In the last two decades, the Indian IT industry had made huge strides to become one of the largest in the world, particularly with regard to the development of software. Most of the leading multinationals of the world have large facilities in India that engage in software development, R&D, maintenance services, business process outsourcing, call centre/voice support, etc. The industry is a major source of foreign exchange earnings for India. A significant part of this industry is focused on the US market – servicing US customers.
What does the government need to do next to promote this industry further? The industry largely grew without government support, except for the tax holidays that the government allowed for the sector, that made it more competitive in terms of pricing internationally. Today, the ideal approach of the government must be a light touch one, regulating where absolutely required but by and large adopting hands off approach.
A key issue that comes up repeatedly is the use of Voice Over IP (VoIP) in India. Most large businesses implement VoIP in their networks wherein by paying for fixed cost MPLS circuits, their employees can talk to each other across the world at no additional cost, that is, without paying consumption based charges. This area is riddled with restrictions on usage and regulatory complexity that inhibit businesses and result in worry over non compliance due to lack of clarity in the law. A key issue is that if an individual goes outside the office, he is not able to join IP calls. This is because of the prohibition on IP-PSTN inter connectivity. Further, many people work from home at least partially, particularly because many international calls take place early morning and late in the night. It is not possible to do this entirely through an IP call nor though an IP – PSTN call because inter connectivity is not permitted and call from home through internet telephony is also not allowed.
Companies that wish to avail PSTN at the foreign end take Other Service Provider (OSP) registrations. This area of regulation is extremely complicated, many of the key issues faced by businesses are not written in the law and there is too much subjectivity from local DoT officials.
There are numerous issues surrounding the location of the call manager/distributor, work from home/outside office for individuals, call recording etc. One feels that OSP regulations need to be drastically overhauled so that there is more clarity in the law and some of the key restrictions are removed. While on this point, one must first question why use of VoIP is regulated in the first place. The government must adopt more open policies that allow businesses to use whatever technology they want and to have the market sort itself out in terms of choice of technology and pricing. The current regime insists on use of old technology at a higher cost, thereby benefiting the Telco's and to the detriment of businesses.
Security appears to be a key issue for the government and its security proposals and policies act as a dark shadow over technology companies. These include concerns over regulating the use of encryption technology, security testing for telecom products and restrictions on telecom companies on remote access outside India. Some of these restrictions are not uncommon and exist in other countries as well. However, this is less so in the case of developed countries. It is important that the government take a relook at some of these issues. Large telecom operations involve extensive use of sophisticated technology and have experienced and capable technology professionals as part of their teams. In fact, the use of technology and professionals is far more sophisticated than that employed by the government. In this context, the government in this area lacks the maturity that an increasingly powerful country with a multiplicity of providers needs to display.
On the issue of encryption alone, the draft policy of the government is perhaps the most shocking of all government policy making we have countered. In essence, the policy required that all content that is encrypted needed to be available in unencrypted form as well! This entirely defeats the purpose of encryption and is completely against the ideals of cyber security. The problem here is not so much that the draft policy was most inappropriate but that it indicated that policy makers in the IT Ministry lacked basic competence required to regulate the sector.
Privacy is an allied area where we see lack of protection and lack of maturity. The privacy rules issued by the Government come out of a provision on negligence relating to data security. Few understand that the rules are voluntary in that, the relevant statutory provision itself allows parties to agree on their own security protocols. Instead of prescribing reasonable security practices and procedures, which is what the statutory provision required the government to do, the government instead issued basic privacy rules. The rules are badly written and hard to implement and like the encryption policy, look like they are written by individuals with very little understanding of how privacy law works. Draft policies on internet of things and machine 2 machine interactions leave much to be desired and it is preferable that the government largely stay out of these areas rather than seek to regulate them or instead to follow global standards on regulation.
The government is also keen on businesses being required to alert it in case of any cyber security threats and breaches. It is accepted that breach notification is a key tool in developed countries to ensure adequate security is provided to protect data. Nevertheless, given the lack of expertise within the government, businesses are not keen to notify the government on instances of data breaches.
Even more troubling is the government interest in ensuring data localisation – the insistence that data of Indian citizens be located in India only. In a globalized world and particularly with the advent of cloud computing, data localisation is becoming less and less viable as it prevents cost benefits from cloud computing and centralisation of technology and security deployment. For example, many companies are moving to Microsoft's Office 365 whereby all email data will reside in Microsoft servers. The concern for the government is that it is unable to investigate criminal matters adequately. The answer however is not to enforce data localisation but to have notice and take down procedures that follow global standards. Global companies are willing to provide assistance provided proper reasons are cited and adequate procedures are followed.
Finally, a word on promotion of manufacturing in India. Manufacturing of IT and telecom products has not been strong in India though at one time, there was some manufacturing in India particularly with the likes of Nokia and others having manufacturing facilities in India. This has reduced in the recent past and even outside the tech industry, Indian companies prefer to procure manufactured products from China. Manufacturing cannot come to India until there is an overhaul of the entire ecosystem – this includes employment laws, customs regulations, foreign trade restrictions, exchange control restrictions, etc. Forcing manufacturing in India such as the Preferential Market Access requirements for government procurement in the telecom sector is the wrong way to go about this as this puts restrictions on procurement in the telecom sector without necessarily resulting in any benefits on the manufacturing side.
Overall, there is a strong need for greater maturity in policy making in the technology and telecom industry. The government needs to follow global standards in policy making, and adopt a largely hands off or light touch approach to policy making, which will result in freedom of choice and ease of doing business.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.