(i) Merchant Banking
(ii) Under Writing
(iii) Portfolio Management Services
(iv) Investment Advisory Services
(v) Financial Consultancy
(vi) Stock Broking
(vii) Asset Management
(viii) Venture Capital
(ix) Custodian Services
(xi) Credit Rating Agencies
(xii) Leasing & Finance
(xiii) Housing Finance
(xiv) Forex Broking
(xv) Credit Card Business
(xvi) Money Changing Business
(xvii) Micro Credit
(xviii) Rural Credit
The other conditions in this regard are:
(1) Investment would be subject to the following minimum capitalisation norms:
(i) US $0.5 million for foreign capital up to 51% to be brought upfront
(iii) US $ 50 million for foreign capital more than 75% out of which US$ 7.5 million to be brought upfront and the balance in 24 months.
(vi) Non- Fund based activities : US $0.5 million to be brought upfront for all permitted non-fund based NBFCs irrespective of the level of foreign investment subject to the following condition:
(a) Investment Advisory Services
(b) Financial Consultancy
(c) Forex Broking
(d) Money Changing Business
(e) Credit Rating Agencies
(vii) This will be subject to compliance with the guidelines of RBI.
(ii) Leasing & Finance covers only financial leases and not operating leases.
This is in continuance of our series on Consolidated FDI Policy of India 2012 by DIPP. In this article Perry4Lawand Perry4Law Techno Legal Base (PTLB) would discuss the FDI in the insurance sector of India under the consolidated FDI policy of India 2012.
Further, FII can invest only through purchases in the secondary market.
The other conditions in this regard are:
(4) Such FII investment would be permitted subject to the conditions that:
(a) No single entity should directly or indirectly hold more than 10% equity.
(b) Any acquisition in excess of 1% will have to be reported to RBI as a mandatory requirement; and
This is in continuance of our series on Consolidated FDI Policy of India 2012 by DIPP. In this article Perry4Lawand Perry4Law Techno Legal Base (PTLB) would discuss the FDI in commodity exchanges sector of India under the consolidated FDI policy of India 2012.
(2) For the purposes of this chapter/article,
(ii) Recognised association means an association to which recognition for the time being has been granted by the Central Government under Section 6 of the Forward Contracts (Regulation) Act, 1952
(iii) Association means any body of individuals, whether incorporated or not, constituted for the purposes of regulating and controlling the business of the sale or purchase of any goods and commodity derivative.
(v) Commodity derivative means-
(a) A contract for delivery of goods, which is not a ready delivery contract; or
The other conditions in this regard are as follow:
(i) FII purchases shall be restricted to secondary market only and
These conditions must also be satisfied in this regard:
(2) The aggregate foreign investment in a private bank from all sources will be allowed up to a maximum of 74 per cent of the paid up capital of the Bank. At all times, at least 26 per cent of the paid up capital will have to be held by residents, except in regard to a wholly-owned subsidiary of a foreign bank.
(3) The stipulations as above will be applicable to all investments in existing private sector banks also.
(4) The permissible limits under portfolio investment schemes through stock exchanges for FIIs and NRIs will be as follows:
(d) Transfer of shares under FDI from residents to non-residents will continue to require approval of RBI and Government as per para 3.6.2 above as applicable.
(ii) Setting up of a subsidiary by foreign banks
(a) Foreign banks will be permitted to either have branches or subsidiaries but not both.
The following other conditions must be satisfied in this regard:
In this article Perry4Law and Perry4Law Techno Legal Base (PTLB) would discuss the FDI limits in telecom services, ISPs and telecom infrastructure providing sectors of India under consolidated FDI policy of India 2012.
Telecom service providers, ISPs and telecom infrastructure providers must comply with licensing and security requirements notified by the Department of Telecommunications for all services in order to make FDI in India.
FDI in telecom services is allowed upto 74% where upto 49% FDI can be made through automatic route and beyond 49% but upto 74%, FDI can be made through government approval route.
The following conditions must also be fulfilled in this regard:
(1) General Conditions:
(i) This is applicable in case of Basic, Cellular, Unified Access Services, National/ International Long Distance, V-Sat, Public Mobile Radio Trunked Services (PMRTS), Global Mobile Personal Communications Services (GMPCS) and other value added Services.
(ii) Both direct and indirect foreign investment in the licensee company shall be counted for the purpose of FDI ceiling. Foreign Investment shall include investment by Foreign Institutional Investors (FIIs), Non-resident Indians (NRIs), Foreign Currency Convertible Bonds (FCCBs), American Depository Receipts (ADRs), Global Depository Receipts (GDRs) and convertible preference shares held by foreign entity. In any case, the Indian shareholding will not be less than 26 percent.
(iii) FDI in the licensee company/Indian promoters/investment companies including their holding companies shall require approval of the Foreign Investment Promotion Board (FIPB) if it has a bearing on the overall ceiling of 74 percent. While approving the investment proposals, FIPB shall take note that investment is not coming from countries of concern and/or unfriendly entities.
(iv) The investment approval by FIPB shall envisage the conditionality that Company would adhere to licence Agreement.
(v) FDI shall be subject to laws of India and not the laws of the foreign country/countries.
(2) Security Conditions:
(i) The Chief Officer In-charge of technical network operations and the Chief Security Officer should be a resident Indian citizen.
(ii) Details of infrastructure/network diagram (technical details of the network) could be provided on a need basis only to telecom equipment suppliers/manufacturers and the affiliate/parents of the licensee company. Clearance from the licensor (Department of Telecommunications) would be required if such information is to be provided to anybody else.
(iii) For security reasons, domestic traffic of such entities as may be identified /specified by the licensor shall not be hauled/routed to any place outside India.
(iv) The licensee company shall take adequate and timely measures to ensure that the information transacted through a network by the subscribers is secure and protected.
(v) The officers/officials of the licensee companies dealing with the lawful interception of messages will be resident Indian citizens.
(vi) The majority Directors on the Board of the company shall be Indian citizens. Recently, the Home Ministry of India blocked Telenor’s FIPB application on certain grounds, including absence of resident directors, and this condition has made the license conditions even more stringent.
(vii) The positions of the Chairman, Managing Director, Chief Executive Officer (CEO) and/or Chief Financial Officer (CFO), if held by foreign nationals, would require to be security vetted by Ministry of Home Affairs (MHA). Security vetting shall be required periodically on yearly basis. In case something adverse is found during the security vetting, the direction of MHA shall be binding on the licensee.
(viii) The Company shall not transfer the following to any person/place outside India:-
(a) Any accounting information relating to subscriber (except for international roaming/billing) (Note: it does not restrict a statutorily required disclosure of financial nature); and
(b) User information (except pertaining to foreign subscribers using Indian Operator‘s network while roaming).
(ix) The Company must provide traceable identity of their subscribers. However, in case of providing service to roaming subscriber of foreign Companies, the Indian Company shall endeavour to obtain traceable identity of roaming subscribers from the foreign company as a part of its roaming agreement.
(x) On request of the licensor or any other agency authorised by the licensor, the telecom service provider should be able to provide the geographical location of any subscriber (BTS location) at a given point of time.
(xi) The Remote Access (RA) to Network would be provided only to approved location(s) abroad through approved location(s) in India. The approval for location(s) would be given by the Licensor (DOT) in consultation with the Ministry of Home Affairs.
(xii) Under no circumstances, should any RA to the suppliers/manufacturers and affiliate(s) be enabled to access Lawful Interception System(LIS), Lawful Interception Monitoring(LIM), Call contents of the traffic and any such sensitive sector/data, which the licensor may notify from time to time.
(xiii) The licensee company is not allowed to use remote access facility for monitoring of content.
(xiv) Suitable technical device should be made available at Indian end to the designated security agency /licensor in which a mirror image of the remote access information is available on line for monitoring purposes.
(xv) Complete audit trail of the remote access activities pertaining to the network operated in India should be maintained for a period of six months and provided on request to the licensor or any other agency authorised by the licensor.
(xvi) The telecom service providers should ensure that necessary provision (hardware/software) is available in their equipment for doing the Lawful interception and monitoring from a centralized location.
(xvii) The telecom service providers should familiarize/train Vigilance Technical Monitoring (VTM)/security agency officers/officials in respect of relevant operations/features of their systems.
(xviii) It shall be open to the licensor to restrict the Licensee Company from operating in any sensitive area from the National Security angle.
(xix) In order to maintain the privacy of voice and data, monitoring shall only be upon authorisation by the Union Home Secretary or Home Secretaries of the States/Union Territories.
(xx) For monitoring traffic, the licensee company shall provide access of their network and other facilities as well as to books of accounts to the security agencies.
(xxi) The aforesaid Security Conditions shall be applicable to all the licensee companies operating telecom services covered under this circular irrespective of the level of FDI.
(xxii) Other Service Providers (OSPs), providing services like Call Centres, Business Process Outsourcing (BPO), tele-marketing, tele-education, etc, and are registered with DoT as OSP. Such OSPs operate the service using the telecom infrastructure provided by licensed telecom service providers and 100% FDI is permitted for OSPs. As the security conditions are applicable to all licensed telecom service providers, the security conditions mentioned above shall not be separately enforced on OSPs.
(3) The above General Conditions and Security Conditions shall also be applicable to the companies operating telecom service(s) with the FDI cap of 49%.
(4) All the telecom service providers shall submit a compliance report on the aforesaid conditions to the licensor on 1st day of July and January on six monthly basis.
(a) FDI in ISP with gateways is allowed upto 74% where FDI upto 49% would be through automatic route and FDI beyond 49% but upto 74% would be through government approval route.
(b) FDI in ISP‘s not providing gateways i.e. without gate-ways (both for satellite and marine cables) would be allowed upto 74% where FDI upto 49% would be through automatic route and FDI beyond 49% but upto 74% would be through government approval route.
The new guidelines of August 24, 2007 Department of Telecommunications provide for new ISP licenses with FDI up to 74%.
(c) Radio paging
(d) End-to-End bandwidth
(a) FDI for infrastructure providers providing dark fiber, right of way, duct space, tower (IP Category I) is allowed upto 100% where FDI upto 49% would be through automatic route and FDI beyond 49% shall be through government approval route.
(b) Electronic Mail
(c) Voice Mail
Investment in all the above activities is subject to the conditions that such companies will divest 26% of their equity in favour of Indian public in 5 years, if these companies are listed in other parts of the world.
FDI in satellites, including their establishment and operation and subject to the sectoral guidelines of Department of Space/ISRO, is permissible upto 74% through government approval route.
Further, FDI in private security agencies is allowed upto 49 % through government approval route.
In the meantime, the Indian government has recently released the consolidated FDI policy of India 2012. It aims at strengthening the FDI regime of India. However, mere formulating a FDI policy is not sufficient. Indian government must also ensure that the FDI policies and norms are clear, unambiguous and transparent. At the same time, Indian government must also maintain a balance between FDI in India, sovereignty and international arbitration mandates.
