The last quarter was marked by several regulatory and legislative developments in the field of cryptography, telecommunications and cybersecurity. In this update, we discuss some of these developments that businesses need to watch out for.
The original version of this article first appeared in the Trilegal Quarterly Roundup.
Over the past quarter, we have seen an increase in regulation in the crypto space thanks to budget announcements, as well as exciting developments in the areas of telecom and data regulation. The government has beckoned towards a more robust cybersecurity regime. On the telecommunications front, after a busy 2021 with multiple reforms in the sector thanks to a crucial relief plan, the industry is preparing for the introduction of 5G. It will be interesting to see how these developments shape 2022 for the technology and telecommunications sector as well as for businesses in general.
Draft Indian Data Accessibility and Usage Policy 2022
The Ministry of Electronics and Information Technology (MeitY) released the draft Indian Data Accessibility and Use Policy, 2022 (SAD Policy), which aims to transform India’s ability to leverage public sector data by maximizing access to and use of this data to improve policy-making, facilitate the creation of public digital platforms and promote transparency, responsibility and ownership of data sharing and dissemination.
The Draft DAU Policy will apply to all non-personal data and information created and collected by the Government of India. The MeitY will set up an India Data Office (I DO) to streamline and consolidate data access and sharing of public data repositories. All public data will be made shareable and open (i.e. free to use, reuse and redistribute, machine readable and easily accessible). However, this will not apply to public data that falls under a negative list, or data that can only be shared with trusted users in a controlled environment, after obtaining the required permissions from the relevant departments (i.e. i.e. restricted data). As part of the DAU policy, all Ministries/Departments will adhere to and implement the anonymization standard prescribed by law or by IDO/MeitY.
In the same vein, Tamil Nadu has implemented the Tamil Nadu Data Policy (TNDP), which also pursues similar objectives of sharing data with third parties such as private actors and intends to define government processes to ensure good data governance.
Consolidated list of telecommunications reforms introduced in 2021
The Department of Telecommunications (Point) published a consolidated list of telecommunications reforms introduced in 2021, including notifications relating to the rationalization of adjusted gross revenues and bank guarantees paid by telecommunications service providers, the encouragement of spectrum sharing and investment 100% foreign direct (IDE), among others. (To read our detailed update on telecommunications reforms, click here.)
Pushing for the launch of 5G
The Prime Minister’s Office (CPM) has expressed its wish to launch 5G in India by August 15, 2022. According to the media, given the expectations of the PMO on the launch, the DoT had asked TRAI to submit its recommendation on the spectrum reserve price for 5G auctions by March 2022. TRAI therefore published its recommendations on April 11, 2022, which included among others lowering the basic price on all spectrums.
TRAI has also released a consultation paper on “The Use of Street Furniture for Small Cell and Aerial Fiber Deployment” which focuses on issues related to outdoor small cell deployments. Small cells are low-power radio access nodes or base stations operating in licensed or unlicensed spectrum that have a coverage range of a few meters to a few hundred meters. The document recognizes that dense deployment of small cells is essential to ensure mass adoption and availability of 5G services and is necessary to enable 5G functionality to be fully exploited. Accordingly, TRAI has requested feedback on how the use of small cells can be encouraged and the general framework that can be followed to deploy them.
Evolution of Cryptocurrency Regulation
The last quarter has been a mixed bag for the cryptocurrency space. Although the Minister of Finance in her post-budget conference indicated that the Indian government has not yet specified how it intends to regulate crypto assets, the budget itself proposed a 30% tax on income from the transfer of any virtual digital assets. The responsibility for paying the tax will rest with the purchaser of these assets. In addition, the loss resulting from the sale of virtual digital assets cannot be compensated by any other income. This announcement was notified and published in the official journal through the 2022 finance law and entered into force on April 1, 2022. (To consult our point on the tax regime for virtual digital assets, click here.)
Further, in light of multiple complaints about crypto advertisements attempting to lure consumers without full risk disclosure, the Advertising Standards Council of India (ASCI) has published guidelines for the promotion and advertising of crypto and non-fungible tokens. These guidelines will apply to all advertisements published after April 1, 2022 and are based on multiple rounds of discussions with government, financial sector regulators and industry stakeholders. Although its guidelines are not legally binding, where someone has already breached them, ASCI has published their names and also escalated those cases to the relevant regulator.
While the Reserve Bank of India (RBI) has also not officially stated its position on cryptocurrencies, in a keynote address at the 17th Annual Banking Technology Association of Indian Banking and Pricing Association, the Deputy Governor of RBI said Declare that “Banning cryptocurrency is perhaps the smartest choice open to India”.
Proposal for a new cybersecurity regime
Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar reportedly said the government was considering a new cybersecurity regime to ensure that organizations report cybersecurity crimes without covering them up. It will also be mandatory for organizations to report data breaches. According to media reports, if incidents are reported, India’s Computer Emergency Response Team can alert organizations about associated security vulnerabilities, which would allow companies not yet affected to take precautionary measures such as deploying security patches and improved cybersecurity infrastructure.
DoT Releases Amendments and Guidelines for M2M Services and Audiotex License
The DoT has amended the Unified License (UL) and UL for Virtual Network Operator (UL(VNO)) to include Machine to Machine (M2M) services as authorized under these licenses.
M2M services are those where two separate technological entities (such as routers or autonomous vehicles) communicate with each other with minimal human intervention. Under the old regime, there was no separate authorization for the provision of telecommunications connectivity to M2M services under telecommunications licenses. The revised UL and UL(VNO) licenses fall under their purview M2M connectivity providers who provide services exclusively through technologies using unlicensed spectrum in addition to those using licensed spectrum.
This authorization allows an entity to provide the following services:
resource access and integration;
M2M/Internet of Things support and control (IoT) capable infrastructure;
offering M2M/IoT capabilities, including network capabilities and resource exposure to other vendors;
provision of services via a low-power wide area network or equivalent technologies; and
provision of services by radio access.here).
In addition, the DoT also recently notified the “Guidelines for the Registration Process of M2M Service Providers and WPAN/WLAN Connectivity Providers for M2M Services” (M2M guidelines). These guidelines greatly expand the scope of M2M services by providing examples of services that can be classified as M2M services, including fleet management, supply chain management, agriculture automation, smart utilities, including electricity, water, gas, etc.
The recently amended UL regime also covers authorizations for audio conferencing, audiotex, and voicemail services. The previous regime allowed audiotex services to be provided through the UL(VNO) Access License. Now, these services can be offered through a UL audiotex/audioconferencing license, which has relatively less compliance.
The technological regulatory space continues to evolve constantly and with the introduction of 5G, we can expect a lot more activity in this area. The Data Protection Bill is also expected to be approved by the Government soon and may be introduced in the Monsoon Session of Parliament (to read our update on the Data Protection Bill 2021 click here). The government has also pushed for platform unbundling and we could see the network open for digital commerce (ONDC) creating major changes in the e-commerce space. To learn more about ONDC, watch our video here.
To see more content from the latest issue of the Trilegal Quarterly Roundup, click here.