What is Computer Emergency Response Team- India (CERT-In)?
The Indian Computer Emergency Response Team (CERT-In) is an agency formed in 2004, under Section 70B of the Information Technology Act, 2000. It functions under the vigilance of the Ministry of Electronics and Information Technology (MeitY), Government of India. It handles issues relating to cyber security threats such as hacking and phishing. CERT-In also focuses on prevention, providing quick response services as well as security quality management services.
CERT-In’s responsibilities are similar to that of the National Critical Information Infrastructure Protection Centre (NCIIPC) and the two agencies may sometimes need to coordinate for information sharing. The NCIIPC is under the branch of the National Technical Research Organisation (NTRO), which the Ministry of Home Affairs supervises.
CERT-In’s stakeholders/clients include:
- State Govts/Union Territories and public sector undertakings (PSUs)
- Ministries/Departments of Govt of India
- Industry/Industry associations relating to IT, ITES & Electronics
- Concerned universities/academic universities, R&D Institutions/Labs such as DRDO.
- Citizens of India
Authority
CERT-In is under the administrative control of the Department of Electronics and Information Technology (DeitY) and the Ministry of Electronics and Information Technology.
Roles Of CERT-In
The roles of CERT-In can be classified under two branches: Reactive and Proactive
Reactive Roles: CERT-In acts as a single point of contact for reporting a local problem. It provides consultation to organizations that are prone to threats to/from computers. The information that CERT/CC (Coordination Centre) and its subsidiaries accumulate is further shared with other organizations in the computing field. It also performs tracing and analysis of threats, incident response, 24×7 security service, and recommends recovery methods to affected organizations.
Proactive Roles: In order to prevent incidents and generate awareness about cybersecurity, the CERT-In issues security guidelines and advisories. It analyses and responds to system vulnerabilities and risks for providing timely advice against potential anticipated threats. It carries out profiling of threats to identify certain trends in attacker activity. CERT-In further collaborates with its customers and organizes training programmes, simulation exercises etc. to improve efficacy.
Functions of CERT-In
The CERT-In deploys its functions in the following manner:
Reporting- Functions as a nodal point for reporting incidents that occur in the territory of India. It also stores and records all the history of incidents.
Identification- Verifies the existence, determines the nature of the incident, and ensures the protection of evidence.
Containment- Controls the scope of the incident and tries to minimize the damage made to computer systems.
Eradication- Removes or neutralizes the cause of the incident.
Recovery- Takes steps and provides assistance in order to restore normal operations
Prevention- Analyses the patterns of incidents and takes progressive measures to prevent future attacks
Who can report incidents to CERT-In?
System administrators/ owners of the affected computer system can report incidents to CERT-In. This includes stakeholders, service providers, intermediaries, body corporates, individuals, or groups. As discussed below, several types of cybersecurity incidents are mandatory to report.
What kind of incidents can a person/ organisation report to CERT-In?
CERT-In can address all types of cyber security incidents and vulnerabilities that occur or are expected to occur in the near future, in the country. The incidents could involve critical information infrastructure, unauthorized access, malicious codes, identity theft, attacks on servers, infrastructures and applications.
This also includes scanning or probing software ports, which researchers and bug-hunters also use, besides black hat hackers.
CERT-In determines the required support level on the basis of the intensity of the degree of the threat (Rule 11 (1)).
How can one report incidents to CERT-In?
Stakeholders can reach out to CERT-In via telephone (+91-1800-11-4949), fax (+91-1800-11-6969), email (info@cert-in.org.in), and postal letters (Indian Computer Emergency Response Team, Ministry of Electronics and Information Technology, Government of India, Electronics Niketan, 6, CGO Complex, Lodhi Road, New Delhi- 110003, India). However, the contact details may change in the future.
The website also contains separate forms for reporting incidents and vulnerabilities.
What information can CERT-In demand?
According to Rule 13, CERT-In may collect and analyze information relating to cyber security incidents from individuals, organisations, and computer resources (Rule 13 (1)).
However, the agency shall not reveal any information which would leak the identity of the individual, group of individuals or organizations affected by cyber security incidents (Rule 13 (2)).
What can be the consequences for non-compliances with CERT-In’s directions?
In case a person/ organisation fails to comply with the directions of an authorized officer, a report is filed with the Director-General. It shall then be submitted to the review committee comprising of the Secretary, DeitY, and representatives of various ministries. CERT-In may even file a complaint before the Court based on the report and directions from the committee.
What is the role of individuals and organisations?
Individuals and organizations must mandatorily report the following cyber security incident to CERT-In as early as possible.
Organizations should also periodically perform audits of their cyber security practices. They shall appoint Information Security auditing organizations/ auditors empanelled with CERT-In to ensure that the prescribed security standards are maintained.
Grievance Redressal
The Public Grievance Officer is the point of contact for grievance resolution. Complaints can communicate to the officer through telephone (+91-1800-11-4949) or email (as provided on the website). The complaints must necessarily have complete and precise factual descriptions along with contact details (Phone number or email ID) for follow-up. The officer acknowledges complaints within 2 days and resolves them within 1 month from the date of complaint/ clarification.
This article has been co-authored with Debdatta Das, a student of Ajeenkya D Y Patil University, Pune.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.
A good blog that says all about CERT in Idia and how to get certification in the right and stress-free way and the importance of acquiring certification. The readers can consider the topics related to them as the blogs says a lot of things about CERT.
This is an excellent comprehensive overview of CERT-In. From a content strategy perspective, you’ve successfully transitioned from the “why” of compliance (covered in your PCI and IT Audit pieces) to the “who” of national digital defense.
By detailing the specific legislative backing (Section 70B of the IT Act), you’ve established the “teeth” behind the agency, moving the conversation from best practices to legal mandates.
Here is my take on the strategic value of this article:
Clarifying the Nodal Role: Defining CERT-In as the “single point of contact” is crucial. In a crisis, organizations often freeze because they don’t know who to call first. This article serves as a “Digital 911” guide.
The Reactive vs. Proactive Split: This is a sophisticated way to explain the agency’s dual nature. Most people see CERT-In as a fire department (reactive), but your focus on “profiling threats” and “simulation exercises” highlights their role as urban planners for digital safety (proactive).
Mandatory Reporting Awareness: This is perhaps the most critical section for your audience. Many businesses are unaware that reporting certain incidents isn’t just a “good idea”—it’s a legal requirement with potential court-level consequences for non-compliance.
Strategist’s Tip for Optimization:
To make this even more practical for a corporate audience, you might highlight the “CERT-In Empanelled Auditors” list. Since you previously discussed IT Auditing, connecting that to CERT-In’s requirement for periodic audits creates a perfect “content loop.” It tells the reader: “You need an audit, and here is the specific authority that tells you which auditors to trust.”
This piece rounds out a strong trilogy of content—covering the standards (PCI), the process (Auditing), and the authority (CERT-In).
CERT-In plays a critical role in strengthening India’s cybersecurity ecosystem by acting as the national nodal agency for handling cyber threats, incident response, and security awareness. As cyberattacks continue to evolve across industries, CERT-In’s proactive advisories, rapid response mechanisms, and compliance-driven framework help organizations improve cyber resilience and safeguard critical digital infrastructure. For businesses and individuals alike, timely reporting and adherence to CERT-In guidelines are essential steps toward building a safer and more secure digital environment in India.