1956, was not enacted only from a legalistic, calculative, and scientific point of view, rather it was based more on the social and economic needs of the young nation, to provide economic growth. It was primarily brought to regulate the formation, functioning, financing, and dissolving of companies. The Act came into effect on April 1, 1956. The original Act contained around 658 Sections. The Act prescribed various regulatory mechanisms regarding all the aspects of a company such as organisational, financial, and managerial. The Act vested the winding-up jurisdiction in the High Courts. In the working of the corporate sector, freedom to the companies is as important as protecting the rights of shareholders and investors. The Companies Act tried to play a balancing role between these two competing forces, i.e., the autonomy of the management and investor protection.

The main objectives of the Act were as follows:

To safeguard the dividends of the shareholders, from the management. As there is a separation between the management and the ownership of a company.
To protect the interest of the creditors at the same time.
To help develop companies in a healthy and competitive environment in India. Because the corporate sector always has a huge role in the development of a nation.
To equip the government with ample power to protect the public interest by intervening in the company affairs; as per the procedure prescribed by law.

In this rapidly changing world of technology and industries, many times law is not able to keep up with the pace. The story of the Companies Act is no different, the Act went through twenty-four amendments, to keep pace with the rapidly growing corporate sector with the Indian economy.

1990s : The major economic policy shift

After independence, it was the desire of the policymakers to develop the economy of India in a socialist environment. Though some MNCs (like Coca-Cola, IBM, Bio Merieux) were launched during this time but did not receive much help from the government or the people of India. The major focus of the government was to eradicate poverty, promote small, local, and indigenous industries, and develop a small local private sector in order to achieve self-reliance.

Things began to change from the 1980s when some policy changes were seen but the government was still hesitant. The dramatic change of events took place in the 1990s when India was opened to the world through Liberalization, Globalization, and Privatization. This led to the rapid changes in the corporate sector in India that the Companies Act could not keep up. There were some amendments made but were not of much help.

Companies Act, 2013

Companies Act 2013 finally replaced the Act of 1956. The new Act had fewer Sections (470) but many sections were new and the outdated sections of the Companies Act 1956 were eradicated. The Act gave more powers to the shareholders, it also aimed at women empowerment by prescribing mandatory inclusion of at least one woman director to the Board of every prescribed class of companies in India. A new concept of Corporate Social Responsibility was introduced, it also established a new body National Company Law Tribunal (NCLT) to lessen the burden of the High Courts and simultaneously provide specialized justice.

Major notable changes introduced with the Companies Act, 2013

Financial year

Section 2(41) of the Act required the financial year of every Indian company in India to end on March 31, every year. It is the same date that the Government of India uses for tax reporting purposes. Companies that were foreign subsidiaries were given relaxation and they had the option to apply to NCLAT for a different date than March 31.

One-person company and small company

A new idea that the Act introduced was absent in its predecessor Act. Companies Act 2013 defined one-person companies under Section 2(62) of the Act and small companies and gave them various relaxations for doing business in India.

Corporate Social Responsibility

Corporate Social Responsibility (CSR) under Section 135 was made mandatory for all the Indian companies having a net worth of INR 500 crores (c.US$80m) or more, or a turnover of INR 1,000 crores (c. US$160m) or more, or net profits of INR 5 crores (c. US$800k) or more during any financial year. They immediately had to form a CSR committee and spend at least 2 percent of the company’s profits as CSR.

Any company not complying with the CSR rule had to give the reasons for the same in their annual financial statement.

Auditor rotation

Under the previous Act, the auditors of a company were appointed for a period of one year but under the new Act Section 139, the auditors had to be appointed for six Annual General Meetings (AGM) i.e., 5 years. A person could not be appointed as an auditor for more than five years and in case the auditor is a firm it could not be appointed for more than two consecutive terms. To maintain transparency the auditors were prevented from performing non-audit work in the company.

Directors

Under the previous Act, the maximum number of directors was twelve. The new Act increased this number to fifteen under Section 149 which can further be increased by a special resolution. For certain companies, it was made mandatory to have a female director on board and a director who shall stay in India for not less than 182 days in a calendar year. The duties and liabilities of the director were codified. One-third of the total directors of every public company needed to be independent. No independent director can hold their post for more than two consecutive terms of five years.