In the latest development in Vodafone taxation issue, Vodafone has served a notice on the Indian government on its proposal to impose a retrospective tax liability. The notice has been served upon the Prime Minister’s Office, Finance Minister, Law and Justice and Communications and IT Ministries as well.
The notice alleges that the proposed Finance Bill, 2012, with its retrospective nature, violates international legal protections granted to international investors. The notice has been served by Vodafone’s Dutch subsidiary and is the first step required prior to commencement of international arbitration under the Bilateral Investment Treaty (BIT) between India and the Netherlands.
Vodafone has been contending that under the treaty the Indian government is liable to accord fair and equitable treatment to investors, provide security, not breach the legitimate expectations of investors in making investments and not deny justice or breach previously provided assurances. Let us see how Indian government would react to the same.
Those who opposed such a move on the part of India believe that it is not an encouraging sign for foreign investments in India. They believe that foreign investors will have a fear factor while doing business with India.
The Indian government has recently released the consolidated FDI policy of India 2012. It is a combination of liberalisation, automation and government regulations. So the FDI environment of India is clear and unambiguous in nature.
The recent Vodafone tax case has raised many crucial questions regarding FDI in India, taxation regime of India, governmental policies, arbitration mandates, etc. Even Vodafone has served a notice upon Indian government declaring its intentions to start an international arbitration if retrospective tax liability is imposed upon it.
India has a tendency to take action only on eleventh hour when things are already in bad shape. This is the reason why 2G scams, Vodafone tax controversy, inadequate technology statues, etc are haunting Indian government now. For some strange reason India has always preferred a knee jerk reaction instead of a well defines policy environment with transparency and accountability.
In the present circumstances refusing to approve an arbitration clause in various free trade agreements and FDI treaties is natural. India cannot afford the agitation of various disputes at international level till it makes its own turf clear and strong.
Dispute resolution of matters pertaining to national issues and foreign relations is a sovereign function that India cannot allow to be taken away. If arbitration disputes are directly taken to international platforms/institutions this would undermine the very sovereignty of India. This fact must be clearly mentioned in the FDI policies of India and other such trade agreements.
However, in order to do so, India must make its dispute resolution machinery effective and litigant friendly. Some believe that the present dispute resolution mechanisms of India, whether courts or arbitration, are in a very poor state of condition. Technological innovations like e-courts and online dispute resolution (ODR) are seldom used in India. They must be frequently used by India.
The arbitration law of India is outdated and needs urgent amendment. If India is really serious about FDI it must improve the business doing environment and effective dispute resolution policy. But allowing disputes to be taken to international institutions is the last option that India must exercise even if it means loosing the valuable FDI.
In the ultimate analysis, if there is a choice between sovereignty and FDI/FTA, all countries would choose the former. So we have to invent a formula that does not touch either. This can be done by improving the decaying legal, arbitration and judicial system of India rather than allowing the matters to be taken out of India for settlement.
In this article Perry4Law and Perry4Law Techno Legal Base (PTLB) would discuss the FDI in Industrial Parks sector of India under consolidated FDI policy of India 2012. FDI in industrial parks, new and existing, is allowed upto 100% through automatic route.
(i) Industrial Park is a project in which quality infrastructure in the form of plots of developed land or built up space or a combination with common facilities, is developed and made available to all the allottee units for the purposes of industrial activity.
(ii) Infrastructure refers to facilities required for functioning of units located in the Industrial Park and includes roads (including approach roads), water supply and sewerage, common effluent treatment facility, telecom network, generation and distribution of power, air conditioning.
(iii) Common Facilities refer to the facilities available for all the units located in the industrial park, and include facilities of power, roads (including approach roads), water supply and sewerage, common effluent treatment, common testing, telecom services, air conditioning, common facility buildings, industrial canteens, convention/conference halls, parking, travel desks, security service, first aid center, ambulance and other safety services, training facilities and such other facilities meant for common use of the units located in the Industrial Park.
(iv) Allocable area in the Industrial Park means-
(a) In the case of plots of developed land- the net site area available for allocation to the units, excluding the area for common facilities.
(b) In the case of built up space- the floor area and built up space utilized for providing common facilities.
(c) In the case of a combination of developed land and built-up space- the net site and floor area available for allocation to the units excluding the site area and built up space utilized for providing common facilities.
(v) Industrial Activity means manufacturing; electricity; gas and water supply; post and telecommunications; software publishing, consultancy and supply; data processing, database activities and distribution of electronic content; other computer related activities; basic and applied R&D on bio-technology, pharmaceutical sciences/life sciences, natural sciences and engineering; business and management consultancy activities; and architectural, engineering and other technical activities.
FDI in Industrial Parks would not be subject to the conditionalities applicable for construction development projects etc. provided the Industrial Parks meet with the under-mentioned conditions:
(i) It would comprise of a minimum of 10 units and no single unit shall occupy more than 50% of the allocable area;
(ii) The minimum percentage of the area to be allocated for industrial activity shall not be less than 66% of the total allocable area.
FDI in Townships, housing, built-up infrastructure and construction-development projects (which would include, but not be restricted to, housing, commercial premises, hotels, resorts, hospitals, educational institutions, recreational facilities, city and regional level infrastructure) would be allowed upto 100% through automatic approval route.
Investment will be subject to the following conditions:
(1) Minimum area to be developed under each project would be as under:
(i) In case of development of serviced housing plots, a minimum land area of 10 hectares
(ii) In case of construction-development projects, a minimum built-up area of 50,000 sq.mts.
(iii) In case of a combination project, any one of the above two conditions would suffice.
(2) Minimum capitalization of US$10 million for wholly owned subsidiaries and US$ 5 million for joint ventures with Indian partners. The funds would have to be brought in within six months of commencement of business of the Company.
(3) Original investment cannot be repatriated before a period of three years from completion of minimum capitalization. Original investment means the entire amount brought in as FDI. The lock-in period of three years will be applied from the date of receipt of each installment/tranche of FDI or from the date of completion of minimum capitalization, whichever is later. However, the investor may be permitted to exit earlier with prior approval of the Government through the FIPB.
(4) At least 50% of each such project must be developed within a period of five years from the date of obtaining all statutory clearances. The investor/investee company would not be permitted to sell undeveloped plots. For the purpose of these guidelines, undeveloped plots will mean where roads, water supply, street lighting, drainage, sewerage, and other conveniences, as applicable under prescribed regulations, have not been made available. It will be necessary that the investor provides this infrastructure and obtains the completion certificate from the concerned local body/service agency before he would be allowed to dispose of serviced housing plots.
(5) The project shall conform to the norms and standards, including land use requirements and provision of community amenities and common facilities, as laid down in the applicable building control regulations, bye-laws, rules, and other regulations of the State Government/Municipal/Local Body concerned.
(6) The investor/investee company shall be responsible for obtaining all necessary approvals, including those of the building/layout plans, developing internal and peripheral areas and other infrastructure facilities, payment of development, external development and other charges and complying with all other requirements as prescribed under applicable rules/bye-laws/regulations of the State Government/ Municipal/Local Body concerned.
(7) The State Government/ Municipal/ Local Body concerned, which approves the building / development plans, would monitor compliance of the above conditions by the developer.
The conditions at (1) to (4) above would not apply to Hotels and Tourism, Hospitals, Special Economic Zones (SEZs), Education Sector, Old age Homes and investment by NRIs. Further, FDI is not allowed in Real Estate Business.
In this article Perry4Law and Perry4Law Techno Legal Base (PTLB) would discuss the FDI in courier services sector of India under consolidated FDI policy of India 2012. FDI in courier services for carrying packages, parcels and other items which do not come within the ambit of the Indian Post Office Act, 1898 and excluding the activity relating to the distribution of letters would be allowed upto 100% through government approval route.
We have no dedicated data protection laws in India, privacy law in India, data privacy laws in India, etc. There is no second opinion that we need data protection laws in India, privacy rights and laws in India, etc. This is more so in the present information and communication technology (ICT) driven environment in which India is flourishing. Thus, privacy rights in India in the information age needs special attention of Indian government. As on date, privacy rights, privacy laws and data protection laws in India are not in good shape.
A right to privacy bill of India 2011 has been suggested in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.
This apathy on the part of Indian government and parliament of India is resulting in loss of commercial business opportunities for India. European Union is not allowing sophisticated outsourcing business to India due to absence of privacy, data protection and data security framework in India. In fact, EU has been treating India as a non-data secure country.
EU is reluctant in sending sensitive data, such as patient information for telemedicine, to India under data protection laws in the EU. Although there is an exception to this directive that allows outsourcing to non-data secure countries by adhering to standard contractual clauses that place strict obligations on both parties to ensure privacy of data, yet these are onerous and considered as disincentive for business.
As a result, much of the outsourcing work coming to India is low-end and data processing work. The sophisticated and high end outsourced work in the field of health, clinical research, engineering design and intellectual property rights is very less in India. This situation cannot improve till India is treated as a data secure country by EU.
India has now demanded that the EU lift restrictions on flow of sophisticated outsourcing business to India by designating it as a data secure country. Let us see how EU would respond to this request of India.
The Civil Aviation sector includes Airports, Scheduled and Non-Scheduled domestic passenger airlines, Helicopter services / Seaplane services, Ground Handling Services, Maintenance and Repair organizations; Flying training institutes; and Technical training institutions.
For the purposes of the Civil Aviation sector:
(i) Airport means a landing and taking off area for aircrafts, usually with runways and aircraft maintenance and passenger facilities and includes aerodrome as defined in clause (2) of section 2 of the Aircraft Act, 1934;
(ii) Aerodrome means any definite or limited ground or water area intended to be used, either wholly or in part, for the landing or departure of aircraft, and includes all buildings, sheds, vessels, piers and other structures thereon or pertaining thereto;
(iii) Air transport service means a service for the transport by air of persons, mails or any other thing, animate or inanimate, for any kind of remuneration whatsoever, whether such service consists of a single flight or series of flights;
(iv) Air Transport Undertaking means an undertaking whose business includes the carriage by air of passengers or cargo for hire or reward;
(v) Aircraft component means any part, the soundness and correct functioning of which, when fitted to an aircraft, is essential to the continued airworthiness or safety of the aircraft and includes any item of equipment;
(vi) Helicopter means a heavier-than -air aircraft supported in flight by the reactions of the air on one or more power driven rotors on substantially vertical axis;
(vii) Scheduled air transport service means an air transport service undertaken between the same two or more places and operated according to a published time table or with flights so regular or frequent that they constitute a recognizably systematic series, each flight being open to use by members of the public;
(viii) Non-Scheduled Air Transport service means any service which is not a scheduled air transport service and will include Cargo airlines;
(ix) Cargo airlines would mean such airlines which meet the conditions as given in the Civil Aviation Requirements issued by the Ministry of Civil Aviation;
(x) Seaplane means an aeroplane capable normally of taking off from and alighting solely on water;
(xi) Ground Handling means (i) ramp handling , (ii) traffic handling both of which shall include the activities as specified by the Ministry of Civil Aviation through the Aeronautical Information Circulars from time to time, and (iii) any other activity specified by the Central Government to be a part of either ramp handling or traffic handling.
