The heat is growing against foreign telecom equipments makers. Those on the list include the Chinese companies like Huawei and ZTE that are increasingly seen as a potential national security and cyber security threat to India and other jurisdictions. Recently, the Indian Electrical and Electronic Manufacturers’ Association (IEEMA) suggested that Indian government should consider banning imports of equipment related to power generation and telecom from China. This has come after the intelligence agencies of India expressed similar opinion.
Similarly, the increasing targeting of foreign nationals by intelligence agencies like National Security Agency (NSA) of U.S. and Government Communications Headquarters (GCHQ) of United Kingdom has also badly shaken the trust upon telecom companies operating from these jurisdictions.
For instance, Cisco, IBM, Microsoft and Hewlett-Packard have reported declines in business in China since the NSA surveillance program was exposed. Similar treatment is expected in India as India has already justified its Preferential Market Access (PMA) Policy for domestic telecom equipments manufacturers. India is also considering formulating norms for import and testing of telecom equipments in India. The security agencies of India have even suggested use of indigenously made cyber security softwares.
Recently the Telecom Merger and Acquisitions (M&A) Guidelines 2014 of India were announced by Indian government. The FDI policy for telecom sector of India 2014 (PDF) has also been revised to espouse greater interest of foreign telecom stakeholders. However, various telecom policies of India are subject to clear cut exception of national and cyber security compliances on the part of foreign and domestic telecom companies. In the present circumstances, companies like Huawei, ZTE, Cisco, IBM, Microsoft, Hewlett-Packard, etc would be required to ensure techno legal telecom due diligence compliances in India before their offers and proposals are accepted in India.
To control the damage these companies have started exploring mechanisms to inculcate trust among users and governments of foreign nations. Some of them have even embraced the idea of developing surveillance free products to keep praying eyes and ears at minimum. These include use of sophisticated encryption technology and development of self destruction products in case of possible breach of security. However, encryption laws of India and cloud computing legal risks in India are still not considered by these foreign companies.
We at Perry4Law believe that all Subsidiary/Joint Ventures of Foreign Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.
A “Stringent Liability” for such Indian Subsidiaries dealing in Information Technology and Online Environment must be established by Laws of India. More stringent online advertisement, e-commerce, telecom security and cyber security provisions must be formulated for such Indian Subsidiary Companies and their Websites.