Aadhaar Is Not Mandatory For Section 139AA, Taxation And Other Financial Regulations In India


After a complicated and unexpected judgment by the Constitution Bench of Supreme Court, there has been lots of doubts about need of Aadhaar for PAN and Tax Return purposes. We at Perry4Law Organisation (P4LO) are giving a brief write up on this aspect as Part I of the series as a press release or statement from Income Tax Department or Finance Ministry is still awaited. This article is subject to the following two caveats:

(1) We are not giving all the legal reasons and Constitutional position regarding Constitutionality of section 139AA at this stage and would come up with the same at a latter stage after getting official response of Indian Government.

(2) We are also not discussing the Per Incuriam aspect of the majority judgment of Supreme Court that we would discuss at appropriate stage.

Further, if you are facing any legal issues due to demand of Aadhaar either under Section 139AA of Income Tax Act or under the Aadhaar Act, 2016, you can use our Online Dispute Resolution (ODR) Platform available at http://odrindia.in/odr/ for fighting against such demands and for enforcing your Statutory and Fundamental Rights.

The short version of Section 139AA is discussed here. Section 139AA(1) is claimed to propose citing of Aadhaar number mandatory for filing tax returns and for issuance of new PAN card after 01-07-2017. Proviso to Section 139AA (2) provides the penal consequences of not giving Aadhaar number within the stipulated time by an existing PAN holder if asked by a notified agency. Proviso to Section 139AA (2) is also the only penal provision for failure to comply with the requirements of Section 139AA (1) and Section 139AA (2).

This penal provision was required to be tested on the touchstone of Article 21 and other Fundamental Rights as well. However, the Constitution Bench of Supreme Court failed to do so and it restricted its analysis to violation of privacy right alone. Even on this limited and restricted analysis, the majority judgment failed to apply the correct ratio of the Puttaswamy judgment. In other words, applicability of majority judgement regarding Section 139AA is full of irregularities and still not constitutionally tested.

As a result, no government department or private company or individual can ask for Aadhaar for PAN, Tax Return or any other taxation and financial issue. If asked, people are free to reject that demand. They can meet any procedural or legal requirement with alternative government documents like driving license, passport, voter ID, etc as Aadhaar is absolutely optional even on 30-09-2018.

But for the sake of further clarity, let us discuss few more things. If we read Section 139AA carefully, it is clear that Section 139AA at large is not making Aadhaar mandatory for filing of return or obtaining a PAN card. An interesting issue has also missed the attention of almost all people. Supreme Court has given a strong protection to “Existing PAN Cards” under Section 139AA (2). All PAN cards are existing PAN cards if they have been issued before 01-07-2017.

There is another curious angle of Section 139AA and its legality. Section 139AA is a standalone provision that is in active violation of Aadhaar Act, 2016. Supreme Court tried to harmoniously construe this inconsistency by saying that Aadhaar Act, 2016 and Section 139AA operate in different fields. However, this makes Section 139AA very “ambiguous and unreliable”. A provision with no clarity and background is asking for submission of Aadhaar number for filing of returns and making an application for PAN card after 01-07-2017. If we analyse Section 139AA on its own, clearly it has no legs to stand on. So we have to interpret Section 139AA by just referring to Section 139AA alone and not the Aadhaar Act, 2016. Let us interpret Section 139AA in this background.

But first let us reproduce Section 139AA here. Section 139AA reads thus:

“Quoting of Aadhaar number.- (1) Every person who is “eligible” to obtain Aadhaar number shall, on or after the 1st day of July, 2017, quote Aadhaar number-

(i) in the application form for allotment of permanent account number;

(ii) in the return of income:

Provided that where the person does not possess the Aadhaar Number, the Enrolment ID of Aadhaar application form issued to him at the time of enrolment shall be quoted in the application for permanent account number or, as the case may be, in the return of income furnished by him.

(2) Every person who has been allotted permanent account number as on the 1st day of July, 2017, and who is eligible to obtain Aadhaar number, shall intimate his Aadhaar number to such authority in such form and manner as may be prescribed, on or before a date to be notified by the Central Government in the Official Gazette:

Provided that in case of failure to “intimate” the Aadhaar number, the permanent account number allotted to the person shall be deemed to be
invalid and the other provisions of this Act shall apply, as if the person had not applied for allotment of permanent account number.

(3) The provisions of this Section shall not apply to such person or class or classes of persons or any State or part of any State, as may be notified by the Central Government in this behalf, in the Official Gazette.

Explanation. – For the purposes of this section, the expressions –

(i) “Aadhaar number”, “Enrolment” and “resident” shall have the same meanings respectively assigned to them in Clauses (a), (m) and (v) of
Section 2 of the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 (18 of 2016);

(ii) “Enrolment ID” means a 28 digit Enrolment Identification Number issued to a resident at the time of enrolment.”

Legally speaking, Section 139AA has neither defined nor capable of defining what is “Aadhaar number”, “Enrolment” and “Resident” as majority judgment in Aadhaar case has excluded applicability of Aadhaar Act 2016 for interpretation of Section 139AA of Income Tax Act. So we have to analyse Section 139AA on its own and without any support of Aadhaar Act, 2016.

A cursory look at Section 139AA(1) would reveal that it is simply asking a person “eligible” to get Aadhaar to get the same before a “stipulated date” i.e. on or after the 1st day of July, 2017 for different purposes. So till both elements of “eligibility and stipulated date” are not merged, Section 139AA (1) cannot apply. In other words, Section 139AA(1) has “no retrospective applicability”.

Another important point about Section 139AA(1) is that it is not carrying any sort of penal or adverse consequences for not quoting Aadhaar number for making an application for new PAN number after 01-07-2017 or quoting the same for tax return purposes. Poeple are free not to quote or quote acceptable numbers in the tax return filing system and Aadhaar is not mandatory. There would not be any penal or adverse action that can be taken against people for such conduct as per Section 139AA(1).

Also eligibility of something is a “positive concept” whereas forced Aadhaar is a “negative one”. So the choice and option is inherent for all who are eligible to get Aadhaar and they may enroll for Aadhaar or they may not. Government cannot force any individual to get Aadhaar compulsorily for Section 139AA.

Let us give two examples in this regard. A person of 18 years of age is eligible to vote. Similarly, a person of 21 years of age is eligible to marry. Does it mean he/she has to compulsorily vote and marry? So eligibility is a right and enabling provision and interpreting it as an obligation that violates Fundamental Rights is incorrect and unacceptable. The majority judgment of Constitution Bench Of Supreme Court has also created exceptions against mandatory use of Aadhaar for even welfare services under Aadhaar Act, 2016. So interpreting voluntary nature of Aadhaar under section 139AA as mandaotry is not only unconstitutional but can also be out rightly rejected by Indians.

So going by the very language of Section 139AA (1), but without endosring or accpeting its constitutional validity, it is clear that only person eligible to get Aadhaar are required to comply with Section 139AA and those who are ineligible, whether due to choice (Fundamental Rights), operation of law (i.e. illegal migrants), physical conditions (lacks biometric), technological errors, etc are not required to enroll for and furnish the Aadhaar. This is natural as well as a person who is neither interested nor entitled to get Aadhaar cannot quote the same. So the word eligible in Section 139AA (1) cannot be construed as compulsory and it is for the people to decide whether they wish to apply for Aadhaar or not for Section 139AA purposes.

So section 139AA (1) is not applicable to those who have decided not to enroll for Aadhaar as they have no Aadhaar number to be quoted while furnishing a tax return or while applying for a PAN card.

But what about those who have already enrolled for Aadhaar? The good news is that even they are not required to comply with the requirements of Section 139AA (1) due to the constitutional position mandating that Aadhaar is optional for section 139AA.

Now let us analyse Section 139AA (2). The Constitutional position is as follows:

(a) Section 139AA (2) is not applicable to those who have decided not to enroll for Aadhaar as they have no Aadhaar number to be “intimated” to concerned authority.

(b) As the proviso is penal in nature it would be unconstitutional if a deeming fiction is made applicable without giving the concerned person a chance of being heard and to explain his view point. In such hearing, whether oral, written or digital, the concerned person can declare that he has no Aadhaar and he has no intention to enroll for the same as well.

(c) Once a person has replied back or reponded back to the information demand of concerned authority, the requirements of Section 139AA (2) would be satisfied and there cannot be any adverse order against such person by Government or Income Tax Authorities. This would be sufficient compliance with the requirements of Section 139AA(2) for taxation, PAN and other purposes.

(d) An existing PAN number may be cancelled in rarest of the rare case where there are clear evidence of forgery, fraud, duplication, etc. Even in such cases an opportunity of being heard must be given to the PAN holder and he must be allowed to use alternative methods or identites to justifiy legality of his PAN number.

So what is the legal position of Section 139AA (2) for those who have already enrolled for Aadhaar? Again even they are not required to comply with the requirements of Section 139AA (2) due to the constitutional position mandating that Aadhaar is optional and they can establish their identity and legality of PAN with alternative methods, identities and technologies, etc. In addition, even their “existing PAN” cannot be cancelled by Government due to position as explained by Perry4Law Organisation (P4LO) above.

Let us now sum up the position after considering the recent judgment of Constitution Bench of Supreme Court on Aadhaar and Aadhaar Act. The same is as follows:

(1) Aadhaar is absolutely optional for Section 139AA purposes, i.e. PAN, tax return, response to concerned authority under section 139AA(2), etc.