National Company Law Tribunal (NCLT)

The introduction of the National Company Law Tribunal was to replace the existing Company Law Board and Board for Industrial and Financial Reconstruction. It was also to reduce the burden of the High Courts and a way for companies to seek justice easily and expediently.

Fast track mergers

The process of merging companies was simplified by the new Companies Act. Even the cross-border mergers were permitted with the prior permission of the Reserve Bank of India (RBI).

Prohibition on forward dealing and insider trading

Section 194 of the 2013 Act prohibits directors and key persons holding managerial positions from buying the shares in their company, or in its holding, subsidiary, or associate company because such a person is expected to have all the access to the price-sensitive information and can easily do insider trading.

Electronic mode

The new Act aimed at promoting E-Governance. For various processes like maintenance and inspection of documents in electronic form, an option of keeping of books of accounts in electronic form, financial statements to be placed on the company’s website was granted, etc.

Key issues with the Companies Act, 2013

No law is perfect in itself. Whenever a new Act is introduced it draws criticism from different sections of the society. The same is the case with this new Companies Act 2013. Critics often say it is the same old Act of 1956 just given a new packing and presented as the new Companies Act. It failed to overcome the deficiencies the old Act had. Still, a lot of power was in the hands of lawmakers with regard to rulemaking.

The second point of criticism was numerous drafting errors, vague and unclear language used in the Act. One such example was Section 185 of the Act which forced the Ministry of Corporate Affairs (MCA) to issue a clarification of the same. There is also at times, the lapse of departments of government to issue rules and clarification which creates controversies and confusion among the decision-making persons of the companies. An example of it is the bond market for which the rules are given by both the Ministry of Corporate Affairs and the Ministry of Finance. All this defeats the purpose for which the new Act was introduced.

Addressing the issues

The corporate sector of India is an ever-changing one and that can be understood from the fact that four amendments have been made already in the new Companies Act 2013. The first amendment being in 2015, followed by amendments in the year 2017 and 2019 with the latest one being in the year 2020. These amendments have been made to solve the issues highlighted by the critics and bring in some new changes to the corporate sector in India.

The Companies (Amendments) Act 2015

Ease of doing business was promoted by the 2013 Companies Act which was further seen in the new amendments. The 2015 Amendment Act was introduced with the following intentions:

Ease of doing business;
Removal of drafting errors;
Clarify some vague provisions of the 2013 Act;
Remove the clauses that slowed down the business processes.

The major changes that were brought by the 2015 Amendment Act were as follows:

No minimum paid-up capital, this was good for the startups where they do not have to invest INR one lacks in the very starting of their business;
Common seal became optional, agreements may now be signed between the two directors directly;
Board resolutions are no longer public; they became confidential;
Companies could provide loans to their subsidiary companies;
The penalties were stringent on failure to pay deposits.

The Companies (Amendments) Act 2017

The 2017 Amendment Act was aimed at:

Rectifying inconsistencies in the 2013 Act.
Harmonizing the Act with the accounting standards.
Facilitating ease of doing business to promote growth with generating more employment.
Address the difficulties in implementation of the Act because of these strict compliance requirements.

The key highlights of the 2017 Amendment Act were as follows:

For the very first time, the Act was amended to get it to line up with the various rules and regulations of the SEBI and RBI;
Definition of associate holding and subsidiary companies were amended;
Penalties were rationalised i.e the penalty will now be levied taking into consideration the size of the company, nature of the business, injury to the public interest, nature and gravity of the default, reputation of default, etc.;
More clarification was given on the disqualification of the independent director;
Companies could provide loans to the director but this can only be made if a resolution is passed and 75% of the company’s shareholders approve it. While the prohibition on loans to the family members of the director of a company was still in place.

The introduction of a new independent regulator National Financial Reporting Authority (NFRA). It came into existence in October 2018 intending to oversee the auditing profession and accounting standards in India. According to Section 132 of Companies Act 2013, “NFRA is responsible for recommending accounting and auditing policies and standards in the country, undertaking investigations, and imposing sanctions against defaulting auditors and audit firms in the form of monetary penalties and debarment from practice for up to 10 years.” The NFRA had a positive impact on India. It has made India eligible for the membership of the International Forum of Independent Audit Regulators (IFIAR). However, the Institute of Chartered Accountants of India (ICAI) fears that the establishment of such authority in India will curb its powers.

