Encryption has become an indispensable technology these days. Whether it is online banking, e-commerce or e-governance services, encryption is commonly used in all these services. Encryption ensures authenticity and legality to various transactions provided the same is done within permissible limits and in accordance with the applicable laws of India.
Unfortunately, we have no dedicated encryption law of India and encryption policy of India (PDF) as on date. This has made the entire scenario very complicated. In fact, as on date most of the online service providers in India are in active violations of the encryption related laws, regulations and compliance requirements.
Cloud computing and virtualisation service providers are also violating the laws of India relating to encryption and cyber law due diligence (PDF) requirements. Even the telecom security policy of India has failed to address the encryption related issues properly. The cyber security trends of India (PDF) have also highlighted the inadequacies of cyber security of India and a part of the same is attributable to inadequate encryption and decryption capabilities of India.
Provisions pertaining to encryption usages in India can be found in the by license conditions (PDF) of telecom service providers. Thus, telecom companies and internet service providers (ISPs) cannot used more than the prescribed limits of encryption in India unless certain regulatory conditions are duly complied with. Similarly, the Information Technology Act, 2000 (IT Act 2000) also incorporates some provisions pertaining to encryption but they have remained dormant and ineffective till date.
Any individual or company that wishes to deploy encryption levels beyond the permitted ones would be potentially making himself/itself liable to legal action in India. It would be a good idea to ensure techno legal compliances in this regard before launching a project based upon encryption in India.