(2) Neither Section 139AA nor the judgment of Supreme Court empowers Government to make Aadhaar mandatory for filing of return, making an application for PAN or any other tax issue.

(3) Those not having Aadhaar can safely ignore Section 139AA and its implications in totality. But if the concerned authority issues a notice to you under Section 139AA(2) demanding information about Aadhaar, you have to reply back and inform that you do not have or do not wish to have an Aadhaar.

(4) Those having Aadhaar have absolute option to comply with requirements of Section 139AA as discussed above. For Section 139AA(2) purposes thay can say that their Privacy right would be violated due to such disclosure and hence they are not disclosing the same.

(5) The majority judgment of Constitution Bench of Supreme Court has nowhere said that Aadhaar is mandatory for Section 139AA purposes. Government is unnecessarily and unconstitutionally rerading the same into the judgment just like it did for Mobile Reverification purposes.

(6) Neither the judgment of Division Bench of Supreme Court nor the majority judgment of Constitution Bench considered violation of Articles 14, 19, 21 and other Fundamental Rights/Constitutional Rights by Section 139AA. They can be agitated again for Section 139AA purposes even now. Even for the limited challenge based on Privacy, the decision of Puttaswamy has not been followed properly by the majority judgment for Section 139AA and Aadhaar Act, 2016 purposes.

(7) No penal action can be taken against any person, whether he has Aadhaar or not, for not giving his/her Aadhaar number while filing a tax return, making an application for new PAN or for any other taxation or non taxation matter without giving him a chance of being heard. Also the penal action of cancelling a PAN number can be taken only in rarest of the rare case and that too for reasons beyond Aadhaar as discussed by Perry4Law Organisation (P4LO) above.

(8) A tax return filed without an Aadhaar number cannot be rejected or otherwise mishandled by Government and Income Tax Department. If any such rejection or mishandling is done, people can sue the Government and Income Tax Department for that at Online Dispute Resolution (ODR) Platform of PTLB available at http://odrindia.in/odr/.

In short, Aadhaar is absolutely optional for Section 139AA and other tax and financial regulations purposes and people have a choice to refuse to enroll and use (if already enrolled) Aadhaar for these purpose.

Posted in Uncategorized | 1 Comment

Aadhaar Project Is Unconstitutional And Supreme Court Must Scrap Aadhaar: Perry4Law Organisation (P4LO)

SCAadhaar hearing in Supreme Court is at the final stage and this is a decisive stage. We need to collect and process as much techno legal information, articles, resources, etc as possible. We at Perry4Law Organisation (P4LO) have been pursuing Aadhaar related matters since 2010. Our readers are well aware of all our initiatives and efforts. However, some have requested us to consolidate various articles written by P4LO and its partners at a single place so that Supreme Court can take note of the same.

While it is next to impossible to consolidate all our articles and efforts at a single place, we are hereby giving links of some of the article and resources that Supreme Court can consider during the Aadhaar hearing. To begin with, Aadhaar is absolutely optional and no person can be denied any benefit or service in the absence of Aadhaar.

Now Supreme Court has already heard issues of Aadhaar-Pan linking, mobile number re-verification, etc. P4LO has also given its techno legal interpretation on these decisions and our view about the same. Supreme Court can consider these articles while deciding fresh challenges to mandatory linking of Aadhaar with bank accounts, mobile numbers, etc.

We have also analysed the Constitutional position of Aadhaar that Supreme is about to decide. Supreme Court and our readers can see the following articles in this regard:

(1) Aadhaar has created serious “Constitutional Anomaly”. It violates Fundamental Rights, Rule of Law, Etc and not just Privacy Rights,

(2) Aadhaar cannot be declared as Fait Accompli by Supreme Court due to truth, Fundamental Rights and Indian Constitution.

See @faitaccompli for more details.

(3) Surveillance and Censorship under Digital India and Aadhaar regimes,

(4) Supreme Court of India must immediately declare Aadhaar project as Unconstitutional,

(5) Unconstitutional and Illegal Biometrics collection laws and practices in India (2012),

(6) When Rights Are Outlawed, Only Outlaws Will Have Rights (2010),

(7) When Rights Are Outlawed, Only Outlaws Will Have Rights: Updated (2013),

(8) Hacking of Aadhaar is Hacking of Life of a Person and not just his Identity, etc.

We would add more articles to this list for the larger benefit of all concerned.

Interested stakeholders may please see the following articles also in this regard:

(1) Supreme Court Stays Mandatory Linking of Aadhaar with PAN Till Constitution Bench Decides Constitutionality of Aadhaar,

(2) Aadhaar based EKYC verification, re-verifications and authentications are not mandatory for mobile connections as per Supreme Court,

(3) Supreme Court’s proceedings under Aadhaar Act, 2016 on 19-05-2017,

(4) Biometric blocking and Aadhaar deseeding must be done together to safeguard your interests opines Praveen Dalal,

(5) Law for biometric blocking, Aadhaar deseeding and deletion of biometric from UIDAI database in India or abroad,

(6) Indians must block and destroy their biometric and deseed Aadhaar from all services opines Praveen Dalal,

(7) Cyber Security issues of Aadhaar and Aadhaar ecosystem,

(8) Aadhaar is Not Mandatory for PAN and Tax Returns Even In July 2017,

(9) The current and present dangers of Aadhaar hacking, etc.

More articles would be added in due course of time.

Cases where Aadhaar is not mandatory even after issuance of any notification, circular, rules, guidelines, etc by Indian Government or its Ministries are the following:

(1) Aadhaar is Not Mandatory for Bank Accounts, Bank Purposes and Money Laundering (Maintenance Of Records) Rules 2017,

(2) Aadhaar Is Not Mandatory For Stock Markets, Stock Exchanges And Trading For Stocks In India,

Aadhaar Is Not Mandatory Even Under Aadhaar Act, 2016

Despite contrary belief, Aadhaar is not mandatory even under the Aadhaar Act, 2016 for welfare and government services. Government cannot deny any benefit or service to any person or child if he/she does not possess or shows the Aadhaar card/number.

The following articles would prove that Aadhaar is not mandatory under the Aadhaar Act, 2016

(1) Aadhaar is not mandatory for availing government services including those under the Aadhaar Act, 2016,

(2) Aadhaar is not mandatory under Aadhaar Act 2016 or any other law of India,

(3) Proceedings before Supreme Court for Aadhaar Act on 27-06-2017 and 07-07-2017: Aadhaar Not Mandatory for Welfare Services,

So why is Aadhaar absolutely optional even after so much coercion, lies, arm twisting, etc of Indian government? This is because on October 15, 2015, a Constitution Bench of Supreme Court held (pdf) as follows (page 12, para 4 and 5):

  1. We impress upon the Union of India that it shall strictly follow all the earlier orders passed by this Court commencing from 23.09.2013.
  1. We will also make it clear that the Aadhaar   card   Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other”.

The interim order of Constitution Bench of Supreme Court is still in force and is binding till it is overruled by a higher bench of Supreme Court. A Division Bench of Supreme Court cannot decide contrary to that interim order.

This position has not changed even after constitutional fraud route was adopted by the Indian Parliament in the form of money bills i.e. Aadhaar Act, 2016 and Finance Bill 2016 introducing many changes including Section 139AA in the Income Tax Act, 1961.

So the Division Benches of Supreme Court held that Aadhaar is optional for the following decisions:

(1) Supreme Court Stays Mandatory Linking of Aadhaar with PAN Till Constitution Bench Decides Constitutionality of Aadhaar,

(2) Aadhaar based EKYC verification, re-verifications and authentications are not mandatory for mobile connections as per Supreme Court.

If any division bench decides to the contrary, that decision would be simply Per Incuriam and not binding.

See @_PerIncuriam for more details.

Examples of Per Incuriam judgments of Supreme Court if Aadhaar is not optional are:

(1) Supreme Court Judgments on Mobile Number Reverification and Aadhaar-Pan Linking Have Made Aadhaar Optional or are Per Incuriam,

So the “Constitutional Position” regarding Aadhaar is that Aadhaar is “Absolutely Optional” for enrollment, use, seeding, deseeding, etc. Neither Indian Government nor a Division Bench of Supreme Court can decide to the contrary due to this well established Constitutional Position.

But what if any government department or private company mandatorily asks for Aadhaar for any services or purposes?

Perry4Law Organisation (P4LO) has covered this aspect as well. You can use any of these legal remedies and forms drafted by us for refusing, delinking or opt out of the Aadhaar completely:

(1) How to Refuse Demand for Aadhaar by Banks, Mobile Companies, Govt Departments, Etc Legally,

(2) Procedure to Delink Aadhaar from all Services in India,

(3) Aadhaar related opt out and other services, available at beta ODR Platform of Perry4Law Organisation (P4LO), etc.

Just remember, the more you show your intention to be excluded by Aadhaar the more Supreme Court would protect you. If you have no Aadhaar, Supreme Court would not force one upon you. If you have an Aadhaar and has already showed your intention to be not governed by Aadhaar, Supreme Court would still protect your interests. But we are not sure how interests of cowards would be protected by Supreme Court who are not willing to fight unconstitutional Aadhaar.

But we at P4LO hope that Supreme Court would @ScrapAadhaar as Aadhaar violates almost entire Part III of Indian Constitution, including @_PrivacyRight of Indians. There is nothing that can keep the unconstitutional Aadhaar alive and salvage Aadhaar for any purpose whatsoever. Once the Supreme Court scraps Aadhaar, P4LO would share its techno legal suggestions regarding the future issues as well.

