India Entry & Business Startup Consultings

Hacking GST database can now lead to 10 year imprisonment

Hacking GST database can now lead to 10 year imprisonment

NEW DELHI: Hacking into the government’s India's goods and services tax (GST) database and its associated infrastructure dependencies installed at GST Network (GSTN) can now lead to 10-year imprisonment, as the assets have been declared as 'protected systems' by the finance ministry, under the IT Act. Protected systems are part of critical information infrastructure and their destruction can have a debilitating impact on national security, economy, public health or safety. Since the information stored on the assets has national security significance, the facilities will get additional security cover.

“The Ministry of Finance hereby declares the Goods and Services Tax Database and its associated infrastructure dependencies installed at Goods and Services Tax Network (GSTN), as the protected system for the purpose of said Act,” a notification dated February 4 noted. Access to the system and its facilities has been limited to authorised GSTN employees, designated tax officers of the Central Government, State Government, Union territories, auditing agencies and accounting authorities.

Authorised members or employees of the service providers that manage the GSTN, such as InfosysNSE 0.77 % and Tech Mahindra, or third-party vendors and GSTN authorized business partner, shall be allowed access, the notification added. Under sub-section (1) of Section 70 of the Information Technology Act, 2000, which has been cited by the finance ministry, the government can declare any computer resource as a protected system and as per the Act a person who attempts to access such a system can be jailed up to 10 years, besides being fined. “Incapacitation of GSTN database would be considered as blow to national security, economy, public health or safety and the person responsible for it would be punishable with imprisonment for a term which may extend to 10 years together with a fine,” said Rajat Mohan, senior partner at AMRG Associates.

The government has already declared Central Identities Data Repository (CIDR) facilities of Unique Identification Authority of India besides its information assets, logistics infrastructure and dependencies, as protected systems under the Act.



Leave a Reply

Your email address will not be published. Required fields are marked *