New Microsoft PowerPoint Presentation (2).pptx

TheAlchemist22 21 views 4 slides Oct 13, 2024

Slide 1 of 4

About This Presentation

Stakeholders operating in specific industry and business sectors are also subject to observe technology regulations of regulatory bodies such as the Reserve Bank of India (‘RBI’), Securities and Exchange Board of India (‘SEBI’) and Insurance Regulatory and Development Authority of India (‘...

Size: 40.77 KB

Language: en

Added: Oct 13, 2024

Slides: 4 pages

Slide Content

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘ Intermediary Rules’ ): The Intermediary Rules are applicable to all intermediaries functioning in India. For reference, an intermediary (per the IT Act) can be understood as ‘person who receives, stores or transmits any electronic record and provides any service relating to such record on the behalf of another person.’. The Intermediary Rules classify intermediaries into various different categories (including publishers of news and current affairs, OTT platforms and social media intermediaries) and prescribe various compliances for each category of intermediary. Notably, there has been a recent major amendment to the Intermediary Rules, which provide for regulation of online gaming and recognize a new category of intermediary (viz. ‘online gaming intermediary).

Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (‘ CERT-In Rules’ ): The Indian Computer Emergency Response Team or ‘CERT-In’ (set up under the ambit of these rules) is the national nodal agency for responding to computer security incidents as and when they occur and preforms various functions in area of cyber security, cyber incidents, information security practices, etc. CERT-In is also authorized for issuing various directions, guidelines, whitepapers and advisories. Notably, in a series of guidelines issued in 2022 concerning the reporting of cyber security incidents, Cert-In has imposed various compliances in this regard upon intermediaries, body corporates, governmental entities and various categories of service providers (including VPN service providers, among others). Among other things, the Directions impose a stringent 6-hour timeline for reporting a cybersecurity incident and broaden the ambit of the kinds of cybersecurity issues that must be reported by the relevant entities .

Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘ SPDI Rules ’): The RSP Rules are presently the predominant legislation in India that governs the collection, storage, transfer, disclosure, and other processing of the ‘personal information’ as well as ‘sensitive personal data and information’ of ‘providers of information’ (being Indian individuals) by a body corporate via its online platform.

As mentioned, the principal statute governing the technology law space in India is the IT Act (and the subordinate technology laws and regulations thereunder). Stakeholders operating in specific industry and business sectors are also subject to observe technology regulations of regulatory bodies such as the Reserve Bank of India (‘RBI’), Securities and Exchange Board of India (‘ SEBI ’) and Insurance Regulatory and Development Authority of India (‘ IRDAI’ ).highlight a few, the RBI ( Outsourcing of Information Technology Services) Directions, 2023 have been issued this year (as of April 10, 2023) with the aim of reducing the degree of risks associated with outsourcing information technology services. These are applicable to RBI regulated entities (such as the commercial banks, urban co-operative banks, non-banking financial companies, credit information companies). Similarly, the IRDAI (Insurance Web Aggregators ) Regulations, 2017 regulate ‘insurance web aggregators’ or insurance intermediaries, who ‘maintain a website for providing interface to the insurance prospects for price comparison and information of products of different insurers and other related matters.’. In furtherance, the IRDAI has recently issued the IRDAI Information and Cyber Security Guidelines, 2023 (as of April 24, 2023) for insurance intermediaries .