Deborshi Barat, Author at S&R Associates

Back to the Future: India’s Proposed Digital Governance Framework

Insights | May 31, 2023 | Practice Area: Data, Regulatory, Technology Media and Telecommunications

A first draft of the proposed Digital India Act (“DIA”) may be ready by June for public review, while a corresponding bill may be introduced before parliament soon thereafter, pursuant to industry feedback. Meanwhile, further to consultations between the Ministry of Electronics and Information Technology and select stakeholders across Bengaluru, New Delhi, and Mumbai in March and May 2023, the following principles appear likely to define the main thrust of the new law: (1) an open internet, (2) online safety, (3) a revised intermediary framework, (4) the regulation of new technologies, (5) non-personal data sharing, and (6) limited (or no) safe harbor.
This note, the third of S&R Data+ – a multipart series on data governance focused on personal and non-personal information – discusses these principles with respect to the DIA.

India’s Proposed Digital Governance Framework: Past Developments and Present Status

Insights | May 24, 2023 | Practice Area: Data, Regulatory, Technology Media and Telecommunications

This is the second note of S&R Data+, a multipart series on data governance focused on personal and non-personal data, including with respect to their separate regulatory, legal, and commercial implications. The previous note summarized India’s existing data protection framework and provided an overview of India’s legislative trajectory in that regard. Here, we provide a snapshot of the gradual build-up to India’s proposed digital governance framework, including by analyzing past trends which have led to present developments.
While a recent flurry of legislative and policy activity promises to transform the country’s digital future, two landmark laws with respect to digital personal and non-personal data, respectively, may attain concrete shape by the end of 2023 itself – thereby replacing India’s existing data protection framework under the Information Technology Act, 2000, as amended, along with its allied rules.
While recent reports suggest that India’s current draft of the Digital Personal Data Protection Bill, 2022 is likely to be tabled before parliament in the month of July (as potentially revised pursuant to stakeholder comments), a proposed ‘Digital India Act’ has simultaneously gathered consultative traction – further to which a draft bill is expected around the same time. Thus, July 2023 promises to be a significant period for the country’s future.
Later in the series, we will examine the possible impact of such present developments on the shape of laws to come.

Personal and Non-Personal Data in Digital India: Before and After

Insights | May 17, 2023 | Practice Area: Data, Regulatory, Technology Media and Telecommunications

Over the past few years, the ripple effects of GDPR and the EU’s wider data governance regime have spread to, and influenced, the rest of the world – including India – especially with respect to the latter’s ongoing efforts to overhaul its domestic data protection framework. Furthermore, certain recent developments, involving key legislative and policy interventions, promise to fundamentally transform the country’s digital future, much like Europe’s. For instance, by the end of the year, two far-reaching laws – a ‘Digital Personal Data Protection Act’ (“DPDP”) and a ‘Digital India Act’ – may both reach fruition with respect to digitized personal data and non-personal data, respectively.
However, major gaps persist when it comes to distinguishing between the two. This distinction has assumed additional importance today for India – poised as it is on the cusp of a new governance architecture, replete with consequences related to collection, consent, processing, storage, protection, breach, exploitation, sovereignty, ownership, and localization. Accordingly, it is time that the unique techno-legal challenges and opportunities connected with personal and non-personal data, respectively, were separately examined – including to analyze their discrete regulatory requirements and commercial scope. At the same time, paradigmatic boundaries within the personal/non-personal continuum have increasingly blurred on account of the rising use of mixed datasets and de-anonymization techniques, the regulation of which has demanded urgent governmental attention.
In light of the above – ‘Data+’ – a special multipart series on data governance, will focus on analyzing personal and non-personal data separately while exploring the various legal, business, and regulatory issues associated with the two – including with respect to certain extraordinary innovations proposed under DPDP relative to GDPR, such as in respect of ‘deemed’ consent; sensitivity, volume, and harm; and relatedly, ‘significant data fiduciaries’. This note – the first of this special series – is divided into two sections. In Section I, we provide a brief summary of whether, and how, India’s existing data protection framework addresses the definitions of, and the distinction between, personal and non-personal data, respectively. In Section II, we provide an overview of India’s staggered legislative trajectory in this regard. Further into the series, we will analyze India’s proposed digital governance paradigm, including with respect to differences between personal and non-personal data.

Readying the Law to Host ‘Data Embassies’ in India

Insights | May 8, 2023 | Practice Area: Data, Mergers and Acquisitions, Private Equity, Regulatory, Technology Media and Telecommunications

