This article is written by Kaushal Kumar, pursuing Diploma in Cyber Law, Fintech Regulations and Technology Contracts offered by Lawsikho as part of his coursework. Kaushal works as Senior Manager at Genpact.
India’s socio-economic conditions are suitable for India’s startups and entrepreneurs. They have so far been given complete freedom to carry out their business in a free and regulatory manner. This scenario, however, was changed in 2017, which saw the consolidation of e-commerce and various start-ups. In addition, compliance with regulations and transparency also became crucial in 2017. These regulatory compliances have helped to create more jobs and opportunities for entrepreneurship in India.
Academic Institutions in India are very theoretical in nature and generally produces only serving manpower. Rather this era should be changed in academia to producing the employer class in India. Academic institutions should teach the challenges in the Entrepreneurship market and government initiatives to overcome these challenges especially in Cyberlaw and related areas.
What are the possible lessons on Cyber Law which Engineers and Management students can be taught in their curriculum?
Information on possible trends and techno legal compliance and regulatory requirements for various startups and entrepreneurs who try their best to dominate Indian markets have been highlighted in this article. These are as follows:
Ease Of Business Doing
The Indian government would be very interested in ensuring a good and effective facility for startups and entrepreneurs to do business in India. Even though many positive steps have been taken by the Indian government in this regard, business in India is not an easy task so far.
Effective Dispute Resolution
In India, dispute resolution is a very complicated, time-consuming and costly process. Companies involved in disputes are unable to wait for decades to resolve their disputes. Although India has adopted ambitious projects such as the National E-Governance Plan (NeGP) and Digital India, none of them has solved this problem. Methods such as arbitration are suffering from many problems, even alternative dispute resolution (ADR). What is most troublesome, however, is that India has been unable to set up e-courts and use online dispute resolution (ODR) to effectively resolve disputes and facilitate business in India. As a result, India’s commercial dispute arbitration and international commercial arbitration do not receive the response they need to receive.
For different fields and businesses, the first ever techno legal ODR model has been suggested for national and international stakeholders. For more details, interested stakeholders can see the project Online Dispute Resolution and Cyber Arbitration. This is India’s first ever ODR platform covering India’s most comprehensive techno legal dispute resolution services for domestic and international stakeholders. We hope that this initiative will help ensure an effective and alternative dispute resolution mechanism that is much needed to ensure business-friendliness in India. In future years, startups and entrepreneurs would be increasingly using ODR and e-courts facilities.
Indian government’s Digital India project has been thoroughly tested by startups and entrepreneurs. Securing cyber security and civil liberties aspects of digital India in the coming years is a major challenge for the Indian government. In 2016, the digital India project lacked the regulatory framework and procedural safeguards required by customers, startups and entrepreneurs in future years. Digital India would fail to meet its goals and objectives without these essential attributes.
For online businesses, e-commerce and electronic delivery of services to citizens, online payments and digital payments have a special role to play. Startups and entrepreneurs in the coming years would introduce disruptive Fintech and digital payment models. However, they would also be required to comply with aspects of digital payments currently missing in terms of privacy, data security and cyber security.
Cyber security is one of India’s major concerns. A robust and resilient cyber security system must support all digital projects and transactions. However, there is still no robust and resilient cyber security infrastructure in India. Even India’s cyber security trends have raised many critical and alarming issues that the Indian government urgently needs to address. Entrepreneurs would like to see higher management’s increased role in ensuring compliance and cyber security policies.
Compliance with cyber law would take a front seat for startups and entrepreneurs in the coming years. Not many e-commerce ventures and companies are currently complying with the cyber law requirements of the Information Technology Act, 2000. This would change in the coming years as Indian government on the part of these startups and entrepreneurs would push for more compliance with cyber law.
Cyber Law Due Diligence
One of Information Technology Act 2000’s most technical and complicated compliance requirements is to ensure due diligence on cyber law. Cyber law due diligence is a compliance techno legal aspect that requires ongoing effort on the part of both top management and ground level force. Startups, entrepreneurs, e-commerce companies, etc. are not in many ways managing cyber law due diligence. The Indian government must ensure that on a priority basis these stakeholders comply with the same.
