The Ministry of Electronics and Information Technology (MeitY) on May 18 released a Frequently Asked Questions (FAQs) document "to explain the nuances" of the cybersecurity directive issued by CERT-In, which has received strong pushback from cybersecurity experts for being ill-advised, impractical, unclear, and overly burdensome on companies. The FAQs attempt to address some of the concerns, but they also introduce some new concerns. What is the cybersecurity directive? The Indian Computer Emergency Response Team (CERT-In), which falls under MeitY, is the government-appointed nodal agency tasked with performing cybersecurity-related functions in the country. On April 28, the agency issued a new directive covering aspects related to the timeframe for reporting cybersecurity incidents, synchronisation of system clocks, maintenance of logs, maintenance of KYC and transaction information for crypto exchanges, and maintenance of detailed customer information for VPN, cloud service, data centre providers. What aspects do the FAQs…