Consistent with India’s stated aims of becoming a data storage and cloud computing hub, as the country seeks to encourage foreign governments and businesses to establish ‘data embassies’ at Gujarat’s GIFT City, a bespoke policy may soon be formulated along the lines of Bahrain’s cloud law, as well as for the purpose of defining a ‘data embassy’ appropriately such that its underlying and/or associated infrastructure qualifies for diplomatic protection under international law. Alternatively, such entities could be instrumentalized through customized bilateral agreements that re-interpret the Vienna Convention (like Estonia and Monaco signed with Luxembourg in 2017 and 2021, respectively) in respect of granting regulatory immunity to potentially both personal and non-personal information (as if it were physical premises), including with regard to non-sovereign commercial digital databases.
Clause 17 of India’s current draft of the Digital Personal Data Protection Bill, 2022 (“DPDP”) permits digitized personal data to be stored overseas, albeit at locations that satisfy the government in terms of political and protectional adequacy. In that regard, a revised iteration of DPDP (or rules framed thereunder) may subsequently include the principle of reciprocity in a way that foreign state or private entities are able to use local cloud ecosystems through state-of-the-art data centers located inside an Indian SEZ, including for the purpose of storing copies of critical government or business information for continuity, backup, and/or recovery-related reasons – in case the main servers back home get compromised – including on account of sustained denial-of-service attacks, a natural disaster, full-scale military invasions, or any other national emergency.
Nevertheless, since DPDP deals exclusively with digitized personal data, if India’s data embassy policy envisages the storage of non-personal information only, it may need to rely on a different legislation – such as the proposed Digital India Act. Meanwhile, although certain Tier 3 and Tier 4 data centers with business continuity and disaster recovery functions are already operational at GIFT City, data embassies may require a new approach by leveraging diplomatic agreements bolstered by cloud technology solutions. Accordingly, India may want to develop a separate legal framework for the purpose of being perceived as a reliable host with respect to sensitive foreign databases.
With this background, this note examines how countries and companies (especially vulnerable and/or at-risk ones) that want and/or need digital continuity solutions may evaluate available options – given policy, legal, and logistical constraints in this regard.

Renewable Energy: Issue 1 of 2023

Quarterly Roundups | April 18, 2023 | Practice Area: Clean Energy, Regulatory

India appears to be on the right track with respect to its ambitious goals and determined pivot towards renewable energy. Indeed, the country has positioned itself as one of the most attractive destinations for renewable energy projects in the world.
In light of such developments, we at S&R Associates are happy to present a quarterly roundup (January to March 2023) on renewable energy, including regulatory updates and legal insights on some key issues.

Navigating BRSR: Concerns and Opportunities

Insights | April 14, 2023 | Practice Area: Banking and Finance, Clean Energy, Corporate Governance and ESG, Private Equity, Regulatory

In February, SEBI released a consultation paper on disclosures, ratings, and investing related to ESG, pursuant to which an assurance-driven reporting regime based on key ESG attributes (“BRSR Core”) may be introduced soon.
BRSR Core is intended to represent a focused subset of the Business Responsibility and Sustainability Reporting (“BRSR”) framework, which SEBI had introduced in May 2021 as a voluntary disclosure regime in lieu of the erstwhile Business Responsibility Reporting (“BRR”) paradigm. The main motivation behind introducing the BRSR framework was to ensure quantitative, standardized disclosures on ESG-linked parameters. While until FY 21-22, the top 1,000 listed companies in India by market capitalization could make disclosures under this framework on a voluntary basis, such disclosures are compulsory from FY 22-23.
This article provides an overview of category-wise BRSR compliance requirements. Further, it highlights some of the benefits and opportunities, along with potential legal risks, associated with such disclosures. The article also discusses some of the concerns and innovations related to the BRSR Core framework, including in light of SEBI’s proposals with respect to adjusting intensity ratios for country-level purchasing power parity and extending disclosure requirements to corporate supply chains.

Carbon Market: Certification is the Missing Link in India’s Green Hydrogen Ambitions

Insights | April 10, 2023 | Practice Area: Banking and Finance, Clean Energy, Regulatory

Given India’s climate ambitions, a national transition to green hydrogen (“GH”) appears to be a pressing requirement. In August 2021, India announced the launch of its ‘National Hydrogen Mission’ (“NHM”) to scale up GH production. In February 2022, the Ministry of Power (“MoP”) announced the Green Hydrogen Policy (“GHP”) as the first tranche of instruments to bolster efforts in this direction. Among other elements, the GHP included an understanding that the renewable energy (“RE”) consumed for the production of GH will count towards renewable purchase obligations (“RPO”) of the consuming entity. This January, India’s Union Cabinet approved the National Green Hydrogen Mission (“NGHM”). In February, the Budget confirmed an outlay of almost INR 200 billion for NGHM. While the NGHM aims to develop policies for establishing a viable GH ecosystem, a framework of standards and regulations is expected to be formulated soon.
However, given the government’s accelerated focus on transforming India into a global GH hub, it is unfortunate that the country does not yet have a supporting framework with respect to hydrogen certification. The proposed deployment and uptake of Indian GH will depend on the widespread acceptance of instruments which guarantee its origin. In addition, such a framework can facilitate the trading of hydrogen as a commodity on national and international markets. While national certification processes must align with international markets, tracking systems will be necessary to trace attributes across the value chain, including for the purpose of creating transparency and boosting demand. Furthermore, a robust certification framework can increase investments in RE for the purpose of producing low-carbon hydrogen.
The GH value chain includes production, transportation, storage, and end-use. Each of these activities involves several underlying processes, every one of which requires the use of energy – thus leading to emissions. These emissions can vary depending on the material and technology used. Although color schemes are popular to characterize different types of hydrogen, color-coding by itself fails to provide meaningful details about associated emissions. For instance, even post-production, GH can be involved in significant emissions by the time it reaches an end-use facility, especially if the energy required for constituent processes is not fully supplied through renewable sources.
While RE certificates (“RECs”) help consumers identify the renewable attributes of the energy purchased/used, being able to have the origin credibly certified enables them to make claims about a certain volume of RE generated. For the purpose of GH certification, in addition to RECs, India could draw on tracking templates for other energy products (e.g., biofuels). Further, given that hydrogen is not a primary source of energy (only a carrier), creating a proper link between GH certificates and RECs will be important. Such linkage is additionally necessary to avoid double-counting. Nevertheless, since GH markets are still at a nascent stage, a transitional period could be allowed during which the electrolyzers used to produce GH are enabled to utilize power from existing renewable plants, backed by RECs.

