Cyber law of India is incorporated in the form of Information Technology Act, 2000 (IT Act 2000). The cyber law of India is a young and evolving law as it has been in force for almost one and half decade only. As a result the stakeholders of this field are still not well versed with the rights, obligations and liabilities arising out of the same. Nevertheless, the IT Act 2000 provides regulatory framework regarding cyber law, cyber crimes, e-governance, e-commerce and cyber law and cyber security due diligence.
The Indian Companies Act, 1956 remained in force for almost 58 years though it was required to be changed much earlier. The Ministry of Corporate Affairs (MCA) has recently notified many provisions of the Indian Companies Act, 2013 (PDF) and corresponding rules under the same. Thus, a new regulatory regime for corporate law of India has substituted the old company law of India.
The new framework has also prescribed many techno legal compliance requirements that are not only novel but also complicated to manage by the companies and their directors. As a result the directors’ liabilities under the Indian Companies Act 2013 of have significantly increased. These include the cyber law and cyber security regulatory obligations as well.
The directors should particularly keep in mind the legal mandates of cyber law due diligence requirements (PDF), cyber security due diligence, e-discovery compliances, cyber forensics compliances, etc. The cyber litigations against Indian and foreign companies and websites is going to increase in future. For instance, Target Corporations facing litigations in numerous jurisdictions due to cyber security breach that it failed to address properly. Naturally, cyber due diligence cannot be ignored by Indian companies and their directors anymore.
The new company law regulatory framework prescribes management and inspection of documents in electronic form, electronic voting, electronic notices, etc that require a techno legal compliance on the part of Indian companies. The Companies Act 2013 also specifically made applicable many provisions of the IT Act 2000 and thereby expanding the scope of regulatory compliances under the 2013 Act.
Stakeholders like Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc are required to comply with the techno legal requirements as prescribed under the Companies Act 2013, Information Technology Act, 2000 and other applicable laws of India.
The cyber security trends and development in India 2013 (PDF), provided by Perry4Law’s Techno Legal Base (PTLB), have also indicated that various corporate stakeholders would be required to comply with cyber law and cyber security related obligations in the near future. As on date, companies and directors are not complying with the cyber law and cyber security obligations as prescribed by Indian laws and regulations. Indian companies and their directors have for long ignored the compliance requirements of Indian laws, especially laws pertaining to cyber obligations and cyber security compliances. Previously, these violations were required to be prosecuted independent of the Companies Act, 2013. Now these techno legal compliance requirements have been specifically incorporated into the Companies Act, 2013 itself.
Directors are also officer in default for which they can be not only held liable but prosecuted as well. The prosecution of directors for cyber violations would increase manifolds if suitable techno legal policies are not formulated and implemented at the top levels. Perry4Law strongly recommends that suitable techno legal policies must be implemented by Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc as soon as possible.