Delaying the inevitable: Implementation of CERT-In’s Cybersecurity Directions gets a piecemeal extension

On June 27, 2022, the Indian Computer Emergency Response Team (“CERT-In”) issued a notification (No. 20(3)/2022-CERT-In) in relation to the extension of timelines for partial enforcement of Cyber Security Directions of April 28, 2022 (“Directions”) issued under sub-section (6) of section 70B of the Information Technology (“IT”) Act, 2000. The Directions were scheduled to go into effect 60 days from the date of their notification. While the timelines for enforcement of the entire Directions have been extended for Micro, Small and Medium Enterprises (“MSMEs”), for Data Centres, Virtual Private Server (“VPS”) providers, Cloud Service providers and Virtual Private Network (“VPN”) service providers only specific requirements relating to the validation of subscribers/customers details have received a timeline extension. The new date for enforcement of the Directions for such entities and specific requirements is September 25, 2022.

This is a companion discussion topic for the original entry at