India: Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018 notified

January 1, 2019
ISSUE No. 01
January 08, 2019



India: Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018 notified


Source: www.meity.gov.in

The Ministry of Electronics and Information Technology in May 2018 notified the Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018, (hereinafter referred to as “the Rules”).

In the wake of global-level sensitization to the threat of data/ information misuse and cyber terrorism, these Rules were long awaited. The Rules prescribe a detailed infrastructure of what is defined therein as a ‘Protected System’ for implementation of security practices and protective measures required to be taken towards highly sensitive data or data collection centre.

What is a Protected System?

According to the Rules a Protected System is any computer, computer system or computer network of any Organization as notified under Section 70 of the Information Technology Act, 2000, in the official gazette by the appropriate Government.

Information Security Steering Committee

The Rules define an ‘Information Security Steering Committee’ to mean ‘the committee comprising higher

management officials of an organization, responsible for continuously improving and strengthening the cyber security posture of the Protected System and also plan, develop, review remedial actions to mitigate and recover from malicious cyber incidents.’

As per Rule 3 of the Rules, every organization having ‘Protected System’ shall constitute an Information Security Steering Committee under the chairmanship of CEO/ MD or Secretary of the organization. The composition of the Committee is required to include the IT Head or equivalent; Chief Information Security Officer (“CISO”); Financial Advisor or equivalent; Representative of National Critical Information Infrastructure Protection Centre (“NCIIPC”); any other expert(s) to be nominated by the organization.

Roles and Responsibilities of the Information Security Steering Committee

The Rules prescribe the vital roles and responsibilities of the Information Security Steering Committee the significant ones of which are as follows: –

  • To approve all the Information Security Policies of the ‘Protected System’ any significant changes in network configuration impacting the “Protected System” or any significant change in application of the “Protected System”.
  • To establish mechanism for timely communication of cyber incident(s) related to
    “Protected System” to Information Security Steering Committee. A detailed definition as to what comprises of a cyber incident is mentioned in the Rules as an adverse incident that may result in impairing the confidentiality, integrity, or availability of electronic information, systems, services or networks resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource, changes to data or information without authorization or threaten interests of public at large.

  • To establish mechanism for sharing of results of all information security audits and compliance of “Protected System” to Information Security Steering Committee.
  • To assess validation of “Protected System” after every two years.

The Rules prescribe certain mandatory practices and infrastructural compliances to be followed by any organization having a Protected System.

Nomination of Chief Information Security Officer (CISO):

A “Chief Information Security Officer” means a designated employee of Senior management, directly reporting to MD/ CEO etc. of the organisation, having knowledge of information security and related issues. The CISO is responsible for cyber security efforts and initiatives including planning, developing, maintaining, reviewing and implementation of Information Security Policies.

Every organization designated as a “Protected System” is required to nominate a CISO whose roles and responsibilities have been enumerated in “Guidelines for Protection of Critical Information Infrastructure” and “Roles and Responsibilities of Chief Information Security Officers (CISOs) of Critical Sectors in India” released by NCIIPC.

Some of the CISO’s main responsibilities include establishing ISMS, documenting network
architecture, ensuring stability, resilience and scalability of the systems, conducting Vulnerability/Threat/Risk (V/T/R) Analysis for the cyber security architecture, Establishing and developing a Cyber Crisis Management Plan, conducting internal and external Information Security audits and documenting process for IT Security Service Level Agreements (SLAs) while entering into agreements with service providers etc.

Cyber Security Operation Center (“C-SOCs”) and Network Operation Center (“NOCs”) Organizations with Protected Systems have to establish a C-SCO and NOCs with the aim of implementing preventive, detective and corrective controls to secure against advanced and emerging cyber threats, threats of unauthorized access and ensure continuity in network

The Rules also prescribe in detail the roles and responsibilities of CISO of the “Protected System(s)” towards NCIIPC


India: Discontinuation of acceptance of cash by Stock Brokers




The Securities and Exchange Board of India (hereinafter referred to as ‘SEBI’) had released a circular dated August 27, 2003, regarding the mode of payment and delivery.