Posted in Uncategorized | Tagged , , , , , , , , , | 2 Comments

Cyber Security Issues For Law Firms, Lawyers And Legal Professionals

Conceptual keyboard - Law (blue key with scales symbol)Cyber security is an issue that is an alien concept for most lawyers and law firms. They believe that they have nothing to do with cyber security. But this is a misconception because just like other organisation, law firms must also ensure robust security and cyber security for their digital infrastructures and physical locations. Law firms are also required to formulate and strictly implement specific and exclusive cyber security best practices for lawyers and law firms.

Even among those who are aware of cyber security issues, most of the lawyers and law firms consider cyber security an area meant for IT professionals to be managed. They believe that their job is done when the matter is discussed and assigned to the IT guy. However, the problem with this approach is that it ignores the ground reality that cyber security is an organisational goal and not a division/department or individual goal. After all cyber security is as strong and effective as its weakest link and human beings are undoubtedly the weakest link in the cyber security chain.

Now the problem with cyber security is that none can ensure 100% cyber security and if an organisation or individual is claiming so, it/he is not familiar with the concept of cyber security. Whether you are working on Internet or Intranet, cyber security always remains a big security issue. This is more so when social engineering is used to trap employees having access to sensitive and crucial information about an organisation’s database or systems.

Some organisations also allow their employees to work on bring your own devices (BYOD) principle. So even if there is no Internet connection, such device can both introduce a malware and help in stealing of confidential information. Use of personal e-mails for work purposes is also another issue that law firms and other organisations must take care of. Sensitive documents can be e-mailed at personal e-mail ids of the employees of a law firm and can compromise the privacy and data protection safeguards put at place at the organisational level.

At Perry4Law Organisation (P4LO) we take civil liberties and commercial interests of the clients very seriously. This is the reason why we have launched the exclusive techno legal Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) so that techno legal cyber security issues can be managed in most effective manner. However, this level of cyber security and civil liberties protections comes at a cost. For instance, we do not disclose the list or names of our clients publically or even after request from a potential client to ensure best privacy and cyber security. Many clients do not understand the significance of this practice and they misjudge it as lack of expertise/clients. They also fail to understand that we would extend the same level of privacy, data security and cyber security to their own information and documents.

Nevertheless, we at Perry4Law Organisation (P4LO) firmly believe that it is a sane and cyber secure choice to lose new clients than to compromise the privacy and cyber security of existent clients and we would continue this practice of non disclosure.

Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) have also released two cyber security trends in India for the year 2017 for various stakeholders. They can be found at P4LO and PTLB respectively.  These trends are also applicable to law firms, lawyers and legal professionals. For instance, use of cloud computing for legal services has both advantages and disadvantages. On the brighter side, we have reduced costs and on the negative side we have issues of data breach, cyber attacks and privacy violations. Thus, a law firm or lawyer must decide what model best serves its purpose. But whatever models the law firm or lawyers chooses, cyber security, privacy protection and data protection must be top priority of such law firm or lawyer. We at Perry4Law Organisation (P4LO) believe that cyber security is more a good procedure and discipline than a combination of hardware and software. Without cyber hygiene, no hardware or software can protect the crucial documents.

Further, we also believe that open source hardware and software are very effective in ensuring cyber security, data protection and privacy protection by law firms and lawyers. Simply because something is free does not mean it is ineffective or weak. Similarly, simply because some company is charging big amount from a law firm or lawyers for cyber security does not guarantee that cyber security would be there.  In short, it is not what tool or software you have got but how you use a tool or software for best possible results. In essence this means presence of cyber security skills with good cyber hygiene and best practices.

Those who cannot ensure cyber security best practice culture at their respective law firms can at least ensure the bare minimum safeguards. Perry4Law Organisation (P4LO) and CECSRDI suggest that these safeguards must include upto date antivirus and firewalls, good malware removal tool, end to end encryption of communications and documents, multiple secure channels of documents sharing and management, etc. There are many good and open source alternatives available for all these areas and law firms and lawyers can take benefit of the same. Perry4Law Organisation (P4LO) and CECSRDI hope that law firms and lawyers would find these tips useful and productive.

Posted in Uncategorized | Leave a comment

Techno Legal Startups And Entrepreneurship Trends Of India 2017 By Perry4Law Organisation (P4LO)

Startups And Entrepreneurship Trends In India 2017The socio economic conditions of India are apt for startups and entrepreneurs of India. Till now they have been given a complete freedom to conduct their business in free and regulation free manner. However, this scenario is going to change in the year 2017 that would witness consolidation of e-commerce and various startup businesses. Further, regulatory compliances and transparency would also be crucial in 2017.

In this article, Perry4Law Organisation (P4LO) has underlined the possible trends and techno legal compliance and regulatory requirements for various startups and entrepreneurs that are trying their level best to dominate Indian markets. These are as follows:

(1) Ease Of Business Doing: Indian government would be very much interested in ensuring a good and effective ease of business doing in India for startups and entrepreneurs. Till now business doing in India is not an easy task though many positive steps have been taken by Indian government in this regard. The year 2017 may see some more efforts in this regard from Indian government. However, we at Perry4Law Organisation (P4LO) strongly recommend that ease of business doing at the cost of ignoring regulatory compliances is no more a viable option for Indian government. We have already delayed regulatory compliance for areas like e-commerce, online pharmacies, online gaming and gambling, bitcoin, cyber security, cyber law due diligence (pdf) etc and continuing this approach in 2017 would be counter productive.

(2) Effective Dispute Resolution: Disputes resolution in India is a very complicated, time consuming and expensive process. Businesses engaged in disputes cannot wait for decades to get their disputes resolved. Although India has adopted ambitious projects like national e-governance plan (NeGP) and digital India yet none of them have been able to resolve this problem. Even alternative dispute resolution (ADR) methods like arbitration are suffering from many problems. However, what is most troublesome part is that India has not been able to establish e-courts and use online dispute resolution (ODR) for effective dispute resolution and ease of business doing in India. As a result, arbitration for commercial disputes and international commercial arbitration in India are not getting the response they must get.

Perry4Law Organisation (P4LO) has suggested the first ever techno legal ODR model for national and international stakeholders for various fields and businesses. Interested stakeholders may see the Online Dispute Resolution and Cyber Arbitration project for more details. This is the first ever ODR platform for India that is covering most comprehensive techno legal dispute resolution services for national and international stakeholders in India. We hope this initiative would help in ensuring an effective and alternative dispute resolution mechanism that is much needed for ensuring ease of business doing in India. Startups and entrepreneurs would be using more and more ODR and e-courts facilities in 2017 and P4LO would be happy to extend its techno legal expertise to Indian government and various stakeholders in this regard.

(3) Digital India: Digital India project of Indian government would be tested very rigorously in the year 2017 by startups and entrepreneurs. It would be a big challenge for the Indian government to ensure cyber security and civil liberties aspects of digital India in the year 2017. In 2016 digital India project lacked regulatory framework and procedural safeguards that customers, startups and entrepreneurs would demand in the year 2017. Without these essential attributes, digital India would fail to meet its aims and objectives.

(4) Digital Payments: Online payments and digital payments have a special role to play for online businesses, e-commerce and electronic delivery of services to the citizens. Startups and entrepreneurs would introduce disruptive Fintech and digital payment models in the year 2017. However, they would also be required to comply with privacy, data security and cyber security aspects of digital payments that are presently missing.

(5) Cyber Security: Cyber security is a major cause of concern for India. All digital projects and dealing must be supported with a robust and resilient cyber security system. However, cyber security infrastructure in India is still not robust and resilient. Even the cyber security trends of India 2017 have raised many crucial and alarming issues that must be urgently managed by Indian government. The year 2017 would see increased role of higher management in ensuring cyber security policies and compliances.

(6) Cyber Law: Cyber law compliances would take a front seat in the year 2017 for startups and entrepreneurs. Right now not many e-commerce ventures and businesses are complying with cyber law requirements of Information Technology Act, 2000. This would change in 2017 as Indian government would be pushing more cyber law compliance on the part of these startups and entrepreneurs.

(7) Cyber Law Due Diligence: One of the most technical and complicated compliance requirement of Information Technology Act, 2000 is ensuring cyber law due diligence (pdf). Cyber law due diligence is a techno legal aspect of compliance that needs a continuous effort on the part of top management and ground level force alike. As of now, startups, entrepreneurs, e-commerce businesses, etc are not managing cyber law due diligence on many counts. Indian government must make it sure that these stakeholders comply with the same on priority basis.

(8) Director’s Obligations: Directors of startups, entrepreneurs, Indian companies and banks are also required to comply with cyber law and cyber security requirements under the Information Technology Act, 2000, Indian Companies Act, 2013, etc. Compliance requirements on the part of Indian directors would increase in the year 2017 and this would also help in strengthening of cyber security in India.

(9) Intellectual Property Protection: Startups and entrepreneurs would be protecting their intellectual property rights (IPRs) like trademark, patents, designs, etc in the year 2017. Indian government has announced many initiatives to promote, encourage and strengthen IPRs of these stakeholders. But they are slow in taking advantage of these schemes and concessions. Perry4Law Organisation (P4LO) strongly recommends that startups and entrepreneurs must take advantage of these schemes and protect their IPRs to maximum possible extent.

