Indian Railways 2.0 – Diversifying Investment in Indian Railway Ecosystems

by Sunil Kumar Gupta | Apr 18, 2025 | blog

Unlocking Prosperity: The E-commerce Revolution in Tier 2 and Tier 3 Cities – A Gateway to Job Creation and Economic Growth

by Sunil Kumar Gupta | Nov 17, 2024 | blog

The e-commerce revolution has transformed the retail landscape, connecting buyers and sellers across geographies. While Tier 1 cities dominated the initial phases of this transformation, Tier 2 and Tier 3 cities are now the epicenters of growth. These cities, often characterized by underserved markets and burgeoning consumer aspirations, are now major contributors to the e-commerce boom.

Tier 2 and Tier 3 cities accounted for 60% of India’s overall e-commerce demand in 2023, with a projected annual growth rate of 30% by 2025. This unprecedented growth is not just reshaping retail but is also creating jobs, fostering entrepreneurship, and driving inclusive economic growth.

This blog delves deep into how e-commerce is unlocking prosperity in Tier 2 and Tier 3 cities with case studies and research-backed insights.

1. The Emergence of Tier 2 and Tier 3 Cities in E-commerce

The Growing Digital Ecosystem

The digital infrastructure in smaller cities has improved significantly, fueling e-commerce growth:

• Affordable Internet Access: Reliance Jio’s entry into the Indian market slashed data prices, increasing internet penetration from 20% in 2016 to 50% in 2023 in rural areas. As per the latest Annual Report, its share of data traffic in India rose to about 60% in FY24.
• Smartphone Adoption: According to a Counterpoint Research report, over 70% of smartphone sales in India now occur in Tier 2 and Tier 3 cities.
• Digital Payments Growth: The e-commerce industry in India is growing on levers such as increased smartphone penetration, increased affluence and low data prices, providing impetus for e-retail growth. With over 950 Mn users, India is the 2nd largest internet market in the world with 131.16 Lakh Cr UPI transactions in FY 2023-24. Platforms like Paytm, UPI, and Google Pay have enabled seamless transactions in these regions, with over 40 billion UPI transactions recorded in 2023. As per the PIB Report, Digital payment transactions volume grew to 18,737 crore in FY 2023-24 from 2,071 crore in FY 2017-18 at Compounded Annual Growth Rate (CAGR) of 44%; with value of transactions at ₹3,659 lakh crore in FY23-24 from ₹1,962 lakh crore in FY17-18 at CAGR of 11%.

UPI transactions volume grew to 13,116 crore in FY 2023-24 from 92 crore in FY 2017-18 at CAGR of 129%; with value of UPI transactions reaching ₹200 lakh crore in FY23-24 from ₹1 lakh crore in FY17-18 at CAGR of 138%.

UPI now seamlessly facilitates live transactions in 7 countries, including key markets such as UAE, Singapore, Bhutan, Nepal, Sri Lanka, France, and Mauritius

Case Study I: Flipkart’s Localization Strategy

Flipkart localized its app interface in 11 regional languages, including Hindi and Tamil, to cater to diverse audiences. This initiative contributed to a 2x increase in new users from Tier 2 and Tier 3 cities during their 2022 Big Billion Days sale.

Case Study II: Amazon India’s Expansion

Amazon India has strategically expanded its operations to cater to the burgeoning demand in Tier 2 and Tier 3 cities. The company has established numerous fulfillment centers and delivery stations in these regions, enhancing its logistics network. This expansion has not only improved delivery times but also created employment opportunities for local populations. Amazon’s initiatives have empowered small and medium-sized businesses (SMBs) in these cities to reach a broader customer base, thereby stimulating local economies.

Case Study III: Flipkart’s Kirana Program

Flipkart’s Kirana Program exemplifies the integration of local businesses into the e-commerce ecosystem. By partnering with local kirana (grocery) stores for last-mile deliveries, Flipkart has enhanced its delivery network while providing additional income streams for these small businesses. This initiative has been particularly successful in Tier 2 and Tier 3 cities, where local stores play a crucial role in the community.

2. E-commerce as a Catalyst for Job Creation

2.1 Direct Employment in Logistics and Warehousing

The logistics sector has seen exponential growth in smaller cities:

• Amazon India: With over 60 fulfilment centers across the country, Amazon has created thousands of jobs in towns like Ludhiana and Guwahati. Their “I Have Space” initiative partners with over 28,000 small businesses for last-mile delivery.  Amazon has announced to invest additional $15 billion in India by 2030.
• Flipkart’s Delivery Network: Flipkart employs over 1 lakh delivery personnel, with a significant portion operating in Tier 2 and Tier 3 towns.
• Social media platforms like Instagram: A major chunk of the ecommerce industry is now dependent on social media platforms like Instagram, facebook marketplace. 60-70% of Instagram users report following or researching brands and products on the app.
• Festival offers: The E-commerce websites flood with discount and various other lucrative offers at the time of various festivals worldwide like Independence Day, Diwali, Christmas, New Year, Black Friday etc.
• Market Access and Expansion: E-commerce provides businesses in smaller cities unprecedented market access. Local enterprises, previously confined to regional markets, can now showcase their products to a national and even global audience. This expanded reach fosters growth opportunities and enables businesses to scale beyond traditional boundaries.

Case Study: Zomato’s Entry into Tier 3 Markets

In 2023, Zomato expanded operations to Tier 3 cities like Udaipur and Ajmer. Their data shows that 45% of their delivery partners in these regions transitioned from agriculture, creating stable income opportunities.

2.2 Empowering Entrepreneurs

Platforms like Amazon, Flipkart, and Meesho are empowering small and medium-sized enterprises (SMEs):

• Amazon Karigar: This initiative promotes regional products like Pashmina shawls from Kashmir and Madhubani paintings from Bihar.
• Meesho’s Seller Base: Over 65% of Meesho’s 15 million sellers come from Tier 2 and Tier 3 cities, with many reporting a 30% increase in income.

• Boosting Women Entrepreneurs

E-commerce industry is even providing women with opportunities to achieve financial independence. A homemaker can start reselling sarees earning ₹50,000 per month without any upfront investment. Rural women artisans, such as those making Pattachitra paintings in Odisha, are now reaching international audiences.

3. Economic Empowerment Through E-commerce

According to recent industry calculations, Turkey will rank first among 20 countries worldwide in retail e-commerce development between 2024 and 2029, with a compound annual growth rate of 11.6 percent. The Turkish e-commerce market is currently valued at 3.4 trillion Turkish lira. India and Brazil are also among the fastest-growing e-commerce markets globally, with a CAGRs of over 11 percent. The global retail e-commerce CAGR was estimated at 9.5 percent during the same period.

3.1 Revitalizing Local Economies

E-commerce is creating ripple effects that uplift entire communities:

• Increased Disposable Income: A recent study revealed that 70% of rural e-commerce users reported an increase in monthly savings due to access to affordable online goods.
• Boosting Ancillary Services: Growth in logistics has spurred demand for packaging suppliers and local transport services.

3.2 Promoting Regional Crafts

Artisans in Tier 2 and Tier 3 cities are leveraging e-commerce for market access:

• Tribes India: The internet and the subsequent e-commerce boom opened up a whole new world for organisations and people to garner a wider reach. To expand the availability of tribal products across the entire country and the world and to get greater benefits for the tribal people, TRIFED went online with its portal www.tribesindia.com.

This new channel is being utilised in such a way that in just a single click, the handcrafted, tribal products find a larger audience – not just in India but also abroad.

A wide range of thoughtful and handcrafted products that carry an indelible mark of their rich ancient cultural heritage are procured, marketed and made available to buyers.

To ensure a wider reach to genuine art lovers, millennial fashionistas and ethnic folk, TRIBES India is making its presence felt through its TRIBES India Mobile App and its own e-commerce platform

This initiative has empowered tribal artisans from NCR Delhi, South, Madhya Pradesh, Gujarat, Rajasthan, Odisha, Magnificent Leh, Chhattisgarh, West Bengal, Jharkhand, Bihar, UP, Uttarakhand, Andhra Pradesh, North East and Maharashtra to sell directly to global consumers.

