Spike in compliance costs may hit tech startups hard

iStockphoto
iStockphoto

Summary

The IT Rules, the PDP bill and the RBI’s payments data storage rules are expected to involve significant compliance costs

NEW DELHI : Crippling compliance costs arising from upcoming data regulations could sink many small technology startups, experts aware of the rules said, underlining concerns raised by industry organizations.

The central government’s IT Rules, the upcoming Personal Data Protection (PDP) bill and the Reserve Bank of India’s payments data storage rules are expected to involve significant compliance costs.

Rishi Anand, partner at law firm DSK Legal, said the IT Rules “saddles" intermediaries with new compliances. Requirements such as identifying the first originator of a message or post, appointing Indian compliance officers and time-bound redressal of grievances add costs.

The PDP bill is expected to bring structural changes in how companies handle data through principles like data minimization, data localization and security safeguards. However, this will need certain companies to “re-architect" their technological infrastructure, Anand said. “We have been advising our clients with respect to the latest developments in such laws that are anticipated to have significant impact on the tech-driven business," he added.

RBI’s new data storage rules take effect in January 2022, which will disallow tech platforms and social media from storing users’ payments data. These platforms will need to partner with banks to provide such services, raising compliance costs for both platforms and banks.

“Hypothetically, if the intermediary guidelines were to go unchallenged and continue in the current form, we will not have any Indian equivalent of an international app," said a lawyer who has advised multiple large Chinese technology companies. “When early-stage social media or e-commerce startups consult me, I send them a list of compliances they need to ensure, and the reaction usually is that they can’t afford that," corroborated another lawyer who has represented several large Chinese technology companies in India. “The fact that some of the grievance redressal officers may be liable for failure to comply leads employees in these positions to seek obscene amounts of money because of the risks of the job," the lawyer said on condition of anonymity.

Industry bodies have taken note of the matter as well. “At a time when the corporate criminal liability regime in India is changing to improve ease of doing business by replacing criminal liability with penalties, these provisions under the IT Rules 2021 run counter to the trend," the Federation of Indian Chambers of Commerce and Industry wrote to Ajay Sawhney, secretary, MeitY, on 1 April. The US India Business Council (USIBC) and the Confederation of Indian Industry had also expressed concerns over this rule in earlier representations. The US India Strategic Partnership Forum on 23 April wrote to MeitY that the new compliance requirements will require “extensive capacity building, new operational models, product redesign and personnel on boarding", seeking more time for compliance.

On 17 September, Entrackr reported that the government is working on certain amendments to the IT Rules and will issue clarifications soon. According to the report, the government is looking to impose penalties for non-compliance with the IT Rules instead of imposing criminal liability on compliance officers.

Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
more

MINT SPECIALS

Switch to the Mint app for fast and personalized news - Get App