The Companies (Amendments) Act 2019

This amendment was mostly based on the recommendations made by the committees set up by the Ministry of Corporate Affairs to decriminalize some of the offences under the 2013 Act for better compliance purposes and to liberalise the existing regulatory framework for ease of doing business.

Key changes brought by this amendment were as follows:

The amendment reintroduced the declaration of commencement of Business and set the time limit for filing charge documents.
A new point was added in the disqualification of a director, a person can not be a director of more than 20 companies out of which more than 10 companies cannot be public companies.
Corporate social responsibility was made mandatory by this new amendment. and if the companies were not able to spend the said amount into CSR, then they had to contribute it into the Funds mentioned in Schedule VII, for example, PM’s national relief fund.
Dematerialisation of securities.
Penalties for repeated defaulters were made more strict.
The focus was also laid on de-clogging the National Company Law Tribunal (NCLT). In order to do so, two powers were vested in the Central government:

(i) Decide in case a company wants to adapt to a different financial year.

(ii) In matters of a public company converting into a private company.

The Companies (Amendments) Act 2020

The Company Law Committee (CLC) was constituted by the Ministry of Corporate Affairs (MCA) to further review the sections on offences under the Companies Act 2013 based on the recommendations of the CLC in its report the new amendment 2020 was introduced.

The major takeaways from this amendment were as follows:

Decriminalization of minor offences.
The definition of listed companies was changed.
The framework of CSR was eased. The Amendment Act 2020 exempted companies with the CSR liability of up to INR 50 lakh a year from setting up a CSR committee.
The new amendment paved the way to set up more benches of the National Company Law Appellate Tribunal (NCLAT).
Amendment also empowered the Central government to require the classes of unlisted companies to prepare and file periodic financial results.
It added a new chapter in the Act specially dedicated to the producer companies.

Conclusion

It is good to keep up with the modernization in the field of law also else the purpose of the law is defeated. The new Companies Act 2013 is an attempt for the same, a positive step making the company law modern and equivalent to the global standards. Making an addition to the decision-making capacity and power of the company. Giving more rights and protection to the minority shareholders at the same time. The introduction of the one-person company, the small company will play a key role in reducing the administrative burden that the small companies had to bear, but the large companies have to buckle up for the new changes from the appointment of auditors and directors to returning a small portion of what they earned from the society back to the people in form of Corporate Social Responsibility.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Person absconding from the law as a proclaimed offender

By

Sneha Mahawar

-

October 5, 2021

0

This article is written by Udita Prakash, a student at UPES, Dehradun. This article talks about the proclaimed offenders and regulations dealing with the absconding of the proclaimed offenders.

Table of Contents

Introduction

Section 82 of the Code of Criminal Procedure talks about the “proclaimed offender” or “PO”. A Proclaimed Offender is the person absconding from the court proceeding where the court announces the particular individual as a transmitted offender and guides the concerned law enforcement authorities to capture the individual named in the proceeding and make him stand under the watchful eye of the court. A proclaimed offender (PO) procedure is a judicial process by which the person is declared a criminal and instructs the police officers concerned to arrest the person named in the proceedings and to show them to the court. It is also directed that the name and details of the declared criminal be published in newspapers, declaring him or her a perpetrator.

Consequences of being a proclaimed offender

If the accused does not appear in court after the bailable warrant has been issued, the court will issue a non-bailable warrant against the defendant under Section 70 of the Code of Criminal Procedure. Under Section 70, the court orders the police and gives them the power to arrest the accused anytime, and anywhere (including breaking open the doors and walls of their home or the place where they want to hide from arrest). If the accused does not want to appear in court even after the arrest warrants have been issued without bail, the judge can declare the accused to be a “criminal accused” under Sections 82 , Section 83 of CrPC.

The declaration of the proclaimed offender means that any citizen of India can arrest the accused at any time and anywhere.
The proclaimed offender’s passport is automatically confiscated so that the accused does not leave the country.
If the accused was in government service at the time of the criminal declaration, they will be expelled, and if not, they will not be able to join any government position at any level in their life, even if they are declared a proclaimed offender for only one day.