In furtherance of the same, SEBI released its circular dated July 12, 2018, notifying all the recognized stock exchanges with respect to the discontinuation of acceptance of cash by Stock Brokers. SEBI has specified that all the payments shall be received / made by the Stock Brokers from / to the clients strictly by account payee crossed cheques/ demand drafts or by way of direct credit into the bank account through electronic fund transfer, or any other mode permitted by the Reserve Bank of India.

The stock brokers shall accept cheques drawn only by the clients and also issue cheques in favour of the clients only, for their transactions. However, the Stock Brokers shall not accept cash from their clients either directly or by way of cash deposit to the bank account of the Stock Broker.

This circular essentially modifies SEBI’s above-mentioned circular regarding the mode of payment and delivery although SEBI has also mentioned that all other conditions mentioned in its earlier circular shall continue to remain in force.



India: Ministry of Corporate Affairs amends Limited Liability Partnership Rules



The Ministry of Corporate Affairs vide notification G.S.R 557 (E) dated June 12, 2018 amended the Limited Liability Partnership Rules, 2009 (hereinafter referred to as the “Parent Rules”) and brought into force the Limited Liability Partnership (Amendment) Rules, 2018 (hereinafter referred to as the “Amendment Rules”)[1] . The Amendment Rules have made changes in the Forms for making application to obtain Designated Partner Identification Number (hereinafter referred to as the “DPIN”) and for intimating change by designated partner to whom DPIN has been allotted.

The Amendment Rules provide in Clause 10(1) that every individual, who intends to be appointed as a designated partner of an existing limited liability partnership, shall make an application electronically in Form DIR-3 under the Companies (Appointment and Qualifications of Directors) Rules, 2014 for obtaining DPIN.

Under the Parent Rules, the application for DPIN was to be made under Form 7 to the Central Government.

The second amendment has been made in Clause 10 (4) of the Parent Rules. Clause 10 (4) of the Parent Rules stated that a provisional DPIN generated online would remain valid for a period of 60 days from the date it was generated[2] . The Parent Rules were amended on July 5, 2011 wherein sub-clause (i) of Clause 10(4) was introduced which stated that every Designated Partner who has been allotted DPIN shall intimate to the Central Government within 30 days of any change in the event of change in particulars as stated in Form 7, i.e., the form in which the application for DPIN was made by the designated partner[3] . Such intimation would be made in Form DIN-4 of Companies (Director Identification Number) Rules, 2006. The Amendment Rules that such application to intimate change should be made in Form DIR-6.


Available at


[2]Available at

[3]Available at http://www.mca.gov.in/Ministry/pdf/G.S.R506(E)_05012015.pdf 



India: Responsibilities of Consumers and Bulk Consumer under E-Waste (Management) Rules, 2016



The Ministry of Environment, Forest and Climate Change vide number G.S.R. 472(E), dated June 10, 2015, published the draft e-waste (Management) Rules, 2015 in the Gazette of India and after duly considering the objections and suggestions received from the public in respect of the said draft rules, the Central Government in exercise of the powers conferred by Sections 6, 8 and 25 of the Environment (Protection) Act, 1986 (29 of 1986), and in supersession of the e-waste (Management and Handling) Rules, 2011, published the E-Waste (Management) Rules, 2016 (hereinafter referred to as ‘Rules’) which came into force on October 1, 2016. The Rules have been notified with aim to ensure proper handling, disposal and environmentally sound management of e-waste.

Who is a Consumer?

As per the Rules, a ‘consumer’ is defined as any person using electrical and electronic equipment, excluding the bulk consumers;

Who is a Bulk Consumer?