4. Fostering Innovation

4.1 Tech-Driven Solutions

E-commerce platforms are using innovative technologies to improve services:

• AI and Analytics: AI’s ability to analyze vast amounts of data enables e-commerce platforms to offer highly personalized shopping experiences. The AI tools predict demand patterns in smaller towns, optimizing inventory. The predictive models identify future trends, enabling e-commerce platforms to launch targeted campaigns.

At the beginning of 2024, India recorded 751.5 million internet users, reflecting an internet penetration rate of 52.4%. In January 2024, the country had 462.0 million social media users, representing 32.2% of the total population. Additionally, there were 1.12 billion active cellular mobile connections in early 2024, accounting for 78.0% of the population.

• Drones for Delivery: Startups these days are testing drone-based deliveries in the rural parts of India. As of November 2023, there were around 13 thousand drones registered in India. Along with the growing applications, the market size has also been growing. It was estimated that by the year 2030, the Indian drone market in India would reach 2.5 trillion Indian rupees.

Source: Make in India (3^rd Edition) – written and compiled by Sunil Kumar Gupta

5. Factors Driving the E-commerce Boom
   
6. The Road Ahead

• Investment in Infrastructure

Government initiatives like Digital India and PMGDISHA are improving connectivity in smaller cities. Private players are deploying 5G networks in Tier 2 and Tier 3 towns, ensuring faster internet access.

• Collaborative Ecosystems

Public-private partnerships can address logistical and digital literacy challenges, ensuring sustained growth.

Conclusion

The e-commerce revolution in Tier 2 and Tier 3 cities is unlocking unprecedented opportunities for job creation and economic empowerment. With research-backed data and real-world case studies, it is evident that these cities are no longer secondary markets but key drivers of India’s digital economy.

The government’s active role in promoting entrepreneurship, implementing initiatives like RSETI, and fostering digital infrastructure has played a pivotal role in catalyzing this evolution. Additionally, the recent amendments to boost the e-commerce industry and the emphasis on emerging technologies like 5G underline a commitment to creating a conducive environment for further growth.

AI on the other hand, is not just transforming e-commerce; it’s setting the stage for the future of retail. By enhancing personalization, streamlining operations, and driving innovative customer experiences, AI empowers businesses to thrive in an increasingly competitive market.

By fostering innovation, empowering entrepreneurs, and addressing infrastructure challenges, e-commerce platforms can ensure inclusive growth that benefits every corner of the country.

India’s Global Representation Shines at World Economic Forum Davos 2024

by Sunil Kumar Gupta | Jan 17, 2024 | blog

In a momentous stride towards global collaboration and dialogue, Mr. Vijay Goel and Mr. Sunil Kumar Gupta, Founders of Indo European Business has visited Switzerland to represent IEBF at the esteemed World Economic Forum (WEF) Annual Meeting Davos, slated to transpire against the breathtaking backdrop from January 15th to January 19th, 2024.

IEBF has achieved a significant milestone during its visit to the WEF Annual Meeting, marked by the successful signing of Memoranda of Understanding (MoUs) with the Government of Karnataka in the prescence of Dr. Ekroop Caur, IAS, Secretary to Government, Department of Electronics, Information Technology, Biotechnology and Science & Technology; Sh. LK Atheeq, IAS, Additional Chief Secretary to Chief Minister Government of Karnataka; Smt. Gunjan Krishna, IAS, Commissioner for Industrial Development & Director of Industries & Commerce CEO, Invest Karnataka Forum, among other dignitaries. These agreements symbolize a shared commitment to pioneering initiatives that are poised to make a lasting impact on various sectors. Here are the key collaborations:

1. Manufacturing of Solar Panels, Inverters, and EV Charging Plants with Ampergia Americans:

   – Contributing to clean energy solutions and sustainable technology, boosting Karnataka’s leadership in renewable energy.

2. Providing Services for Employee Welfare Programmes with InstaPe Synergies Pvt. Ltd.:

   – Providing services that enhance the well-being of our workforce, fostering a supportive and motivated work environment.

3. Construction of Biopharmaceuticals and Cancer Diagnosis and Treatment Hospitals with Pangaea Data:

   – Spearheading healthcare infrastructure development, aiming to improve accessibility and outcomes in Karnataka.

4. Manufacture of “Smart City” Infrastructure with Faction AI:

   – Enhancing urban living through innovative infrastructure solutions, contributing to the development of Smart Cities.

These collaborations underscore IEBF’s commitment to fostering positive change. Additionally, IEBF is in the process of signing various MoUs with distinct State Government, further expanding India’s impact in global market.

Adding to the grandeur of this international gathering, the WEF witnessed the participation of five prominent Indian states – Maharashtra, Karnataka, Uttar Pradesh, Telangana, and Tamil Nadu. This collective representation is designed to showcase the diverse tapestry of Indian culture, economic prowess, and historic richness, symbolizing the nation’s multifaceted essence on the global landscape.

“This opportunity not only underscores the cultural, economic, and historic opulence of India but also reinforces our commitment to global collaboration and the pursuit of a more interconnected world,” Mr. Gupta stated.

This visit comes as a recognition of Mr. Goel and Mr. Gupta’s exceptional contributions and leadership in the growth of India, EU, UK, and Slovenia. Eagerly anticipating the opportunity to engage in profound discussions and collaborative endeavors, Mr. Gupta is poised to lend their perspective towards charting a course for a more promising future on the global stage.

Under the visionary leadership of Mr. Sunil Kumar Gupta, the Indo European Business Forum (IEBF) has recently spearheaded a groundbreaking Indo-Slovenian partnership. Since its inception in 2017, IEBF has played a pivotal role in facilitating the success of approximately 85% of businesses, ushering in excellence across diverse sectors such as business, finance, real estate, and art.

IEBF’s impactful initiatives extend to aiding 80% of businesses and investors in identifying lucrative investment opportunities within EU countries, the UK, and India. Mr. Goel and Mr. Gupta’s strategic leadership has positioned IEBF as a key player in fostering international collaborations, contributing significantly to the growth and success of businesses on a global scale. The forum’s commitment to excellence and its role in connecting diverse industries underscore their dedication to advancing economic partnerships and creating a robust global business network.

The Founders of IEBF, Mr. Vijay Goel and Mr. Sunil Kumar Gupta had the honor of meeting with the Hon’ble Chief Minister of Maharashtra and the Hon’ble Minister for Large & Medium Industries and signing various MoUs. These engagements highlight our dedication to strong partnerships and collaborations, reinforcing IEBF’s role in shaping a sustainable and connected future.

The World Economic Forum serves as a splendid platform for thought leaders, influencers, and decision-makers to converge and discuss critical global issues. The participation of world leaders, businessmen, professionals and the delegation from five prominent Indian states adds a unique perspective to the ongoing dialogue.

Overseas Direct Investment: Comprehensive Study on the most Critical Investment Route

by Sunil Kumar Gupta | Nov 19, 2023 | blog

Investment through Indian companies in foreign is a common phenomenon and several Indian companies have a presence in foreign companies by virtue of the formation of Joint Venture (JV) and Wholly Owned Subsidiaries (WOS). In contrast, Overseas Direct Investment by Indian residents has been revised to sanction overseas investment, with adequate manacles to prevent money from siphoning into foreign companies.

Therefore, adequate measures and regulations have been introduced and are being revised constantly to prevent any such event.

Reserve Bank of India (RBI) with effect from August 2022 has incorporated erstwhile FEMA (Transfer or Issue of Foreign Security) Regulations, 2004 and FEMA (Acquisition and Transfer of immovable property outside India) Regulation 1915 (OI Rules), which has introduced FEMA (Overseas Investment) Rules, 2022 (OI Regulation) and earlier regulations are considered superseded.

The FEMA (Overseas Investment) Directions, 2022 contains operational requirements under OI Rules and OI Regulations, including guidance regarding the interpretation, a grouping of conditions (under 3 categories, i.e., General provisions, Specific provisions, and Other operational instructions to AD banks).

