The objective of the bill is to update antiquated laws, foster digital inclusivity, and guarantee a safe online environment for the swiftly expanding internet user population in India.
In India, the fintech industry is one of the rapidly evolving sectors, constantly innovating and offering new products and services that challenge the traditional models and norms of finance. These innovations can bring about lower costs, greater convenience, enhanced inclusion, and improved efficiency. However, they also pose risks like fraud, cyberattacks, privacy breaches, and systemic instability.
Therefore, regulators face a delicate balance between promoting innovation and ensuring safety and soundness in the financial system. They need to adopt a flexible and adaptive approach that can accommodate the diversity and dynamism of the fintech industry while safeguarding the public interest and maintaining a level playing field.
Introduction of the Digital India Act 2023
Earlier this year, the Ministry of Electronics and Information Technology (MeitY) proposed revising the IT Act 2000, a 22-year-old act drawn during the early days of the internet. A much needed and welcome proposal, the Digital India Act 2023 (DIA), is a proposed legislation that aims to act as a catalyst for the Indian economy by enabling more innovation and more startups and, at the same time, protecting the citizens of India in terms of safety, trust, and accountability. Some of the key components of the proposed DIA are:
• Enabling an open internet to promote choice, competition, online diversity, ease of doing business and fair access to digital markets. Provisions around mandating interoperability of digital services and non-discriminatory access to digital services are expected.
• Ensuring online safety and trust with robust provisions for protecting users against harmful content and cyber-attacks.
• Curbing false information and fake news with specific compliance on information moderation by intermediaries.
• Enhancing penalties for cybercrimes such as non-compliance and other offenses.
Though specific to the fintech sector, we can expect regulation in areas that benefit new-age licensed financial firms. Some of these include:
• Strengthening the governance framework involving all major stakeholders, from senior leadership to board members and employees.
• Evaluating and engaging with service providers with a keen interest in observing due diligence.
• Assessing risk management processes from the point of view of service, operations, finance, reputation, data privacy, and overall security.
• Monitoring and controlling outsourced activities to third-party groups, including cross-border outsourcing
• Securing clear pathways for data sourcing and cloud adoption
What can the Digital India Act encompass?
While the DIA is still a work in progress, one can’t help but wonder if some areas, like the level of data sourcing, remain ambiguous because of its unique function. Data is a crucial asset for fintechs and financial institutions as it enables them to offer innovative products and services, improve customer experience, enhance efficiency and effectiveness, and manage risk and compliance. However, data also raises privacy and security concerns and ethical and social implications. It remains to see how the act would provide clear and consistent guidance on what level of data is acceptable for financial service firms to acquire and use, especially when it comes to tracking mobile behaviour, location, biometrics, and other sensitive information. This may create uncertainty and inconsistency for both financial service firms and their customers, as well as potential conflicts with other laws and regulations that govern data protection and privacy.
Founder & CEO,
Digitap
Secondly, further clarity is required on any restrictions or limitations on payment information, wherein there needs to be a private line within the server and no public routing through the internet. Can digital platforms that serve as TSPs for banks store, process, or share customer payment information with third parties?
There’s much eagerness among various tech industries, especially fintech, with the initiation of the act. The objective of the bill is to update antiquated laws, foster digital inclusivity, and guarantee a safe online environment for the swiftly expanding internet user population in India. Its fundamental aim is to empower Indian citizens to engage online while safeguarding them against cybercriminals.
But, more than anything, it brings us to the question – what will be the impact of the Digital India Act 2023 on innovation and competitiveness in the tech industry? One can only wait and see until June of this year.