Startup directors, businessmen, Indian companies and banks are also required to comply with the requirements of cyber law and cyber security under the Information Technology Act, 2000, Indian Companies Act, 2013, etc. Indian managers ‘ compliance requirements would increase in the coming years, and this would also help to reinforce cyber security in India.
Intellectual Property Protection
In the future, startups and entrepreneurs would more rigorously protect their intellectual property rights (IPRs) such as trademarks, patents, designs, etc. Many initiatives have been announced by the Indian government to promote, encourage and strengthen these stakeholders ‘ IPRs. But these schemes and concessions are slow to take advantage of.
The coming years would be a golden year for financial technology (fintech) exploring startups and entrepreneurs. Startups and entrepreneurs disrupting Indian markets are believed to have to be novel in nature, scalable and flexible. They also need to ensure legal compliance with techno that most of them do not do as they have done. One of the common misconceptions among startups and entrepreneurs is that legal compliance with techno is nothing more than cost elements and not necessary. Legal costs are much lower in the long run than the costs of prosecution. It is therefore always better to include legal costs as part of the overheads that need to be taken care of at the start-up stage of the undertaking itself.
Blockchain And Bitcoin
Fintech firms, startups, entrepreneurs, and so on can explore the use of Blockchain and Bitcoin in 2016. Indian government and the Indian Reserve Bank (RBI) analyzed the block chain and bitcoin and its possible uses. In this regard, however, nothing concrete has occurred in previous years. In addition, Bitcoin’s techno legal compliances and legality are still unresolved in India. Some positive developments around the block chain and bitcoin can be seen in the coming years.
Technology Neutral Approach
Many of the organizations ‘ clients were recommended to use a technology-neutral approach. Instead of following the masses, startups and entrepreneurs need to use neutral technologies that are not dependent on a specific technology, product or service. For example, relying on and using Aadhaar for fintech or other start-ups and ventures in entrepreneurship is a really bad move that must be avoided at all costs. Instead, give customers multiple choices to use their own choice of technology, product or service that is not intrusive, not violating civil liberties, and much more cyber-safe than Aadhaar.
India is quick to adopt a data-centered approach where data is the king. Many large and foreign technology companies have been running a data-centric approach where data needs to be protected according to the laws of various jurisdictions. Before startups, entrepreneurs, e-commerce players, online businesses, etc., handling consumer data would be a major challenge. Any data breach would need to be managed in the most effective techno legal methods and practices that various stakeholders in India still need to implement.
Online Advertisement Industry
Owing to India’s changing tax structure, the online advertising industry may witness growth in India in future years. Due to taxation and commercial reasons, local content would be preferred to foreign content. The local content produced by reputable blogs and websites can be encashed by startups and entrepreneurs. Online advertising, however, can only be successful in India if there are flexible and lucrative offers that are not conducive to Indian scenario as business models of foreign countries.
Online Education And Trainings
Projects and business ventures related to online education, training and skills development would increase in forthcoming years. In India, some very new models are already operating. Many areas are covered, such as cyber law, cyber security, forensics, e-commerce, e-discovery, online dispute resolution (ODR), e-courts, etc. There are many more legal aspects of techno that cannot be covered in a single analysis of trends. We hope startups, entrepreneurs, e-commerce firms and other business ventures would like this trend and benefit from the strategies suggested herein.
Academic institutions should teach abovementioned realistic challenges to future entrepreneurs of engineering and management stream with new government policies so that young India should contribute in their startups for the growth of Country.
Over the past few years, the number of cyber security incidents in India has gradually increased. Although, as discussed below, the government has taken some cyber security initiatives, more expansive and aggressive action is needed to address the rising challenges.
National Cyber Security Policy, 2013
In 2013, the Government of India took the first formalized step towards cyber security vide the National Cyber Security Policy of the Ministry of Communication and Information Technology, 2013.
The policy aims to create a safe and resilient cyberspace for citizens, businesses and government. Its mission is to protect information and infrastructure in cyberspace, build capacity to prevent and respond to cyber attacks, and minimize damage by coordinating efforts of institutional structures, people, processes, and technology. The policy’s objectives include establishing a secure cyber ecosystem, complying with global security standards, strengthening the regulatory framework, and creating round – the – clock mechanisms for intelligence gathering and effective response, operating a National Critical Information Protection Center to fully protect critical information infrastructure, research and development.