(10) Consolidation Of Industry: In the year 2017, investors would exit potential risk ventures and would prefer to invest in top performing companies. This would trigger a consolidation of existing e-commerce and business ventures. As far as startups and entrepreneurship arena of India is concerned, only the most promising and disruptive venture would attract capital and investments from national and international investors. Indian government’s fight against black money would also curb illegal funding and investments from companies and investors that have been circumventing Indian laws so far. Clarity about the foreign direct investment (FDI) regime is also expected in the year 2017 from the Indian government. At the same time, Indian government must prosecute business ventures and e-commerce companies that have circumvented Indian laws and policies regarding FDI and e-commerce. Startups and entrepreneurs must keep their records and businesses clean and trouble free by ensuring techno legal compliances.

(11) Financial Technology: The year 2017 would be a golden year for startups and entrepreneurs exploring financial technology (fintech). Perry4Law Organisation (P4LO) believes that startups and entrepreneurs disrupting Indian markets need to be novel, scalable and flexible in nature. They must also ensure techno legal compliance that most of them are not doing as on date. One of the common misconceptions among startups and entrepreneurs is that techno legal compliances are just cost elements and not necessary. In the long run, legal costs are much lower than the prosecution costs. So it is always better to include legal costs as part of the overheads that must be taken care of at the stage of launch of the venture itself. Perry4Law Organisation (P4LO) has witnessed many ventures that simply collapsed as they failed to adhere to techno legal requirements due to ignorance of them at the very first stage.

(12) Blockchain And Bitcoin:  Fintech companies, startups, entrepreneurs, etc may explore use of Blockchain and bitcoin in the year 2016. Indian government and Reserve Bank of India (RBI) have been analysing blockchain and bitcoin and its possible usages. However, nothing concrete has happened in the year 2016 in this regard. Further, techno legal regulatory compliances and legality of bitcoin in India are still unresolved. The year 2017 may see some positive developments built around blockchain and bitcoin.

(13) Technology Neutral Approach: Perry4Law Organisation (P4LO) has recommended to many of its clients about use of technology neutral approach. Instead of following the masses, startups and entrepreneurs must use neutral technologies that do not depend upon a particular technology, product or services. For instance, reliance upon and use of Aadhaar for fintech or other startups and entrepreneurship ventures is a really bad move that must be avoided at all costs. Instead give multiple choices to customers to use a technology, product or service of their own choice that is not intrusive, not civil liberties violating and much more cyber secure than Aadhaar.

(14) Data Centric Approach: India is fast adopting a data centric approach where data is the king. Many big and foreign technology companies have been running on a data centric approach where that data needs to be protected as per laws of different jurisdictions. Handling of data of consumers would be a big challenge before startups, entrepreneurs, e-commerce players, online businesses, etc in the year 2017. Any data breach would be required to be managed in most effective techno legal methods and practices that are still to be put in place by various stakeholders in India. Even Indian government needs to work on the fronts of data security, data protection, privacy and cyber security as it failed to do so in 2016.

(15) Online Advertisement Industry: Online advertisement industry may witness a growth in India in 2017 due to changing tax structure of India. Local contents would be preferred over foreign contents due to taxation and commercial reasons. Startups and entrepreneurs can encash upon the local contents produced by blogs and websites of repute. However, online advertisement can be successful in India only when there are flexible and lucrative offers as business models of foreign countries are not conducive for Indian scenario.

(16) Online Entertainment And Gaming Industry: Online entertainment and gaming industry would witness a significant increase in the year 2017. This is due to wider availability of smart phones, increasing penetration of Internet and broadband, positive regulatory changes, etc. For instance, video-on-demand, video streaming, etc would increase in 2017. However, intellectual property, privacy and cyber law issues must be taken care of to avoid possible litigations by startups and entrepreneurs. There is a very fine demarcation between online gaming and online gambling and that must not be crossed by startups and entrepreneurs. Further, online gaming in one jurisdiction may be online gambling in another. So gaming startups and entrepreneurs must keep these issues in mind while launching their products and services.

(17) Online Education And Trainings: Online education, trainings and skills development related projects and business ventures would increase in the year 2017. Already some very novel models are operating in India. Perry4Law Organisation (P4LO) has been providing online techno legal education, trainings and skills development programs for long though its techno legal platforms known as Perry4Law’s Techno Legal Base (PTLB)TM and Perry4Law’s Techno Legal ICT Training Centre (PTLITC). We cover fields like cyber law, cyber security, cyber forensics, e-commerce, e-discovery, online dispute resolution (ODR), e-courts, etc. Perry4Law and PTLB are the first in the world to introduce the concept of online internship that is now fast catching up. We would announce more innovative, novel and unique online education and learning methods in the year 2017.

(18) Healthcare Ventures: Healthcare startups and entrepreneurs would flourish like anything in the year 2017 in India. For instance, business fields like telemedicine, online pharmacies, etc would see more interests in 2017. At the same time, Indian government would bring more stringent regulations and laws to manage telemedicine and online pharmacies in India in 2017. It would be a good idea to start complying with techno legal requirements from the very beginning by these business ventures in 2017.

There are many more techno legal aspects that cannot be covered in a single trends analysis. We hope startups, entrepreneurs, e-commerce companies and other business ventures would like this trend and take advantage of the strategies suggested herein.

Posted in Uncategorized | 1 Comment

Cyber Security Trends In India 2017 By Perry4Law Organisation (P4LO)

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBCyber Security has finally got attention of Indian Government in the year 2016 and the year 2017 may see some more developments in this crucial fields. However, the challenges posed by Cyber Security mandates are still not addressed by India satisfactorily. These challenges were discussed by Perry4Law Organisation (P4LO) in the form of Cyber Security Trends of India 2016. In this article, P4LO would be discussing about Cyber Security Challenges of India that it may face in the year 2017. The same is as follows:

(1) Digital Payments: Demonetisation of high denomination notes in India was the biggest event of India in the year 2016. It was intended to curb black money in India as well as to encourage Digital Payments usage by Indian masses. As Indian Government would focus more on Digital Payments in the year 2017, Cyber Crimes and Cyber Security incidences would increase. We at P4LO strongly recommend establishing suitable Cyber Crime Investigation Infrastructure and Cyber Security Infrastructure in India by Indian Government on priority basis.

(2) Cyber Security Law: The year 2017 would see some positive steps in the direction of enactment of Cyber Security Norms and Laws in India. The Information Technology Act, 2000 (IT Act 2000) may be amended in this regard. However, we at P4LO strongly recommend a “Separate and Dedicated Law” for Cyber Security instead of making suitable amendments in the IT Act 2000.

(3) Cyber Breaches Disclosure Norms: Indian Companies, Banks and Organisations are not at all interested in Cyber Breach Disclosure. In the absence of “Mandatory and Implementable” Cyber Breach Disclosure Norms in India, Cyber Security in India remained in poor condition. This is natural as Indian Government and CERT-In Cannot make effective Cyber Security Policies till they are aware of actual Cyber Security threats. The year 2017 may see an increased focus upon mandatory Cyber Breach Disclosure Norms in India, especially banks.

(4) Banking Cyber Security: Cyber Security of banks in India is a major cause of concern for Indian Government.  Although the Reserve Bank of India (RBI) has prescribed a Cyber Security Framework for banks of India yet almost all of them have failed to comply with the same. RBI had given a deadline of 30-09-2016 to comply with its Cyber Security Directions, but till 31st December 2016 banks have done nothing in this regard. It is also no secret that online banking, debit and credit cards and other modes of digital payments are vulnerable to sophisticated Cyber Attacks. It is only now that Indian Government has reiterated that banks of India have to report any Cyber Attack to the Government and its Authorities within 2 hours of such “Cyber Occurrence”. The year 2017 may witness an increased demand by Indian Government to ensure Cyber Security of banks by the Indian banks.

(5) Digital India: Digital India is an E-Governance project of Central Government that is supplementing the National E-Governance Plan (NEGP) of previous Government. Both Digital India and NEGP lack Cyber Security Capabilities making them vulnerable to sophisticated Cyber Attacks and Malware. In fact, Digital India project is suffering from various Shortcomings and it is heading for Troubled Waters. We at P4LO believe that Digital India project also needs urgent Regulatory Framework and Procedural Safeguards. Without removing these “Obstacles”, Digital India cannot survive in the long run. The year 2017 may see some action in this regard from the Indian Government.

(6) Crisis Management Plan: An effective and robust Cyber Crisis Management Plan is the most essential element of Digital India project of Narendra Modi Government. We may have a Crisis management Plan on papers, but its actual implementation is still missing. That is natural as well as the essential components of an effective Cyber Crisis Management Plan are still missing. These include a strong Cyber Security Law, effective Cyber Breach Disclosure Norms, robust Cyber Security Infrastructure and a “Timely and Effective Response” to various “Cyber Threats”. Clearly, India does not possess even a single of these components. Indian Government may work upon these Components in the year 2017.

(7) Malware: Malware are proving the “Biggest Nuisance” for Indian Government while implementing the Digital Services. In fact, Malware are defeating Cyber Security Safeguards with ease. Even Cyber Security Products and Services are proving “Ineffective” against Malware, especially the Zero Day Vulnerabilities. Indian Government has been working upon a Botnet Cleaning Centre and Malware Removal Centre and that would prove very handy in the year 2017.

