Cybersecurity Briefing — India CERT-In 6-Hour Cyber Incident Reporting Directive
India’s CERT-In issued directions on 28 April 2022 mandating that a wide range of service providers and enterprises report specified cyber incidents within six hours and retain detailed logs for 180 days.
On 28 April 2022 India’s Computer Emergency Response Team (CERT-In) invoked its Section 70B authority to order service providers, data centers, VPN companies, cloud providers, and enterprises to report defined security incidents within six hours of noticing them. The directive also requires organizations to synchronize system clocks with NTP servers, retain ICT system logs for 180 days within India, maintain subscriber/customer KYC information, and share it on request.
The rules became enforceable after 60 days, with compliance deadlines extended for some providers. Security and privacy teams operating in India must update incident playbooks, log retention, and customer verification processes to align with the accelerated reporting timeline and data localization expectations.
- CERT-In Directions of 28 April 2022 enumerate reportable incidents, log requirements, and synchronization obligations.
- Government press release explains the compliance rationale and timelines for implementation.
Continue in the Cybersecurity pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Cybersecurity Operations Playbook — Zeph Tech
Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.