Offenses on which the court declares the absconding person as a proclaimed offender

If a person commits the following crimes or offences and absconds, they may be declared as the proclaimed offender under Section 82 of CrPc.

Someone who has committed a home trespass to commit a crime that is punishable by death. Anyone who causes serious injury or death in the event of a break-in or break-out.
Murder, or Culpable homicide amounting to murder.
Kidnapping, kidnapping for murder, kidnapping to cause serious harm to a person, slavery, etc.
Being a member of a group causes serious injury or death by stepping on someone’s property.
One who causes fire or explosive damage with the intent to destroy individual property or state property.
Who commits theft with the intent or intent to injure or kill someone, who commits or attempts to commit a robbery, who commits dacoity or dacoity with murder, who commits fraud or theft in an attempt to cause death or serious injury, who attempts to commit robbery or deceit armed with a deadly weapon, and who prepares to commit or gather to Commit Dacoity.

When can the court issue a proclamation against the accused

If a court has reason to believe (whether or not after taking evidence) that a person against whom a warrant has been issued has gone into hiding or has hidden so that the warrant may not be enforced, that court may issue a written proclamation against the accused. The accused must appear in a specific place and at a specific time, and in not less than thirty days after the date of publication of this proclamation.

In Rohit Kumar alias Raju v. State of N.C.T., Delhi and Another (2007), it was observed that the sine qua non for an action under Section 82 of the CrPC is the prior issuance of a warrant of arrest by the Court. There must be a report before the Magistrate that the person against whom the warrant was issued by him had absconded or had been concealing himself so that such warrant cannot be issued. An attachment warrant can be issued only after the issuance of a proclamation.

Procedure to issue the proclamation

Section 82(1) of CrPC, talks about the procedures to issue the proclamation. The procedure is as follows:

It is read publicly in a recognized place in the city or village in which the person habitually resides.
It is placed on a visible part of the house or apartment where the person normally lives, or in a visible place in the city or village.
A copy of this will be placed in a visible part of the court.
The court may also, if it deems fit, order that a copy of the proclamation be published in a newspaper that is circulated in the place where the person is habitually resident. A written declaration by the court proclaiming that the proclamation was duly published on a particular day in the manner referred to in sub-section (i) of Section 80, shall be deemed conclusive evidence that the requirements of this section have been fulfilled and that the proclamation was published that day.
If a proclamation published by sub-section 1 relates to a person who has committed an offence under Sections 302, 304, 364, 367, 382, 392, 393, 394, 395, 396, 397, 398, 399, 400 is charged with 402, 436, 499, 459 or 460 of the Indian Penal Code (45 of 1860) and that person does not appear at the time and place specified in the proclamation, the court may after conducting the investigation it deems appropriate, declare the accused of violation and make an appropriate statement.

Punishment for non-appearance

The Criminal Law (Amendment) Act 2005 included Section 174-A in the IPC. It establishes that when a person fails to comply with the terms of proclamation under Section 82 (1) of the Code of Criminal Procedure, he will be punished with imprisonment for a maximum period of three years. In case of non-compliance with the proclamation issued under the crimes provided for under Section 82 (4) of the Code of Criminal Procedure and the person has been announced as a criminal, the penalty will be imprisonment for seven years as well as a fine.

Case laws

Sanjay Bhandari v. NCT of Delhi

In the case of Sanjay Bhandari V. NCT of Delhi (2018), the Delhi High Court had rejected the prosecution’s argument that any person against whom a proclamation has been issued is considered a proclaimed offender, regardless of the provisions of Section 82 (4). The court held that under Section 82 (1) the CrPC, a proclamation can only be issued against a person against whom a court order has been issued and has run away or is in hiding so that the order cannot be enforced. There is no provision other than Section 82 (4) to declare a person a proclaimed offender and 82 (4) applies only concerning persons charged with the sections of the IPC listed therein. The offence under Section 82 (4) is serious and provides a safeguard for the investigation of such serious offences. However, no such safeguard is provided for a person charged with crimes that may not be so serious, said the High Court in the Sanjay Bhandari case. The court further said, “The intention of the legislature cannot be that such adverse consequences would automatically get attracted to a person qua whom a proclamation has been published and is accused of offences of a less serious nature but for a person who is accused of serious offences enumerated in Section 82(4), they would get attracted only after the safeguard stipulated in Section 82(4) has been followed.”