(8) Internet Of Things (IoT): Internet of Things (IoT) has seen an exponential growth in recent times. Although India has witnessed a moderate growth in the year 2016 yet in 2017 IoT may pick up a pace in India. This growth would also give rise to novel Techno Legal issues that were unknown to India so far. For instance, Privacy, Data Protection and Cyber Security Issues of Internet of Things (IoT) in India would be required to be managed. Further, Civil Liberties Issues of IoT in India must also be addressed. Although no positive hints have been given by Indian Government in this regard in 2016 yet the year 2017 may see some positive developments in the field of IoT in India.

(9) Smart Cities: Smart Cities is an area where Indian Government has invested very well. We have good “Commercial Policies” regarding Smart Cities in India. But Privacy, Cyber Security and Data Protection Issues for Smart Cities in India are still unresolved in 2016. P4LO hopes that these issues would be resolved by Indian Government in the year 2017.

(10) Cloud Computing Norms: Cloud Computing created interest among many stakeholders in India in the year 2016. The year 2017 would definitely witness a growth in the field of Cloud Computing and Virtualisation as many national and international stakeholders have already taken steps in this direction. Of course, these stakeholders are required to comply with Cloud Computing Legal and Regulatory Requirements as prescribed by Indian Laws. Presently, stakeholders are not aware of the Cloud Computing Legal Issues in India and they consider any Legal Compliance in this regard “Redundant and Unnecessary”. This attitude of stakeholders needs to be changed for their own interests as Compliance is a much better option than Litigation.

(11) Cyber Law Due Diligence: The most ignored aspect of Indian Cyberspace is avoidance of Cyber Law Due Diligence (PDF) by various stakeholders. This is more so regarding the Directors of Indian Companies and Banks that are required to comply with Cyber Law and Cyber Security requirements under the Information Technology Act, 2000, Indian Companies Act, 2013, etc. Compliance requirements on the part of Indian Directors would increase in the year 2017 and this would also help in strengthening of Cyber Security in India.

Perry4Law Organisation (P4LO) hopes that various stakeholders would find Cyber Security Trends in India 2017 by Perry4Law Organisation (P4LO) useful. If you are interested in availing any Techno Legal Cyber Law, Cyber Security and other Regulatory Compliance services from P4LO, please establish a Client Attorney Relationship in this regard so that we may help you.

Posted in Uncategorized | 1 Comment

Digital Payments And Cashless Economy Trends In India 2017 By Perry4Law Organisation (P4LO)

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBSuccessive Governments in India launched technology driven initiatives like National E-Governance Plan (NEGP), Digital India (DI), etc from time to time. Both NEGP and Digital India are very ambitious and crucial projects for making India a technology giant and world leader in technology goods and services. Just like all projects, NEGP and Digital India are also facing certain challenges and limitations. Nevertheless, they deserve to be continued with adequate Cyber Security, Civil Liberties Protection, Data Security and Data Protection, Privacy Safeguards, etc.

In this trend Perry4Law Organisation (P4LO) is confining itself to the projected trends of Digital Payments and Cashless Economy that may emerge in India in 2017. We would cover Cyber Security and related issues in detail in other trends and development documents.

(1) Demonetisation: The Digital Payments and Cashless Economy Trends 2017 are greatly influenced by the “Demonetisation” exercise that was undertaken by Narendra Modi Government in November 2016. The expression Demonetisation has been used here not in its “Legal Sense” but “Popular Sense”, as is commonly used by public at large. Further, without going into the “Constitutionality” or “Legality” of Demonetisation, it is clear that Government intends to use this opportunity to encourage Digital Payments. We at Perry4Law Organisation (P4LO) believe that Cashless Economy is an “Over Ambitious” and “Unachievable” goal and we must focus upon “Less Cash Economy” instead.

At the same time, “Public Inconvenience” and “Hardships” must be eliminated as much as possible and as soon as possible by Central Government as more than one month has already elapsed.

The idea should be “Long Term Benefits” and not “Long Term Hardships” arising out of Demonetisation. Clearly, the Inconvenience and Hardships are moving away from “Temporary’ to “Long Term” and this is a dangerous scenario to be ignored and continued by Central Government. Even from the perspective of GDP, this is not healthy for our Economy in the long run.

(2) Cyber Law: Information Technology Act, 2000 needs a complete rejuvenation as much has changed since it was formulated in 2000. The idea of stuffing everything into a single law is really bad and we need “Dedicated Laws” for different aspects of Cyber Law, Cyber Security, Cyber Crimes Investigation, Cyber Forensics, E-Discovery, etc. Digital Payments would also require dedicated norms and regulations for proper usage and implementation. The present regulatory regime in this regard is grossly deficient and it cannot accommodate Digital Payments, Online Banking, Payments Banks, Fintech Entrepreneurship, etc.

(3) Cyber Security: Cyber Security is a big “Pain Point” in implementation of NEGP, Digital India, Digital Payments, Cashless Economy, etc. As predicted in Cyber Security Trends of India 2016, the Cyber Security Infrastructure of India remained poor in India in 2016. In the absence of any “Constructive Action” regarding Cyber Security by Central Government in 2016, Cyber Security may remain “Weak” in 2017 as well. More detailed Cyber Security Trends of India 2017 would be provided by Perry4Law Organisation (P4LO) very soon.

 (4) Cyber Security Norms: India has no dedicated Cyber Security Law and this is a serious limitation. This also means that as a Nation, we have failed to understand not only about Cyber Security but also about its possible damages. We cannot draft a suitable and robust Cyber Security Law of India till we first understand the “basics” of Cyber Security. Then we must understand the “technicalities” of Cyber Security keeping in mind the International nature of Cyberspace. It would be futile to pretend that India has a strong Cyber Security Infrastructure when the opposite is the reality. We urgently need dedicated Cyber Security Law and norms for India for successful NEGP, Digital India and Digital Payments.

(5) Cyber Breaches Disclosure Norms: A major reason for poor Cyber Security adoption in India is because there is no “Implementable Legal Obligation” against Companies and Organisations to report serious “Cyber Security Breaches” to Central Government. In India, nobody bothers to report about Cyber Security Incidences and Breaches to Government and Government is unable to ascertain the damage. This is a dangerous situation for Digital Payments and Cashless Economy that Indian is dreaming to be. Imagine a situation where you have been using an “Insecure” Credit Card, Debit Card, E-Wallet or Online Banking Application and neither the Central Government nor the end customer is aware of the same. When the Cyber Breach occurs, you are at the receiving end as there is no “Effective Mechanism” to make Banks, Payment Banks, E-Wallets Service Providers, etc liable for your financial losses.

Central Government cannot formulate effective Cyber Security Policies if it is not aware what is happening on the front of Cyber Attacks and Cyberspace. Perry4Law Organisation (P4LO) requests all stakeholders to “Voluntarily” ensure Cyber Security Breach Disclosure to Central Government, CERT-IN or any other Authority specified by Central Government. This would also help in strengthening of Cyber Security of Digital Payments and making them more “Trustworthy”.

Wherever possible, Perry4Law Organisation (P4LO) would also extend its services “free of cost” to such Companies and Organisations that intend to improve the Cyber Security Infrastructure of India. We would also help them to report the Cyber Security Breaches to “Appropriate Authority” with full “Confidentiality”, as specified by Indian Laws.

(6) Enhanced Role Of RBI: Reserve Bank of India (RBI) has to play a “Pro Active” role to ensure Cyber Security of Banks, Payments Banks, Digital Payments, E-Wallets, Mobile Banking, Online Banking, etc. Mere formulation of “Guidelines” is not enough but RBI must actually implement them as well. Till now this is not happening and Indian Citizens are apprehensive about using Digital Payments. Indians are also not sure whom to approach and how to get their money back if there is a Cyber Crime or Cyber Fraud that has misappropriated their hard earned money. RBI is sitting over these issues and it needs to act fast in this regard in 2017.

(7) Aadhaar: Central Government is pushing usage of Aadhaar too much even if the Supreme Court of India has said that Aadhaar is “Not Mandatory”. Not only forcing Aadhaar is “Unconstitutional” but it also amount to “Contempt of Court” that Central Government and State Government are presently committing. Aadhaar is a “Very Risky Technology” to use, especially for “Online Transactions” and “Biometric Authentications”. In fact, Aadhaar should have been used for “Very Limited” areas only. But the “Omnipresent” nature and use of Aadhaar has put Biometrics and Digital Identities of Indian population at great risk.

Naturally, Aadhaar Enabled Payment System (AEPS) is also suffering from the shortcomings of lack of Cyber Security, Data Security, Privacy Protection and Biometric Security. Once the Biometrics of an individual is gone, there is no looking back. You can change the password of your e-mail account or debit card, but you cannot change your Biometrics and your Digital Identity is gone forever.

(8) Privacy Law: We have no dedicated Privacy Law in India and there is little hope that we would get one in 2017. This is because the Central Government has challenges the “Constitutional Status” of Privacy as a “Fundamental Right” in the Supreme Court of India. And the Supreme Court is sitting over the Privacy issue for long and considering the speed of Supreme Court, it may take another decade before Privacy Right would be adjudicated upon by Supreme Court. Lack of Privacy and Cyber Security is a big concern before people would shift to Digital Payments. If you have no Privacy, Data Security and Cyber Security while using Digital Payments, you would not use it for long and on a permanent basis. The good old cash would come to your rescue in such cases that also has a “low transaction cost” as compared to Digital Payments.