In addition to that, it also contains particular compliance requirements from former ODI Master Directions and does not fall under OI rules and regulations.

With that, overseas investment in foreign is constricted unless completed in accordance with FEMA Act, OI Rules, and Regulations. This blog provides you with an overview of the latest notified and revised rules and regulations, including board amendments in RBI ODI.

India’s outbound investments have undergone a significant transformation, not only in terms of their scale but also in their geographical distribution and the sectors they target. Analyzing the trends in direct investments over the past decade reveals that while both inbound and outbound investment flows were relatively slow in the early part of the decade, they gained momentum in the latter half.

Over the last decade or so, there has been a noticeable shift in the destinations of overseas investments. In the first half, these investments were primarily focused on resource-rich nations like Australia, the United Arab Emirates (UAE), and Sudan. However, in the latter half, there was a shift towards nations offering greater tax advantages, such as Mauritius, Singapore, the British Virgin Islands, and the Netherlands.

Indian companies primarily engage in foreign investments through mergers and acquisitions (M&A). A developing country like India continually seeks opportunities to invest abroad as it contributes to the overall economy. These overseas investments by Indian companies also play a role in enhancing the performance of the country’s service and manufacturing sectors and contribute to addressing the challenge of rising unemployment rates. With the increasing M&A activity, companies gain direct access to new and broader markets, as well as advanced technologies, allowing them to expand their customer base and establish a global presence.

Overview of Amendments in RBI ODI

Investments made by individuals residing in India in foreign countries broaden the scale and range of business activities for Indian entrepreneurs. They offer global avenues for expansion, enabling easier access to technology, research and development resources, access to a broader global market, and lower capital costs. These advantages enhance the competitiveness of Indian businesses and contribute to the strengthening of their brand reputation.

Furthermore, such overseas investments serve as significant catalysts for foreign trade and the transfer of technology. This, in turn, leads to increased domestic employment, higher levels of investment, and overall economic growth through these interconnected relationships.

In alignment with the principles of liberalization and the facilitation of a more business-friendly environment, the Central Government and the Reserve Bank of India have undertaken a progressive simplification of procedures and a rationalization of rules and regulations governed by the Foreign Exchange Management Act, 1999. As a significant step in this direction, a new Overseas Investment framework has been put into operation.

The Central Government has issued the Foreign Exchange Management (Overseas Investment) Rules, 2022, through Notification No. G.S.R. 646(E) dated August 22, 2022, and the Reserve Bank of India has notified the Foreign Exchange Management (Overseas Investment) Regulations, 2022, under Notification No. FEMA 400/2022-RB dated August 22, 2022. These regulations supersede the previous Notification No. FEMA 120/2004-RB dated July 07, 2004 (Foreign Exchange Management – Transfer or Issue of any Foreign Security – Amendment – Regulations, 2004) and Notification No. FEMA 7 (R)/2015-RB dated January 21, 2016 (Foreign Exchange Management – Acquisition and Transfer of Immovable Property Outside India – Regulations, 2015).

The new framework simplifies the existing system for overseas investments by Indian residents, extending its coverage to a broader spectrum of economic activities, and substantially reducing the necessity for seeking specific approvals. This, in turn, will alleviate the burden of compliance and the associated compliance costs.

Some of the significant changes introduced by the new rules and regulations:

• Improved clarity in defining various terms and concepts.
• Introduction of the “strategic sector” concept.
• Elimination of the need for approval in several cases, including deferred payment of consideration, investments or disinvestments by Indian residents under investigation by investigative agencies or regulatory bodies, issuance of corporate guarantees for second or subsequent level step-down subsidiaries (SDS), and write-offs related to disinvestments.
• Introduction of a “Late Submission Fee (LSF)” for delays in reporting.

Permission for Initiating Overseas Investments:

1. An individual residing in India is allowed to make or transfer investments or financial commitments abroad under the general permission/automatic route, subject to the regulations outlined in the OI Rules, Regulations, and these guidelines. Consequently, overseas investments can be made in a foreign enterprise engaged in legitimate business activities, either directly or through second or subsequent-level step-down subsidiaries (SDS) or special-purpose vehicles (SPV).
2. To make the intended financial commitment, the person should complete Form FC as provided in the “Master Direction – Reporting under the Foreign Exchange Management Act, 1999,” supported by the necessary documents, and approach the designated authorized dealer (AD) bank to facilitate the investment or remittance.
3. In cases where approval is required, the applicant should approach their designated AD bank, which will then submit the proposal to the Reserve Bank of India (RBI) after conducting a thorough examination and providing specific recommendations. The designated AD bank, before forwarding the proposal, must submit relevant sections of Form FC in the online Overseas Investment Declaration (OID) application and include the transaction number generated by the application in their reference. The proposal should be accompanied by the following documents:
   • Background and brief details of the transaction.
   • Reason(s) for seeking approval mentioning the extant FEMA provisions.
   • Observations of the designated AD bank with respect to the following:
     • Prima facie viability of the foreign entity;
     • Benefits which may accrue to India through such investment;
     • Financial position and business track record of the Indian entity and the foreign entity;
     • Any other material observation.
   • Recommendations of the designated AD bank with confirmation that the applicant’s board resolution or resolution from an equivalent body, as applicable, for the proposed transaction(s) is in place.
   • Diagrammatic representation of the organisational structure indicating all the subsidiaries of the Indian entity horizontally and vertically with their stake (direct and indirect) and status (whether operating company or SPV).
   • Valuation certificate for the foreign entity (if applicable).
   • Other relevant documents properly numbered, indexed and flagged.

Mode of Payment

Regarding the method of payment for overseas investments made by an individual residing in India, the following provisions must be adhered to, as per regulation 8 of the OI Regulations. Additionally:

Pricing Guidelines

1. Before facilitating any transaction related to overseas investments, the Authorized Dealer (AD) bank must ensure compliance with the regulations specified in rule 16 of the OI Rules. Regarding the documents to be collected by the AD bank, they should adhere to a policy approved by their board, which should consider factors including valuation based on internationally accepted pricing methodologies. The AD bank is required to establish and implement a board-approved policy within two months from the date of issuance of these guidelines.
2. This policy can also address situations where valuation may not be mandatory, for instance, in cases involving transfers due to merger, amalgamation, demerger, or liquidation, where the price has been approved by a competent court or tribunal in accordance with Indian laws and/or the host jurisdiction. Another scenario could be when the price is readily available on a recognized stock exchange, and so on. The policy should also clearly specify additional documents, such as the audited financial statements of the foreign entity, which the AD banks may request to verify the legitimacy in cases where investments are being written off.

Obligations of the Person Resident in India

Reporting

1. All reporting related to overseas investments made by individuals residing in India should follow the guidelines specified in regulation 10 of the OI Regulations. This reporting should be done through the designated Authorized Dealer (AD) bank using the updated reporting forms and instructions outlined in the “Master Direction – Reporting under the Foreign Exchange Management Act, 1999.” The reporting forms can be downloaded from the Reserve Bank’s website at www.rbi.org.in. Any incomplete submissions will be treated as non-submissions.
2. Any acquisition of foreign securities resulting from the conversion of Indian Depository Receipts (IDRs) must be duly reported, either as Overseas Direct Investment (ODI) or Overseas Portfolio Investment (OPI), as applicable.
3. The Annual Performance Report (APR) should be certified by a chartered accountant in cases where statutory audits are not applicable, including for resident individuals. It’s important to note that in cases where APR is required to be jointly filed, one investor may be authorized by the other investors to submit the APR, or they may jointly file the report.
4. When a resident individual engages in overseas investments, they must adhere to the reporting requirements outlined in the OI Regulations. Additionally, reporting should also be carried out as per the Liberalized Remittance Scheme (LRS) guidelines when such investments are considered part of the LRS limit. It’s worth noting that the acquisition of foreign securities through inheritance or gift, in accordance with paragraph 2 of Schedule III of the OI Rules, is not counted against the LRS limit and, therefore, does not require reporting under the LRS.