Arun kumar parihar v. State

The FIR in the case of Arun Kumar Parihar Vs State (Government of NCTD)(2021) was registered under Sections 406 (criminal breach of trust), 420 (cheating), 120B (criminal conspiracy) of the Indian Penal Code, 1860. The Delhi High court has held that a person charged with offences under sections 406, 420, and 120B of the Indian Penal Code (IPC) cannot be declared a ‘proclaimed offender’ under Section 82 (4) of the Code of Criminal Procedure. The Delhi High Court annulled the order issued by the court of the first instance and held that the provisions of the law that the Investigating Agency was intended to invoke are not within the scope of Section 82 (4) of the Cr.PC, 1973, and therefore the applicant cannot be declared a proclaimed offender.

Judge Anu Malhotra referred to various precedents to conclude, mainly Sanjay Bhandari v. State. The single court of Judge Sanjeev Sachdeva in the Sanjay Bhandari case had held that the declaration under Section 82 (4) can only be made concerning the offences specified in that article. The Delhi High Court struck down the order to declare a proclaimed offender as the offences were not within the scope of Section 82 (4).

Delhi High Court issued guidelines for a person absconding as the proclaimed offender

Delhi High court on 2nd July 2021 issued certain guidelines for the person who is absconding as the proclaimed offender under Section 82 of CrPC. A single bench by Justice JR Midha set the guidelines that courts must follow before declaring a person a criminal and the follow-up action that law enforcement agencies must take. The instructions also contain detailed mechanisms for the early arrest of avowed criminals, including an instruction that the Delhi Police will set up a digital surveillance system that will allow access to specific departments to track down such avowed criminals.
The Court was prompted to issue the guidelines while dealing with two petitions wherein it was alleged that the petitioners were declared proclaimed offenders without following due procedure. Upon finding that they were not served proper notice, the Court allowed their pleas and quashed the orders declaring them “proclaimed offenders.”
The court was also of the opinion that declaring a person declared a felon will result in a Section 174A crime of the IPC, punishable by a sentence of up to 3 or 7 years. It affects the life and freedom of a person under Article 21 of the Constitution of India and it is necessary to ensure that the procedures of Sections 82 and 83 of the CrPC are not routinely enacted and that due process is followed. The second important aspect is that, once a person has been declared a criminal, the state must use all reasonable efforts to arrest them and confiscate their property, as well as initiate legal proceedings under Section 174A of the IPC.

Conclusion

The police station where the offender resides has the primary responsibility for arresting. However, any police officer can arrest a proclaimed criminal without a warrant or order from a magistrate. Anyone can arrest a proclaimed criminal and hand him over to the nearest police officer/police station without unnecessary delay. The Police Superintendent periodically reviews the list of Proclaimed Offenders and individuals involved in the cases. If insufficient evidence is recorded or obtainable, the names of the POs are removed after consultation with the District Magistrate and the SP of the district in which such person was proclaimed. Whenever an offending defendant is arrested, a statement is sent to the police station and the district of which he was a resident to have his name removed from the OP list. Likewise, the name of the receipt of intimidation on the death of the proclaimed is eliminated.

When an advertisement distributed in subsegment (1) refers to a man charged with a guilty offense under Sections 302, 304, 364, 367, 382, 392, 393, 394, 395, 396, 397, 398, 399, 400, 402, 436, 499, 459 or 460 of the Indian Penal Code refuses to appear at the predetermined place and time required by the decree, the Court may, after making the request it deems appropriate, articulate a transmission guilty and make a disclosure to that impact.

To conclude, a proclaimed offender is the person who is not showing up to the court even after the warrant is issued against him. There are certain offences against which if a person does not show up then they are deemed to be called as the proclaimed offender. Thus, every procedure and circumstance about the proclaimed offenders and the situation where they may abscond then what must be done is briefly mentioned in the CrPC.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Checklist for a corporate company to minimize the risk and damage of logic bombs

By

Oishika Banerji

-

October 5, 2021

0

This article has been written by Radhika Agrawal pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. This article has been edited by Aatima Bhatia (Associate, Lawsikho) and Dipshi Swara (Senior Associate, Lawsikho).

