Monthly Archives: May 2016

International Commercial Arbitration And Dispute Resolution In India Using ODR Platforms

International Commercial Arbitration And Dispute Resolution In India Using ODR PlatformsArbitration is considered as an essential part of dispute resolution among commercial and business entities these days. Even in non commercial cases, arbitration and other alternative dispute resolution (ADR) mechanisms are used by the parties to the dispute. Gradually even ADR mechanisms have become time consuming and expensive. Therefore, commercial and business world is now looking towards information and communication technology (ICT) for a better option than ADR for early and effective resolution of their disputes.

Online dispute resolution (ODR) has emerged as an alternative to ADR that is primarily technology driven. It has many advantages over traditional litigation methods and even over ADR methods. However, online dispute resolution (ODR) in India is still evolving. This is happening when e-commerce disputes and litigations are set for big rise in India. Even the so called smart cities of India would require a techno legal smart dispute resolution mechanism.

Recently 800 Indian companies approached the Ministry of Labour for an online labour law compliance system. The Parliament of India has also passed the Insolvency and Bankruptcy Code, 2016 to ensure ease of doing business in India. Indian government is also working in the direction of amending the Arbitration and Conciliation Act, 1996 and formulating a citizen friendly national litigation policy of India.

Perry4Law Organisation (P4LO) suggests that India must speed up the process of adoption of ODR for resolving e-commerce and international commercial disputes. E-commerce disputes resolution in India may be resolved using ODR in the near future. In fact, the techno legal centre of excellence for online dispute resolution in India (TLCEODRI) has launched a beta version of ODR platform that can be used for dispute resolution by national and international stakeholders alike. This is possible as the test platform is guided by the digital India principles and mere access of Internet would be sufficient to resolve the disputes by using our ODR platforms. In fact, the emerging trends in international commercial arbitration in India are already pointing towards this direction.

The parties intended to be covered by the present and future techno legal initiatives of Perry4Law Organisation (P4LO) and TLCEODRI include national and international stakeholders like Central/State Governments, Foreign Governments, Indian companies, multi national companies (MNCs), Public Sector Undertakings (PSUs), individuals, e-commerce websites, etc. We hope that all stakeholders would find this beta version initiative worth trying and making the same part of their business ventures and public dealings. To test the same, please create a ticket as per the category in which you fall.

Further, a special service of conducting Online Arbitration or Cyber Arbitration is also there where parties to the dispute can submit their disputes to the platforms of P4LO or TLCEODRI. The parties to the dispute must have incorporated the sample clause for getting their disputes resolved through P4LO or TLCEODRI while entering into an agreement/contract. Interested stakeholders may also contact us for drafting of such agreements/contracts where such ODR clause would be part of the same. This way parties need not to go to the courts and they can settle their disputes amicably, expeditiously and in an economical manner.

Once the Arbitrator/Arbitration Tribunal is appointed, the appointed Arbitrator/Arbitration Tribunal of P4LO or TLCEODRI would then proceed to deal with the dispute and pass a binding Arbitration award by which the parties to the dispute would be legally bound. The rules, procedures, list of panelists, etc would be uploaded on various ODR platforms of P4LO and TLCEODRI very soon.

We are also in the process of launching specialised ODR platforms for national and international stakeholders for areas like international commercial arbitration, e-commerce, etc. Please keep a tab on our platforms and websites in this regard. We hope our techno legal ODR initiatives would prove useful to all stakeholders.

Cloud Computing Business In India Is Facing Low Adoption And Regulatory Uncertainties

Cloud Computing Business In India Is Facing Low Adoption And Regulatory UncertaintiesTaxation issues of foreign technology companies deriving profit and revenue from India have been vexing Indian government for long. Most of these foreign technology companies are also not complying with the techno legal requirements of Indian laws so far. Now many such companies would be liable to pay tax in India due to recent changes in the taxation rules of India. For instance, an eight-member committee on taxation of e-commerce had in March 2016 proposed that services ranging from online advertising and cloud computing to software downloads and web hosting be subject to an “equalisation levy” of 6-8% of gross payment if the provider of the service is a foreign entity without a “permanent establishment” in India. Thus, cloud computing related legal compliances in India are going to increase in near future.

Cloud computing is a business model that relies upon shared computing resources in lieu of payment. Big technology companies can invest significant financial resources in cloud computing infrastructures that small and medium scale enterprises can use for a certain payment. The advantage for small and medium scale enterprises by using cloud computing model is that they need not to spend money upon building technology infrastructure. However, there are cyber security, data security, data protection, privacy and many more similar concerns that are resulting in lower adoption and use of cloud computing world over.

