Cybersecurity Laws Every Business Operating in India Must Know
Antara Bhattacharyya
Information Technology Act, 2000: India’s primary cyber law addresses hacking, data theft, identity fraud, and penalties, forming the legal backbone for digital security compliance.
Digital Personal Data Protection Act, 2023: Mandates lawful data processing, user consent, breach reporting, and significant penalties for mishandling personal digital information by businesses nationwide.
CERT-In Directions, 2022: Requires organizations to report cybersecurity incidents within strict timelines and maintain IT logs to strengthen national cyber resilience frameworks.
RBI Cybersecurity Guidelines: Financial institutions must implement robust security controls, conduct periodic audits, and establish effective incident response mechanisms to safeguard their customers' financial data.
Intermediary Guidelines and Digital Media Rules, 2021: Online platforms must exercise due diligence, remove unlawful content, and ensure grievance redressal mechanisms to avoid regulatory liability.