(9) Digital Payments Authority: The year 2017 may see establishment of a Digital Payments Authority by the Central Government. Perry4Law Organisation (P4LO) welcomes such a move on the part of Central Government with a “rider” that Civil Liberties, Cyber Security and Data Security issues must be respected and worked upon by any such future Digital Payments Authority of India.

(10) Skills And Capacity Development: The year 2017 may also witness an increased focus upon skills and capacity developments in terms of Software, Hardware, Cyber Crimes Investigation, Cyber Security Courses and Trainings, etc. Perry4Law Organisation (P4LO) recommends that special focus must be made by Central Government for developing “Indigenous Capabilities” in the fields of Software, Hardware, etc. All Digital Payments Applications and Software must be thoroughly tested by Central Government before using them on mass scale. Fintech Entrepreneurs must also be encouraged to innovate and use “Disruptive Technologies” that can help in achieving the Digital India and Digital payments goals. These Entrepreneurs may be supported with financial aids and grants by Central Government.

Perry4Law Organisation (P4LO) recommends that while supporting Entrepreneurs, there must not be any “Discrimination” between Aadhaar based and non Aadhaar based innovations and technologies. Central Government must adopt a “Technology Neutral” approach with open mind instead of trying to impose and infiltrate Aadhaar into everything.

We hope these Digital Payments and Cashless Economy Trends 2017 of Perry4Law Organisation (P4LO) would be helpful to all stakeholders and Central Government and State Governments would find them useful.

Posted in Uncategorized | 1 Comment

IoT Privacy, Data Protection, Cyber Security And Civil Liberties Issues In India

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBInternet of things (IoT) has received a very positive response from Indian government and Indian entrepreneurs. Although everybody is very enthusiastic about IoT and its usage in India yet nobody is aware about its usage policies and regulatory framework. This situation has arisen as we have neither a dedicated e-commerce law nor a law governing IoT and its uses in India. As a result everybody is just deploying IoT based systems and devices in India without knowing the seriousness of their actions and omissions.

IoT usage and deployment can give rise to IoT privacy, data protection, cyber security and civil liberty issues in India. However, world over these techno legal issues of IoT are still in infancy stage. India has also been trying to bring a policy and regulatory framework for use of IoT in India by various stakeholders.  Issuance of draft IoT Policy of India (pdf) and Revised Draft IoT Policy of India (pdf) are instances of such efforts but they are not sufficient to cover the areas and operations of innovative technology like IoT.

It is obvious that we need techno legal framework for successful and wide scale use of IoT in India. However, this is a difficult task to manage as we have very few techno legal professionals in India and other jurisdictions that can assist in this regard. This is the reason why India is still struggling to enact privacy, data protection and cyber security laws in India. As a result, India has a very poor track record of civil liberties protection in cyberspace and surveillance and censorship issues of Digital India and Aadhaar projects are in active violation of provisions of Indian Constitution.

Perry4Law Organisation (P4LO) believes that as we would start mass deployment of IoT making it omnipresent, all stakeholders would be apprehensive as the cross linking nature of IoT would offer new possibilities and methods to influence and to exchange data and information. This leads to a variety of existing and new potential risks concerning data security, privacy and data protection, which must be considered in advance. The severity and likeliness of each risk will depend on the circumstances in which each IoT application / system is deployed.

Naturally   privacy, data protection and cyber security are complementary requirements for IoT services in India. In particular, data security and data protection are regarded as preserving the confidentiality, integrity and availability of information provided by Indian citizens. Perry4Law Organisation (P4LO) also believes that cyber security is an essential and basic requirement while providing of IoT related services by the industry or government. This is required not only to ensure information security for the organisation itself but also for the benefit of Indian citizens at large.

For instance, IoT presents a variety of potential security risks that could be exploited to harm consumers by: (a) having unauthorised access and misuse of personal information; (b) facilitating attacks on other systems; and (c) creating risks to personal safety. Similarly, privacy risks may flow from the collection of personal information, habits, locations, and physical conditions over time. These days behavioural targeting is very common among companies who rely upon historical and real time data to analyse and influence consumer’s interests and choices. Companies might use this data to make credit, insurance, and employment decisions. Even if companies are prevented by law for not taking such a course of action still these risks to privacy and security could undermine the consumer confidence necessary for the technologies to meet their full potential, and may result in less widespread adoption.

Perry4Law Organisation (P4LO) strongly recommends that companies developing IoT products and services in India should implement reasonable security practices and procedures. These must include cyber security best practices, e-discovery best practices, cyber law due diligence (pdf), Internet intermediary liability law compliances, etc. Similarly, there must be a dedicated crisis management plan for cyber attacks against IoT in India so that IoT and critical infrastructures can recover from sophisticated cyber attacks as soon as possible.  For instance, the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) has recently published the Guidance on cyber resilience for financial market infrastructures (pdf) (“Cyber Guidance”). As per this Cyber Guidance, the Financial Market Infrastructures (FMIs) must develop cyber capabilities to resume their operations within two hours following a cyber disruption. India must also develop robust and resilient cyber security infrastructure so that systems dependent upon Information and Communication Technology (ICT) can come online as soon as possible.

There are some long-standing Fair Information Practice Principles (“FIPPs”) like notice, choice, access, accuracy, data minimisation, security, and accountability that should apply to the IoT segment.  Indian IoT stakeholders must also follow these principle and privacy and data protection best practices so that IoT services can be provided in a legal and law abiding manner not only in India but also in other jurisdictions. Conflict of laws in cyberspace raise complicated techno legal issues that IoT stakeholders must be prepared to deal with. For instance, recently Microsoft has won a case where the US Government was forcing it to disclose e-mail data and details stored in Ireland’s data center. Microsoft argued that as the data was stored in Ireland, it was subject to Irish rather than US law, regardless of the company providing the infrastructure. Thus, IoT stakeholders from India must be aware of and comply with laws of different jurisdictions if their products and services are also offered in those jurisdictions.

Perry4Law Organisation (P4LO) hopes that IoT stakeholders would find this article useful and we also wish them all the best in their projects and business activities.

Posted in Uncategorized | Leave a comment

Techno Legal Responsive Regulatory Framework For Online Payment Industry Of India By Perry4Law Organisation (P4LO)

Perry4Law Organisation (P4LO)Online payment industry of India is not only unorganised but is also largely unregulated. Even the traditional banks of India are not scrutinised for their business and banking activities. For instance, a majority of banks that have extended their online payment portal services to online gambling, online pharmacy and similar such high risk ventures have not done any sort of cyber law due diligence (pdf) at all. They have simply extended their services to many apparently illegal business activities. Indian government in general and Reserve Bank of India (RBI) in particular are responsible for this lapse of regulatory compliance on the part of Indian banks and e-commerce entrepreneurs.

Recently InMobi paid a fine of $950,000 by a US regulatory body for tracking consumers’ locations without their consent. This is not a case with InMobi alone as almost all the e-commerce ventures in India are not complying with techno legal requirements of Indian and foreign laws. They consider legal compliance as a redundant exercise till some regulatory authority shows them the truth. Mobile application developers are also following this practice of non compliance and they may be prosecuted very soon. In fact, the Supreme Court of India will hear next Wednesday a petition seeking a ban on WhatsApp on the ground that the messaging platform’s end-to-end encryption gives terrorists a means of communication that is impossible to intercept. Maharashtra’s FDA has already ordered filing of FIRs against Snapdeal, its CEO Kunal Bahl, directors and distributors for online sale of prescription drugs. Bitcoin ventures of India are also required to comply with techno legal compliance that they rae presently not doing. This makes their Bitcoin busines sin India illegal and unauthorised. These are just few of the examples of e-commerce and business ventures not complying with techno legal requirements of Indian laws.

Online payment market of India is passing through a turbulent phase. As on date the e-commerce and online business legal compliances are not followed by the online payment industry of India. Even the foreign investors were not very serious about cyber law due diligence in India and they invested blindly in Indian ventures. Now they have realised their mistake and they have already squeezed their funding for Indian ventures. Indian entrepreneurs and e-commerce business houses must understand that techno legal compliance is a long term insurance that they cannot ignore just like cyber insurance and cyber security of their businesses.

As far as mobile payment market is concerned, it is booming but legal compliances are still missing from their agenda. Mobile banking cyber security is another area of concern especially with mass usage of smart phones in India. RBI has been streamlining the financial and banking Sector of India. It constituted the RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (Working Group). The Working Group issued Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (pdf) to be followed by banks of India. The guidelines have also directed that all banks would have to create a position of Chief Information Officers (CIOs) as well as Steering Committees on Information Security at the board level at the earliest. However, due to lack of enforcement of these guidelines, banks have done little towards cyber security of their business activities.

Reacting to this reality, RBI decided to set up an IT subsidiary that would look into the cyber security matters of banks of India and RBI. As per media reports, a CEO has also been appointed for managing the affairs of the IT subsidiary of RBI. Further, RBI has also issued a cyber security framework for Indian banks and many of the techno legal suggestions of Perry4Law Organisation (P4LO) have been incorporated into the same. Now RBI has released a policy document titled Payment and Settlement Systems in India: Vision-2018 for streamlining the online payment infrastructure of India. The vision document has suggested formulation of a responsive regulatory framework for online payment industry of India. Some of the salient features of the vision document pertaining to techno legal regulatory framework are as follows:

(1) RBI, in consultation with all the stakeholders, will continue its efforts to create a regulatory framework to promote twin objectives of enhanced coverage with interoperability of the payments system and convenience with security for the end-users in sync with emerging developments and innovations.