FDI in Airports is allowed in the following categories:
(a) Greenfield projects: FDI is allowed up to 100% through automatic route.
(b) Existing projects: FDI is allowed upto 100% where FDI upto 74% is allowed through automatic route and beyond 74% FDI is allowed through government approval route.
Regarding Air Transport Services:
(a) Air Transport Services would include Domestic Scheduled Passenger Airlines; Non-Scheduled Air Transport Services, helicopter and seaplane services.
(b) No foreign airlines would be allowed to participate directly or indirectly in the equity of an Air Transport Undertaking engaged in operating Scheduled and Non-Scheduled Air Transport Services except Cargo airlines.
(c) Foreign airlines are allowed to participate in the equity of companies operating Cargo airlines, helicopter and seaplane services.
FDI in Scheduled Air Transport Service/ Domestic Scheduled Passenger Airline is allowed upto 49% (100% for NRIs) through automatic route. FDI in Non-Scheduled Air Transport Service is allowed upto 74% (100% for NRIs) where upto 49% is allowed through automatic route and beyond 49% and upto 74% through government approval route.
FDI in Helicopter services/seaplane services requiring DGCA approval is allowed upto 100% through automatic route.
Other services under Civil Aviation sector are as follows:
(1) FDI in Ground Handling Services subject to sectoral regulations and security clearance is allowed upto 74% (100% for NRIs) where upto 46% can be through automatic route and beyond 49% but upto 74% can be made through government approval route.
(2) FDI in Maintenance and Repair organizations; flying training institutes; and technical training institutions is allowed upto 100% through automatic approval route.
FDI in publishing of newspaper and periodicals dealing with news and current affairs is allowed upto 26% (FDI and investment by NRIs/PIOs/FII) through government approval route.
FDI in publication of Indian editions of foreign magazines dealing with news and current affairs is allowed upto 26% (FDI and investment by NRIs/PIOs/FII) through government approval route.
The following is also worth considering in this regard:
(i) Magazine, for the purpose of these guidelines, will be defined as a periodical publication, brought out on non-daily basis, containing public news or comments on public news.
(ii) Foreign investment would also be subject to the Guidelines for Publication of Indian editions of foreign magazines dealing with news and current affairs issued by the Ministry of Information & Broadcasting on 4.12.2008.
FDI in publishing/printing of Scientific and Technical Magazines/specialty journals/ periodicals, subject to compliance with the legal framework as applicable and guidelines issued in this regard from time to time by Ministry of Information and Broadcasting, is allowed upto 100% through government approval route.
FDI in publication of facsimile edition of foreign newspapers is allowed upto 100% through government approval route.
The following conditions must also be satisfied in this regard:
(i) FDI should be made by the owner of the original foreign newspapers whose facsimile edition is proposed to be brought out in India.
(ii) Publication of facsimile edition of foreign newspapers can be undertaken only by an entity incorporated or registered in India under the provisions of the Companies Act, 1956.
(iii) Publication of facsimile edition of foreign newspaper would also be subject to the Guidelines for publication of newspapers and periodicals dealing with news and current affairs and publication of facsimile edition of foreign newspapers issued by Ministry of Information & Broadcasting on 31.3.2006, as amended from time to time.
FDI in terrestrial broadcasting FM (FM Radio) subject to such terms and conditions as specified from time to time by Ministry of Information and Broadcasting for grant of permission for setting up of FM Radio Stations would be allowed up to 26% (FDI, NRI & PIO investments and portfolio investment) through government approval route.
FDI in Cable Network, subject to Cable Television Network Rules, 1994 and other conditions as specified from time to time by Ministry of Information and Broadcasting would be allowed up to 49% (FDI, NRI & PIO investments and portfolio investment) through government approval route.
FDI in Direct–to-Home subject to such guidelines/terms and conditions as specified from time to time by Ministry of Information and Broadcasting would be allowed up to 49% (FDI, NRI & PIO investments and portfolio investment) (Within this limit, FDI component not to exceed 20%) with government approval route.
Headend-In-The-Sky (HITS) Broadcasting Service refers to the multichannel downlinking and distribution of television programme in C-Band or Ku Band wherein all the pay channels are downlinked at a central facility (Hub/teleport) and again uplinked to a satellite after encryption of channel. At the cable headend these encrypted pay channels are downlinked using a single satellite antenna, transmodulated and sent to the subscribers by using a land based transmission system comprising of infrastructure of cable/optical fibres network.
FDI limit in (HITS) Broadcasting Service is subject to such guidelines/terms and conditions as specified from time to time by Ministry of Information and Broadcasting. FDI is allowed up to 74% (total direct and indirect foreign investment including portfolio and FDI) where FDI up to 49% would be through automatic route and beyond 49% but up to 74% it would be allowed through government approval route.
For setting up of Up-linking HUB/ Teleports FDI would be allowed up to 49% (FDI & FII) with government approval route. For Up-linking a Non-News and Current Affairs TV Channel FDI would be allowed up to 100% through government approval route. For Up-linking a News and Current Affairs TV Channel subject to the condition that the portfolio investment from FII/ NRI shall not be ―persons acting in concert with FDI investors, as defined in the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, FDI would be allowed up to 26% (FDI & FII) through government approval route.
The following conditions must also be satisfied:
(i) All the activities mentioned above will be further subject to the condition that the Company permitted to uplink the channel shall certify the continued compliance of this requirement through the Company Secretary at the end of each financial year.
(ii) FDI for Up-linking TV Channels will be subject to compliance with the Up-linking Policy notified by the Ministry of Information and Broadcasting from time to time.
FDI in defence industry subject to Industrial license under the Industries (Development and Regulation) Act 1951 would be allowed up to 26% through government approval route.
The following conditions must be satisfied in this regard:
(i) Licence applications will be considered and licences given by the Department of Industrial Policy and Promotion, Ministry of Commerce and Industry, in consultation with Ministry of Defence.
(ii) The applicant should be an Indian company / partnership firm.
(iii) The management of the applicant company / partnership should be in Indian hands with majority representation on the Board as well as the Chief Executives of the company / partnership firm being resident Indians.
(iv) Full particulars of the Directors and the Chief Executives should be furnished along with the applications.
(v) The Government reserves the right to verify the antecedents of the foreign collaborators and domestic promoters including their financial standing and credentials in the world market. Preference would be given to original equipment manufacturers or design establishments, and companies having a good track record of past supplies to Armed Forces, Space and Atomic energy sections and having an established R & D base.
(vi) There would be no minimum capitalization for the FDI. A proper assessment, however, needs to be done by the management of the applicant company depending upon the product and the technology. The licensing authority would satisfy itself about the adequacy of the net worth of the non-resident investor taking into account the category of weapons and equipment that are proposed to be manufactured.
(vii) There would be a three-year lock-in period for transfer of equity from one non-resident investor to another non-resident investor (including NRIs & erstwhile OCBs with 60% or more NRI stake) and such transfer would be subject to prior approval of the Government.
(viii) The Ministry of Defence is not in a position to give purchase guarantee for products to be manufactured. However, the planned acquisition programme for such equipment and overall requirements would be made available to the extent possible.
(ix) The capacity norms for production will be provided in the licence based on the application as well as the recommendations of the Ministry of Defence, which will look into existing capacities of similar and allied products.
(x) Import of equipment for pre-production activity including development of prototype by the applicant company would be permitted.
(xi) Adequate safety and security procedures would need to be put in place by the licensee once the licence is granted and production commences. These would be subject to verification by authorized Government agencies.
(xii) The standards and testing procedures for equipment to be produced under licence from foreign collaborators or from indigenous R & D will have to be provided by the licensee to the Government nominated quality assurance agency under appropriate confidentiality clause. The nominated quality assurance agency would inspect the finished product and would conduct surveillance and audit of the Quality Assurance Procedures of the licensee. Self-certification would be permitted by the Ministry of Defence on case to case basis, which may involve either individual items, or group of items manufactured by the licensee. Such permission would be for a fixed period and subject to renewals.
(xiii) Purchase preference and price preference may be given to the Public Sector organizations as per guidelines of the Department of Public Enterprises.
(xiv) Arms and ammunition produced by the private manufacturers will be primarily sold to the Ministry of Defence. These items may also be sold to other Government entities under the control of the Ministry of Home Affairs and State Governments with the prior approval of the Ministry of Defence. No such item should be sold within the country to any other person or entity. The export of manufactured items would be subject to policy and guidelines as applicable to Ordnance Factories and Defence Public Sector Undertakings. Non-lethal items would be permitted for sale to persons / entities other than the Central of State Governments with the prior approval of the Ministry of Defence. Licensee would also need to institute a verifiable system of removal of all goods out of their factories. Violation of these provisions may lead to cancellation of the licence.
(xv) Government decision on applications to FIPB for FDI in defence industry sector will be normally communicated within a time frame of 10 weeks from the date of acknowledgement.
In this article Perry4Law and Perry4Law Techno Legal Base (PTLB) would discuss the provisions pertaining to FDI in manufacture of items reserved for production in Micro and Small Enterprises (MSEs) of India under consolidated FDI policy of India 2012.
FDI in MSEs (as defined under Micro, Small And Meduim Enterprises Development Act, 2006 (MSMED, Act 2006)) will be subject to the sectoral caps, entry routes and other relevant sectoral regulations.
Any industrial undertaking which is not a Micro or Small Scale Enterprise, but manufactures items reserved for the MSE sector would require Government route where foreign investment is more than 24% in the capital. Such an undertaking would also require an Industrial License under the Industries (Development & Regulation) Act 1951, for such manufacture. The issue of Industrial License is subject to a few general conditions and the specific condition that the Industrial Undertaking shall undertake to export a minimum of 50% of the new or additional annual production of the MSE reserved items to be achieved within a maximum period of three years. The export obligation would be applicable from the date of commencement of commercial production and in accordance with the provisions of section 11 of the Industries (Development & Regulation) Act 1951.
In this article Perry4Law and Perry4Law Techno Legal Base (PTLB) would discuss the provisions pertaining to FDI in petroleum and natural gas sector of India under consolidated FDI policy of India 2012.
