There was no need to hold public consultations before releasing the cybersecurity directive because the aam aadmi (common man) is not impacted by it, Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, said on May 18 while releasing the FAQs document for the cybersecurity directive. Ironically, just a few minutes before making this comment, Chandrasekhar praised the IT Ministry's open approach to consultations: "Two broad things are becoming signature practices of our Ministry. One is that as we create legislation and rules, we will undertake public consultations before we finalize those and then follow those rules or directions or legislation with easy to understand and easy to comprehend FAQs that go to explain what the logic is, how the rules or legislation or directions are operationalized, and what the end outcome and objective of these changes are." (emphasis ours) What is the cybersecurity directive? The Indian Computer Emergency Response Team (CERT-In), which falls under the IT Ministry, on April 28 issued a new directive covering aspects related to the timeframe for reporting cybersecurity incidents, synchronisation of system clocks, maintenance of logs, maintenance of KYC and transaction information for crypto exchanges, and maintenance of detailed customer information for VPN, cloud service, data centre providers. Cybersecurity experts, VPN providers, and tech companies have all criticised the directive for a long list of reasons including that public consultations were not held prior to the release of the directive. Industry stakeholders were consulted: IT Ministry In the FAQs document, the IT Ministry said that consultations…
