Govt may extend the deadline for Cert-In cyber compliances for MSMEs

Ease of Doing Business for MSMEs: “We are very clear. We will not make SMEs or MSMEs bear the burden of this additional compliance until they are ready,” MoS for Electronics and Information Technology Rajeev Chandrasekhar said.

Written by MSME Desk

October 13, 2022 21:54 IST

MSMEs, SMEs, Electronics and Information Technology, Rajeev Chandrasekhar, Minister, union government, compliance, directives, SMBs, MSEs, small businesses, VPS, VPN, Data Centres, cybersecurity norms, IT Ministry, data, Cert-In guidelines, human resource, operational cost

This is the second time MSMEs are getting an extension in the compliance deadline by the ministry.

Ease of Doing Business for MSMEs: The union government may extend the deadline to comply with its cyber security directives by three months making it applicable for micro, small, and medium enterprises (MSMEs) as well as small and medium enterprises (SMEs), Minister of State for Electronics and Information Technology Rajeev Chandrasekhar told Economic Times (ET).

“We are very clear. We will not make SMEs or MSMEs bear the burden of this additional compliance until they are ready,” the minister said.

Also Read: Gold and silver jewellery hit Rs 3,000 crore in sales on Karwa Chauth: CAIT

The guidelines released by the Indian Computer Emergency Response Team (Cert-In) on April 28 guidelines required all companies, intermediaries, data centres and government organisations to report any data breach to the government within six hours of becoming aware of it.

It had also mandated Virtual Private Network (VPN) service providers to maintain all the information they had gathered as part of know-your-customer (KYC) rules and provide it to the government as and when required. However, the directive has led to several VPN providers exiting India.

Earlier on May 18, in a press conference to explain the FAQs on the Cert-In guidelines, Chandrasekhar said VPN service providers that did not want to adhere to the guidelines were “free to leave India”.

As a relief to the SMEs, the government is more flexible for these units as far as adherence to new directive is concerned, reported Economic Times. This is the second time MSMEs are getting extension in the compliance deadline by the ministry.

The ministry in the month of June allowed a breather of 90 days, or until September 25, to all companies after it received representations from SMEs, MSMEs, data centres, VPS, VPN, and cloud service providers that they required more time to “build capacity”.

Sources in the IT ministry informed that though larger companies and VPN providers have complied with the directive, some MSMEs have cited a lack of “adequate human resources” to comply with the cybersecurity norms, the report said.

“One problem that we have been made aware of several times is that there is a lack of cost-effective human resources in the country,” a senior government official said.

Also Read: GeM: Public procurement crosses Rs 3 lakh crore; doubles in 12 months

The official mentioned, “Some of the other requirements, such as maintaining data for three years, are also adding to their operational cost. While it is difficult to relax these norms, we have given additional time and will meet them to figure out a solution.”

The IT ministry came out with some FAQs on the Cert-In guidelines on May 18, during which it made clear that particular aspects of how the six-hour norm would work, along with the details that the VPN service providers would have to keep for five years.

TOPICSMSME News MSME Strategy

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news. .

This article was first uploaded on October thirteen, twenty twenty-two, at fifty-four minutes past nine in the night.