The Ministry of Electronics and Information Technology has once again asked central government departments, public sector units (PSUs), and other government organisations to prefer local cybersecurity products. The notification pertains to increasing ‘Made in India’ cybersecurity products.
As per an office memorandum sent earlier on 4/03/2021, despite clear guidelines on a public procurement policy for cybersecurity products, central ministries, PSUs, and government agencies have been mentioning “restrictive and discriminatory” conditions like minimum turnover, need for certain global certifications, and Gartner quadrant as necessary conditions.
According to senior officials, these conditions in government tenders are restrictive and discriminatory because they discourage small startups as well as local micro, small, and medium enterprises from bidding. “Think about the condition of the Gartner quadrant. It is only useful for businesses with a high turnover and scale to forecast market trends, new products on the market, and obstacles that these large companies may face. Startups and small businesses won’t profit from it, according to an official from the Ministry of Information Technology.
The 2019 Make in India circular
In 2019, the Ministry released a Make in India procurement order for all central government ministries, PSUs, and other government agencies, specifying that locally produced cybersecurity items should be prioritized.
The list of products included anti-virus, end-point, cloud, and mobile security products, device information and case, identity and access, and incident response management products, as well as others such as data classification and forensic software. As per the 2019 notification for domestic companies were to be given priority these products.
Who is a ‘Local Supplier’?
According to the rules, a cybersecurity software supplier is considered local only if it is either incorporated or registered in India, and if revenue from product and the intellectual property went to that Indian company. The Ministry also stated at the time that the overall royalty fee charged by the producer to the third party should not exceed 20% of the product’s total cost.
Domestically developed Cyber Security Product
The 2019 notification provides that a cybersecurity product, according to MeitY, is an “appliance” or “software” designed to protect the information, equipment, computer resources, or communication devices from unauthorized access, use, disclosures, disruption, or destruction.
A domestically manufactured cybersecurity product was described as one “whose intellectual property is owned by an Indian company/startup,” according to the report. It stipulated that a cybersecurity product’s minimum local content must be equal to 60% of the total cost.
MeitY had also mentioned that the Indian firm would be expected to show possession of the cybersecurity products’ intellectual property (IP) as well as the relevant trademarks.
The Ministry had also developed a complaint redress system for both suppliers and buyers at the time. It had previously claimed that a complaint fee of Rs 2 lakh or 1% of the value of domestically produced products will be deposited with the IT Ministry’s Standardisation Testing and Quality Certification (STQC).
The entire fee would be confiscated if the complaint was found to be false or frivolous by either the supplier or the buyer, and would be returned without interest if the complaint was found to be substantive and valid.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.