The Rules further define a ‘bulk consumer’ as the bulk users of electrical and electronic equipment such as:

  1. Central Government;
  2. State Government Departments;
  3. Public Sector Undertakings;
  4. Banks;

  5. Educational institutions;

  6. Multinational organisations;
  7. International agencies;
  8. Partnership and public or private companies that are registered under the Factories Act, 1948 (63 of 1948) and the Companies Act, 2013 (18 of 2013) and health care facilities which have turnover of more than (INR) 1 crore or have more than 20 employees;

Responsibilities of Consumers and Bulk Consumers:

The Rules lay down that the consumers or bulk consumers of electrical and electronic equipment listed in Schedule I of the Rules shall ensure the following:

  1. That the e-waste generated is channelised through collection centre or dealer of authorised producer or dismantler or recycler or through the designated take back service provider of the producer to authorised dismantler or recycler;
  2. That end-of-life electrical and electronic equipment are not admixed with e-waste containing radioactive materials as covered under the provisions of the Atomic Energy Act, 1962 (33 of 1962) and rules made there under.

Apart from the above, the Rules lay down the following additional responsibilities specifically for the bulk consumers:

  1. To maintain records of e-waste generated in Form-2 and make such records available for scrutiny by the concerned State Pollution Control Board;
  2. To file annual returns in Form-3, to the concerned State Pollution Control Board on or before the 30th day of June following the financial year to which that return relates.

Multiple offices in a State:

The Rules have also specified that in case of the bulk consumer with multiple offices in a State, one annual return combining information from all the offices shall be filed to the concerned State Pollution Control Board on or before the 30th day of June following the financial year to which that return relates.

Storage of e-waste:

Bulk consumers may store the e-waste for a period not exceeding 180 days and shall maintain a record of collection, sale, transfer and storage of wastes and make these records available for inspection.

However, the Rules also provide that such period of storage of e-waste may be extended by the concerned State Pollution Control Board for a period up to 365 days in case the waste needs to be specifically stored for development of a process for its recycling or reuse.



India: Amendment to Food Products Standards and Food Additives Regulations



Food is the vital source of energy for human life. Owing to its necessity, the commercialization of food products entails huge profits to its producers as well as manufacturers. The governance over the food products in India is administered by the Food Safety Standards Authority of India (hereinafter referred as “FSSAI”) under the guidelines issued by the Food Safety Standards Authority of India (hereinafter referred to as the “Act”).

Food products standards and food additives

With a view to monitor food products standards and food additives, FSSAI introduced the Food Safety and Standards (Food Products Standards and Food Additives) Regulations, 2011 (hereinafter referred to as the “Regulations”). The Regulations include provisions for dairy products, oils, fruits & vegetables, cereals, confectionery, ice products, spices, beverages other than dairy and fruits and vegetables based, etc.

Amended regulations

The Regulations have been amended vide notification dated July 20, 2018 , which introduces another category to the types of mineral water by addition of sub-clause 2 (vii) to Regulation 2.10.7. As per the said provision, Natural spring water is natural mineral water which is derived from an underground formation from which water flows naturally to the surface of the earth at an identified location. Spring water shall be collected only at the spring or through a borehole tapping the underground formation feeding the spring. There shall be a natural force causing the water to flow to the surface through an orifice

The other categories of mineral water are stated below:

  • Natural Mineral Water is water clearly distinguished from ordinary drinking water because it is characterized by its content of certain mineral salts and their relative proportions and the presence of trace elements or of other constituents obtained directly from natural or drilled sources. [Regulation 2.10.7 (2(i))]
  • Naturally Carbonated Natural Mineral Water which is a natural mineral water which, after possible treatment as given hereunder and re-incorporation of gas from the same source and after packaging taking into consideration usual technical tolerance, has the same content of carbon dioxide spontaneously and visibly given off under normal conditions of temperature and pressure. [Regulation 2.10.7 (2(ii))]
  • Non-Carbonated Natural Mineral Water which is a natural mineral water which, by nature and after possible treatment as given hereunder and after packaging taking into consideration usual technical tolerance, does not contain free carbon dioxide in excess of the amount necessary to keep the hydrogen carbonate salts present in the water dissolved. [Regulation 2.10.7 (2(iii))]
  • Decarbonated Natural Mineral Water is a natural mineral water which, after possible treatment as given hereunder and after packaging, has less carbon dioxide content than that at emergence and does not visibly and spontaneously give off carbon dioxide under normal conditions of temperature and pressure. [Regulation 2.10.7 (2(iv))]
  • Natural Mineral Water Fortified with Carbon Dioxide from the Source which, after possible treatment as given hereunder and after packaging, has more carbon dioxide content than that at emergence. [Regulation 2.10.7 (2(v))]
  • Carbonated Natural Mineral Water is carbonated natural mineral water is a natural mineral water which, after possible treatment as given hereunder and after packaging, has been made effervescent by the addition of carbon dioxide from another origin. [Regulation 2.10.7 (2(vi))]



