NASSCOM : Public Policy | Volume 3 | Issue 06 | June 2022
In Focus
CERT-IN: Release of FAQs on new Cyber Security Directions
NASSCOM along with the Data Security Council of India (DSCI) is engaged with the industry and the government to assess the implications of the Cyber Security Directions issued in April by the Indian Computer Emergency Response Team (CERT-In).
The Directions are in addition to the IT (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules 2013 (CERT-IN Rules) and are slated to come into effect on June 27, 2022. It is important to note that, like the CERT-IN Rules, these Directions are applicable to every "service providers, intermediaries, data centres and body corporates" having a computer resource/ network in India i.e., everyone starting from a single person service provider.
At a fundamental level, three aspects of the Directions, taken together, make them onerous and disproportionate to the regulatory objective. In brief:
Bullet The broad list of type of incidents to be mandatorily reported has increased to 20 (as against 10 in the CERT-IN Rules). In addition, there are new requirements related to mandatory maintenance of customer records and logs.
Bullet The incidents are now required to be reported, by everybody covered, within 6 hours of noticing (as against "within a reasonable time of occurrence or noticing", under the CERT-IN Rules), and
Bullet Given the Directions are not issued under the CERT-IN Rules, there is no mention of a Review Committee in the Directions. These risks exposing all businesses and service providers to the risk of imprisonment for one year or a fine of Rs One lakh, without the Review Committee being required to consider the same.
Based on industry's initial feedback, CERT-In has released a set of Frequently Asked Questions (FAQs), to try and address some of the industry's concerns. The FAQ have introduced material changes. The requirement of the industry is to have the important changes incorporated into the Directions to give them a legal basis and address other unintended consequences of the Directions.
For more details, kindly write to varun@nasscom.in and apurva@nasscom.in.
Submission & Representation
Joint Paper on Enabling Data Transfers for India-UK Digital Trade
NASSCOM, UK India Business Council (UKIBC) and TechUK have released a Joint Position Paper on Enabling Data Transfers for India-UK Digital Trade aimed at promoting data protection in both countries while enabling free flow of data in the UK-India corridor. It offers specific suggestions to both governments to commit to the protection of personal information via adequate and comprehensive legal regimes and ensure that measures restricting data transfers are least onerous and in furtherance of public policy, national security, or strategic objectives.
Read More
Haryana: Representation on Contract Labour Challenges
On May 17, 2022, NASSCOM made a representation to the Haryana Labour Department and highlighted the challenges being faced by the industry in getting Contract Labour Regulation and Abolition (CLRA) licenses. In our representation, we suggested that requirement of seeking certified copies of the standing order for the purpose of CLRA applications should not be made mandatory. We further highlighted that other than Haryana, no other State has imposed such a requirement on the tech industry. For more details, kindly write to deepak@nasscom.in and asaggarwal@nasscom.in.
Special Economic Zones (SEZ): Representation seeking extension of Work from Home relaxations
We are actively engaging with the Ministry of Commerce for making necessary amendments in the SEZ regulations towards enabling permanent hybrid working model. Earlier in the month, based on a survey, we submitted a detailed report to the Government highlighting the positive impact of the remote working models on productivity on the tech companies based in SEZs. Additionally, we also wrote to the State SEZ authorities, seeking further extension of the current work from home relaxations beyond June 30, 2022, to enable industry to follow hybrid working models. On May 27, 2022, the Noida SEZ Authority issued a circular to extend the facility to work remotely till December 2022.For more details, kindly write to deepak@nasscom.in and asaggarwal@nasscom.in.
Delhi: Representation seeking 24x7 operations for e-commerce and warehousing entities
We made a representation to the Government of NCT Delhi seeking blanket permission for e-commerce and warehousing entities to carry out operations 24x7 in the State. We also suggested that such entities should be allowed to employ women in night shifts subject to certain safety and security conditions. For more details, kindly write to deepak@nasscom.in and garima@nasscom.in.
Labour Reforms: Submission on Karnataka Code on Occupational, Safety, Health and Working Conditions (OSHW)Rules
We submitted our response to the Labour Department of Karnataka on the Karnataka OSHW Rules. In our submission, we proposed deletion of certain mandatory particulars such as Aadhaar, ESIS/UAN etc. from the appointment letter. We also recommended changes in the daily working hours limit to enable employers to adopt flexible work models including providing flexibility to employers to provide notices to workers in an electronic medium. For more details, kindly write to deepak@nasscom.in and asaggarwal@nasscom.in.
