CERT-in may be exempted from giving information under RTI Act, says Centre

The cybersecurity agency may soon not be required to respond to Right to Information queries

Updated - March 31, 2023 11:09 pm IST

Published - March 31, 2023 01:53 pm IST - NEW DELHI

Indian Computer Emergency Response Team (CERT-in) soon to be exempted from responding to queries under the Right to Information Act. | Representational image

Indian Computer Emergency Response Team (CERT-in) soon to be exempted from responding to queries under the Right to Information Act. | Representational image | Photo Credit: The Hindu

The Indian Computer Emergency Response Team (CERT-in) may soon be exempt from responding to queries under the Right to Information Act, the government informed Parliament on Friday. The Department of Personnel and Training has reviewed a proposal from the Ministry of Electronics and Information Technology to include CERT-in in the Second Schedule to the RTI Act, which deals with exempted organisations like the Central Bureau of Investigation (CBI) and the Border Security Force (BSF).

Inter-departmental consultations are ongoing to examine the proposal, with the Ministry of Law and Justice participating, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said in the response to Biju Janata Dal MP Amar Patnaik.

The exemption would allow CERT-in to reject any application for information, even on policy related matters. This is significant in light of the April 2022 directions the body issued to require Virtual Private Network (VPN) providers and cryptocurrency firms to preserve user requests. The directions are being challenged in the Delhi High Court, and the government has argued that absolute anonymity online is not acceptable. Several major VPN providers have pulled their servers out of India, arguing that the directions would compromise users’ privacy on the internet.

Also read: Explained | Are ransomware attacks increasing in India? 

CERT-in coordinates with public and private organisations in India when cyber incidents like data breaches and ransomware attacks are reported. It also issues advisories for software vulnerabilities as guidance for organisations.

When deliberations on exempting CERT-in from the RTI Act were first reported last May, the Delhi-based Internet Freedom Foundation said in a statement, “On the one hand, CERT-In wants our logs [under the April 2022 Cyber Security Directions], non-compliance with which will lead to one year jail time, but on the other hand, doesn’t want to be transparent to the citizens in return.”

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.