Section 5 of Direction No. 20(3)/2022-CERT-In mandates data centres, virtual private server providers, cloud service providers, and virtual private network service providers to mandatorily collect and retain certain subscriber-related information accurately for a minimum period of five years after the subscriber is no longer availing the underlying services. These data sets include subscriber names, period of hire including dates, IPs allocated and used, e-mail address along with IP and time stamp used at time of registration, purpose of availing the services, verified address and contact numbers, and ownership pattern of subscribers. Virtual asset service providers, virtual asset exchange providers and custodian wallet providers must also maintain KYC information and records of financial transactions for a period of 5 years. Specific to transaction records, Direction No. 20(3)/2022-CERT-In states that information must be maintained accurately in such a way that individual transactions can be reconstructed along with the relevant constituents such as IP addresses, time zones, transaction ID, public keys or equivalent identifiers, addresses or accounts involved, nature and date of transaction, amount transferred, etc.

Bharat Sanchar Nigam Limited, the incumbent, is fully owned by the Government of India. BSNL (Bharat Sanchar Nigam Ltd.) provides all types of telecom services, namely telephone services on landlines, Wireless Local Loop and GSM mobile, Broadband, Internet, leased circuits and long-distance telecom services.

According to the License Agreement for Provision of Internet Services, the Internet Service Provider licensee shall maintain all commercial records, call detail records, exchange detail records, and IP detail records with regard to the communications exchanged on the network. Such records shall be archived for at least two years for scrutiny by the Licensor for security reasons and may be destroyed thereafter unless directed otherwise by the Licensor.

India does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, the Accounting Separation Regulation is applicable to all the service providers having aggregate turnover of not less than rupees one hundred crore (approx. 12,182,700 USD) during the accounting year for which report is required to be submitted from operations under the telecom license(s) issued to them under section 4 of the Indian Telegraph Act 1885. The telecom service providers are required to submit their audited accounting separation reports based on a historical cost basis every year and on a replacement cost basis every second year within seven months of the end of the accounting year.

According to the Consolidated Foreign Direct Investment (FDI) Policy Circular 2020, foreign direct investment in telecom services (including fixed, mobile, and internet) is subject to compliance with both licensing and security conditions by the licensees and investors. These regulatory requirements have been in place since the implementation of the Consolidated FDI Policy Circular 2013 (Section 6.2.15). The conditions are outlined in the License Agreement for Unified License, which applies to all telecom services across the country.
Internet Service Providers (ISPs) and Telecom Service Providers (TSPs) in India must comply with the License Agreement for the Provision of Internet Services. Additionally, TSPs are required to adhere to two separate license agreements: the Cellular Mobile Telephone Service (CMTS) License Agreement, which governs cellular mobile communications, and the License Agreement for the Provision of Basic Telephone Services (BTS), which covers landlines. Reports suggest that these licenses provide the government with significant access to communication data held and processed by service providers.
It is also noted that India’s one-time licensing fees—approximately USD 500,000 for a service-specific license or USD 2.7 million for an all-India Universal License—act as a barrier to market entry for small and medium-sized enterprises.

India has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Telecom Regulatory Authority of India, the executive authority established in the Telecom Regulatory Authority of India (Officers and Staff Appointment) Regulation, 2001, for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Under Condition 39.23(viii) of the Unified Licence Agreement granted by the Department of Telecommunications, licensees are not permitted to transfer “subscriber accounting information” (except for roaming and related billing purposes) or “user information” (except if pertaining to foreign subscribers using an Indian Operator’s network while roaming, and International Private Leased Circuit subscribers) to any person or place outside of India. “User information” is not defined by Indian telecommunications law, and the requirements do not restrict financial disclosures imposed by statute. Condition 39.23(iii) prohibits the transfer of domestic technical network details to any place outside of India.

Section 4 of the Public Records Act states that no person shall take or cause to be taken public records out of India without the prior approval of the Central Government, except if done for any official purpose. 

India’s National Data Sharing and Accessibility Policy requires that “non-sensitive data available either in digital or analogue forms but generated using public funds” must be stored within the borders of India. The policy states that data belongs to the "agency/department/ministry/entity which collected them and resides in their IT-enabled facility” (Section 10).

In 2015, India’s Ministry of Electronics and Information Technology (MeitY) issued guidelines for a cloud computing empanelment process under which cloud computing service providers may be provisionally accredited as eligible for government procurement of cloud services. The guidelines require such providers to store all data in India to qualify for accreditation.
In addition, Section 2.1.d of the Guidelines for Government Departments on Contractual Terms Related to Cloud Services requires that any government contracts contain a localisation clause mandating that all government data residing in cloud storage networks is located on servers in India.
Furthermore, Section 1.17.4 of the Master Service Agreement: Procurement of Cloud Services outlines, among other things, that cloud service providers must offer cloud services to the purchaser from a MeitY-enrolled data centre which is located in India, the data must be stored within India, and must not be taken out of India without explicit approval by the purchaser.

Rule 3.5 of the Companies (Accounts) Rules of 2014 provides that if company books and papers (or backups of them) are kept electronically in any location, they must also be periodically stored on a server physically located in India. 

Copyright is not adequately enforced online in India. It is reported that, despite efforts to combat websites hosting pirated content, enforcement by courts and police officers remains weak. There is a lack of familiarity with investigation techniques, and the absence of a centralised IP enforcement agency, coupled with poor coordination between national and state levels, undermines the progress made. Stakeholders report ongoing issues such as unauthorised file-sharing of video games, signal theft by cable operators, commercial-scale photocopying, unauthorised reprints of academic books, and circumvention of technological protection measures.

India has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

India has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.