Delay in Reporting

1. If an individual residing in India has experienced a delay in filing or submitting the necessary forms, returns, or documents, they have the option to file or submit these documents and pay the Late Submission Fee (LSF) through the designated Authorized Dealer (AD) bank, as specified in regulation 11 of the OI Regulations.
2. The Late Submission Fee (LSF) for delays in reporting transactions related to overseas investments will be calculated based on the following matrix:

Notes:

a) “n” is the number of years of delay in submission rounded-upwards to the nearest month and expressed up to 2 decimal points.

b) “A” is the amount involved in the delayed reporting.

c) LSF amount is per return.

d) Maximum LSF amount will be limited to 100 per cent of ‘A’ and will be rounded upwards to the nearest hundred.

e) Where an advice has been issued for payment of LSF and such LSF is not paid within 30 days, such advice shall be considered as null and void and any LSF received beyond this period shall not be accepted. If the applicant subsequently approaches for payment of LSF for the same delayed reporting, the date of receipt of such application shall be treated as the reference date for the purpose of calculation of LSF.

f) The option of LSF shall be available up to three years from the due date of reporting/submission under OI Regulations. The option of LSF shall also be available for delayed reporting/submissions under the Notification No. FEMA 120/2004-RB and earlier corresponding regulations, up to three years from the date of notification of OI Regulations.

g) In case a person resident in India responsible for submitting the evidence of investment or filing any forms/returns/reports, etc. as per OI Regulations/earlier corresponding regulations, neither makes such submission/filing within the specified time nor makes such submission/filing along with LSF as provided in regulation 11 of OI Regulations, such person shall be liable for penal action under the provisions of FEMA, 1999.

(3) The LSF may be paid by way of a demand draft drawn in favour of “Reserve Bank of India” and payable at the Regional Office concerned (in accordance with UIN mapping given in the table below).

Restrictions and prohibitions

1. Authorized Dealer (AD) banks are prohibited from facilitating transactions involving any foreign entity engaged in activities mentioned in rule 19(1) of the Overseas Investment (OI) Rules or located in countries/jurisdictions as advised by the Central Government under rule 9(2) of the OI Rules. It’s important to clarify that financial products linked to the Indian Rupee include non-deliverable trades related to foreign currency-INR exchange rates, as well as stock indices connected to the Indian market, among other things.
2. Individuals residing in India are not allowed to make financial commitments to a foreign entity that has invested or plans to invest in India at the time of such commitment or at any time thereafter, either directly or indirectly, resulting in a structure with more than two layers of subsidiaries. This restriction is in accordance with rule 19(3) of the OI Rules. It’s also specified that no additional layer of subsidiaries should be added to any structure that already has two or more layers of subsidiaries after the notification of the OI Rules/Regulations.

Please note that the term “subsidiary” is defined as an entity in which the foreign entity has control, which includes a stake of 10% or more in an entity, as per the OI Rules.

Financial commitment by an Indian entity

An Indian entity, subject to the overall limit specified in Schedule I of the Overseas Investment (OI) Rules and in compliance with Regulation 3 of the OI Regulations, is permitted to make financial commitments through Overseas Direct Investment (ODI) as outlined in Schedule I of the OI Rules, financial commitments through debt in accordance with Regulation 4 of the OI Regulations, and non-fund-based financial commitments in line with Regulations 5, 6, and 7 of the OI Regulations. Furthermore:

1. In cases of security swaps, both legs of the transaction must adhere to the provisions of the Foreign Exchange Management Act (FEMA), as applicable.
2. When a registered Partnership firm from India invests in a foreign entity, it is acceptable for individual partners to hold shares on behalf of the firm in the foreign entity, provided that the host country’s regulations or operational requirements necessitate such holdings.
3. Financial commitments through debt [Regulation 4 of the OI Regulations] – Authorized Dealer (AD) banks are authorized to facilitate outward remittances for financial commitments through debt only after obtaining the necessary agreements/documents to ensure the legitimacy of the transaction. An Indian entity is not allowed to lend directly to its overseas second or subsequent-level step-down subsidiary (SDS). Additionally, a resident individual cannot make financial commitments through debt.
4. Regarding financial commitments through Guarantees [Regulation 5 of the OI Regulations]:
   • In the case of performance guarantees, the specified time for contract completion is considered the validity period of the guarantee.
   • No prior approval from the Reserve Bank of India is required for remitting funds from India due to the invocation of a performance guarantee extended in accordance with OI Rules/Regulations.
   • Any guarantee, up to the amount invoked, will no longer be considered part of the non-fund-based financial commitment but will be categorized as a financial commitment through debt. The invocation of such guarantees must be reported in Form FC.
   • The roll-over of guarantees is not regarded as a new financial commitment. However, such roll-overs should be reported in Form FC.
   • A group company of the Indian entity may provide a guarantee in compliance with the OI Regulations if it is eligible to make ODI as per the OI Rules. Such a guarantee will count towards the utilization of the financial commitment limit of the group company and must be reported by the respective group company. In the case of a resident individual promoter, this guarantee will be counted towards the financial commitment limit of the Indian entity and reported accordingly. The concept of utilizing the net worth of the subsidiary/holding company by the Indian entity is no longer applicable. Additionally, when computing the financial commitment limit of the group company, any fund-based exposure of the group company to the Indian entity or of the Indian entity to the group company should be subtracted from the net worth of the group company.
5. The provisions related to financial commitments through pledge/charge [Regulation 6 of the OI Regulations] are summarized below:

6. Financial commitments through pledges or charges must adhere to the following conditions:

• The value of the pledge or charge, or the amount of the facility, whichever is less, will be considered against the financial commitment limit, provided that such a facility has not already been counted towards the prescribed limit.
• The overseas lender for whom the pledge or charge is created must not be from a country or jurisdiction where financial commitments are not permitted under the Overseas Investment (OI) Rules.
• The creation and enforcement of such pledges or charges must comply with the relevant provisions of the Foreign Exchange Management Act (FEMA) or the rules, regulations, or directions issued under FEMA.
• The assets on which the charge is created must not be securitized.
• If the duration of the charge is not specified upfront, it should align with the period of the facility (e.g., a loan or other financial facility) for which the charge has been established.
• In case of the enforcement of a charge created on domestic assets, those domestic assets should only be transferred through a sale to a person residing in India.
• When creating a pledge involving shares of an Indian company in favor of an overseas lender, the pledge should also comply with the existing FEMA provisions as outlined in the FEMA (Non-Debt Instruments) Rules, 2019.

(7) The provisions regarding Overseas Direct Investment (ODI) in financial services activities [as per paragraph 2 of Schedule I and paragraph 2 of Schedule V of the OI Rules] are summarized as follows:

(8) The limit on financial commitments is determined by paragraph 3 of Schedule I of the Overseas Investment (OI) Rules. Additionally:

• The utilization of funds held in the Exchange Earners’ Foreign Currency (EEFC) account, as well as the amount obtained through the issuance of American Depository Receipts (ADR) or Global Depositary Receipts (GDR) and ADR/GDR stock-swap for making financial commitments, will be considered within the financial commitment limit. However, financial commitments made through these resources prior to the date of notification of the OI Rules/Regulations will not be counted towards the limit.
• When the proceeds from External Commercial Borrowings (ECB) are used to make financial commitments, this utilization will be counted towards the financial commitment limit. However, only the portion of the ECB that exceeds the amount corresponding to the pledge or creation of a charge on assets, which has already been included in the financial commitment limit, will be counted.

Overseas investment by resident individuals

With effect from August 05, 2013, resident individuals (either individually or in conjunction with another resident individual or with an Indian entity) were granted the ability to engage in Overseas Direct Investment (ODI). A resident individual can make overseas investments following the guidelines provided in Schedule III of the Overseas Investment (OI) Rules. Additionally:

(1) If a resident individual has made an ODI without control in a foreign entity, and that foreign entity subsequently acquires or establishes a subsidiary or second or subsequent-level step-down subsidiary (SDS), the resident individual is not permitted to gain control in that foreign entity.