Green Buildings and Energy Efficiency: The India Story

Insights | March 22, 2023 | Practice Area: Banking and Finance, Clean Energy, Private Equity, Regulatory

The global pivot on sustainable development has revitalized preferences among both occupiers and developers for certified green commercial buildings. Given emerging ESG trends, most MNCs looking to lease or set up offices in India are keen to occupy premises with green and/or sustainability ratings. This trend has created significant demand for commercial assets with energy-efficient ratings, which in turn has incentivized developers to upgrade and shift focus towards green buildings. Concomitantly, green financing may be on the rise, as domestic and offshore investors seek high-quality Grade A projects that are sustainable and ESG compliant. As part of their short-term ESG goals, listed developers may want to increase their green portfolio by the end of the decade, along with ramping up renewable energy deployment.
In this situation, it is useful to examine the cost of pursuing such green goals, given the existing housing demand in India in terms of both residential buildings and Grade A commercial/industrial assets. Emerging evidence suggests that green buildings are a higher-value, lower-risk asset than standard structures. Local developers are increasingly realizing that additional capital expenditure incurred upfront is likely to be offset by significant savings over the long term on operational costs.
The Energy Conservation (Amendment) Act, 2022 (“EC Amendment”) has included large residential buildings under its regulatory regime, along with enhancing the scope of the Energy Conservation Building Code (“ECBC”). Further, the EC Amendment has introduced the idea of sustainability, where a new building code related to energy conservation will provide norms for the use of renewable sources and green buildings. While the ECBC applies to a specified category of commercial buildings only, the new code will apply to office and residential buildings as well. Nevertheless, future digitalization may expand opportunities further. The diffusion of internet-connected devices in the residential and commercial sectors may allow added integration across demand and supply, such as by meeting India’s large-scale tri-generation requirements (cooling, heating, and power) through smart cities and district energy systems involving ‘cooling as a service’ (CaaS).

EU Law: Is Your Industrial Data Yours Alone?

Insights | March 13, 2023 | Practice Area: Data, Regulatory, Technology Media and Telecommunications

Since data-dependent markets have high levels of concentration and entry barriers, EU policymakers have been trying to enhance business-to-business (B2B) and business-to-government (B2G) data sharing since 2020. In addition, the EU hopes to ramp up data access through collaborative cloud infrastructures. Despite GDPR, many recent EU legislations have focused on removing barriers to the free flow of data. Although existing EU laws, such as those related to digital markets and services, include newer rules, the obligation to ensure compliance falls primarily on gatekeepers and large providers. Moreover, it does not create portability between cloud service providers (CSPs). Likewise, the EU’s Data Governance Act, which promotes voluntary data-sharing, does not apply to CSPs. It is in this context that the European draft Data Act (DDA) facilitates switching between CSPs and other data processing services. Further, the DDA puts in place safeguards against unlawful international data transfers by CSPs. In addition, it imposes obligations on data holders to make their information available without discriminating between comparable categories of data recipients, including in respect of partner or linked enterprises.

Being Cool: Investment Opportunities and Policy Imperatives to Combat Global Warming

Insights | February 21, 2023 | Practice Area: Clean Energy, Private Equity, Regulatory

Recent studies find that a steady rise in temperature across India will significantly impact socioeconomic productivity and GDP growth. Importantly, heat-related stress produces corresponding cooling demands. In this regard, the World Bank recently identified opportunities for the India Cooling Action Plan (ICAP) to encourage private investment in key sectors, such as space cooling in buildings, cold chain and refrigeration, passenger transport air-conditioning, as well as refrigerants. Nevertheless, such investments may be constrained by the country’s international obligations, such as those in respect of HCFCs and HFCs. Besides, India’s climate mitigation strategy, including its thrust towards renewable energy and decarbonization, remains inadequate by itself. Emissions from short-lived climate pollutants (SLCPs) need to be addressed as well. Accordingly, strategic investments in innovative ventures, such as seaweed start-ups that focus on reducing agricultural methane, can be explored further. In addition, the waste and agricultural commodities sectors, along with their critical interface with technology, may be significantly scaled up in the next few years.