As far as India is concerned, use of cloud computing is still at nascent stage. There are many policy and law related issues that are responsible for slow growth and adoption of cloud computing in India. Absence of an effective cloud computing policy of India is responsible for its limited utilisation in India. However, legal issues of cloud computing in India are the main reason for cautious adoption of cloud computing by businesses and entrepreneurs. For instance, we have no dedicated regulatory framework for cloud computing in India. In fact, the chief information officers (CIOs) in India are not comfortable using cloud computing for their businesses.

Even the cloud computing due diligence in India is missing and companies and individuals are using the same in great disregard of the various laws of India. Cloud computing service providers in India are required to follow cyber law due diligence (pdf). The cyber law due diligence for Indian companies is now well established but cloud computing and e-commerce service providers are not taking it seriously. There is an urgent need to regulate e-commerce websites operating in India by Indian government.

We believe that India must not use software as a service (SaaS), cloud computing, m-governance, etc till proper legal frameworks and procedural safeguards are at place. This has also been accepted by the CIOs community and it is now for the Indian government to do the needful. Similarly, cloud computing security in India is also required to be strengthened. As on date, use of cloud computing in India is not a viable solution as we are ignoring legal and security concerns. Cloud computing in India must be techno legal in nature and till it meets the techno legal requirements, it should not be used in India.

Besides regulatory framework for cloud computing in India we must also ensure high availability levels, appropriate data erasing mechanisms, data privacy at the service provider’s level, export restrictions upon data, data handling monitoring mechanisms, jurisdictional issues, cloud computing security issues, licensing issues for cloud computing, etc.

Privacy violations, data breaches, data thefts, cyber crimes, etc would definitely arise in cases of use of cloud computing in India. Even if a company or individual offers cloud computing services in India, it/he has to comply with many legal provisions and cyber due diligence requirements. The information technology act 2000 (IT Act 2000) has prescribed due diligence requirements for various business organisations and stakeholders. These due diligence requirements equally apply to cloud computing service providers in India.

These due diligence requirements are very stringent and cloud computing providers can find themselves in legal hassles if they ignore the same. Managing sensitive and personal data and information in India is no more a causal approach but it has become very stringent. With the proposal to codify law of torts in India, more and more civil proceeding for violation of privacy rights may be initiated against the cloud computing service providers. It would be a wise option to establish best practices and cloud computing policy by all stakeholders in their own larger interests.

Healthcare Cyber Security Issues For Businesses And Entrepreneurs In India: A Techno Legal Compliance Guide

Healthcare Cyber Security Issues For Businesses And Entrepreneurs In IndiaHealthcare industry of India is facing novel techno legal issues that were absent few years back. These include issues like techno legal regulatory compliances, cyber security requirements, cyber breach disclosure requirements, obligations of directors of healthcare companies for cyber law and cyber security, privacy compliance, data protection requirements (pdf), etc. This article is discussing the cyber security issues of healthcare industry of India that is equally applicable to healthcare industry of other jurisdictions.

As healthcare industry has started using information and communication technology (ICT) in the form of telemedicine, online pharmacies, e-health, m-health, etc, cyber criminals have found that this industry is a goldmine and a money minting industry. Sophisticated malware are now targeting healthcare industry in the form of ransomware and information stealing malware. These malware are so sophisticated that even cyber security products and services are ineffective against the same.

There is no doubt that ICT has enabled the healthcare industry but at the same time it is also true that there is an increasingly high risk of healthcare cyber security attacks. Healthcare companies of all sizes need to ensure that they are not only regularly reviewing policies and procedures when it comes to privacy protection and data security but also that they are implementing the right cyber security best practices to keep healthcare related information secure. Ransomware is of particular concern to healthcare industry as sensitive healthcare information is encrypted and decrypted only once the ransom is paid.

Healthcare industry is not spending adequate amount on cyber security and is also not good at acquiring cyber law and cyber crimes related knowledge. This has made the healthcare organisations vulnerable to sophisticated cyber attacks. The overall impact of cyber attacks on the hospitals and healthcare systems is estimated to be nearly six billion per year. Furthermore, these organisations face internal threats due to factors such as the use of cloud services, insecure networks, employee negligence, bring your own device (BYOD), lack of internal identification and security systems, stolen devices with unencrypted files, etc. Human beings are the weakest link in the cyber security environment and healthcare organisations are no exception to this rule.

Presently, healthcare cyber security market consists of protection against malware, ddos, advanced persistent threat, spyware, lost and stolen devices, etc. However, the list is just illustrative and the cyber security requirements are as vast as are the options available to the cyber criminals.

