CERT-IN’s directive for reporting cyber incidents

The rapid pace of India’s digitalisation poses new security risks, as developments in emerging technologies is making an impact in various sectors. The multilayered digital ecosystem comprising infrastructure, technologies, applications, and devices is complex, and cybersecurity incidents are evolving at a breakneck pace.

Given this background, the Indian Computer Emergency Response Team (CERT-IN) issued a directive on 28 April 2022 mandating that all cybersecurity incidents need to be reported to CERT-IN within six hours from incident identification/notification. Going forward, this new directive will help organisations strengthen their cybersecurity posture.

Key highlights

The CERT-IN directive is all set to become a law from 27 June 2022. These new directives, released jointly by MeitY and CERT-IN to augment, carry out analysis, and investigate cyber incidents, falls under Sub-section (6) of Section 70B of the Information Technology Act, 2000 and mandates the following:

Did you find this useful?