Table of Contents

Introduction

Logic bombs remain dormant until a specific condition is met. However, once the condition occurs, it can lead to severe security breach to a company’s data. The 2006 crashing of the UBS servers is a significant example of a successful logic bomb attack, wherein an employee of the UBS Group launched this attack and 2,000 servers at 400 office branches fell victim to this attack.

It is quite evident that these attacks can be disastrous, and therefore it is important to have some action plans in place in order to evade the attacks. An enterprise can potentially protect itself from the chaos of a logic bomb affirming with the following checklist:

Expect a crisis.
Install reliable Anti Virus Software.
Security policy first.
Limit the access and track every employee’s computer.
Check on the latest patches and updates.
Adapt Spam-Blocking Solutions.
Screen New hires.
Install Firewall.
Segment LAN.
Regular Backup.
Manage Passwords.
Guest Logins.
Separation of Duties.

Expect a crisis

Cybercrime can happen to anyone and at any time. Today putting the guard off for any type of cyber attack is foolish. Logic bombs are as dangerous as any other cyber crime. Certain instances were recorded where employees have drastically influenced a corporation’s operations by installing logic bombs which blocking traders from trading in the company’s shares, malfunctioning company’s softwares and through other mischievous ways. There could be a million dollar loss to a corporation triggered by these logic bombs. It is wise and always recommended to expect such an attack primitively and be ready with a plan to mitigate the risk.

Install reliable Anti Virus Software

Investing in a good Antivirus software is very important as detecting a logic bomb and removing the malware planted from every computer system in the corporation is not an easy job. A trusted Antivirus software will not only protect the system from infection before it is triggered but it will also constantly take the update to check the latest threats.

Security policy first

One primary step to preventing logic bomb attacks or any other cyberattack should be the establishment of a security policy. It should include mechanisms to prevent and detect malware abuse and guidelines for carrying investigations for the same. It should spell out the potential consequences of misuse. To shield the organization from accusations of unfair or unequally implemented penalties, ensure that your security policy traces out the ends of maltreating company resources

Limit the access and track every employee’s computer

Limiting the access to web services may sound repressive for employees but this will be beneficial and protective for the corporation as a whole. This will help to track the third party interference in the company’s connection. Most instances of such attacks take place when logic bomb malware is planted by malicious insiders. The case of the UBS servers crash is one such example, wherein the employee planned the logic bomb attack in the very company that he was working at. This was because he was unhappy with the bonus that he had received from the company. Another example worth discussing would be The Siemens Corporation spreadsheet debacle, wherein a contract employee who was associated with the company for nearly a decade planted a logic bomb in one of the spreadsheets of the company. And managed to keep it undetected for around two years. Everyone does not have the safest web browsing manners. Web filters may restrict the employees from browsing sites that might be a potential source of a logic bomb. Keeping the log of employees’ activities on the corporation’s server and deploying web filters will be helpful in preventing such malicious activities.

Check on latest patches and updates

Keeping the system updated and checking on the latest patches, computers will be protected. The business’s software and hardware extracts will be as protected as possible from both internal as well as external menaces. Software updates repair security holes, remove bugs, add new features and remove the outdated ones. This removes any sort of software vulnerabilities that we might have and keeps us off the radar of hackers.

Adapt Spam-Blocking Solutions

The email bomb attacks are extremely challenging to block because any user with an email address can spam any other email address. Spams are irritating, a waste of time, and dangerous as they may be appended to viruses and malware, including logic bombs. To curtail time wastage and enhance network security a comprehensive spam-blocking solution should be implemented.

Screen new hires

Basically, the additional time you spend exploring a candidate’s experience, the better. In the event that your corporation considers background verifications also tedious, consider re-appropriating. Individual verifications don’t generally recount the entire story, be that as it may. For instance, a regular check may confirm the candidate’s present location, however, would neglect to uncover that somebody living at a similar location is a known cheat or a displeased ex-worker. Administrations like Systems Research and Development’s NORA (Non-Obvious Relationship Awareness) can discover such connections. By consolidating data from apparently inconsequential corporate data sets, NORA can perform workforce checks – on representatives, subcontractors and merchants, including forthcoming recruits.