Some of the strategies adopted by the Policy include
- Creating a secure cyber ecosystem through actions such as a national nodal agency, encouraging organizations to appoint a senior management member as the Chief Information Security Officer and developing information security policies.
- Creating an assurance framework.
- Encouraging open standards.
- Strengthening the regulatory framework in conjunction with regular reviews, harmonizing with international standards, and raising awareness of the legal framework.
- Develop mechanisms to address and respond to security threats through national systems and processes. The National Computer Emergency Response Team (CERT-in) functions as the nodal agency for all cybersecurity efforts, emergency responses, and crisis management coordination.
- Secure e-governance by implementing global best practices and using Public Key Infrastructure more widely.
- Protection and resilience with National Critical of critical information infrastructure. Protection Center for Information Infrastructure operating as the nodal agency.
- Promoting cutting-edge cybersecurity technology research and development.
- Human resource development through capacity building education and training programmes.
Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre)
In February 2017, the Government of India’s Computer Emergency Response Team (CERT-in) launched a new desktop and mobile security solution for cyber security in India, ‘ Cyber Swachhta Kendra ‘ (Botnet Cleaning and Malware Analysis Centre).
Under Section 70B of the Information Technology Act, 2000, the center is operated by CERT-in. The solution, which is part of the Digital India initiative of the Ministry of Electronics and Information Technology, will detect botnet infections in India by notifying, enabling cleaning and securing end-user systems and preventing further infections. It works to analyze the characteristics of BOTs/malware, provide information and allow citizens to remove BOTs / malwar and create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers.
The Cyber Swachhta Kendra is a step towards creating the country’s secure cyber ecosystem as envisaged by India’s National Cyber Security Policy. This center works closely with Internet Service Providers and Product / Antivirus companies to notify end users of their system’s infection and provide them with assistance in cleaning up their systems, as well as industry and academia to detect bot-infected systems. The center aims to increase common users ‘ awareness of botnet infections, malware infections and measures to be taken to prevent malware infections and to secure their computers, systems and devices.
The Centre offers the following security and protective tools:
- “USB Pratirodh” has also been launched by the government, which states that Union IT and Electronics Minister Ravi Shankar Prasad aims to control the unauthorized use of removable USB storage media devices such as pen drives, external hard drives and USB – supported mass storage devices.
- Also introduced was an app called “Samvid.” It is a Windows operating system desktop – based application whitelisting solution. It only allows for the execution of the pre-approved set of executable files and protects desktops from running suspicious applications.
- M-Kavach also developed a device for Android mobile devices security. It provides protection against malware-related issues stealing personal data & credentials, misuse of Wi-Fi and Bluetooth resources, lost or stolen mobile devices, spam text messages, premium-rate SMS, and incoming unwanted/unwanted calls.
- Collaboration with industry partners-Public-Private Partnership Development is an important strategy under the 2013 National Cyber Security Policy. To this end, Quick Heal provides a free bot removal tool under the above – mentioned Cyber Swachhta Kendra initiative.
The government also recognizes the need to work in collaboration with industry partners to combat the ever-evolving cyber intrusion techniques. As a result, Cisco and the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology have signed a Memorandum of Understanding (MoU) establishing a threat-sharing program where Cisco and CERT-In staff will work together to address digital threats and develop and incorporate new ways to improve cybersecurity.
International Cooperation Initiatives
Under the 2013 Policy, sharing information and cooperation is an explicit strategy. Consequently, the Indian government has entered into cybersecurity collaborations with countries such as the United States, the European Union and Malaysia as a response to the increasingly international nature of cybercrime. The United Kingdom Has agreed to help develop the proposed National Coordination Center for Cyber Crime in India. The shared principles of the U.S.-India Cyber Relationship Framework provides for the recognition of the leading role for governments in cybersecurity matters relating to national security; a recognition of the importance of and a shared commitment to cooperate in capacity building in cybersecurity and cybersecurity research and development, and a desire to cooperate in strengthening the security and resilience of critical information infrastructure. The corporate areas ensure that both countries agree to share and implement best practices in cybersecurity, share information on cyber threats in real time, develop joint mechanisms to mitigate cyber threats, foster cooperation between law enforcement agencies and enhance their capacity through joint training programmes, foster collaboration in cybersecurity.