FDI in exploration activities of oil and natural gas fields, infrastructure related to marketing of petroleum products and natural gas, marketing of natural gas and petroleum products, petroleum product pipelines, natural gas/pipelines, LNG Regasification infrastructure, market study and formulation and Petroleum refining in the private sector, subject to the existing sectoral policy and regulatory framework in the oil marketing sector and the policy of the Government on private participation in exploration of oil and the discovered fields of national oil companies would be allowed upto 100% through automatic route.
FDI in petroleum refining by the Public Sector Undertakings (PSU), without any disinvestment or dilution of domestic equity in the existing PSUs, would be allowed upto 49% through government approval route.
Legal issues of e-commerce in India vary as per different business models. For instance, electronic trading of medical drugs in India requires more stringent e-commerce and legal compliances as compared to other e-commerce activities. Digital communication channels for drugs and healthcare products in India are scrutinised more aggressively than other e-commerce activities. In fact, regulatory and legislative measures to check online pharmacies trading in banned drugs in India are already in pipeline.
Besides there are many legal formalities that are required in order to start a company and e-commerce activity in India. A business can be operated as:
(1) Sole Proprietorship.
(3) Company – Public/Private.
(4) Limited Liability Partnerships (LLP).
Mostly people decide to open a private company to substantiate an e-commerce activity and this article would cover that aspect alone. To incorporate a private limited company you must approve its name, registered office address, have at least 2 directors with director identification numbers (DINs), must have a minimum authorised capital of Rs. 1 Lakh, memorandum of association (MOA) and articles of association (AOA), digital signature certificates (DSCs) wherever applicable, etc. Once these conditions and requirements are fulfilled, a certificate of incorporation is sent by post to the registered office of the newly registered company.
The private limited company is also required to comply with income tax related compliances. These include obtaining permanent account number (PAN), tax deduction account number (TAN), value added tax (VAT) registration and obtaining of tax identification number (TIN), professional tax if applicable, service tax, etc.
In certain cases, compliance with labour laws is also required. For instance, the Shops and Establishment Act is a legislation implemented by various States in India. The Act lays down mutual statutory obligation and rights of employers and employees. Registration of shop/establishment is mandatory within 30 days of commencement of work. Other workmen and labour related legislations cover areas like employees provident fund, employees state insurance, etc.
However, e-commerce in India is also required to be conducted in a legally permissible manner. This is more so when the information technology act 2000 (IT Act 2000) prescribes stringent penal and pecuniary penalties for violation of its provisions during e-commerce transactions.
The e-commerce players must ensure cyber law due diligence in India. This is more so when the cyber law due diligence for companies in India has become very stringent and foreign companies and websites are frequently prosecuted in India for non exercise of cyber due diligence.
The legal requirements for undertaking e-commerce in India also involve compliance with other laws like contract law, Indian penal code, etc. Further, online shopping in India also involves compliance with the banking and financial norms applicable in India. For instance, take the example of PayPal in this regard. If PayPal has to allow online payments receipt and disbursements for its existing or proposed e-commerce activities, it has to take a license from Reserve Bank of India (RBI) in this regard. Further, cyber due diligence for Paypal and other online payment transferors in India is also required to be observed.
Cloud computing to be viable and sustainable must be supported by many elements including a sound regulatory framework for the same. Till now we have no dedicated regulatory framework for cloud computing in India. In fact, we have no legal framework for cloud computing in India at all.
As per the recent research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. This conclusion of Perry4Law and PTLB has been endorsed by other companies and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.
Absence of an effective cloud computing policy of India is responsible for limited utilisation of cloud computing in India. However, legal issues of cloud computing in India are the main reason for cautious adoption of cloud computing in India.
Further, India is a country that has weak privacy, data protection and data security laws. India is also infamous for its e-surveillance and eavesdropping exercises without any constitutional laws backing the same. Phone tapping in India is not done in a strictly constitutional manner and we also lack a lawful interception law in India.
With the information technology amendment act, 2008 (IT Act 2008), the cyber law of India has been amended and this has also made it vulnerable to constitutionality attacks. With projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), central monitoring system (CMS), etc e-surveillance in India has reached its zenith.
In this background we have to analyse the use of cloud computing in India. Cloud computing in India cannot succeed till we have trust in the service provider. We cannot trust a service provider who can be forced to disclose even the most sensitive information and data without a court order.
In India a mere order from the Indian government or its agencies is enough for the service provider to share sensitive information. There is no judicial scrutiny of a warrant that is absolutely required in these circumstances. So you cannot be even sure what government agencies are looking at and what information they are taking from the service provider.
Any business model must essentially balance profit motives and risks associated with the business. Similarly, the users of cloud computing services must ensure that the convenience of software as a service (SASS) and cloud computing is much greater than the risks of data leakages and manipulations.
Till now the legal opinion is weighting against the use of cloud computing and SAAS in governmental departments and for governmental projects. Without a conducive legal framework, user’s data in India is not safe. Let us create a conducive commercial and legal environment before we jump upon cloud computing wagon.
Telenor is now planning to make a new beginning in India by entering into a joint venture or other association with a new partner in India. Telenor has already short listed some potential companies and partners in this regard and is in the process of finalisation of the same.
Telenor is also in the process of starting a new company in India and it has already filed a Foreign Investment Promotion Board (FIPB) application. The strategy of Telenor in this regard is very simple. It would first find a solution with the current partner Unitech and would then find a suitable new partner.
Telenor is planning to sort out all differences and problems before applying for the new licence. Once that is done a new partner would be inducted and assets from the Uninor would be transferred to the newly formulated company.
Meanwhile Unitech has approached the Company Law Board (CLB) seeking arbitration in the dispute. But Telenor has been planning to oppose this move of Unitech on Monday (26-03-2012). It also means that Telenor has rejected Unitech’s proposal for payment of about $150 million to Unitech to exit the JV and sell its 32.7% stake in Uninor to Telenor.
Unitech had made this proposal after the Company Law Board had asked it to decide by March 19 if it wanted to buy out the 67.25% stake held by Norway’s Telenor or exit their joint venture. However, Telenor and Unitech have failed to reach at a consensus in this regard so far.
Last month, Telenor’s CEO Jon Fredrik Baksaas had declared that Telenor was not interested in buying out the minority stake held by Unitech and wanted to make a fresh start with a new partner.
So what is the present techno legal banking, financial and regulatory environment prevailing in India? Perry4Law and Perry4Law Techno Legal Base (PTLB) have compiled a list of their important research works pertaining to banking and financial environment existing in India. The following articles are worth considering in this regard:
When the e-commerce activities would increase in India, online payment would be the preferred mode of payment by online consumers and customers. This is the reason why companies like PayPal are planning to enter Chinese and Indian online payment markets.
Similarly, with a growing emphasis upon electronic delivery of services in India by Indian government, online payment market of India becomes a good place to make huge profits.
However, both e-commerce players and online payment players are required to ensure cyber law due diligence in India. The cyber law due diligence for Indian companies is very stringent and there is no reason to take it lightly. In fact, cyber due diligence for foreign and Indian websites in India is an issue that is frequently agitated before Indian courts. Further, legal requirements of undertaking e-commerce in India must also be strictly followed.
Perry4Law and PTLB hope this compilation of research works pertaining to banking, financial and regulatory environment existing in India would be helpful to all concerned. We wish all the best to all e-commerce and online payment handling companies and institutions.
Cyber security of banks in India is still not given a priority. Banks are not interested in ensuring cyber security of electronic transactions. Even the recommendations of Reserve Bank of India (RBI) to ensure cyber security, appointment of chief information officers (CIOs), establishing a steering committee at board level, etc have remained unfulfilled. Even RBI has warned banks for inadequate cyber security.
As per the notification number DBOD.COMP.BC.No.130/ 07.03.23/ 2000-01 of RBI, issued on 14th June 2001, RBI has issued the following guidelines to be implemented by banks in India regarding Internet banking:
(1) Technology And Security Standards:
(a) Banks should designate a network and database administrator with clearly defined roles as indicated in the Group’s report. (Para 6.2.4)
(b) Banks should have a security policy duly approved by the Board of Directors. There should be a segregation of duty of Security Officer / Group dealing exclusively with information systems security and Information Technology Division which actually implements the computer systems. Further, Information Systems Auditor will audit the information systems. (Para 6.3.10, 6.4.1)
(c) Banks should introduce logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, system software, etc. Logical access control techniques may include user-ids, passwords, smart cards or other biometric technologies. (Para 6.4.2)
(d) At the minimum, banks should use the proxy server type of firewall so that there is no direct connection between the Internet and the bank’s system. It facilitates a high level of control and in-depth monitoring using logging and auditing tools. For sensitive systems, a stateful inspection firewall is recommended which thoroughly inspects all packets of information, and past and present transactions are compared. These generally include a real time security alert. (Para 6.4.3)
(e) All the systems supporting dial up services through modem on the same LAN as the application server should be isolated to prevent intrusions into the network as this may bypass the proxy server. (Para 6.4.4)
(f) PKI (Public Key Infrastructure) is the most favoured technology for secure Internet banking services. However, as it is not yet commonly available, banks should use the following alternative system during the transition, until the PKI is put in place:
(ii) The use of at least 128-bit SSL for securing browser to web server communications and, in addition, encryption of sensitive data like passwords in transit within the enterprise itself. (Para 6.4.5)
(g) It is also recommended that all unnecessary services on the application server such as FTP (File Transfer Protocol), telnet should be disabled. The application server should be isolated from the e-mail server. (Para 6.4.6)
(h) All computer accesses, including messages received, should be logged. Security violations (suspected or attempted) should be reported and follow up action taken should be kept in mind while framing future policy. Banks should acquire tools for monitoring systems and the networks against intrusions and attacks. These tools should be used regularly to avoid security breaches. The banks should review their security infrastructure and security policies regularly and optimize them in the light of their own experiences and changing technologies. They should educate their security personnel and also the end-users on a continuous basis. (Para 6.4.7, 6.4.11, 6.4.12)
(i) The information security officer and the information system auditor should undertake periodic penetration tests of the system, which should include:
(i) Attempting to guess passwords using password-cracking tools.