Labour Reforms: Feedback on Tamil Nadu State Rules
We made submissions to Tamil Nadu State Rules on Code on Wages, Code on Industrial Relations (IR) and the Code on Occupational, Safety, Health and Working Conditions Rules, 2022 (OSHW). Amongst several recommendations, some of the key suggestions that we made regarding each of these Rules include; a) the need to have flexibility (under IR Rules) for establishments having existing well-established mechanisms in place towards maintaining amity between the employer and the employee to setup Grievance Redressal Mechanism and Work Committee; b) flexibility in daily working hours limit (under the OSHW Rules) to enable employers to adopt flexible work models; c) removal of certain mandatory fields such as Aadhaar number, father names etc., from the wage slips (under the Wage Rules). For more details, kindly write to deepak@nasscom.in and asaggarwal@nasscom.in.
Ministry of Environment: Amending the Hazardous Waste Management Rules
We submitted a representation to Ministry of Environment, Forest and Climate Change (MOEFCC) seeking amendment to the Hazardous and Other Wastes (Management and Transboundary Movement) Rules, 2016 (HWM Rules) to allow imported refurbished spare parts to be used for all types of repair services. We highlighted that this would enable the industry to cut unnecessary expenses and operate in a manner that they remain competitive in the international markets. We also suggest that the industry will continue to re-export the equivalent number of defective parts, to address the potential concern of accumulating un-usable spares in India. For more information, kindly write to garima@nasscom.in.
GST: Representation highlighting issues faced due to registration requirement as Input Service Distributor for common expenses incurred on behalf of branch office
As per a recent ruling by Maharashtra Appellate Authority for Advance Ruling, facilitation of common input service by head office (HO) from third party vendors on behalf of branch offices shall be treated as "supply of service". However, the GST law does not mandate companies to adopt Input Service Distributor (ISD) mechanism i.e., obtaining a separate registration for distribution of Input Tax Credit (ITC) in respect of common services to Branch Offices (BO) across the country. Moreover, due to the limitations associated with ISD mechanism like increased compliances and admin cost, many taxpayers follow cross-charge mechanism. In this regard, we made a representation to GST Officials on May 20, 2022, recommending that management oversight or stewardship services should not be liable to GST and cross-charge or ISD transfer should be available as an option to taxpayers.
Read More
GST: Representation on taxability of import of free of cost software from related party
GST law provides a deeming provision whereby import of services by a person from a related person outside India is considered as supply even when made without consideration. As a result, GST is applicable on supply/access to services from overseas entities/ affiliates on free of cost basis for the recipient in India under reverse charge mechanism. In this regard, we have made a submission to Ministry of Finance (MoF) highlighting that access to software provided by overseas affiliates to Indian companies is for the limited purpose of enabling provision of services back to the overseas affiliate and not for any other purposes. We have requested the government to issue a circular to clarify that deeming fiction would be applicable only to taxpayers who are not eligible to avail full input tax credit.
Read More
National Health Authority (NHA): Feedback on Health Data Management Policy 2.0
We submitted our feedback to NHA on its stakeholder consultation on draft Health Data Management Policy 2.0 (draft Policy). Our key suggestions include amongst others - a) for the purposes of the draft Policy, the definition of sensitive personal data must be narrow; b) the broad requirements for local storage of all personal data within geographical boundaries in India should be removed; and c) the NHA should identify risks in dealing with non-personal data and require entities to ensure that those risks are addressed.
Read More
Reserve Bank of India (RBI): Representation on allowing 'In-App' notifications by regulated entities
We made a representation to RBI on allowing In-App notifications by RBI regulated entities (REs) for safe and secure transmission of information related to any account-based transactions of a customer. Alternatively, we also recommended that the RBI could consider defining what all a notification shall entail and amend its circulars requiring REs to send SMS-based alerts to its customers. In our representation, we suggested a phased approach, and suggestions on safeguards which may be placed for In-App notifications.
Read More
Government of Rajasthan: Submission of Draft Rajasthan Virtual Online Sports (Regulation) Bill, 2022
We submitted our response to Government of Rajasthan’s stakeholder consultation on the draft Rajasthan Virtual Online Sports (Regulation) Bill, 2022 (draft Bill). In our submission, we noted that - a) considering the nature of online gaming, collaboration between the central and state government is needed to regulate online gaming; and b) to provide regulatory certainty to the gaming industry, there must be a central framework enlisting certain elements such as age-rating, KYC processes, taxation processes etc.
Read More
Dialog & Discussion
Department of Consumer Affairs: Fake Reviews on e-Commerce Platforms
We participated in a discussion by the Department of Consumer Affairs on the measures and safeguards to prevent fake and misleading reviews on e-commerce platforms. We highlighted a few international best practices on robust rules to prevent fake consumer reviews. We suggested that rules that prohibit commissioning reviews in exchange of certain benefits can be considered in the Indian legal framework. We also emphasised that any additional liability on e-commerce platforms with respect to consumer reviews should be proportionate to their role in the e-commerce ecosystem. For more information, kindly write to garima@nasscom.in.