(2) The legal framework for payment and settlement systems in the country is provided under the Payment and Settlement Systems Act (the PSS Act), 2007. The PSS Act empowers the Bank to regulate and supervise the payment and settlement systems in the country. In discharging its roles and responsibilities under the Act, the Bank has been putting in place policy framework, issuing guidelines and instructions to banks and authorised payment system operators relating to safety, security and efficiency of payment systems. Besides formulation of new policies and guidelines, existing policies and instructions are all continually reviewed, taking into account the feedback received from the stakeholders.

(3) Taking into account the rapid developments and innovations in the area of payment systems, the Vision-2018 envisages a more responsive regulatory framework based on consultations with stakeholders. The policy framework will support payment system initiatives that enhance access to payment services. The principle of “similar business, similar risk, similar rules” will invariably be applied.

(4) The key focus areas for responsive regulation would be:

(a) New Issues / Areas For Policy Framework

(i) Policy Framework For Central Counter Parties (CCPs): The CCPs are the critical financial market infrastructure (FMI) and the efficient of the same is important. RBI has already declared the policy framework for regulation and supervision of FMIs under the regulatory jurisdiction of the RBI. The PFMIs against which FMIs are assessed lay emphasis on having effective governance framework and management of various risks, including legal, credit and liquidity risks against which FMIs are assessed. To begin with, the RBI would come out with regulations on Governance, Capital/ net worth requirement, registration/authorisation of foreign CCPS. At a later date, RBI may come out with regulations on risk management, if required. This will also serve as effective criterion to measure the equivalence standards of third country regulatory framework for the purpose of recognizing foreign CCPs operating outside and desirous of applying for recognition in India under these regulations.

(ii) Regulation Of Payment Gateway Service Providers And Payment Aggregators: The increasing growth of electronic payments, especially online payments, riding the growth of e-commerce and m-commerce transactions, has brought to the fore the increasing role and importance of entities that facilitate such online payments such as payment gateway providers and payment aggregators. The current guidelines on maintenance of nodal accounts for such intermediaries (monitored through banks) are indirect and address only a few specific aspects of their functioning. Given their increasing role, the guidelines will be revised for the payments related activities of these entities.

(iii) Exit Policy: Co-existence of an exit policy along with the policy on authorisation of entities which participate in the payment and settlement system is essential for the overall hygiene of the ecosystem. The exit policy would lay down the parameters and processes for voluntary exit of a payment system operator (PSO) authorised to operate a retail payment system. Such a policy would ensure that the interests of the consumers and other stakeholders are protected.

(iv) Framework For Imposition Of Penalty: Guidelines and standards for various payment and settlement systems are issued under the provisions of the PSS Act. Non-adherence to these guidelines and standards by participants and operators attract the penal provisions under the PSS Act. A framework for imposition of such penalties under the PSS Act would be put in place.

(v) Monitoring Framework For New Technologies / Innovations: In order to ensure that regulations keep pace with the developments in technology impacting the payment space, the global level developments in technology such as distributed ledgers, blockchain etc. will be monitored, and regulatory framework, as required, will be put in place. Further, the payments eco-system is dynamically evolving with the advancements and innovations taking place, particularly in the area of FinTechs. In order to provide a platform for innovators to showcase their models to the industry, particularly in the areas of interest to payment systems and services, the Reserve Bank has organised an innovation contest through the Institute for Development and Research in Banking Technology (IDRBT). Learnings from such interfaces will also be used as inputs for policy adaptations.

(b) Review Of Existing Policies:

(i) Prepaid Payment Instruments (PPIs): With increase in number of entities authorised to issue PPIs in the country, their usage for purchase of goods and services as well as funds transfer has also been growing. Over the years, the guidelines have been expanded to include several types of PPIs, some of which are not really being issued / used actively. Similarly, with growing use of PPIs, the initial forbearance given on KYC requirements, customer-facing aspects such as safety and security, risk mitigation measures, complaint redressal mechanism, forfeiture of unutilised balances, fraud monitoring and reporting requirements, etc. merit a review. A comprehensive review of the PPI guidelines will be undertaken keeping in view the changing scenario.

(ii) Mobile Banking Guidelines: To promote mobile phones as access channel to payment and banking services, the guidelines will be reviewed to address issues related to customer registration for mobile banking, safety and security of transactions, risk mitigation and customer grievance redressal measures.

(iii) White Label ATM (WLA) Guidelines: These Guidelines, formed with the objective of ensuring expansion of ATM infrastructure in rural and semi-urban areas, have not resulted in the much needed growth in ATM infrastructure in the desired geographical segments of the country due to multiple factors. The WLA Guidelines will accordingly be examined holistically and targets realigned to meet present conditions.

(5) Payment System Advisory Council (PSAC): The Board for Regulation and Supervision of Payment and Settlement Systems (BPSS), set up under the PSS Act, is the apex body for regulating and supervising the payment system related developments and policies in the country. Vision-2018 envisages setting up of a Payments System Advisory Council (PSAC) to assist the BPSS in formulation of new policies, assessing the impact of new technological developments by providing necessary insights about futuristic developments and innovations in the area. The PSAC could have representations from diverse fields such as technology, telecommunication, FinTech, security solution providers, academia, Government, etc. and strive to provide to the BPSS the necessary consultative feedback from stakeholders for making strategic decisions in the area of payment systems.

(6) Amendments To PSS Act: Sound legal basis, including good governance, is the cornerstone for building a safe and efficient payments eco-system. Keeping this in view, amendments relating to settlement finality in the event of Central Counter Party (CCP) being declared insolvent or dissolved or wound down, and statutory charge on escrow account, have been made to the PSS Act which have come into effect from June 01, 2015.The Reserve Bank, as a member of the international Standard Setting Bodies (SSBs), is committed to adopting the international standards including those relating to recovery and resolution of FMIs. Efforts would, therefore, be made to bring in further amendments to the legal framework for addressing issues, such as:

(a) Resolution / insolvency of Central Counter Party (CCP) / Financial Market Infrastructure (FMI).

(b) Non-registration of charge on collateral with CCP: The Companies Act, 2013 has enlarged the meaning of “charge” under that Act, covering the right of system provider to appropriate collateral. In a dynamic market scenario, where the market participants constantly move in and move out the collaterals from the control of the CCP, it is practically impossible to continuously register or modify the charge. Non registration of charge under the Companies Act should not in any manner affect the right of the CCP to appropriate the collaterals and the settlement finality. As legal certainty is extremely crucial in this market, for avoiding litigation, necessary amendment to clarify this position would be taken up.

(c) Better governance in critical payment systems operators both in retail and large value payment systems by appointing observers on the board of the service providers or by appointing additional directors, as required.

(7) Strengthening Reporting Framework Including Fraud Monitoring: This includes:

(a) Reporting Framework: As part of off-site surveillance process, payment system operators (PSOs) are directed to adhere to periodic reporting requirements. The periodic returns would be moved to XBRL system. This would offer major benefits at all stages of business reporting and analysis, aiding in better quality of information and decision-making. In addition, a structured reporting framework for PSOs to communicate the findings of the audit of their IT systems along with their compliance would also be put in place.

(b) Fraud Monitoring: To further strengthen the confidence in the payment systems and minimise instances of frauds, there is a need to monitor the types of frauds that may be taking place in various payment systems. Accordingly, to begin with, a framework for collection of data on frauds in payment systems would be drawn up in consultation with the industry.

Perry4Law Organisation (P4LO) hopes that our readers would find this summary useful.

Posted in Uncategorized | Leave a comment

Malware Are Defeating Cyber Security Safeguards With Ease

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBCyber Security and Malware are two sides of the same coin. While the former tries to protect critical infrastructures, computer systems, networks, etc yet the latter abhors this same protection. Malware writers are increasingly targeting digital assets to gain control over them and to manipulate them for cyber attacks, cyber crimes and other nefarious activities. We have often heard about machines being turned into botnet and compromised systems to further launch cyber attacks, send spam communications or to deliver malicious codes, software and payloads. A simple search at a customised search engine or with a customised search setting would reveal that Internet is full of unprotected and insecure devices, SCADA systems and computers. Naturally, the critical infrastructures relying upon them are very vulnerable to various forms of cyber attacks.

Malware have years of history and experience behind them to unsettle cyber security initiatives. As these malware evolved, their sophistication and impact has also become elegant. Cyber security service providers and companies are finding it really difficult to match the might of these malware. Some of these malware are so advanced that they are not detected even after many years of their victimisation. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc are some of the examples of such malware.

Financial sector has witnessed its own share of malware. For instance, the notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware have created havoc in India and international levels.

Hardware based malware are also common these days. Kaspersky has revealed in the past that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard. Similarly, Lenovo was accused of pre installing adware in its laptops. We cannot ignore the killer USBs that can damage the system in which they are used. Telecom equipment companies like Huawei and ZTE are already facing heat over cyber security aspects of their telecom equipments in countries like India, Australia, etc. Huawei was also accused of breaching national security of India by hacking base station controller in AP.

As the law enforcement and intelligence agencies wish to engage in illegal and unconstitutional e-surveillance and spying, cyber security of computer systems and mobile phones and their communications are not allowed to be managed in a secured and encrypted manner. For instance, Vodafone has confirmed that India has been using “secret wires” in the telecom infrastructure to indulge in e-surveillance. Indian Department of Telecommunications suppressed the whole incidence with a mere assurance of “investigation” that never made public so far. This is the reason why Indian mobile security is poorer than Pakistan that is using much better and secured communication systems.