(2) Overseas investments involving capitalization, securities swaps, rights/bonus issues, gifts, and inheritances will be categorized as ODI or Overseas Portfolio Investment (OPI) based on the nature of the investment. However, investments, whether in listed or unlisted entities, through sweat equity shares, minimum qualification shares, and shares/interest under Employee Stock Ownership Plans (ESOP) or Employee Benefits Schemes, which do not exceed 10% of the foreign entity’s paid-up capital/stock and do not lead to control, will be categorized as OPI.

(3) In the case of security swaps, both legs of the transaction must comply with the provisions of the Foreign Exchange Management Act (FEMA), as applicable. If a security swap results in the acquisition of equity capital that does not conform to the OI Rules/Regulations (e.g., ODI in a foreign entity engaged in financial services activities or a foreign entity with a subsidiary/SDS), such equity capital must be divested within six months from the date of acquisition.

(4) Resident individuals are not permitted to transfer any overseas investments as gifts to individuals residing outside India.

(5) Shares/interest acquired under ESOP/Employee Benefits Schemes – Authorized Dealer (AD) banks may allow remittances for acquiring shares/interest in an overseas entity under schemes offered directly by the issuing entity or indirectly through a Special Purpose Vehicle (SPV) or SDS. If the investment qualifies as OPI, the employer must report it in Form OPI as per Regulation 10(3) of the OI Regulations. If the investment qualifies as ODI, the resident individual must report the transaction in Form FC.

(6) Foreign entities are allowed to repurchase shares issued to residents in India under any ESOP Scheme, provided that

(i) the shares were issued in compliance with the rules/regulations under FEMA, 1999,

(ii) the repurchase follows the terms of the initial offer document, and

(iii) the necessary reporting is conducted through the AD bank.

(7) While there is no specific limit on the amount of remittance made for the acquisition of shares/interest under ESOP/Employee Benefits Schemes or the acquisition of sweat equity shares, such remittances will count towards the Liberalized Remittance Scheme (LRS) limit of the individual concerned.

Overseas investment by a person resident in India, other than an Indian entity or a resident individual

A person residing in India, who is not an Indian entity or a resident individual, can engage in overseas investment in accordance with Schedule IV of the Overseas Investment (OI) Rules. Additionally:

(1) Mutual Funds (MFs) and Venture Capital Funds (VCFs)/Alternative Investment Funds (AIFs) registered with the Securities and Exchange Board of India (SEBI) may invest overseas in securities as specified by SEBI within an overall cap of USD 7 billion and USD 1.5 billion, respectively, as outlined in paragraph 2 of Schedule IV of the OI Rules. Furthermore, a limited number of eligible MFs are permitted to invest cumulatively up to USD 1 billion in overseas Exchange Traded Funds (ETFs), subject to SEBI’s approval. These investments shall be classified as Overseas Portfolio Investment (OPI), regardless of whether the securities are listed or not.

(2) MFs/VCFs/AIFs interested in availing this facility should approach SEBI for the necessary permissions. The operational details regarding eligibility criteria, individual limits, identification of recognized stock exchanges, the investible universe, monitoring of aggregate ceilings, etc., will be in accordance with the guidelines issued by SEBI. General permission is granted to these investors for selling the securities they acquire.

(3) An Authorized Dealer (AD) bank, including its overseas branch, may acquire or transfer foreign securities in accordance with the regulations and laws of the host country in the normal course of its banking business. The provisions in the OI Rules/Regulations do not apply to such acquisition or transfer of foreign securities by an AD bank.

(4) A bank in India, licensed by the Reserve Bank of India under the Banking Regulation Act, 1949, may acquire shares of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) in line with SWIFT’s by-laws. This is permissible provided the bank has received permission from the Reserve Bank to join the ‘SWIFT User’s Group in India’ as a member.

(5) Any overseas investment made by a sole proprietorship or an unregistered partnership firm can be carried out by the proprietor or the individual partners within their limits under the Liberalized Remittance Scheme (LRS) as per Schedule III of the OI Rules. If the proposed investment is in a strategic sector, any application for an overseas investment exceeding the LRS limit should be made under the government approval route.

(6) Overseas investments by registered trusts and societies may be made under the approval route, in accordance with paragraph 1 of Schedule IV of the OI Rules.

Overseas investment in an IFSC in India by a person resident in India

A person residing in India can engage in overseas investment within an International Financial Services Centre (IFSC) in India in accordance with Schedule V of the Overseas Investment (OI) Rules. Here are some additional details:

1. A person residing in India, whether it’s an Indian entity or a resident individual, can make investments (including sponsor contributions) in the units of an investment fund or vehicle established in an IFSC as Overseas Portfolio Investment (OPI). This means that, in addition to listed Indian companies and resident individuals, unlisted Indian entities can also make such investments within an IFSC.
2. The restriction on making Overseas Direct Investment (ODI) only in an operating foreign entity or not making ODI in a foreign entity engaged in financial services activities by resident individuals does not apply to investments made within an IFSC. However, such investments should not be made in any foreign entity engaged in banking or insurance. Such foreign entities in IFSC may have subsidiaries or second or subsequent-level step-down subsidiaries (SDS) in IFSC. They may also have subsidiaries or SDS outside IFSC where the resident individual does not have control over the foreign entity. A resident individual who has made ODI without control is not allowed to gain control in a foreign entity that subsequently establishes or acquires a subsidiary/SDS outside India.

Acquisition or Transfer of Immovable Property outside India

The acquisition or transfer of immovable property outside India is subject to the provisions outlined in Rule 21 of the Overseas Investment (OI) Rules. Additionally:

1. An Authorized Dealer (AD) bank may permit an Indian entity with an overseas office to acquire immovable property outside India for the business and residential purposes of its staff. This is permissible as long as the total remittances do not exceed the following limits, which are specified for both initial and recurring expenses:
   • 15% of the average annual sales, income, or turnover of the Indian entity over the last two financial years or up to 25% of the net worth, whichever is higher.
   • 10% of the average annual sales, income, or turnover over the last two financial years.

Conclusion

In conclusion, overseas investments made by Indian residents play a crucial role in expanding the scale and scope of business activities for Indian entrepreneurs. These investments provide access to global opportunities for growth by facilitating technology transfer, research and development, access to wider markets, and reducing capital costs. They enhance the competitiveness of Indian entities and boost their brand value. Additionally, overseas investments contribute to foreign trade, technology transfer, domestic employment, increased investment, and overall global economic growth. The Hon’ble Prime Minister of India, Shri Narendra Modi is also promoting, “One Family. One Future. One Earth.”.

To support and facilitate overseas investments, the Central Government and the Reserve Bank of India have simplified procedures and rationalized rules and regulations under the Foreign Exchange Management Act, 1999. This effort has led to the operationalization of a new Overseas Investment regime, represented by the Foreign Exchange Management (Overseas Investment) Rules, 2022, and the Foreign Exchange Management (Overseas Investment) Regulations, 2022.

These regulations introduce several significant changes to the existing framework, including improved clarity in definitions, the introduction of the concept of “strategic sector,” the removal of the requirement for approval in specific cases, and the introduction of a “Late Submission Fee (LSF)” for reporting delays. These changes aim to reduce the compliance burden and associated costs, making overseas investments more accessible and efficient for Indian residents.

Overall, the regulatory amendments are designed to foster ease of doing business and promote overseas investments while ensuring proper oversight and compliance with FEMA Act, OI Rules, and Regulations. The revised framework supports Indian entrepreneurs in harnessing global opportunities and contributes to their success on the international stage.

Written & Compiled by CA Sunil Kumar Gupta

Founder Chairman, SARC Associates

sunilkumargupta.com

Cyber Security – An Insurance From Cyberattacks or Crimes

by Sunil Kumar Gupta | Mar 21, 2023 | blog

Introduction of Cyber Security

On the internet, data or information is widely spread and with each year, technology is becoming more comprehensive and complicated, and so do cyberattacks. Digital crime is also enhancing with great intensity and certainly, it is not restricted to any specific Internet-accessible platforms. Different devices such as desktops, smartphones, and tablets each might carry a particular level of digital defense, yet each device contains certain vulnerabilities which provide a pathway for hackers to attune to the devices.

