Section 5 of Direction No. 20(3)/2022-CERT-In mandates data centres, virtual private server providers, cloud service providers, and virtual private network service providers to mandatorily collect and retain certain subscriber-related information accurately for a minimum period of five years after the subscriber is no longer availing the underlying services. These data sets include subscriber names, period of hire including dates, IPs allocated and used, e-mail address along with IP and time stamp used at time of registration, purpose of availing the services, verified address and contact numbers, and ownership pattern of subscribers. Virtual asset service providers, virtual asset exchange providers and custodian wallet providers must also maintain KYC information and records of financial transactions for a period of 5 years. Specific to transaction records, Direction No. 20(3)/2022-CERT-In states that information must be maintained accurately in such a way that individual transactions can be reconstructed along with the relevant constituents such as IP addresses, time zones, transaction ID, public keys or equivalent identifiers, addresses or accounts involved, nature and date of transaction, amount transferred, etc.

India applies a residency requirement for the members of the board of directors. Art. 149.3 of the 2013 Companies Act requires every company to have at least one director who has stayed in India for a total period of not less than 182 days in the previous calendar year.

According to the Consolidated Foreign Direct Investment (FDI) Policy Circular 2020, broadcasting services require that a majority of the company’s directors are Indian citizens. Additionally, the CEO, the chief officer responsible for technical network operations, and the chief security officer must all be resident Indian citizens. Furthermore, officers or officials of the licensee companies involved in the interception of services must also be Indian citizens. This requirement has been in effect since the implementation of the Consolidated Foreign Direct Investment (FDI) Policy Circular 2013 (Section 6.2.7.6)

India has traditionally implemented FDI screening for investors from Bangladesh and Pakistan. According to Section 3.1.1 of the Consolidated FDI Policy 2020, non-resident entities may invest in India, subject to the conditions specified in the policy, except in prohibited sectors or activities. However, investment by citizens of Bangladesh or Pakistan is permitted solely through government approval. This regulatory requirement has been in effect since the enactment of the Consolidated FDI Policy Circular 2013 (Section 3.1.1).
Notwithstanding this framework, in April 2020, the Ministry of Commerce and Industry introduced the Review of Foreign Direct Investment (FDI) Policy for Curbing Opportunistic Acquisitions of Indian Companies (Press Note 3). Under this policy revision, the FDI regime was expanded to mandate government approval for investments from any entity based in a country that shares a land border with India. Furthermore, the policy stipulates that any direct or indirect transfer of ownership of existing or future FDI in India, which results in a change in beneficial ownership falling within the scope of the conditions set forth in the Press Note, will similarly require government approval.
This legislative adjustment primarily targeted China in response to escalating border tensions between the two nations. Since the introduction of Press Note No. 3, an estimated 150 private equity and venture capital investment applications from China and Hong Kong have remained pending government clearance.

According to Section. 6.2.14 of the 2020 Consolidated Foreign Direct Investment (FDI) Policy Circular, full foreign direct ownership is permitted in the telecommunications sector (including Category-I Telecommunications Infrastructure Providers). However, government approval is required for FDI above 49%. This regulatory requirement has been in effect since the enactment of the Consolidated FDI Policy Circular 2013 (Section 6.2.15).

According to the Patent Act, 1970 (Act No. 39 of 1970, as amended up to Act No. 15 of 2005) and the Patents Rules, 2003 (as amended up to Patents (Amendment) Rules, 2012), applications for copyright, trademark and patents can be filed online, however, design applications can only be filed in person. Moreover, applicants who do not have a registered place of business in India are required to file applications through an Indian attorney or agent.

In 2002, the foreign filing license requirement was introduced in the Indian Patents Act of 1970. This requirement provides that any inventor who is a resident of India should file a patent application for his/her own invention first in India. The patent application can be extended internationally only six weeks after the initial filing date. Alternatively, the inventor is required to obtain the controller’s permission for filing the patent application outside India. However, given that the process is reported as burdensome, applying first in India is the preferred way of complying with these provisions. The violation of such rule results in criminal liability under Section 118 of the Indian Patent Act of 1970, with consequent monetary fine or imprisonment of up to two years, in addition to the impossibility of proceeding with the patent application.

It is reported that the potential threat of patent revocations, lack of presumption of patent validity, and the narrow patentability criteria under the India Patents Act impact companies across different sectors. In addition, it has been reported that courts take a significant amount of time to make a final decision in a patent case. A patent lawsuit ordinarily takes approximately five to seven years to be finally decided after trial if contested by the other party. The Commercial Courts Act is helping to speed up the process with case management hearings and time-bound trials. However, the backlog of cases at the court and the shortage of judicial officers have an impact on the time it takes for a final decision on a case.

India is a party to the Patent Cooperation Treaty (PCT).

The Copyright Act of 1957 provides a clear regime of copyright exceptions that follows the fair dealing model, which enables the lawful use of copyrighted work by others without obtaining permission. According to Art. 52.1, a fair dealing with any work (not being a computer programme) for the purposes of private or personal use, criticism or review and the reporting of current events and current affairs does not constitute an infringement of copyright.

Copyright is not adequately enforced online in India. It is reported that, despite efforts to combat websites hosting pirated content, enforcement by courts and police officers remains weak. There is a lack of familiarity with investigation techniques, and the absence of a centralised IP enforcement agency, coupled with poor coordination between national and state levels, undermines the progress made. Stakeholders report ongoing issues such as unauthorised file-sharing of video games, signal theft by cable operators, commercial-scale photocopying, unauthorised reprints of academic books, and circumvention of technological protection measures.

India has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

India has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

India lacks a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to them. As per the decision of the Delhi High Court in 1995, a trade secret is defined as any information with commercial value that is not available in the public domain and the disclosure of which would cause significant harm to the owner. Moreover, Indian courts and tribunals have upheld the protection of trade secrets under other laws such as contract law, copyright law, principles of equity, and common law action of breach of confidence (which is basically a breach of an obligation to keep a piece of information secret). In addition to the above, the Information Technology Law of 2000 also sets legal means of protection for confidential information in the form of electronic records.

It is reported that there is an obligation for passive infrastructure sharing in India to deliver telecom services to end users, and it is practised in both the mobile and fixed sectors based on commercial agreements.