(j) Physical access controls should be strictly enforced. Physical security should cover all the information systems and sites where they are housed, both against internal and external threats. (Para 6.4.9)
(k) Banks should have proper infrastructure and schedules for backing up data. The backed-up data should be periodically tested to ensure recovery without loss of transactions in a time frame as given out in the bank’s security policy. Business continuity should be ensured by setting up disaster recovery sites. These facilities should also be tested periodically. (Para 6.4.10)
(l) All applications of banks should have proper record keeping facilities for legal purposes. It may be necessary to keep all received and sent messages both in encrypted and decrypted form. (Para 6.4.13)
(m) Security infrastructure should be properly tested before using the systems and applications for normal operations. Banks should upgrade the systems by installing patches released by developers to remove bugs and loopholes, and upgrade to newer versions which give better security and control. (Para 6.4.15)
(2) Legal Issues:
(a) Considering the legal position prevalent, there is an obligation on the part of banks not only to establish the identity but also to make enquiries about integrity and reputation of the prospective customer. Therefore, even though request for opening account can be accepted over Internet, accounts should be opened only after proper introduction and physical verification of the identity of the customer. (Para 7.2.1)
(b) From a legal perspective, security procedure adopted by banks for authenticating users needs to be recognized by law as a substitute for signature. In India, the Information Technology Act, 2000, in Section 3(2) provides for a particular technology (viz., the asymmetric crypto system and hash function) as a means of authenticating electronic record. Any other method used by banks for authentication should be recognized as a source of legal risk. (Para 7.3.1)
(c) Under the present regime there is an obligation on banks to maintain secrecy and confidentiality of customers’ accounts. In the Internet banking scenario, the risk of banks not meeting the above obligation is high on account of several factors. Despite all reasonable precautions, banks may be exposed to enhanced risk of liability to customers on account of breach of secrecy, denial of service etc., because of hacking/ other technological failures. The banks should, therefore, institute adequate risk control measures to manage such risks. (Para 7.5.1-7.5.4)
(d) In Internet banking scenario there is very little scope for the banks to act on stop payment instructions from the customers. Hence, banks should clearly notify to the customers the timeframe and the circumstances in which any stop-payment instructions could be accepted. (Para 7.6.1)
(e) The Consumer Protection Act, 1986 defines the rights of consumers in India and is applicable to banking services as well. Currently, the rights and liabilities of customers availing of Internet banking services are being determined by bilateral agreements between the banks and customers. Considering the banking practice and rights enjoyed by customers in traditional banking, banks’ liability to the customers on account of unauthorized transfer through hacking, denial of service on account of technological failure etc. needs to be assessed and banks providing Internet banking should insure themselves against such risks. (Para 7.11.1)
(3) Regulatory And Supervisory Issues:
As recommended by the Group, the existing regulatory framework over banks will be extended to Internet banking also. In this regard, it is advised that:
(b) The products should be restricted to account holders only and should not be offered in other jurisdictions.
(c) The services should only include local currency products.
(d) The ‘in-out’ scenario where customers in cross border jurisdictions are offered banking services by Indian banks (or branches of foreign banks in India) and the ‘out-in’ scenario where Indian residents are offered banking services by banks operating in cross-border jurisdictions are generally not permitted and this approach will apply to Internet banking also. The existing exceptions for limited purposes under FEMA i.e. where resident Indians have been permitted to continue to maintain their accounts with overseas banks etc., will, however, be permitted.
(e) Overseas branches of Indian banks will be permitted to offer Internet banking services to their overseas customers subject to their satisfying, in addition to the host supervisor, the home supervisor.
Given the regulatory approach as above, banks are advised to follow the following instructions:
(a) All banks, who propose to offer transactional services on the Internet should obtain prior approval from RBI. Bank’s application for such permission should indicate its business plan, analysis of cost and benefit, operational arrangements like technology adopted, business partners, third party service providers and systems and control procedures the bank proposes to adopt for managing risks. The bank should also submit a security policy covering recommendations made in this circular and a certificate from an independent auditor that the minimum requirements prescribed have been met. After the initial approval the banks will be obliged to inform RBI any material changes in the services / products offered by them. (Para 8.4.1, 8.4.2)
(b) Banks will report to RBI every breach or failure of security systems and procedure and the latter, at its discretion, may decide to commission special audit/ inspection of such banks. (Para 8.4.3)
(c) The guidelines issued by RBI on ‘Risks and Controls in Computers and Telecommunications’ vide circular DBS.CO.ITC.BC. 10/ 31.09.001/ 97-98 dated 4th February 1998 will equally apply to Internet banking. The RBI as supervisor will cover the entire risks associated with electronic banking as a part of its regular inspections of banks. (Para 8.4.4, 8.4.5)
(d) Banks should develop outsourcing guidelines to manage risks arising out of third party service providers, such as, disruption in service, defective services and personnel of service providers gaining intimate knowledge of banks’ systems and misutilizing the same, etc., effectively. (Para 8.4.7)
(e) With the increasing popularity of e-commerce, it has become necessary to set up ‘Inter-bank Payment Gateways’ for settlement of such transactions. The protocol for transactions between the customer, the bank and the portal and the framework for setting up of payment gateways as recommended by the Group should be adopted. (Para 8.4.7, 188.8.131.52 – 184.108.40.206)
(f) Only institutions who are members of the cheque clearing system in the country will be permitted to participate in Inter-bank payment gateways for Internet payment. Each gateway must nominate a bank as the clearing bank to settle all transactions. Payments effected using credit cards, payments arising out of cross border e-commerce transactions and all intra-bank payments (i.e., transactions involving only one bank) should be excluded for settlement through an inter-bank payment gateway. (Para 8.4.7 )
(g) Inter-bank payment gateways must have capabilities for both net and gross settlement. All settlement should be intra-day and as far as possible, in real time.
(h) Connectivity between the gateway and the computer system of the member bank should be achieved using a leased line network (not through Internet) with appropriate data encryption standard. All transactions must be authenticated. Once, the regulatory framework is in place, the transactions should be digitally certified by any licensed certifying agency. SSL / 128 bit encryption must be used as minimum level of security. Reserve Bank may get the security of the entire infrastructure both at the payment gateway’s end and the participating institutions’ end certified prior to making the facility available for customers use. (Para 8.4.7 )
(i) Bilateral contracts between the payee and payee’s bank, the participating banks and service provider and the banks themselves will form the legal basis for such transactions. The rights and obligations of each party must be clearly defined and should be valid in a court of law. (Para 8.4.7)
(j) Banks must make mandatory disclosures of risks, responsibilities and liabilities of the customers in doing business through Internet through a disclosure template. The banks should also provide their latest published financial results over the net. (Para 8.4.8)
(k) Hyperlinks from banks’ websites, often raise the issue of reputational risk. Such links should not mislead the customers into believing that banks sponsor any particular product or any business unrelated to banking. Hyperlinks from a banks’ websites should be confined to only those portals with which they have a payment arrangement or sites of their subsidiaries or principals. Hyperlinks to banks’ websites from other portals are normally meant for passing on information relating to purchases made by banks’ customers in the portal. Banks must follow the minimum recommended security precautions while dealing with request received from other websites, relating to customers’ purchases. (Para 8.4.9)
The Reserve Bank of India have decided that the Group’s recommendations as detailed in this circulars should be adopted by all banks offering Internet banking services, with immediate effect. Even though the recommendations have been made in the context of Internet banking, these are applicable, in general, to all forms of electronic banking and banks offering any form of electronic banking should adopt the same to the extent relevant.
All banks offering Internet banking are advised to make a review of their systems in the light of this circular and report to Reserve Bank the types of services offered, extent of their compliance with the recommendations, deviations and their proposal indicating a time frame for compliance. The first such report must reach us within one month from the date of this circular. Banks not offering any kind of I-banking may submit a ‘nil’ report.
Banks who are already offering any kind of transactional service are advised to report, in addition to those mentioned in paragraph above, their business models with projections of cost / benefits etc. and seek our post-facto approval.
The applicants must make risks and benefits analysis of ICANN’s new GTLDs registrations before making an application. Further, the applicants must also undertake proper and techno legal due diligence regarding new GTLDs applications. Once that is done to the best of an applicant’s knowledge, the ball would be in ICANN’s court.
ICANN would allow filing of legal objections against applications filed for granting of new GTLDs. The legal rights objections under ICANN’s new GTLDs domain registration program could open floodgate for objections against granting of new GTLD to a particular applicant or class of applicants. Brand names, trademarks, intellectual property rights (IPRs), etc are some of the reasons that may be cited by the objector for the refusal to grant of applied GTLD.
A well prepared applicant has greater chances that his/her/its application may be granted. Similarly, a vigilant and genuine objector must make it sure that his objections succeed and the offending GTLD is not allotted to the applicant.
If you wish to analyse your case for your personal reasons or for agitating before any court, tribunal or international organisation providing arbitration or online dispute resolution (ODR) service, you may contact us to get a preliminary analysis of the same.
If you wish to get any dispute or difference resolved through our neutral(s) you may also contact us in this regard. At Perry4Law and Perry4Law Techno Legal Base (PTLB) we provide the exclusive techno legal ADR and ODR services in India and abroad. We would analyse your case from both technological and legal perspectives.
If you think that someone is trying to misappropriate your goodwill, trade name, trademark, brand name, etc, we may assist you in enforcing your rights and intellectual property rights (IPRs), either before or after the GTLDs registration time specified by ICANN expires. We would use Uniform Domain Name Dispute Resolution Policy of ICANN or such other procedure as has been “mutually agreed” between us for analysing, opinion giving and dispute resolution.
We can also help you in determining beforehand whether the potential use of the applied-for GTLD by the applicant:
(i) Takes unfair advantage of the distinctive character or the reputation of the objector’s registered or unregistered trademark or service mark (“mark”), or
(ii) Unjustifiably impairs the distinctive character or the reputation of the objector’s mark or
(iii) Otherwise creates an impermissible likelihood of confusion between the applied-for GTLD and the objector’s mark.
Perry4Law or its panelists will ordinarily determine the merits of the objection based solely on the parties’ pleadings, and may make reference to a range of non-exclusive consideration factors.
For an objection based on trademark rights, we would consider the following non exclusive consideration factors:
(i) Whether the applied-for GTLD is identical or similar, including in appearance, phonetic sound, or meaning, to the objector’s existing mark.
(ii) Whether the objector’s acquisition and use of rights in the mark has been bona fide.
(iii) Whether and to what extent there is recognition in the relevant sector of the public of the sign corresponding to the GTLD, as the mark of the objector, of the applicant or of a third party.
(iv) Applicant’s intent in applying for the GTLD, including whether the applicant, at the time of application for the GTLD, had knowledge of the objector’s mark, or could not have reasonably been unaware of that mark, and including whether the applicant has engaged in a pattern of conduct whereby it applied for or operates TLDs or registrations in TLDs which are identical or confusingly similar to the marks of others.
(v) Whether and to what extent the applicant has used, or has made demonstrable preparations to use, the sign corresponding to the GTLD in connection with a bona fide offering of goods or services or a bona fide provision of information in a way that does not interfere with the legitimate exercise by the objector of its mark rights.
(vi) Whether the applicant has marks or other intellectual property rights in the sign corresponding to the GTLD, and, if so, whether any acquisition of such a right in the sign, and use of the sign, has been bona fide, and whether the purported or likely use of the GTLD by the applicant is consistent with such acquisition or use.