On the positive side, particular digital security tools and services operate parallel to these negative tech counterparts.

In this section, we will emphasize on the introduction of cyber security and other associated concepts of the same. Cyber security refers to the set of techniques that are used to conserve the integrity of networks, programs, and data from attack, damage, or unauthorized access. Information technology includes a broader category that preserves all information assets, be it in hard copy or digital form. The term cyber security is not restricted to computers, but it is also implemented to the varied inter-connected systems such as computers, servers, mobile devices, electronic systems, networks, or data.

The digital safety tool is tremendously flexible and possessed by distinct industries and of various designs or types. Various devices such as navigation apps, game apps, and social apps always have access to the internet, like our desktops, mobile phones, tablets, laptops, and others. Similar to that, even if you are pursuing a store or listening to music, there is a probability that you are engaging in the environment utilizing the necessities of cybersecurity’s modern definitions. 

Contemporary, cyber security jobs contain the digital defense of information or data. Typically, it includes information storage protection, identification of intrusion, and response to cyber-attacks that seek to steal personal information. The scope of cyber security is huge and the niche of cyber security to digitally instantly raises concern. In India, cyber crimes are covered by the Information Technology Act, 2000, and Indian Penal Code, 1860 to prevent cyber crimes. The primary one takes care of issues associated with cyber crimes and electronic commerce, while the latter one, provides an outline and definition, including punishments, which we will discuss later in the blog.

It is to be noted that, cybersecurity encompasses –

1. Network Security

Primarily, cyber security emphasizes on data storage and transfer, while the network is much broader. As its name defines it, in general, network security includes the defense, maintenance, and recovery of networks. It contains cyber security as a defensive way to protect all network users from digital threats, even if a provided cyber attacker pertains more purposes than mere conservation of data exploitation.

With the objective to conserve the integrity, safety, and sustainability of network users, the professionals operating the same must emphasize on securing connection privacy to prevent cyber security.

The network security services also include anti-virus software, malware detection tools, firewall upgrades, virtual private networks (VPNs), and other security programs. As mentioned, the terms cyber security and network security are often used interchangeably, which often cover similar bases and deviate at intersections where data storage and data tracking need to overlap.

2. Information Security

Several commercial workplaces use synchronized facets of day-by-day operations. It handles user login, schedule management tools, project software, and telecommunication, among others.

It conserves sensitive information from unpermitted activities containing inspection, modification, recording, and other disruption or destruction. The objective of information technology is to ensure the safety and privacy of significant data such as details of a customer account, financial data, or intellectual property.

3. Operational Security

Operational security is also known as procedural security, which is referred to as a risk of managing processes to view the activity from the perspective of an adversary with the objective to conserve sensitive information from attackers. It includes the below-mentioned steps, as follows –

1. Identification of sensitive data: Identify the sensitive data containing product research, intellectual property, financial statements, customer information, and employee information; this will be the data one will require to protect resources.
2. Identification of potential threats: For every category of sensitive information, one must identify the potential threats. It is to be noted that, while you look for potential third-party risks, also watch out for internal threats.
3. Analyzation of security holes and other vulnerabilities: One must access their information and means of safeguarding and determine the loopholes or other weaknesses associated with security.
4. Enhance the level of security with respect to each vulnerability: Rank the distinct vulnerabilities based on the likelihood of attacks, the extent of damage, and the duration of recovery from the same.

What Are the Different Types of Cybersecurity?

In this section, we will highlight the different types of cyber security. Cyber security pertains to a wide field possessing distinct disciplines, which mainly can be characterized as follows –

a.    Network Security

Major cyberattacks take place over a network and in order to ensure network security, network security solutions need to be utilized which are designed primarily to identify and block such attacks. Moreover, these solutions include data and access controls like Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application controls with the motto to enforce safe web use policies.

Besides this, in order to ensure multi-layered network protection, advanced technologies such as IPS (Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and Reconstruction) are utilized. However, this won’t be enough to prevent such attacks, therefore, network analytics, threat hunting, and automated Security Orchestration and Response (SOAR) must be used.

b.    Cloud Security

Multi-National Companies (MNCs), large organizations, firms, and even startups are constantly adopting cloud computing, which makes cloud security a major priority considering that it engages in data storage, software information, networking, analytics, and intelligence over the internet with the sole objective to provide instant innovation, flexible resources and economies of scale.

Considering the threat to cloud security could result in a breach of security, therefore, it is significant to obtain a cloud security strategy containing cyber security solutions, controls, policies, and services that allow you to protect the entire cloud deployment against such attacks.

c.    IoT Security

The full form of IoT is, the “Internet of Things”, which offers several productivity benefits to an organization, however, the same device tends to introduce the same organization to potential cyber security threats which result in breaches of vulnerable devices inadvertently connected to the internet. IoT security preserves devices from discovering and classification of connected devices, including automatic segmentation to administer network activities and utilizing IPS as a patch (virtual) in order to restrict the exploitation of vulnerable IoT devices.

a.    Application Security

Like any other activities mentioned here, web applications are also connected to the internet which again impose threat due to flaws in application such as injection, broken authentication, misconfiguration, and cross-site scripting.

Application security is an appropriate way to prevent bot attacks and malicious interactions with APIs and web applications.

b.    Mobile Security

Mobile security is often overlooked which allows access to corporate data, including exposing businesses to threats through malicious applications (apps), phishing, instant messaging attacks, and phone mirroring to name a few. Mobile security preserves such attacks and prevents operating systems and devices from such attacks.

c.    Zero Trust

This traditional security model is a perimeter-emphasized model, which builds walls around the valuable assets of the organization. On the contrary, this imposes distinct issues like imposing possible inside threats and instant dissolution of the perimeter of the network. This security focuses on a granular approach in order to ensure security, including protecting individual resources by a combination of micro-segmentation, observing and enforcement of role-based access controls.

d.    Endpoint Security

As mentioned earlier, the zero trust security model stipulates the creation of micro-segments around data segments wherever they might be. A way to prevent this is by using endpoint security. Endpoint security allows firms, organizations, and companies to preserve end users using devices like laptops, mobile phones, tablets, smartwatches, and desktops with data and network security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and technologies.

In this section, we have understood the types of cyber security; now let’s move to the importance of cyber security to establish a better understanding of preventing cyberattacks since with the introduction of technologies, our vulnerability towards cyberattacks is constantly increasing.

The importance of cyber security differs based on the users or who is utilizing the technologies, it could be a student, business or organization, or banking sector, among others.

What Are the Distinct Importance of Cyber Security?

1.      Importance For Digital World

Cybersecurity imposes significant threats to the digital world, especially, when the world is connected with each other digitally. For instance, in 2017 breach of Equifax exposed the data of over 145 million users, while in 2018 the breach of Marriot exposed the data (personal information) of 800 million individuals.

Such breaches of personal data or information had significantly affected the companies financially, most significantly resulting in losing customers. Hereto, cyber security is important to preserve businesses and persons from probable threatening consequences of data or security breaches.

2.      Importance For Banking Sector

The banking sector is the backbone of any sector since a breach of the banking sector of an economy would result in a breach of names, emails, addresses, phone numbers, and other personal information, which further allows access to account information, containing account numbers and balances of customers.

Therefore, such breaches permit the hacker to access an abundance of sensitive data breaches, which could be the reason for fraud and malicious purposes.

3.      Importance For Business or Organizations

The importance of cyber security for businesses or organizations allows hackers to access the data or personal information of customers or clients, which could also include information or details of credit or debit cards. This also results in businesses or organizations paying millions or billions to hackers.

4.    Importance For Students

Cybersecurity is significant for students as well, which allows hackers to access their bank details and credit or debit card information, including access to their Social Security numbers.

