Top Secret: One year on, CERT-In refuses to reveal information about compliance notices issued under its 2022 Directions on cybersecurity

On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) issued Direction No. 20(3)/2022-CERT-In (“Directions”) under Section 70B (6) of the Information Technology (“IT”) Act, 2000. The Directions are ostensibly aimed to address information security practices, procedures, prevention, response, and reporting of cyber incidents. These Directions threw up significant challenges for users’ privacy through mandatory data collection and storage by service providers, and undisclosed data sharing by CERT-In.

This is a companion discussion topic for the original entry at