Earlier in July, the Ministry of Electronics and Information Technology (MeitY) mandated giving preference
to locally manufactured cybersecurity products in all public procurement where intellectual
property rights are owned by firms or start-ups organised in India.
In
the order, the Ministry said that the decision was based on Public Procurement
(Preference to Make in India) Order 2017, which was launched by
Prime Minister Narendra Modi to increase income and employment in the country
by encouraging the production of goods and services in India.
With Cyber Security being a
strategic sector in the country, the Ministry said that preference shall be
provided by all procuring entities to domestically produced Cyber Security products.
India is undergoing a digital
revolution, and with the Prime
Minister’s Digital India scheme, India is expected to have 969 million internet
users by 2021. Recently, the
country adopted new net neutrality rules that will ensure free and equal internet
access for everyone.
Preferential
market access for cybersecurity is likely to become a main factor in India’s
national and economic security in the future.
Market access is the degree of
a country's openness to accept foreign goods and services. Preferential
market access (PMA) tools are used by a country to control the import of
products and promote domestic production. According to a document
released by the Indian Council for Research on Economic Relations, PMA can also be seen as the
practice of introducing policies that are created to favour indigenous companies.
A number of countries including the
US, China and Russia have already implemented preferential market access
policies to encourage domestic cyber product manufacturing, which is also
referred to as “localisation barriers to trade”.
The Ministry has defined a Cyber
Product as a product, appliance or software produced for the purpose of
protecting information, equipment, devices, computer resources, communication
devices and information stored therein from unauthorised access, use,
disclosure, disruption, modification or destruction. Digital content, like
e-books and videos, is not considered to be a product.
According to the notification, preference will be
granted to companies that are local suppliers. The Ministry defined as a local
supplier as a company that is incorporated and registered in India as governed
by the Applicable Act or is a start-up that meets the definition as prescribed
by the Department of Industrial Policy and Promotion
(DIPP), provided the revenue from the product and intellectual property
licensing accrues to the firm in India. A company can also be defined as a
local supplier if it recognised by the Startup
India initiative developed by the DIPP.
Under the rule, firms that claim to
own intellectual property for the cybersecurity product will be required to provide
evidence of ownership such as documentation
evidencing ownership (evidenced by supporting proof such as documentation
related to development but not limited to IP assignments) or IP registrations.
However, the order notes that IP
registration is not mandatory, as it is not necessary
to register to exercise copyright in India, but a company or start-up claiming benefit under the order has the
right to use and commercialise product(s) without third-party consents,
distribute and modify it.
The new order will be
applicable to all ministries and departments under the central government.
The Ministry of Electronics
and Information Technology is the nodal ministry for the implementation of the Cyber
Security product order.