Recently the Ministry of Corporate Affairs (MCA) notified many provisions of the Indian Companies Act, 2013 (PDF) and corresponding rules under the same. Most of the corporate stakeholders have considered the new company law of India as a purely corporate regulatory framework. However, this is not true as the Indian Companies Act 2013 has prescribed legal obligations that are far more complicated than the traditional company law.
The truth is that the new company law of India has prescribed many techno legal compliance requirements that very few companies and their directors are capable of managing. As a result cyber law and cyber security related legal violations would be in abundant in the coming times.
With the formulation of the proposed cyber security breach disclosure norms of India and possible cyber security laws in India, Indian companies and their directors would find themselves in a legal fix. The powers of Serious Frauds Investigation office (SFIO) have also been significantly increased by the Companies Act 2013. SFIO has become very active in prosecuting Indian companies and their directors in the recent past. With the notification of the Companies (Inspection, Investigation and Inquiry) Rules, 2014 (PDF) SFIO would become more active in this regard.
The legislature made it sure that the regulatory compliances under Indian Companies Act 2013 should cover cyber law and cyber security compliances as well. The directors’ liabilities under the Indian Companies Act 2013 also cover cyber law due diligence (PDF), cyber security due diligence, e-discovery compliances, cyber forensics, etc on their part. Even the cyber security obligations of law firms in India has significantly increased and various stakeholders, including companies and law firms, must keep in mind the international legal issues of cyber security.
The Companies (Management and Administration) Rules, 2014 (PDF) also prescribe many techno legal and cyber security obligations upon the directors of a company. The directors must be well versed with the techno legal regulatory provisions under the Companies Act 2013 and other technology laws of India.
The cyber security trends and development in India 2013 (PDF), provided by Perry4Law’s Techno Legal Base (PTLB), have also indicated that various corporate stakeholders would be required to comply with cyber law and cyber security related obligations in the near future. As on date, companies and directors are not complying with the cyber law and cyber security obligations as prescribed by Indian laws and regulations.
As the cyber law and cyber security obligations of the directors of companies operating in India have been clearly mandated by various laws of India, it is in their own interest to ensure their due compliance.