(vii) Whether and to what extent the applicant has been commonly known by the sign corresponding to the GTLD, and if so, whether any purported or likely use of the GTLD by the applicant is consistent therewith and bona fide.
(viii) Whether the applicant’s intended use of the GTLD would create a likelihood of confusion with the objector’s mark as to the source, sponsorship, affiliation, or endorsement of the GTLD.
After closing the application window (from January 12 to March 29, 2012) and posting all applications, ICANN will announce the opening of the objection filing window. Currently, the objection filing window is anticipated to be seven months, from approximately May 1 to December 1, 2012.
Within 30 days of the close of the objection window, ICANN will publish a “Dispute Announcement” listing all administratively compliant objections. The applicants would be notified of any objections and the applicants will then have 30 days to file a response. Within 30 days of receiving a response, an expert panel would be appointed. Normally the panel will render its determination within 45 days of appointment.
Non-payment of fees by an objector during legal rights objections will result in rejection of the objection, without panel appointment. Non payment of response fees by an applicant during legal rights objections will result in the objection being deemed successful. Obviously, applicants have to defend the legal rights objections as they cannot afford to loose the applied GTLD. Perry4Law and its neutral can assist both objectors and applicants in this regard.
Perry4Law and PTLB believe that applying for and getting new GTLDs requires well planned techno legal strategy. A company or individual desiring to apply for the same need to analyse all the possible strengths and weaknesses of his application well in advance. While the strengths must be further improved special work need to be done upon the weakness of such future application. Perry4Law and PTLB wish all the best to future GTLDs applicants.
India is no different in this regard and Indian government has a tremendous job in hand to change this situation. Skills developments in India are urgently required to change this position. Further keeping in mind the techno legal requirements of present times, techno legal skills development in India are also required.
Techno legal areas like cyber law, cyber security, cyber forensics, ethical hacking, etc are worst affected. In the name of technical education mere academic diplomas and degrees are provided that are not helping the students in any manner whatsoever.
Perry4Law, Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) believe that information and communication technology (ICT) can help Indian government in achieving the goals set by it regarding skills development. For instance, use of e-learning, online education and distance learning education system can not only ease the pressure from traditional universities and educational institutions but would also help in providing technical and practical education to masses across India.
Perry4Law, PTLB and PTLITC are providing exclusive techno legal e-learning courses in India and techno legal skills development trainings and courses in India. PTLB is providing various techno legal courses for corporate executives, CEOs, CIOs, etc.
Companies and CEOs are required to follow cyber law due diligence in India and must comply with the requirements of Internet intermediaries to get the safe harbour protection under Indian laws. PTLB is providing exclusive techno legal cyber law trainings for corporate executives and CEOs in India.
These trainings have been specifically designed so that corporate executives and CEOs can successfully comply with Indian laws, especially information technology act, 2000 (IT Act 2000) that is the cyber law of India. If you are interested in our techno legal trainings, kindly enroll with us in this regard.
We are committed to improve the techno legal skills developments in India are looking forward for suitable partners and associates in this regard. Read our e-learning blog for regular updates in this regard.
However, when technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.
On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.
However, numerous statues carry individual provisions that may be applicable to e-health and telemedicine activities in India. For instance, the e-governance and e-commerce related aspects of e-health and tele medicine may be governed by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India. All electronic contraventions and violations pertaining to e-health and tele medicine can be regulated b the IT Act 2000.
Similarly, privacy and data protection aspects in cyberspace pertaining to e-health are also governed by the IT Act 20000. Further, the Supreme Court of India has interpreted Article 21 of Indian Constitution as conferring a right to privacy upon all persons in India. Even in some cases the Supreme Court of India has held that patients have a right to privacy to protect their health related information except where non disclosure of such information is violating fundamental rights of others and is against public interest and public policy.
Even data security and cyber security aspects have been covered by the IT Act 2000 to some extent. The real problem is that these provisions that protect privacy, data protection, data security, etc are piecemeal efforts and they are not serving the purposes as required.
We need to have dedicated e-health laws and regulations in India that are presently missing. The sooner these e-health laws and regulations are formulated in India the better it would be for the larger interest of medical community and patients in India.
Before the enactment of HIPAA there was no centralised legislation that covered the entire US. Even regarding privacy issues, there were numerous uncoordinated Federal legislations which addressed privacy in some form. Prior to HIPAA, there was no standard authority for enforcement of fraud and abuse that applied to State and Federal health care programs.
HIPAA “consolidated” all these issues at a single place and made it much easier and effective to implement health insurance related matters in US. Further, HIPAA also ensured cyber security and data security for electronic patient and health related information.
The Preamble to HIPAA says that it is an Act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.
Title II of HIPAA, deals with prevention of health care frauds and abuse, administrative simplification and medical liability reform. It defines numerous offenses relating to health care and sets civil and criminal penalties for them. It also creates several programs to control fraud and abuse within the health care system.
The Department of Health and Human Services (HHS) has promulgated five rules regarding Administrative Simplification: the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, and the Enforcement Rule.
(1) Privacy Rule: The HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) held by “covered entities” (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.) By regulation, the Department of Health and Human Services extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of “business associates”. PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual. This is interpreted rather broadly and includes any part of an individual’s medical record or payment history. Covered entities must disclose PHI to the individual within 30 days upon request. They also must disclose PHI when required to do so by law, such as reporting suspected child abuse to state child welfare agencies.
A covered entity may disclose PHI to facilitate treatment, payment, or health care operations, or if the covered entity has obtained authorisation from the individual. However, when a covered entity discloses any PHI, it must make a reasonable effort to disclose only the minimum necessary information required to achieve its purpose.
The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI. It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals. The Privacy Rule requires covered entities to notify individuals of uses of their PHI. Covered entities must also keep track of disclosures of PHI and document privacy policies and procedures. They must appoint a Privacy Official and a contact person responsible for receiving complaints and train all members of their workforce in procedures regarding PHI.
An individual who believes that the Privacy Rule is not being upheld can file a complaint with the Department of Health and Human Services Office for Civil Rights (OCR).
(2) Transactions and Code Sets Rule: HIPAA was intended to make the health care system in the United States more efficient by standardising health care transactions. Under HIPAA, HIPAA-covered health plans are now required to use standardised HIPAA electronic transactions.
(3) Security Rule: The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications.
The standards and specifications are as follows:
(a) Administrative Safeguards – policies and procedures designed to clearly show how the entity will comply with the act
(i) Covered entities (entities that must comply with HIPAA requirements) must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures.
(ii) The policies and procedures must reference management oversight and organisational buy-in to compliance with the documented security controls.
(iii) Procedures should clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function.
(iv) The procedures must address access authorization, establishment, modification, and termination.
(v) Entities must show that an appropriate ongoing training program regarding the handling of PHI is provided to employees performing health plan administrative functions.
(vi) Covered entities that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through clauses in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.
(vii) A contingency plan should be in place for responding to emergencies. Covered entities are responsible for backing up their data and having disaster recovery procedures in place. The plan should document data priority and failure analysis, testing activities, and change control procedures.
(viii) Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Policies and procedures should specifically document the scope, frequency, and procedures of audits. Audits should be both routine and event-based.
(ix) Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.
(b) Physical Safeguards – controlling physical access to protect against inappropriate access to protected data
(i) Controls must govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)
(ii) Access to equipment containing health information should be carefully controlled and monitored.
(iii) Access to hardware and software must be limited to properly authorized individuals.
(iv) Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.
(v) Policies are required to address proper workstation use. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public.
(vi) If the covered entities utilise contractors or agents, they too must be fully trained on their physical access responsibilities.
(c) Technical Safeguards – controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.
(i) Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilised. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.
(ii) Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.
(iii) Data corroboration, including the use of check sum, double-keying, message authentication, and digital signature may be used to ensure data integrity.
(iv) Covered entities must also authenticate entities with which they communicate. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.
(v) Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.
(vi) In addition to policies and procedures and access records, information technology documentation should also include a written record of all configuration settings on the components of the network because these components are complex, configurable, and always changing.
(vii) Documented risk analysis and risk management programs are required. Covered entities must carefully consider the risks of their operations as they implement systems to comply with the act. (The requirement of risk analysis and risk management implies that the act’s security requirements are a minimum standard and places responsibility on covered entities to take all reasonable precautions necessary to prevent PHI from being used for non-health purposes.)
(4) Unique Identifiers Rule (National Provider Identifier): HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans, must use only the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions.
All covered entities using electronic communications (e.g., physicians, hospitals, health insurance companies, and so forth) must use a single new NPI. The NPI replaces all other identifiers used by health plans, Medicare, Medicaid, and other government programs. However, the NPI does not replace a provider’s DEA number, state license number, or tax identification number. The NPI is 10 digits (may be alphanumeric), with the last digit being a checksum. The NPI cannot contain any embedded intelligence; in other words, the NPI is simply a number that does not itself have any additional meaning. The NPI is unique and national, never re-used, and except for institutions, a provider usually can have only one. An institution may obtain multiple NPIs for different “subparts” such as a free-standing cancer center or rehab facility.
(5) Enforcement Rule: The Enforcement Rule sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations.
American Recovery and Reinvestment Act of 2009/Division A/Title XIII/Subtitle D: HITECH Act: Privacy Requirements
Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, addresses the privacy and security concerns associated with the electronic transmission of health information.
This subtitle extends the complete Privacy and Security Provisions of HIPAA to business associates of covered entities. This includes the extension of newly updated civil and criminal penalties to business associates. These changes are also required to be included in any business associate agreements with covered entities. On November 30, 2009, the regulations associated with the new enhancements to HIPAA enforcement took effect.
Another significant change brought about in Subtitle D of the HITECH Act, is the new breach notification requirements. This imposes new notification requirements on covered entities, business associates, vendors of personal health records (PHR) and related entities if a breach of unsecured protected health information (PHI) occurs. On April 27, 2009, the Department of Health and Human Services (HHS) issued guidance on how to secure protected health information appropriately. Both HHS and the Federal Trade Commission (FTC) were required under the HITECH Act to issue regulations associated with the new breach notification requirements. The HHS rule was published in the Federal Register on August 24, 2009 and the FTC rule was published on August 25, 2009.
The final significant change made in Subtitle D of the HITECH Act, implements new rules for the accounting of disclosures of a patient’s health information. It extends the current accounting for disclosure requirements to information that is used to carry out treatment, payment and health care operations when an organisation is using an electronic health record (EHR). This new requirement also limits the timeframe for the accounting to three years instead of six as it currently stands. These changes won’t take effect until January 1, 2011, for organizations implementing EHRs between January 1, 2009 and January 1, 2011, and January 1, 2013, for organisations who had implemented an EHR prior to January 1, 2009.
Effects on Research and Clinical Care
The enactment of the Privacy and Security Rules has caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers.