India: Force Majeure Clauses in Contracts


Source: www.cbic.gov.in

The advent of civilization in human life gave birth to various forms of interactions amongst the individuals. Numerous aspirations have led to passion for monetary superiority and the art of profit making thereby giving rise to business activities. People carry out their business with one another in the form of sale and purchase which may be either for goods or services. In order to maintain cordial relations amongst themselves and ensuring smooth functioning of their business, parties often enter into contracts which bind them on agreed mutual terms and conditions.

Composition of Contracts

The contracts between the parties comprise of various clauses which regulate their responsibilities and conduct for the situations which they can anticipate. However, there arise circumstances which make the performance of the contract impossible. In case such supervening events arise for any reasons being beyond the control of a party, such party may be exempted from performing its due obligations while the contract stands frustrated.

Frustration of Contract

As per Section 56 of the Indian Contract Act, 1872, an agreement to do an impossible act is described as being void. The said provision also relieves a party from the discharge of their duties in event of an intervening act which renders the performance of the contract impossible or unlawful.

Grounds for Frustration

The law recognizes the applicability of the Doctrine of Frustration on the following grounds:

  • Destruction of Subject matter- Where the contract cannot be fulfilled owing to the failure of the essential element to continue in the state which it was expected to be at the time of formation of the contract. Destruction of the music hall (Taylor v. Caldwell ), loss of crops (Howell v. Coupland )have been identified as some of such situations.
  • Change of circumstances- Where the circumstances change post entering into the contract making the performance of the same impossible. Explosion of ship boiler preventing further journey to transport the goods (Joseph Steamline Ltd. v. Imperial Smelting Corp. is one example.
  • Non-occurrence of contemplated event- Where the value of the performance is destroyed due to non-occurrence of the contemplated event which lays the foundation of the contract thus making its performance impossible. Ex. In case of Krell v. Henry where room was to be hired only for the purpose of viewing coronation ceremony which got cancelled.
  • Death or incapacity of a party- Where the contract can no longer be performed due to the death or incapacity like illness (Robinson v. Davison ) the lead pianist could not perform being ill) of one of the contracting parties.
  • Government or Legislative intervention- Where new Government/ Legislative policies prevent the performance of the contract, e.g. ban on sale/purchase of specific products fundamental to the contract (Boothalinga Agencies v. V.T.C. Poriaswami ).
  • Intervention of war- Where outbreak of war makes it impossible to fulfil the contractual obligations (A. F. Ferguson & Co. v. Lalit Mohan Ghosh )

Force Majeure

Force Majeure meaning “superior force” refers to such situations which obstruct the continuation or lawful existence of a contract amidst the parties. The inclusion of such clause in the contract allows a party to suspend or terminate their duties and obligations in case of occurrence of an act which may be classified as Force Majeure. Usually parties mutually decide over the list of events to be categorized under this clause which include acts of war, riots, fire, flood, hurricane, earthquake, explosion, strikes, lockouts, slowdowns, prolonged shortage of supplies, governmental action prohibiting or impeding any party from performing its respective obligations under the contract causing its frustration.

In the news

Recently, Reliance Industries, one of the leading business groups of India has announced a Force Majeure on gasoline exports from its Jamnagar site although the exact reason for the same has not yet May kindly see the been disclosed. In case of establishment of the Force Majeure, Reliance Industries would be able to avoid their duties as stated in their respective contracts with their clients.

For more information please contact us at : info@ssrana.com