Fri Nov 22 12:19:59 UTC 2024: ## India Notifies Strict New Telecom Cybersecurity Rules
**New Delhi, November 22, 2024** – The Indian government has officially implemented new cybersecurity rules aimed at bolstering the nation’s communication networks. These regulations mandate stringent reporting timelines for telecom companies to disclose security incidents, empowering the central government or its authorized agency to access traffic data (excluding message content) for cybersecurity purposes.
Telecom entities are now required to adopt comprehensive cybersecurity policies encompassing risk management, security safeguards, staff training, network testing, and vulnerability assessments. A key component of these policies is a rapid response system for handling security breaches, including forensic analysis to prevent future occurrences. Each company must also appoint a Chief Telecommunication Security Officer.
Reporting requirements are strict: telecom companies must report security incidents to the central government within six hours, providing detailed information including the number of affected users, geographical impact, and remedial actions within 24 hours. Manufacturers of equipment with IMEI numbers are also required to register with the government before the first sale of such equipment in India.
The rules clearly define cybersecurity violations, prohibiting actions that endanger network security through misuse, fraud, or transmission of fraudulent messages. The government assures that any collected data will be handled with strict confidentiality and protected from unauthorized access. The new rules are implemented under the recently enacted Telecom Act.
First Piper 