Topics In Demand
Notification
New

No notification found.

NASSCOM Paper on 'Cryptographic Information Security and Export Controls in India'
NASSCOM Paper on 'Cryptographic Information Security and Export Controls in India'

October 5, 2021

207

0

NASSCOM has published a paper titled ‘Cryptographic Information Security and Export Controls in India’, highlighting the challenges faced by the industry in classifying cryptographic information security items, software, or technology under the relevant category of the SCOMET list, the approaches adopted by other jurisdictions towards controlling cryptographic information security and suggestions on adopting some of these best practices in India.

Background:

The increasing commercial availability of cryptography as an information security tool in consumer applications, led to the classification of information security products and technology as “dual-use”. Consequently, information security products and technology are subject to export control restrictions under the export control regime of India and many other countries. India maintains controls over the exports of information security products and technology through Category 8A5 Part 2 of the SCOMET List. Cryptographic information security items, software, and technology, being exported from India, require an export licence from the Government of India, if they fall under this category.
 

Suggestions made:

1. Guidance is needed from the government for appropriate classification by the industry under the relevant text of Category 8A5 Part 2 of the SCOMET list. Specifically, there is a need for clarity on various terms and phrases, including:

  • What would constitute ‘of potential interest to a wide range of individuals and businesses’ as given under Note to Cryptography Note of Category 8A502 of the SCOMET list.
  • Whether ‘cryptographic functionality cannot easily be changed by the user’ as given under Cryptography Note would include turning on and off the encryption facility.
  • The meaning of primary function and non-primary functions as given under Category 8A502 a. of the SCOMET list.

2. There are approaches from other countries which can be adapted by India, given our early stage in the export control regime, which will improve the overall regime as well as assist the industry in complying with obligations. These include:

  • Introduction of bulk licences for certain cryptographic information security items, software or technology along with appropriate safeguards in the form of post-reporting requirements, implementation of internal compliance programme etc. This will significantly reduce the compliance burden on the industry.
  • Creation of a helpdesk to promptly assist the industry with classification queries. This will assist the industry in avoiding mis-classification or non-classification errors.
  • Complete digitisation of the SCOMET licensing process, that will enable the applicant to track the application status in real-time, submit and exchange all relevant application related documents in a centralised system and enable a two-way communication between applicant and licensing authority for timely resolution of gaps in the application.

Way forward:

This paper will form the basis of our advocacy efforts with the government, for the improvement of India’s export control regime generally, and as applicable to cryptographic information security, specifically.

The study has been attached with this post. For more information, kindly write to garima@nasscom.in.

We look forward to a continued engagement with the industry on issues related to export control laws applicable to cryptographic information security.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Download Attachment

20211005_EncryptionExportControl_NASSCOMPaper_final.pdf

images
Garima Prakash
Manager, Public Policy and Government Affairs

Reach out to me for all things policy about e-commerce, international trade, export controls, start-ups and fintech

© Copyright nasscom. All Rights Reserved.