The heat is growing against foreign telecom equipments makers. Those on the list include the Chinese companies like Huawei and ZTE
that are increasingly seen as a potential national security and cyber
security threat to India and other jurisdictions. Recently, the Indian
Electrical and Electronic Manufacturers’ Association (IEEMA) suggested
that Indian government should consider banning imports of equipment
related to power generation and telecom from China. This has come after
the intelligence agencies of India expressed similar opinion.
Similarly, the increasing targeting of foreign nationals by intelligence agencies like National Security Agency (NSA) of U.S. and Government Communications Headquarters (GCHQ) of United Kingdom has also badly shaken the trust upon telecom companies operating from these jurisdictions.
For instance, Cisco, IBM, Microsoft and Hewlett-Packard have reported
declines in business in China since the NSA surveillance program was
exposed. Similar treatment is expected in India as India has already
justified its Preferential Market Access (PMA) Policy for domestic telecom equipments manufacturers. India is also considering formulating norms for import and testing of telecom equipments in India. The security agencies of India have even suggested use of indigenously made cyber security softwares.
Recently the Telecom Merger and Acquisitions (M&A) Guidelines 2014 of India were announced by Indian government. The FDI policy for telecom sector of India 2014
(PDF) has also been revised to espouse greater interest of foreign
telecom stakeholders. However, various telecom policies of India are
subject to clear cut exception of national and cyber security
compliances on the part of foreign and domestic telecom companies. In
the present circumstances, companies like Huawei, ZTE, Cisco, IBM,
Microsoft, Hewlett-Packard, etc would be required to ensure techno legal telecom due diligence compliances in India before their offers and proposals are accepted in India.
To control the damage these companies have started exploring
mechanisms to inculcate trust among users and governments of foreign
nations. Some of them have even embraced the idea of developing
surveillance free products to keep praying eyes and ears at minimum.
These include use of sophisticated encryption technology and development
of self destruction products in case of possible breach of security.
However, encryption laws of India and cloud computing legal risks in India are still not considered by these foreign companies.
We at Perry4Law
believe that all Subsidiary/Joint Ventures of Foreign Companies in
India, especially those dealing in Information Technology and Online
Environment, must mandatorily establish a server
in India. Otherwise, such Companies and their Websites should not be
allowed to operate in India. The Ministry of Home Affairs, India and
Intelligence Bureau (IB) are already exploring this possibility.
A “Stringent Liability” for such Indian Subsidiaries dealing in
Information Technology and Online Environment must be established by
Laws of India. More stringent online advertisement, e-commerce, telecom
security and cyber security provisions must be formulated for such
Indian Subsidiary Companies and their Websites.