The Indian Computer Emergency Response Team (CERT-In) extended the deadline for reporting cyber incidents and treating users' personal data for MSMEs, VPNs, and data centres until September 25, 2022.
The Cybersecurity Directives outlining cyber incident reporting and treatment norms for VPNs have been a source of contention since their announcement in late April 2022. Previously, the deadline was set for 60 days after April 28, 2022. CERT-In stated on its website that the IT ministry and CERT-In received requests for extensions of timelines for implementing these Cybersecurity Directions, particularly from MSMEs. Data centres, VPS, cloud service providers, and VPNs, on the other hand, requested more time to implement the mechanism for validating subscribers and their customers.