(a) Effects on Research: HIPAA restrictions on researchers have affected their ability to perform retrospective, chart-based research as well as their ability to prospectively evaluate patients by contacting them for follow-up. In addition, informed consent forms for research studies now are required to include extensive detail on how the participant’s protected health information will be kept private. While such information is important, the addition of a lengthy, legalistic section on privacy may make these already complex documents even less user-friendly for patients who are asked to read and sign them.
(b) Effects on Clinical Care: The complexity of HIPAA, combined with potentially stiff penalties for violators, can lead physicians and medical centers to withhold information from those who may have a right to it. A review of the implementation of the HIPAA Privacy Rule by the U.S. Government Accountability Office found that health care providers were “uncertain about their legal privacy responsibilities and often responded with an overly guarded approach to disclosing information than necessary to ensure compliance with the Privacy rule”.
Costs of Implementation
In the period immediately prior to the enactment of the HIPAA Privacy and Security Acts, medical centers and medical practices were charged with getting “into compliance”. With an early emphasis on the potentially severe penalties associated with violation, many practices and centers turned to private, for-profit “HIPAA consultants” who were intimately familiar with the details of the legislation and offered their services to ensure that physicians and medical centers were fully “in compliance”. In addition to the costs of developing and revamping systems and practices, the increase in paperwork and staff time necessary to meet the legal requirements of HIPAA may impact the finances of medical centers and practices at a time when insurance companies and Medicare reimbursement is also declining.
We have no dedicated regulatory framework for cloud computing in India. In fact, we have no legal framework for cloud computing in India at all. Even as per the research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. This conclusion of Perry4Law and PTLB has been endorsed by other companies and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.
In short, cloud computing in India is still not trusted. The primary reasons for this situation is absence of legal framework for cloud computing in India, missing privacy laws, absence of data protection laws in India, inadequate data security in India, etc.
Even the cloud computing due diligence in India is missing and companies and individuals are using the same in great disregard of the various laws of India. Cloud computing service providers in India are required to follow cyber law due diligence in India. The cyber law due diligence for Indian companies is now well established but cloud computing and e-commerce service providers are not taking it seriously.
We believe that India must not use software as a service (SaaS), cloud computing, m-governance, etc till proper legal frameworks and procedural safeguards are at place. This has also been accepted by the CIOs community and it is now for the Indian government to do the needful. Similarly, cloud computing security in India is also required to be strengthened. As on date, use of cloud computing in India is not a viable solution as we are ignoring legal and security concerns. Cloud computing in India must be techno legal in nature and till it meets the techno legal requirements, it should not be used in India.
Besides regulatory framework for cloud computing in India we must also ensure high availability levels, appropriate data erasing mechanisms, data privacy at the service provider’s level, export restrictions upon data, data handling monitoring mechanisms, jurisdictional issues, cloud computing security issues, licensing issues for cloud computing, etc.
Privacy violations, data breaches, data thefts, cyber crimes, etc would definitely arise in cases of use of cloud computing in India. Even if a company or individual offers cloud computing services in India, it/he has to comply with many legal provisions and cyber due diligence requirements. The information technology act 2000 (IT Act 2000) has prescribed due diligence requirements for various business organisations and stakeholders. These due diligence requirements equally apply to cloud computing service providers in India.
These due diligence requirements are very stringent and cloud computing providers can find themselves in legal hassles if they ignore the same. Managing sensitive and personal data and information in India is no more a causal approach but it has become very stringent.
With the proposal to codify law of torts in India, more and more civil proceeding for violation of privacy rights may be initiated against the cloud computing service providers. It would be a wise option to establish best practices and cloud computing policy by all stakeholders in their own larger interests.
This is the reason why we need alternative dispute resolution (ADR) mechanism to resolve e-commerce disputes in India. E-commerce regulations and laws in India are limited in nature and this does not allow use of ADR mechanisms and technology driven solutions. For instance, while European Union and other nations are increasingly using online dispute resolution (ODR) for resolving many aspects of e-commerce disputes yet online dispute resolution (ODR) in India is still not known.
Similarly, establishment of e-courts in India can also facilitate early and effective e-commerce disputes resolutions in India. However, till February 2012 we are still waiting for the establishment of first e-court in India. E-courts and ODR in India are urgently required to reduce backlog of cases and for reducing increasing pressure upon traditional courts. E-courts and ODR can also help in e-commerce disputes resolutions in India.
Some of the areas where we must pay special attention include technology related dispute resolution in India, film, media and entertainment industry dispute resolution in India, cross border e-commerce dispute resolution in India, etc. E-courts and ODR can be effectively used for all the abovementioned purposes.
E-commerce players in India have many techno legal obligations to follow and cyber law due diligence in India is one such obligation. Not only legal requirements for undertaking e-commerce in India are stringent but even Internet intermediaries liability in India must be taken seriously by companies engaged in online transactions and businesses.
Realising that cyberspace can bring many commercial benefits; both individuals and companies are ensuring that they have strong online presence. More and more brand promotion and protection in India are done these days in an online environment. Companies and individuals are also ensuring domain name protection in India so that their reputation and goodwill is not misappropriated by others. Brand protection, reputation management and domain name cyber squatting disputes are at rise and the same can be resolved using e-courts and ODR in India.
However, there is a general lack of awareness regarding use of e-courts and ODR for e-commerce disputes resolution. Further, there are very few e-commerce lawyers and law firms in India that can provide expert services in this regard. E-commerce players must also be aware that other laws, including intellectual property laws, can make these e-commerce players labile for civil and criminal actions. For instance, these e-commerce players can be held liable for online infringement of copyright in India of the copyright owners. Similarly, if any person posts an offending material at the e-commerce site or otherwise deal with the e-commerce site in an illegal manner, the e-commerce site owner may find himself in trouble.
Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that before opening an e-commerce website or business, the owner of the same must consult a good techno legal law firm that can advice him upon all the possible and applicable aspect of e-commerce laws in India. Further, Perry4Law and PTLB also recommend active use of e-courts and ODR in India for resolving e-commerce disputes resolutions in India and corporate disputes in India.
We also believe that more effective and useful e-commerce laws in India must be formulated that expressly deal with e-commerce aspects in India. Let us hope that these suggestions would be implemented by Indian government very soon.
The corporate agreements of these corporate houses essentially contain an arbitration clause and adoption of arbitration proceeding to resolve various future differences and disputes. The commercial division of high courts Bill 2009 also recognises that commercial disputes involving large stakes must be resolved urgently and in an expeditious manner.
It is high time for big corporate houses to shift to next dispute resolution revolution known as online dispute resolution (ODR) in India. Companies and individuals must give more stress to ADR and ODR services in India as they are more productive than traditional litigation system of India. In fact, having e-courts and ODR in India can solve almost all the legal problems of companies and individuals in India and world wide.
We need to adopt cyber arbitration in India, online arbitration in India and technology arbitration in India. Further, cyber arbitration and mediation centre in India also need to be established. Online commercial arbitration in India also needs to be developed.
Similarly, legal issues of media and entertainment industry of India have assumed tremendous importance. Entertainment and media industry dispute resolution in India can be resolved using online dispute resolution. Dispute prevention and resolution in the film and media industry in India is presently not exploring use of ODR and e-courts.
Similarly, ODR and cross border e-commerce transactions and dispute resolution of cross border technology transactions are also interrelated. Dispute resolution in technology transactions is the upcoming trend in the field of ODR. Dispute resolution of cross border technology transactions is a complicated process if we adopt traditional litigation methods to resolve them. Dispute resolution in technology transactions and dealings requires an effective, timely and cost effective mechanism. Traditional litigation is definitely not the place to achieve these objectives.
Perry4Law and Perry4Law Techno Legal Base (PTLB) suggest that companies and individuals must incorporate suitable “ODR clauses” so that ODR in India can grow. In fact, we are already doing so and are also providing the exclusive techno legal ODR services in India and world wide. We hope very soon ODR and e-courts would be actively used in India for the larger interest of all stakeholders.
The latest to add to this list are electronic legal due diligence, technology related due diligence and online legal due diligence. These concepts show the growing use of virtual legal due diligence for various legal and administrative purposes.
Parallel and simultaneous development in allied fields is also happening. For instance, use of data rooms for legal compliances and mergers and acquisitions in India and abroad is passing through a transformation stage. Virtual data rooms (VDRs) are replacing the traditional data rooms to facilitate cost effective and more efficient due diligence and merger and acquisition activities. In fact, virtual data rooms and legal compliances are increasingly seen as inseparable and more stress is given to perform virtual legal due diligence in India these days.
Virtual data rooms and virtual legal due diligence in India would also facilitate e-discovery in India. Presently, e-discovery services in India are still grooming. Some recent episodes have shown the importance of e-discovery for social media in India.
The techno legal issues of virtual legal due diligence in India must also be taken care of. There are many technical and legal requirements that must be met before virtual due diligence can be used for legal and administrative purposes. These techno legal requirements are also required to be fulfilled to escape various legal obligations and liabilities that may arise due to improper use of virtual data rooms.
Till now legal due diligence in India is mainly performed in a traditional manner. Physical storage of information and documents in the data rooms is the traditional method of making available information for due diligence and various legal purposes.
However, virtual data rooms (VDRs) have changed the entire scenario. Using data rooms for legal compliances and mergers and acquisitions in India and abroad is giving way to using VDRs for the same and many more legal and non legal purposes. Clearly, virtual data rooms and legal compliances in India are increasingly seen as inseparable and more stress is given to perform online legal due diligence in India these days.
VDRs and online legal due diligence in India would also facilitate e-discovery in India. Presently, e-discovery services in India are still grooming. Some recent episodes have shown the importance of e-discovery for social media in India.
However, we need privacy laws in India, data protection laws in India and data security laws in India to make online due diligence a success in India. Similarly, use of is also not desirable at this stage unless there are sufficient procedural, legal and technical safeguards at place. Cloud computing in India is still not trusted and most of the clouds computing service providers in India are not aware of the stringent laws of India that they frequently violate.
The cyber law trends in India 2012 by Perry4Law and Perry4Law Techno Legal Base (PTLB) have clearly projected that cyber law due diligence in India would going to increase. In fact cyber law due diligence for Indian companies has become so important that it must be made a part of their policies and corporate strategies. One thing that is inevitable in India is the use of online legal due diligence in India in the coming years.
Merger and acquisition has seen many ups and downs in the year 2011 and many crucial developments took place in 2011.
Corporate mergers and acquisitions (M & A) in India are very common. India has been updating its corporate merger and acquisition regulations in India from time to time. Recently, Competition Commission of India (Procedure in regard to the transaction of business relating to combinations) Regulations, 2011 were formulated by the by Competition Commission of India. The main objective of the same was to regulated the combinations formulated in an anti competition manner in India.