Install firewall

A firewall is your first line of safeguard against likely dangers. It checks data moving to or from your network, to keep dangers out or lock them in for brief disposal. Utilizing a firewall related to antivirus programming will offer better assurance against logic bombs. A firewall will examine traffic so the logic bomb doesn’t advance onto your computer. Dial-back methods for staff who are working from home from a set area don’t work for faculty who are dialing in from different far off locations, for example, air terminals and lodgings. Distant access security requires the utilization of encompassing safety efforts like firewalls, just as the encryption of messages and delicate records put away on the computer. Firewalls should channel dial-in access in such a way as to deny access aside from where expressly allowed.

Segment LAN

Host-or network-based interruption discovery frameworks merit a conspicuous spot on the roster of your interior safeguards, however discovering great checking focuses can be testing. Host-based frameworks for the most part convey specialists, however network-put together frameworks depend with respect to LAN sniffers. Checking a solitary web association is simple, however, discovering great locations – chokepoints – inside frequently turbulent LANs can be more troublesome. In a perfect world, you’d have one sniffer for every LAN portion. In an enormous network, this is clumsy, illogical and will likely overpower you with useless cautions. it is recommended to regard your LAN as a progression of areas, every one of which contains its own zone of trust, isolated by firewalls at which each interface with the corporate spine.

Regular backup

It is basically difficult to lead any sort of business these days without utilizing electronic storage for touchy data. Regardless of whether you are putting away close to home client data or secret financial documents, it’s basic you guard this data from misfortune and robbery. Backup administrations are an astounding alternative to have in your network safety toolbox. In the event that a logic bomb at any point triggers, delivering your data encrypted and indiscernible, you’ll have the option to recuperate the data you need, in the state you need in the event that you have a cloud backup set up. Indeed, even with different layers of network safety, it’s a smart thought to consistently back up your business’ data. Making backups sets aside time, yet it will give you significant serenity realizing that you can reestablish your business’ data back to its unique state in case of a logic bomb

Manage Passwords

Passwords ought to be simple for the client to recollect, however difficult for a culprit to figure. Some basic control highlights for passwords are that they: (1) ought to be internally single direction encrypted; (2) ought to be changed consistently; (3) ought to be five to eight characters in length; (4) ought to incorporate alpha and numeric characters; (5) ought not be not difficult to figure, like a companion’s name, youngster’s name and so on, (6) ought to be concealed (not show up on the screen when composed); and (7) inactive client IDs ought to be deactivated and in the long run erased from the framework. Also, logon IDs ought to be deactivated after a few fruitless endeavors (for the most part three) to enter the right secret key and the situation ought to naturally disengage a sign on meeting if there is no action for a predetermined time allotment.

Guest Loins

Manual or electronic logging of guests, alongside accompanied or controlled guest access, likewise diminishes actual access chances. Photo ID identifications, camcorders, and safety officers give a significantly more prominent degree of safety. On the off chance that photo ID identifications are utilized, guests ought to be needed to wear an alternate shading identification. Deadman doors, which comprises two doors and necessitate that the primary entryway close before the subsequent entryway opens, give a more significant level of safety to computer rooms and document stations. Upkeep faculty ought to be reinforced. The area of touchy offices, for example, the computer room, ought not be promoted nor should they be recognizable or noticeable from an external perspective.

Separation of Duties

Separation of duties can assist with dissuading vindictive insiders who might be thinking about introducing a logic bomb on a framework. This would require a subsequent individual to assess new code, software or changes for security issues. Without the subsequent individual’s audit, the favored client might actually introduce the malware without location. Separation of duties (SoD), in some cases alluded to as segregation of duties, is the idea of dividing the errands and advantages needed for a particular security measure among numerous individuals. It’s anything but an internal control to decrease the potential harm brought about by the activities, unintentional or noxious, of any one individual by confining the measure of force and impact they hold over key frameworks. It additionally guarantees that individuals don’t have clashing duties, like writing about themselves or their bosses. The goal is to dispense with the chance of a solitary client being in a position where one can do and hide an illegal activity. Along these lines, for instance, if any of your heads can erase, alter, or duplicate data without being distinguished, then, at that point you need to take a gander at the separation of their duties and errands

Conclusion

Numerous diminutions for logic bombs figured over the years, but logic bombs have updated as modern tools and intervention techniques advanced. By achieving the preventions enumerated in the above checklist, new devices and supplementary monitoring can make it easier to detect and prevent logic bomb attacks in the future.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.