With an understanding of the importance of cyber security, let head on to the features of cyber security in the next section.

What Are the Features of Cyber Security, One Should Know?

The entire world is interconnected with the internet, which has significantly enhanced during the pandemic through the usage of web applications or other websites. Despite bringing the entire world close, this has also presented an opportunity for cybercriminals to breach into our systems or mobiles. Considering the level of harm it can cause for an individual or organization or firm, everyone must immediately attain more knowledge with respect to the understanding of features of cyber security. An adequate understanding of the features of cyber security could be the primary step toward establishing a defense against such breaches and attacks.

1.    Prevention from external threats

External sources are causes for cyberattacks or breaches through phishing, denial of services, endangered web applications, and hostile email attachments, among others. Hereto, such security applications attached to respective systems constantly monitor or prevent these external threats.

2.    Regulatory compliance for security

Information security is significant for any organization or firm, be it the healthcare sector or banking sector, or finance sector. Considering that, all the organizations or firms pertain to an eccentric set of standards, practices, regulations, and compliance with respect to data or information collected by them.

Regulatory compliance is basically ensuring conformance with compliance requirements to laws, specifications, and guidelines processes associated with the business.

3.    Fortification from internal threats

Prevention from internal threats is as much as essential as ensuring preservation from external threats since both inflict threats on the organization or firm. The primary reason for triggering internal threats is misconfiguration, employee mistakes, faulty choices of employees, or bad actors.

Although, a definitive security system and a cybersecurity team attenuate these threats or attacks from organizations or firms.

4. Cloud-based security services

The cloud-based security services refer to the backend brain security systems which utilize a wide range of tools with the objective to ensure proper analytics and intelligence threat. Such services pertain a monitoring security endpoints and pervade machine learning models with the objective to ameliorate the scanning for all-inclusive objectives.

5.    Consolidated solutions

Cybersecurity solutions should provide an absolute panacea to preserve the system of organizations or firms from the wide range of threats. In order to do so, the concerned security experts must know when and how to ensure complete utilization of anti-spam, anti-virus, anti-malware, content filters, and wireless security, among others.

This comprehensive protection or solution tends to preserve the system from such threats or attacks without compromising the confidentiality and security of data and enterprises.

6.    All-inclusive security system: detection, prevention, & response

A wide range of security threats or cyber-attacks can be prevented or blocked by ensuring timely detection or tracking of the same. In order to do so, appropriate platforms are used that tracks such attacks and spontaneously send alert and response to them. The tools such as hardware and software firewalls, network analyzers, SSL or TLS proxy servers, and other web applications or apps or platforms are used.

Cybersecurity Security Awareness & Indian Economy

The Internet had brought a wave of transformation in everyone’s life by altering the way of communicating, sharing updates, playing games, shopping, and even making friends. The internet is affecting every part of our daily life.

Considering its effect on our daily lives and every sector of the economy, it is significant to attain the proper education regarding the proclamation of information with the objective to prevent cyberattacks or crimes, including reenacting that students play a crucial role in creating an ecosystem of cyber security with the motto to restrict cyber-attacks or crimes.

Cyberspace interconnects us globally and keeping in the view that its usage is constantly expanding, the rate of cybercrimes, especially against children and women are rising such as cyberstalking, cyberbullying, cyber harassment, child pornography, and rape content, among others. With the objective to create a safe and sound cyber ecosystem, it is essential to follow cyber-safe practices.

With that, let’s move on to cyber crimes laws in India –

a.    Information Technology Act, 2000 (IT Act)

The IT Act enacts cyber laws in order to regulate electronic means of communication, and trade, including commerce to prevent computer crimes. The overview of the act is defined as –

“An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.“

Penalty & Compensation

1. Section 43 of the IT Act

The provisions under section 43 of the Information Technology Act, 2000 defines as –

If any person without the permission of the owner or any other person who is in charge of a computer, computer system, or computer network-

“(i) accesses such computer, computer system or computer network or computer resource; (ii) downloads, copies or computer system or computer network or computer resource; (ii) downloads, copies or extracts any data, computer data-base or information; (iii) introduces or causes to be introduced any computer contaminant or computer virus; (iv) damages or causes to be damaged any computer, computer system or computer network data, computer database or any other programmes; (v) disrupts or causes disruption; (vi) denies or causes the denial of access to any person authorised to access; (vii) provides any assistance to any person to facilitate access in contravention of the provisions of this Act; (viii) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network; destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means; (x) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code with intention to cause damage; he shall be liable to pay damages by way of compensation to the person so affected.“

It simply signifies that if an individual commits cybercrimes like computer damage to a victim without the consent of the same. Then the owner of the computer is entitled to a refund of the entire damage. While section 66 is applicable to any conduct provided in Section 43 which is considered to be dishonest and fraudulent the cyber criminal is punishable with imprisonment of up to 3 years or with a fine which might extend up to rupees five lahks, or both.

While section 66 is applicable to any conduct provided in Section 43 which is considered to be dishonest and fraudulent the cyber criminal is punishable with imprisonment of up to 3 years or with a fine which might extend up to rupees five lahks, or both.

2. Further Extension of Section 66

Section 66B is defined punishment for deceitful stealing of computer resources or communication devices, it is defined as –

“Whoever dishonestly receive or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.“

Section 66C, includes information associated with punishment related to identity theft such as using an electronic signature, password, or any other unique identification feature fraudulently or dishonestly, which describes punishment as –

“Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.“

Section 66D, this section involves information associated with punishment for cheating by personation by using computer resources, which is defined as –

“Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.”

Section 66E, this section of the information technology act includes information related to punishment associated with privacy violations such as taking pictures of private areas, and publishing/ transmitting these images without the consent of the concerned individual. If found guilty, the criminal would be punished with imprisonment of up to 3 years or a fine, which can extend up to rupees two lakh or both. Section 66F, the section 66F of the Information Technology Act defines punishment associated with cyber terrorism, be it to threaten the unity, integrity, security, or sovereignty of India or to strike terror in the people. In such cases, the cybercriminal would be punished with imprisonment, which could extend to life imprisonment

3.    Section 67

Section 67 includes punishment associated with publishing or transmitting obscene material in electronic form, as –

“Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.”

b.  Information Technology Rules (IT Rules)

The different aspects of data collection, transmission, and processing are covered under this rule as –

• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

It includes details related to sensitive information personal details withheld by entities such as –

• Password;
• Financial information such as Bank account or credit card or debit card or other payment instrument details ;
• Physical, physiological, and mental health conditions;
• Sexual orientation;
• Medical records and history;
• Biometric information;
• Any detail relating to the above clauses as provided to the body corporate for providing service;
• Any of the information received under the above clauses by the body corporate for processing, stored, or processed under lawful contract or otherwise

This section defines a set of rules, procedures, practices, and sensitive personal data or information which needs to be complied with. Moreover, an audit will be duly conducted once a year or as required.

• The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021

The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 help in maintaining the safety related to the online safety of data of users, which administer the role of intermediaries or social media intermediaries with the objective to restrict the data transmission on the internet.

• The Information Technology (Guidelines for Cyber Cafe) Rules, 2011

It includes guidelines for the cyber cafes to be complied with, and it includes registration of cyber café to generate unique identification numbers, identification of users, and management of physical layout and computer resources, among others.

• The Information Technology (Electronic Service Delivery) Rules, 2011

This Act includes information related to the electronic service delivery of certain services like applications, certificates, and licenses, by electronic means. It specifically emphasizes on the services provided by the government signifying compliance requirements related to the Creation of a repository of electronically signed electronic records by Government Authorities, Procedures for making changes in a repository of electronically signed electronic records, among others.

• Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (the CERT-In Rules)

This Act includes rules related to distinct CERT-In Rules as per Rule 12 of the CERT-In Rules, providing a 24-hour response help desk. This help desk is operational 24 hours to report the cyber security incidents of persons, organizations, and companies, in case they experience cyber attacks.

c.    Indian Penal Code, 1860 (IPC)

The Indian Penal Code, 1860 includes mentioned sections to prevent cyber crimes –

1. Section 292

This section excises control over punishment related to the publishing or transmission of obscene material or sexually explicit material digitally or electronically. In such case, a fine of 2000 or imprisonment of up to 2 years would be imposed.

