The Department of Electronics and Information Technology (DeitY) issued a draft ‘National Encryption Policy’ that mandates business, citizens including Government personnel to store their corresponding encrypted information in plain text for 90 days. This is done to allow law and enforcement agencies to easily gain access to data without performing painstaking decryption methods.
Additionally, the draft National Encryption Policy also states that the government of India shall define the algorithms and key sizes for encryption in India and it reserves the right to take action for any violation of this Policy.
Businesses also have to keep all encrypted data for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.
Entities in India are responsible for providing un-encrypted details of communication with foreign companies in readable plain text. Service providers which provide encryption in India will have to register with the government.
The Encryption Policy is not applicable to sensitive departments or agencies of the Government, designated for performing sensitive and strategic roles.