Meeting with DPIIT on Decriminalisation of IP Laws
We participated in a meeting organised by the Department for Promotion of Industry and Internal Trade (DPIIT) to seek stakeholders' views on decriminalisation of Intellectual Property (IP) laws. In the meeting, NASSCOM suggested that the Government should consider decriminalising provisions related to foreign filing license requirement and working of patents under the Indian Patent Act. We further suggested that requirement to seek foreign filing license should be made applicable only for defence related inventions. Under the Copyright Right Act, we suggested that Government should consider decriminalising certain infringements which are not done with malafide intent or unknowingly and rather consider enhancing the existing penal provision to create a strong deterrent. For more details, kindly write to deepak@nasscom.in and asaggarwal@nasscom.in.
Analysis of (Draft) Data Protection Act of 2021
In December 2021, the Joint Committee reviewing the Personal Data Protection Bill of 2019 released a report which contained a revised (Draft) Data Protection Act of 2021 (DPB 2021). NASSCOM has identified suggestions on the DPB 2021, including: (1) making the categories of sensitive personal data more workable (2) reinstating the purpose specification principle (3) reworking the enabling clause for processing non-residents' personal data in India as an upfront exemption (4) making the regulation of data transfers more flexible and interoperable with global frameworks (5) reviewing the exemptions with a constitutional perspective (6) removing criminal penalties (7) making the Authority more independent. For more details, kindly write to varun@nasscom.in and apurva@nasscom.in.
News & Upcoming
Call for Inputs: SEBI's Consultation Paper on Pre-filing Offer Document
SEBI has released a consultation paper seeking suggestions on the proposal to introduce pre-filing of offer documentation in case of Initial Public Offer (IPO). It is proposing to introduce a mechanism for SEBI to review the offer document via a confidential 'pre-filing'. This is likely to address concerns of the issuer companies regarding the disclosure of sensitive information in the Draft Red Herring Prospectus (DRHP) to competitors without the certainty of executing the IPO. It has also proposed to introduce a process for allowing public to comment on the draft offer document. Kindly send your inputs by June 3 to garima@nasscom.in.
Read More
Call for Inputs: MEITY's Draft National Data Governance Framework Policy
MEITY has released a new draft policy, which will apply to (1) all government entities and all data collected and being managed by them (2) all non-personal datasets and platforms governing its access and use by researchers and start-ups. The policy seeks to launch a new India datasets program and a new India Data Management Office (IDMO) under the Digital India Corporation under MEITY. The IDMO has a wide range of functions. Kindly send your inputs by June 6 to varun@nasscom.in and apurva@nasscom.in.
Read More
other update
DRDO: Royalty free patents to Indian industries
The Defense Research and Development Organisation (DRDO) has offered more than 600 patents for use, sale and manufacture to Indian industries without any license fees or royalty payment in order to promote development of indigenous products in the defense space. The access to these patents shall be made on non-exclusive basis and will be valid for the period of five years. The list of patents and procedure to seek license for accessing these patents is available at DRDO website here.
SEZ: Noida Authority extends Work from Home relaxations till December 31, 2022
The SEZ Authority of Noida Special Economic Zone has extended the Work from Home relaxations till end of the year i.e., December 31, 2022. With this, all IT/ITeS units that comes under the jurisdiction of Noida SEZ can continue working in the hybrid manner as per their requirements. Earlier, NASSCOM had written to Department of Commerce and highlighted the challenges being faced by IT-BPM companies in SEZs citing lack of clarity towards implementing hybrid working model beyond June 2022.
Read More
European Commission (EC): Release of new Questions and Answers (Q&As) on Standard Contractual Clauses (SCCs)
The EC, in May, released a set of Q&As (available here) on the new SCCs released earlier in June 2021 that will come into force from December 27, 2022. These Q&As provide practical guidance on how stakeholders can use the SCCs vis-a-vis compliance with the General Data Protection Regulation (GDPR). Notably, they indicate that a new set of SCCs to transfer personal data to controllers or processors outside Europe that are directly subject to the GDPR. For more information, kindly write to varun@nasscom.in and apurva@nasscom.in.
GST Council: Parity for offline and online sellers on GST threshold
NASSCOM has been continuously advocating with the GST officials to bring in parity in terms of registration and payment of GST for small sellers selling online vis-à-vis offline sellers, in the GST law. Based on our informal discussions with senior officials in the Central Board of Indirect Taxes and Customs (CBIC), we have been informed that the GST Law Committee is likely to approve the notification soon to bring parity between the online and offline sellers operating through e-commerce platforms. For more information, kindly write to tejasvi@nasscom.in.
Read More
Copyright © 2022, NASSCOM Advertise with us