2. Section 354C

It defines punishment related to taking or publishing images of the private parts of a woman, including actions. The section 354C is defined as –

“Any man who watches, or captures the image of a woman engaging in a private act in circumstances where she would usually have the expectation of not being observed either by the perpetrator or by any other person at the behest of the perpetrator or disseminates such image shall be punished on first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine, and be punished on a second or subsequent conviction, with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine.“

3. Section 354D

It includes provisions associated with cyber stalking are included in this section, including tracking, emailing, including attempts to contact her through digital means or electronically. It is defined as –

“Whoever commits the offence of stalking shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and shall also be liable to fine; and be punished on a second or subsequent conviction with imprisonment or either description for a term which shall not be less than three years but which may extend to seven years and with fine which shall not be less than one lakh rupees:

Provided that the count may, for adequate and special reasons to be mentioned in the judgement, impose a sentence of lesser period of imprisonment than specified minimum imprisonment.“

4.    Section 420

This section includes punishments related to cheating and dishonesty associated with property delivery, which imposes imprisonment of up to 7 years along with fine for crimes such as fake websites or online or cyber frauds.

5.    Section 463

Section 463 involves a punishment of 7 years or a fine, or both for the creation of false documents or false electronic records or part of a document or electronic record.

6.    Section 465

This section is defined as –

“Whoever commits forgery shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both.”

d.      Companies Act, 2013

The Companies Act 2013 includes the daily obligations to be complied with by the corporate stakeholders. Each provision associated with the Information Technology Act, 2000 related to electronic records involving the manner and format of electronic recording, as far as it is in variance with the concerned Act would be applicable to records of the electronic form provided under Section 39

Considering that, the Indian government has taken certain initiatives to prevent cyber-attacks or crimes as follows –

Cyber Crime Awareness Booklet on Cyber Security Awareness

Under Cyber Security Awareness, the tips for preventing cybercrime are –

• To keep your devices or mobile phones updated with advanced or updated safety patches.
• Use the appropriate security software (latest version) to preserve your system or devices.
• Always use or download the software or applications from trusted or known sources, and restrict from using pirated software on your system or devices.
• Protect your devices or mobile phones with strong PIN codes or passwords and do not share the same with anyone.
• Restrict sharing your net banking password, One Time Password (OTP), ATM/ mobile banking PIN, or CVV, among others with anyone, even if someone claims to be an employee of the bank.
• Ensure to change the default admin password of the wifi router to a strong one and keep your wireless network encrypted.
• Be cautious when using public wifi, including avoiding entering your personal and professional information or details while using these networks.
• Use the virtual keyword to access net banking services on public computers and be sure to log out from the same after completion of the online transaction. Moreover, ensure to delete the browser history.
• Be certain to scan all the email attachments from viruses prior to opening the emails, including ignoring downloading from untrusted emails.
• Be cautious while sharing your identity proof, especially the one which identifies your personal or company identity.
• Keep the IMEI code of your mobile in a safe place that can be the only access to you, an operator could blacklist or block or phone using your IMEI code, if your mobile phone is stolen.
• Prior to entering your ATM PIN, observe your surrounding and the people around you.
• Engaged in a detailed discussion of safe internet practices with your family and friends, including motivating them to follow the same in order to prevent cybercrimes or attacks.
• Avoid sharing bank details or card details on e-wallets it enhances the possibility of theft or fraud due to a breach of security.
• Contact the concerned authorities instantly if you think your safety is compromised.

Cyber Hygiene for cyberspace

Under the cyber hygiene initiative of the government, the Indian government has introduced some dos and don’ts to be followed in cyberspace emphasizing on different platforms.

Cyberspace is a complex and dynamic environment of interactions among people, software, and services supported by the worldwide distribution of Information and Communications Technology (ICT) devices and networks. The exponential increase in the number of internet users in India clubbed with rapidly evolving technologies has brought in its own unique challenges. Indian Cyber Crime Coordination Centre (I4C) under the Cyber & Information Security (CIS) Division of the Ministry of Home Affairs has prepared this manual to disseminate Cyber Hygiene Best Practices for the benefit of Industrial Bodies/General Public/Government Officials. This should not be considered an exhaustive list of precautions for Cyber Hygiene but baseline precautions that are to be taken.

• Computer safety tips

• USB device security

• Password security management

• General Internet Safety Precautions

• Financial Transactions – Safe Practices

• Social Media Platforms – Safety Tips

• Mobile Phone Safety

• Malware and E-mail Security Practices

Above mentioned is how the Indian government is promoting cyber security, emphasizing email security practices in social media. However, in the next section, we will describe various steps taken by the government to promote cyber security, especially for students.

Describe Various Steps Taken by the Government to Promote Cyber Security For Students

The cyber-attacks are becoming highly challenging as well as sophisticated nowadays, especially through the usage of social media platforms, emails, chatrooms, and websites, among others.

Email spoofing (a technique used in spam and phishing attacks to trick users into thinking a message came from a trusted person or entity), cyberbullying (using an electronic means of communication to bully an individual), job frauds, banking frauds, identity theft, among others have increased with the time, especially after covid, as it has given a kick start to a new era of digitalization. Though, covid-19 has pushed distinct sectors of the economy to work digitally, which certainly contributes to the growth of the economy, while on the other hand, the same can be seen as a significant cause of the increase in cybercrimes.

Let’s commence with how the Indian government is taking initiatives to prevent cyberbullying is often referred to as cyber harassment under which electronic means are used to bully or harass an individual  –

With the understanding of it, let’s move on to how the Indian government is helping in the prevention of cyber-grooming, which is referred to a situation in which an individual, often an adult befriends a child online and builds an emotional connection with the intention of sexual abuse, sexual exploitation or trafficking –

Besides social media, the Indian government, like any other economy is taking appropriate initiatives to prevent cybercrime. Recently, the Central government introduced and launched “Cyberdost” (February 2019) – a Twitter handle that is responsible for creating awareness regarding cybersecurity in order to create awareness regarding the same, @cyberdost has tweeted 1066+ tweets containing videos, images, and creatives providing general safety tips to prevent cybercrimes or attacks.

Besides this, we have to dive a little deep into how the Indian government is promoting cyber security, then we would like to highlight that the Indian government has actively engaged in –

• Radio campaigns
• SMS sharing with respect to creating awareness against cybercrimes
• Publicly publishing videos, images, and creatives providing general safety tips to prevent cybercrimes or attacks
• Publication of Handbook emphasizing “cyber safety of adolescents or children”
• Publication of Best security practices to reduce or prevent cybercrimes against government bodies
• Cyber safety and security awareness are being organized through C-DAC along with Police Department of various states

All such measures have been taken keeping the mission of preventing cybercrime.

Conclusion

Just like the entire world, the Indian economy is also considerate regarding the problems introduced by cyber security. This blog highlighted how the Indian government is promoting cyber security, we would like to emphasize that, be it issuing measures, tips, and practices to be followed to prevent cybercrimes with respective departments or ministries, the Indian government has formed the relevant policies and measures to prevent such hideous actions, which does not only cause loss of money but affects the life of a person.

Besides this, the Indian government has successfully introduced and implemented Acts and schemes to prevent cyber security attacks or crimes, such as Information Technology Act, 2000 (IT Act), Indian Penal Code, 1860, and Information Technology Rules (IT Rules), among others. Also, considering the risk imposed by cyber crimes, the Indian government has appropriately included daily obligations to be complied with by the corporate stakeholders to restrict the same issue. The Indian government has dedicated most of its resources not only to making India a developed country, however, also to preventing the breach of information through incorporating legal and technological advances without compromising digitalization.

Written & Compiled by CA Sunil Kumar Gupta

Founder Chairman, SARC Associates

sunilkumargupta.com