Regulatory environment touching mergers and acquisitions in India was also streamlined in the year 2011 and stress upon and technological developments were made. The Securities and Exchange Board of India (SEBI) is planning to use electronic initial public offer (IPO) in India. Foreign investments in pharmaceutical in India has been liberalised by Reserve Bank of India. Similarly, foreign direct investment (FDI) in India has also been liberalised in many crucial areas. Naturally, lots of investments, IPOs, private equity funds exchange and many more collaborative and cooperative activities would take place in India in the year 2012.
The year 2011 envisaged an attempt by Reserve Bank of India (RBI) to regulate banking related mergers and acquisitions (M&A) in India. With the clearance of the Banking Laws (Amendment) Bill, 2011 by the Parliamentary Standing Committee on Finance, this may be the reality very soon.
Further, to streamline the banking transactions, an integrated banking law in India has been proposed. Similarly, the cap upon mobile banking financial transactions in India has been removed by the RBI. These reforms would help merger and acquisition transactions in India in the coming years.
Although there was a slow down in the merger and acquisition deals in India in 2011 yet India’s energy, mining and utilities sector witnessed a sound growth. The telecommunication sector faced the biggest setback in India and there were very few M&A dealing in this sector in 2011.
Reserve Bank of India (RBI) has been issuing guidelines and instructions from time to time to streamline NEFT system in India. However, not all the directions of RBI pertaining to NEFT system are followed by banks in India.
For instance, RBI has in the past directed the banks to ensure positive confirmation to the originator regarding a successful NEFT transaction. However, banks are not following this direction of RBI. Reacting to the same, RBI has through the notification numbered RBI/2011-12/341 DPSS (CO) EPPD No.1199/04.03.01/2011-12, dated 5th January 2012, asked the banks of India to ensured that they must put in place a mechanism which would enable NEFT participating banks to provide a positive confirmation to the remittance originator confirming the successful credit of funds to the beneficiary’s account.
This modification was implemented in NEFT with effect from March 01, 2010 and banks were advised to confirm completion of necessary arrangements to ensure its implementation.
However, even though banks have had sufficient time for making necessary changes in their systems, it is observed that not all banks are sending such confirmations. In most cases, the bank that originated the remittance is unable to provide the confirmation to the originator / sending customer since they do not receive the corresponding confirmation message (N-10 message) from the beneficiary bank. Recent analysis shows that in respect of a large number of banks, the percentage of positive confirmation sent vis-a-vis inward messages received is lower than 10%. A positive confirmation is a unique feature of NEFT and has played a major role in popularising the system amongst the users. Non-adherence to instructions in this regard will undermine the customer service efficiency of the system.
It is once again reiterated that all banks should put in place systems to ensure positive confirmation is sent to the originator in accordance with our above mentioned circular. While it is expected that such confirmation messages are sent as soon as the beneficiary account is credited, it should not exceed beyond end-of-the-day under any circumstance.
Banks have been advised to immediately report to RBI the existing status/process being followed by them for sending such messages, both as originator and receiver. Banks have also been advised to put in place suitable mechanisms immediately by which such confirmation will be sent for all inward / outward messages, if such systems are not already in place. A copy of banks plan of action in this regard is required to be sent to RBI within 15 days of receipt of this notification letter. The performance of banks in this regard will be monitored regularly and any deviation will be viewed seriously.
These directions are issued by Reserve Bank of India, in exercise of the powers conferred by section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007).
The national electronic fund transfer (NEFT) system is a nation-wide system that facilitates individuals, firms and corporates to electronically transfer funds from any bank branch to any individual, firm or corporate having an account with any other bank branch in the country. NEFT system was introduced in November 2005 and till now it has been significantly used in India. In fact, more than 6 million transactions were processed by the NEFT system during the month of January 2010 alone.
The NEFT system of India uses the Public Key Infrastructure (PKI) technology to assure end-to-end security and the Indian Financial Network (INFINET) to connect bank branches for electronic transfer of funds. In line with the system capabilities and user expectations, a number of initiatives have been taken in the recent past to extend operating hours, increase the number of batches and handle more transaction types. Incidentally, NEFT has no amount restrictions and accepts cash up to Rs. 50,000 for originating transactions.
Through a circular numbered BI/2009-10/305 DPSS CO EPPD No.168 / 04.03.01 / 2009-2010, dated 5th February 2010, the Reserve Bank of India (RBI) refined the process-flow and enhancement of features of NEFT system of India.
With a view to further strengthen the NEFT system in terms of availability, convenience, efficiency and speed, the following refinements to process-flow and enhancements to operational features are being introduced –
(i) Tightening of Return Window – Presently, the NEFT procedural guidelines mandate banks to return NEFT transactions in the very next available batch. The NEFT system has, however, been designed to allow destination banks to return transactions on a T+1 basis. The traffic analysis has revealed that a major chunk of returns are effected by banks either in the last batch of the day or in the first batch of the next day, indicating that the transactions are processed by the destination batches only at the end of the day instead of batch-wise. In order to streamline the system and complete the processing cycle on a near-real-time basis, the concept of return within two hours of completion of a batch is being introduced. The B+2 return discipline would require banks to afford credit to beneficiary accounts immediately upon completion of a batch or else return the transactions within two hours of completion of the batch settlement, if credits are unable to be afforded for any reason. Required changes in the SFMS / NEFT software has been carried out. Necessary changes are also being made to the Procedural Guidelines for the purpose.
(ii) Increase in Operating Hours – NEFT is currently available from 9 am to 5 pm on week days and from 9 am to 12 noon on Saturdays. There have been constant requests from various individual and business segments to elongate the operating hours. After examining the feasibility and customer benefits, it has been decided to extend NEFT operating hours from 9 am to 7 pm on week days and from 9 am to 1 pm on Saturdays. Member banks need to effect changes at their end to initiate and / or receive NEFT transactions taking full advantage of the increased hours of operation.
(iii) Move to Hourly Settlements – On date, NEFT has six batches of settlement at 9 am, 11 am, 12 noon, 1 pm, 3 pm and 5 pm on week days and three batches of settlement at 9 am, 11 am and 12 noon on Saturdays. An analysis of daily data has shown that the volume of transactions processed in batches that have a gap of two hours between batches is double the volume of transactions processed in batches that have only an hour’s gap between them. With a view to evenly space out transactions across batches, as also to make the system near-real-time, it has been decided to introduce the concept of hourly settlements. Accordingly, there would be eleven hourly settlements starting from 9 am to 7 pm on all week days and five hourly settlements from 9 am to 1 pm on Saturdays. Necessary changes have been carried out in the SFMS / NEFT software.
(iv) Implementation of Positive Confirmation – At present, the un-credited NEFT transactions are returned by destination banks and it is presumed that credit for all other transactions have been afforded to beneficiary accounts. In order to remove any ambiguity and to introduce the element of positive confirmation, the NEFT outward message format is being modified to contain two additional fields, wherein mobile number and / or e-mail address of the originating customer can be populated. A new message format is also being introduced to relay to the originating bank an acknowledgement containing the date and time of credit, immediately after the credit is afforded to beneficiary accounts. This message would flow from the destination bank / branch to the originating bank / branch. The originating banks after receiving the positive confirmation from the destination banks shall have to initiate a mobile SMS or generate an e-mail to the originator to convey the fate of the transaction. Detailed process flow for generating the positive confirmation is enclosed. SFMS / NEFT has been modified to add the required fields in the existing messages as also to handle the new messages.
The above modifications will be implemented in NEFT with effect from March 1, 2010. Member banks are advised to carry out appropriate changes to their CBS / system interfaces to handle the enhancements. In order to facilitate smooth migration, IDRBT-Hyderabad would release modified patches to be applied on SFMS / NEFT applications by February 15, 2010. For any additional information / clarifications, the NEFT team at the concerned bank can contact officials of DPSS or IDRBT through email.
The process flow of credit confirmation based on CBS banks and non-CBS banks is as follows:
A. CBS Implemented Banks
1. After successfully crediting the beneficiary account, CBS will send a Credit Acknowledgement (N10 message) to SFMS. On receiving the outward N10 message from receiver CBS, SFMS will update the status of respective transactions as “Credited to Customer”. The same outward Credit Acknowledgement (N10) will be sent to RBI Service centre (RBIP0NEFTSC). Outward N10 messages may contain transactions of different banks’.
2. On receiving N10 at RBI Service centre, NEFT segregates the N10’s bank-wise and sends to corresponding sending / initiator bank’s service centre through SFMS.
3. At the bank’s service centre, on receiving the inward N10 messages, corresponding transactions will be updated with the transaction status as “Credited to Customer” and will send the inward N10 to CBS. Finally, SFMS will send credit confirmation to the customer through SMS / e-mail according to the details provided in the field SMS / e-mail of debit transaction.
The CBS branches are provided with the interface to receive the positive acknowledgement from their CBS in a STP manner.
B. Non-CBS Banks
1. After successful crediting to the beneficiary account, the user in the beneficiary branch will initiate a credit acknowledgement by clicking a button provided in SFMS. This will update the status of respective transactions as “Credited to Customer”. An outward N10 message is created and sent to his bank’s service centre IFSC.
2. A new process in SFMS polls on database and consolidates the credit acknowledgements based on the “Credited to customer” status and sends a new outward N10 message to RBI service centre.
3. On receiving N10 at RBI Service centre, NEFT segregates the N10’s bank-wise and sends to corresponding sending / initiator bank’s service centre through SFMS.
4. On receiving the inward N10 messages at Sending bank’s service centre, NEFT will segregate the N10 messages branch-wise and will send them to Gateway à Sender branch IFSC.
5. On receiving the inward N10 messages at Sender branch, corresponding transaction status will be updated as “Credited to the Customer”. Finally, SFMS will send credit confirmation to the customer through SMS / e-mail according to the details provided in the field SMS / e-mail of debit transaction.
The destination banks / branches which are non-CBS may use the SFMS / NEFT screen to create the N10 messages by clicking the appropriate button, similar to creating the return messages.
The originating bank will send the SMS / e-mail to the originator.
The SMS / e-mail will mention – “NEFT Transaction with reference number 123456789 for Rs. 999.99 has been credited on DD-MM-YYYY at HH:MM:SS”.
It is also intended to initiate SMS and / or generate e-mail to be sent to the originator for negative acknowledgements – i.e., for those transactions returned without offering credit to beneficiary accounts.
For the modified / new message format, banks may approach officials of DPSS or IDRBT through email.
Considering the specific needs of the micro finance sector, the existing External Commercial Borrowings (ECB) policy has been reviewed in consultation with the Government of India and it has been decided that Micro Finance Institutions (MFIs) may be permitted to raise ECB upto USD 10 million or equivalent during a financial year for permitted end-uses, under the Automatic Route.
Influence’ in terms of Indian Accounting Standards