There is no dearth of ideas and methodologies that malware owners can use. U.S. law enforcement agencies have been using fake cell phone towers to illegally intercept mobile communications and data. Surveillance hardware and software like Stingray, Triggerfish, etc are commonly used in U.S. and other jurisdictions. It has also been reported that NSA has been using radio waves and malware for engaging in world wide e-surveillance. Even Anti virus updates can be exploited to install malware upon the targeted systems. Thus, whether a computer system is online, offline or an isolate one, the “combined technique” of malware embedded hardware, spyware, malware and radio waves can allow NSA to get the “relevant information” with some effort in this regard. No doubt, U.S. government is also the biggest buyer of malware in the world.

It is obvious that besides having robust and resilient cyber security infrastructures we also need self defence mechanisms to prevent malware from infecting our systems. There are some methods that can be used to minimise cyber attacks and cyber threats from these malware but 100% cyber security is not possible. However, there are limits to legitimate exercise of self defence and it ceases to be available after a point. In the absence of international cyber law treaty and international cyber security treaty (PDF), this limit has to be judged and guided by the principle of private international law.

Nevertheless, complicated techno legal issues in the field of cyber law and cyber security would keep on arising in the absence of international harmonisation. For instance, authorship attribution is a complicated subject that has to be ascertained before a cyber crime or cyber attack liability can be imputed to an individual, nation or organisation. Similarly, whether a victim can launch his/its own cyber attack against the offender is still to be judged by the courts around the world. Nature, scope and prevention of cyber warfare is another complicated area that cannot be resolved by taking recourse of Tallinn Manual. For the time being, malware are clearly winning the fight against the cyber security vendors and if there is no change in the “strategy and mindset” of security stakeholders, this would be the norm for the next decade.

At Perry4Law Organisation (P4LO) we have dedicated a blog titled International Legal Issues of Cyber Attacks and Cyber Security in this regard. The aim is to provide a techno legal database of articles and opinions about international legal issues of cyber attacks, cyber security, cyber crimes and cyber law. It is supported by Centre of Excellence for Cyber Security Research and Development in India (CECSRDI). We would cover more techno legal issues of cyber security, malware and international law at that blog.

Posted in Uncategorized | 11 Comments

Cyber Law Developments In India 2015

Perry4Law-Organisation-P4LOCyber Law of India faced many crucial challenges in the year 2015. The Information Technology Act 2000 (IT Act 2000) was enacted in the year 2000 and it was presumed that the IT Act 2000 would mature with the passage of time. However, the opposite happened in the year 2015 when the Supreme Court of India committed one of the biggest mistakes in the history of Indian Cyber Law. Further, on the Legislative front as well, the year 2015 did not see any development for the Indian Cyber Law. Overall, Cyber Law Developments in India in 2015 were both “Retrograde” and “Ill Conceived”.

Perry4Law Organisation (P4LO) has been providing Cyber Law Trends and Developments in India for long. Our readers and viewers may find the Cyber Law Developments for the year 2013 and 2014 here (PDF) and here respectively. In this work, Perry4Law Organisation (P4LO) is sharing the Cyber Law Developments that took place in the year 2015 in India. These are as follows:

(1) Cyber Law Due Diligence: Cyber Law Due Diligence (PDF) is well established in India. As per the IT Act 2000, all Digital Stakeholders are required to observe Cyber Law Due Diligence to avoid legal sanctions and Internet Intermediary Liability. Instead of Strengthening of Cyber Law Due Diligence, the Judgment of Supreme Court in Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) has done exactly opposite and made Indian Cyber Law Due Diligence weaker and ineffective. In fact, the Supreme Court of India has “Killed Cyber Law Due Diligence” in India to a great extent. Nevertheless, Cyber Law Due Diligence is still reqired for diverse purposes in India.

(2) Civil Liberties: The year 2015 proved “Really Bad” for Civil Liberties Protection in Indian Cyberspace. Narendra Modi Government and various State Government showed no regard to Privacy Rights of Indian Citizens and they continued to “Impose” Illegal and Unconstitutional Aadhaar for various Government Services like Digital Locker. Further, issues like Cyber Security of Aadhaar, Smart Cities Civil Liberties issues, etc were also ignored by Narendra Modi Government. However, the worst act of Narendra Modi Government and other State Governments is “Deliberate Contempt of Court” by not following the directions of Supreme Court of India that mandates that Aadhaar is “Not Compulsory” for Government Services. This attitude needs to be changed by Narendra Modi and other State Governments in the year 2016.

(3) Inadequate Cyber Law: Cyber Law of India remained ineffective and inadequate in the year 2015 as well. Neither Indian Government nor Indian Parliament showed any interest in strengthening of Indian Cyber Law. Perry4Law Organisation (P4LO) has made certain “Legal Representations” to the Prime Minister’s Office (PMO), Ministry of Home Affiars (MHA), Department of Electronics and Information Technology (DeitY) and Ministry of Information and Broadcasting in this regard. Fortunately, these Ministries have assured Perry4Law Organisation (P4LO) that our “Legal Representations” would be duly considered by them while making the “Amendments” in the IT Act 2000.

(4) Telegraph Law: Indian Telegraph Act is another legislation that required “Suitable Amendments“. As on date we have no Lawful and Constitutional Interception Law in India and E-Surveillance and Telephone Tapping is still done in an “Unconstitutional Manner“. The year 2015 did not brought any positive developments in this regard. We hope in the year 2016 Narendra Modi Government would work in the direction of formulating a Constitutional Interception Law for India.

(5) Digital India: Narendra Modi Government launched the Digital India Project in the year 2015. However, Digital India is not free from Critical Issues and Shortcomings. The chief among them are lack of Cyber Security Infrastructure and disregard to Civil Liberties aspects like Data Protection (PDF) and Privacy Protection. Naturally, Digital India Project is heading towards Rough Waters and Narendra Modi Government must think in this direction in the year 2016.

(6) Online Gambling: Online Gaming and Gambling Law of India was expected to be “Clarified” through a “Conclusive Ruling” from the Supreme Court of India in the year 2015. However, this did not happen as the Supreme Court of India “Refused to Clarify” in this regard. The Supreme Court refused to clarify regarding Legality of Online Rummy and Online Poker in India and this makes the websites managing Online Rummy and Online Poker vulnerable to punishment in the year 2016. Even the Central Government refused to give any opinion in this regard. Further, tax laws and liabilities for online Poker and Online Rummy websites is also not clear. The year 2016 may see some “Clarifications” in this regard from the Narendra Modi Government.

(7) Legality Of Bitcoins In India: The year 2015 did not see any clarity regarding Legality of Bitcoin in India and Legality of Bitcoin is still doubtful in India. In fact, the Reserve Bank of India (RBI) has “Cautioned“the Bitcoin Stakeholders against “Potential Risks” (PDF) of using Bitcoin in India. Thus, as on date use of Bitcoin in India is “Legally Risky“. In short, dealing in Bitcoins in India is still A “Grey Area” and it is not safe to consider it “Strictly Legal” though Indian Corporate is Lobbying for Regulated Digital Currency in India. The bottom line is that Bitcoin Websites and Owners must comply with Indian Laws to stay legal when it comes to use of Bitcoin in India.

(8) Cyber Breaches Insurance: The year 2015 was good as far as Cyber Insurance in India is concerned. Many Companies opted for Cyber Insurance Policies in India in 2015. These polices covered losses arising out of Cyber Threats and Cyber Crimes. However, Cyber Insurance Stakeholders in India are still not aware of the Techno Legal aspects of Cyber Insurance in India. This may give rise to potential disputes and litigations in the near future. We strongly recommend that Cyber Insurance Policies must comply with Techno Legal Requirements as prescribed by IT Act, 2000 and other Laws so that disputes can be minimised to maximum possible extent. It is the prime responsibility of Insurance Companies to draft the Cyber Insurance Agreements in proper and Techno Legal manner.

(9) Online Pharmacies: The year 2015 witnessed an increased interest in Online Pharmacies among the E-Commerce players and Healthcare Stakeholders. However, a dedicated Legal Framework for Online Pharmacies is still missing. Further, most of the Online Pharmacies operating in India are not at all complying with the Techno Legal requirements of Indian Laws.

(10) Cyber Law Obligations Of Directors/Companies: Cyber Law Obligations of Directors of Indian Companies is now well established in India. However, there is insignificant development in this regard at the Board of Directors level. There are very few Directors who are aware of fields like Cyber Law and Cyber Security and even fewer are those who comply with the same. The year 2016 would see an increased focus upon Cyber Law and Cyber Security Obligations of Directors of Indian Companies and their respective Companies.

Overall the year 2015 was not good for Cyber Law Developments in India and we expect better results from the year 2016. In order to do so successfully, the Narendra Modi Government must take “Pro Active Approach” towards concepts like Cyber Law and Cyber Security. At a time when Cyber Security Developments in India 2015 and potential Cyber Security Trends In India 2016 are showing “Negative Results”, it would be a “Big Challenge” for the Modi Government to manage these issues. Perry4Law Organisation (P4LO) wishes all the best to Modi Government in this regard with a commitment to help it in every possible manner.

Posted in Uncategorized | Leave a comment