Perry4Law Organisation (P4LO) strongly recommends that the healthcare industry must work on three fronts i.e. formulation of techno legal policies, adoption of best cyber security practices and a mechanism to ensure cyber breach disclosure and coordination with the statutory and government authorities. If any of these three stages is missing, then the concerned healthcare organisation is at graver risk of cyber attacks and loss of sensitive healthcare information.

 Source: CECSRDI.

Ayurveda E-Commerce Business In India Has Great Potential For Entrepreneurs

Ayurveda E-Commerce Business In India Has Great Potential For EntrepreneursAyurveda has become a global phenomenon and nations across the world have also recognised it as a valuable alternative to allopathic medicines. Recently even the World Health Organisation (WHO) has acknowledged the age old benefits of Yoga and Ayurveda. Obviously India would get a major support and recognition in the field of traditional and alternative medical system, including yoga across the world. Till date India never had a collaborating centre for WHO inspite of having a large number of Ayush institutions and 32 collaborating centres for modern medicine. Today WHO has 22 collaborating centres for traditional medicine including India.

Similarly, the Ayurvedic system of medicine is also making a strong comeback. Many large pharmaceutical companies have already invested in Ayurveda. The Ayurveda entrepreneurs are even exploring the medium of e-commerce to expand their reach and business opportunities. The problem is that Ayurvedic e-commerce legal issues in India are also not clear to these entrepreneurs just like their other counterparts. This is a cause of concern especially when e-commerce litigation and legal disputes would increase n India in the near future.

Few of the Ayurvedic products presently offered through e-commerce medium include personal care products, beverages, over the counter alternative health products, etc. While engaging in Ayurvedic e-commerce business, the entrepreneurs must not violate Indian laws. For instance, many ayurvedic e-commerce companies involved in selling of herbal products are violating norms of Magic Remedies Act. Several companies are openly claiming permanent cure for cancer, which is a clear violation of the rules prescribed by the Magic Remedies Act.

Ayurvedic products usually contains metals such as mercury and lead for therapeutic reasons. According to Ayurveda experts, about 35% to 40% of the approximately 6000 medicines in the ayurvedic formulary intentionally contain at least 1 metal. Some foreign countries have considered these metals hazardous to the health of their citizens. The internal policies of these countries have also hindered free flow of medicines and Ayurvedic producs from India to other destinations. For instance, recently the United States Food and Drug Administration (U.S. FDA) issued an Import Alert 66-40 (pdf) titled Detention Without Physical Examination Of Drugs From Firms Which Have Not Met Drug GMPs. This alert deals with detention without physical examination of drugs from firms which have not met drug good manufacturing practices (GMPs). Many Indian pharmaceutical companies have been listed on this alert and import from them has been banned. In fact, Lupin has recalled 9,210 bottles of Suprax drugs for failure to pass purity test.

Border enforcement of intellectual property rights (IPRs) by countries including Europen Union has also posed problem for Indian pharmaceutical and healthcare companies. EU and India even decided to sign a letter of understanding to protect off patent generic drug consignments. Further, due to policy decisions of United States, Novartis AG’s heart drug Diovan was also kept out of patients reach. This is despite the fact that Indian patent law is in conformity with WTO and international obligations. Expiring medicine Patents can boost pharmaceutical business and e-commerce as the generic pharmaceutical companies can provide affordable drugs in large quantity.

Even in India legal issues governing sale and distribution of Ayurvedic products are also required to be complied with by Ayurvedic entrepreneurs. Recently the classical ayurvedic medicines that were sold with prefixes and suffixes were banned by ministry of health and family welfare of India under Drug and Cosmetic Rules. The ban has been imposed to stop the alteration in the classical formulation of Ayurvedic medicines. Many ayurvedic medicines such as Chyawanprash, Rhumayog and others are currently marketed under different brand names, with prefixes and suffixes to reflect the value added qualities.

This is just a single example of the legal compliances that the Ayurveda practitioners and clinics in India are required to comply with. If these Ayurveda practitioners and clinics plan to use the e-commerce model to reach unlimited population, they have to comply with additional legal provisions to stay legal.

If the Ayurveda entrepreneurs plan to manage an e-commerce website that intends to meet the demand of international consumers, then such e-commerce website must not only comply with techno legal requirements of Indian laws but also of different jurisdictions where such Ayurvedic products would be sold.

Is Bitcoin Use, Websites And Businesses Legal In India?

