/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/3K2Mj8dIV7onmt8yzEkH.png)
According to the new regulations, telecom service providers (TSPs) are reportedly required to grant the government access to critical telecom infrastructure (CTI). The central government can designate communication networks as CTI under the new communication Act, 2023, if their disruption could have a significant effect on public health, safety, the economy, or national security. Reportedly, the government must aslo designate a Chief of Telecom Security Officer (CTSO) in accordance with the regulations.
The government will now require companies that have experienced or encountered cyber security incidents to notify them within six hours, instead of the previous two-hour period. By international standards, six hours is still a relatively short time to report.
Furthermore, government approval is required for remote maintenance or repairs from outside of India, and software or hardware changes must be assessed within 14 days. During cybersecurity crises, immediate updates are permitted as long as the government is notified within 24 hours. Although there will be a digital gateway to oversee these regulations, there have been complaints about the opaqueness of the communications. Finally, the Indian Telecommunication Security Assurance Requirements must be met by all CTI replacement parts, software, and hardware.
The Indian government has been extremely cautious about the country's telecommunications infrastructure in recent years. The centre implemented a new system of trusted suppliers to make sure that no "risky" or Chinese vendor could supply vital telecom infrastructure in India. The government has also requested that the telecoms replace the Chinese vendors' equipment and gear from the live networks that are currently in operation. By doing this, India will eventually have secure infrastructure that its adversaries cannot take advantage of.
Since the Information Technology Act already regulates telecom networks, there may be overlaps with other legal frameworks like the National Critical Information Infrastructure Protection Centre (NCIIPC). Because it is unclear when inspections can begin or what restrictions should be put in place on government employees' access to sensitive data, the regulations also create questions regarding inspection procedures and data access.
According to experts, this may lead to excessive regulation because the Information Technology Act designates the telecom industry as important information infrastructure. So, it is also under the National Critical Information Infrastructure Protection Center's (NCIIPC) purview.
The foreign suppliers that handle practically all of the business in the nation with the telecom companies are Samsung, Nokia, and Ericsson. Samsung was Reliance Jio's chosen vendor when the telco had just begun implementing 4G in the nation, but it is currently a newcomer to the 5G market.