Tag: Private Equity

In her Budget speech earlier this year, India’s Finance Minister had stated that the government would facilitate the establishment of ‘data embassies’ for the benefit of countries looking for digital continuity solutions. Such data embassies may be set up under the auspices of GIFT City in India’s first IFSC, located in Gujarat.
Accordingly, in order to allow countries and international companies to set up such embassies, the government may formulate a bespoke policy soon. To that end, it may notify specific norms, such as with respect to: (i) what a data embassy constitutes, (ii) the size and specifications of the data center necessary for such purpose, and (iii) whether data embassies can be virtual.
Further, such a policy will be expected to offer diplomatic immunity with respect to Indian regulations as far as the sovereign and commercial digital data of establishing entities is concerned. While it is likely that the lure of regulatory immunity will promote significant investment in India’s data industry – especially from technology infrastructure providers and cloud storage companies – India’s data embassy policy may allow for the storage of non-personal data only.
On the whole, this initiative appears to be part of a larger plan to build a trusted data storage ecosystem in India. As a novel device under public international law, data embassies have only recently become a viable option, especially among vulnerable states that face multifaceted uncertainties and threats. The idea of storing backups of critical state information in data embassies abroad – especially for the purpose of operating such databases from a secure, off-site center outside a state’s own borders – implies that such information remains available for retrieval in the event of a disaster or other emergency.

Consistent with India’s stated aims of becoming a data storage and cloud computing hub, as the country seeks to encourage foreign governments and businesses to establish ‘data embassies’ at Gujarat’s GIFT City, a bespoke policy may soon be formulated along the lines of Bahrain’s cloud law, as well as for the purpose of defining a ‘data embassy’ appropriately such that its underlying and/or associated infrastructure qualifies for diplomatic protection under international law. Alternatively, such entities could be instrumentalized through customized bilateral agreements that re-interpret the Vienna Convention (like Estonia and Monaco signed with Luxembourg in 2017 and 2021, respectively) in respect of granting regulatory immunity to potentially both personal and non-personal information (as if it were physical premises), including with regard to non-sovereign commercial digital databases.
Clause 17 of India’s current draft of the Digital Personal Data Protection Bill, 2022 (“DPDP”) permits digitized personal data to be stored overseas, albeit at locations that satisfy the government in terms of political and protectional adequacy. In that regard, a revised iteration of DPDP (or rules framed thereunder) may subsequently include the principle of reciprocity in a way that foreign state or private entities are able to use local cloud ecosystems through state-of-the-art data centers located inside an Indian SEZ, including for the purpose of storing copies of critical government or business information for continuity, backup, and/or recovery-related reasons – in case the main servers back home get compromised – including on account of sustained denial-of-service attacks, a natural disaster, full-scale military invasions, or any other national emergency. 
Nevertheless, since DPDP deals exclusively with digitized personal data, if India’s data embassy policy envisages the storage of non-personal information only, it may need to rely on a different legislation – such as the proposed Digital India Act. Meanwhile, although certain Tier 3 and Tier 4 data centers with business continuity and disaster recovery functions are already operational at GIFT City, data embassies may require a new approach by leveraging diplomatic agreements bolstered by cloud technology solutions. Accordingly, India may want to develop a separate legal framework for the purpose of being perceived as a reliable host with respect to sensitive foreign databases.
With this background, this note examines how countries and companies (especially vulnerable and/or at-risk ones) that want and/or need digital continuity solutions may evaluate available options – given policy, legal, and logistical constraints in this regard.

In the backdrop of India’s growth story as a major IT-ITes hub in the last two decades, the Indian data centres industry is now emerging as the next attractive opportunity for investors and developers.  The demand for data centres in India is being driven by the need for data storage given the Government’s Digital India and data localization policies, increased data consumption and 5G roll-out which is expected to enable adoption of data intensive technologies such as internet-of-things (IoT) and artificial intelligence (AI).  The proliferation of data centres in India has also created growth opportunities in various sectors of the Indian economy, including real estate, manufacturing and renewable energy.
While the draft national data centre policy is yet to be implemented, various Indian states have adopted their respective state data centres policies to attract private investment in this capital and technology intensive sector.  In this article, we compare the incentives offered under data centre policies adopted by certain Indian states which have received major investments in the data centre sector.