Is Bitcoin Use, Websites And Businesses Legal In IndiaEnough has been said about the crypto currency Bitcoin, the technology behind it and its uses. We are not going to repeat the same here. The aim of this article is to analyse the legal framework that is governing bitcoin use, bitcoin websites and bitcoin businesses in India. Before we start we wish to make it clear that there is no dedicated law for bitcoin in India. Nevertheless, Perry4Law Law Firm would try to analyse the legality of Bitcoin from a strict techno legal perspective.

Despite various articles and views, it is clear that use of Bitcoin by various stakeholders in India is primarily governed by the Information Technology Act, 2000 (IT Act 2000). Then there are financial and taxation laws that govern the money laundering, taxation and similar issues. While we have the IT Act 2000 in place yet the Reserve Bank of India (RBI) has miserably failed to provide a regulatory guidance regarding the financial and monetary aspects of bitcoin in India. Instead it preferred to choose the escape route and cautioned the users against use of bitcoin in India in 2013 due to their risks (pdf). From 2013 to 2016 RBI has done nothing to bring uniformity or clarity regarding use of bitcoin in India.

Meanwhile bitcoins websites faced regulatory scanner of Enforcement Directorate (ED). In fact, Seven Digital Cash LLP is already facing legal scrutiny for dealing in bitcoins in India. More details would be available only once ED completes its investigation in this regard. ED believes that bitcoins money can be used for hawala transactions and funding terror operations and this seems to be a legally plausible explanation as well.

RBI has clearly mentioned that there have been several media reports of the usage of virtual currencies (VCs) including bitcoins, for illicit and illegal activities in several jurisdictions. The absence of information of counterparties in such peer-to-peer anonymous/ pseudonymous systems could subject the users to unintentional breaches of anti-money laundering and combating the financing of terrorism (AML/CFT) laws. RBI has also stated that it is presently examining the issues associated with the usage, holding and trading of VCs under the extant legal and regulatory framework of the country, including Foreign Exchange and Payment Systems laws and regulations.

In the absence of a dedicated law, bitcoins are governed by many laws that are indirectly applicable to its dealings and transactions in India. For instance, the IT Act 2000 prescribes cyber law due diligence (pdf) in India and the Internet intermediary liability in India. These cyber laws due diligence and Internet Intermediary requirements squarely apply to use of bitcoins in India. Further, money laundering, foreign exchange and security dealing laws also apply to Bitcoins dealings and trading in India. Naturally, the bitcoins website owners and entrepreneurs must comply with Indian laws to stay legal.

Even the banks, payment gateways and online payment merchants, mobile payment vendors, etc supporting these bitcoin websites and businesses can be held liable for not following cyber law due diligence norms if they have blindly approved online payment mechanism and banking channel options to illegal and law breaking bitcoin websites. These banks and payment gateways can also be held liable for money laundering, FEMA violations and assisting in tax evasion. If such banks, payment gateways and online payment merchants have already approved such illegal and law breaking bitcoin websites in India, it is in their own interest to cancel such approval immediately. The banks etc must ask them to first comply with applicable techno legal compliances and then support their claims with a proper techno legal consultancy from a reputed law firm.

Some entrepreneurs have contended that since there is no law restricting use of bitcoin in India its use and dealing is legal in India. This is a wrong assumption that would lead to legal prosecution only. The reverse argument is equally applicable in such a situation i.e. since there is no law to deal or regulate bitcoin in India, its use in India is illegal. The real criteria is what we are doing with the bitcoin and how we are using the same. To make the situation simple and legal the bitcoin entrepreneurs must have techno legal compliance policies besides having proper legal documents covering their websites in the best possible techno legal manner.

Take an example in this regard. If a bitcoin website is allowing use of bitcoin for making illegal bets on online gambling websites, such a bitcoin website can be held liable for violating Indian laws. Similarly, if a bitcoin website allows transaction of bitcoin for illegal surgical abortions such website can be held liable for violating Indian laws. There are hundred of such examples where bitcoin website can be guilty of violating various laws of India. A sound techno legal compliance policy can avoid these violations and criminal prosecutions.

Perry4Law has analysed popular bitcoin websites of India and found them lacking a techno legal compliance criteria. We have also found that data retention and data preservation related compliances are also ignored by these websites. Even the Companies Act 2013 now mandates the maintenance and inspection of document in electronic form. Thus, bitcoin websites managed by companies registered under the Indian Companies Act 2013 (pdf) are required to comply with additional legal requirements.

There are many more techno legal issues that are ignored by the bitcoin websites of India that we cannot discuss through this post. If you are a bitcoin entrepreneur and you wish to make your bitcoin business and website techno legal compliant, please feel free to establish a client attorney relationship so that we can assist you.