Despite a narrower positioning by Department of Telecommunications, the new digital communication policy is a statement of intent to improve the digital environment holistically...
On 1 May 2018, the Department of Telecommunications (DoT) released the draft National Digital Communication Policy 2018 for public consultation. The latest national communication policy is the fifth overall communication policy document from the government. For long, communication in the country was governed by the Indian Telegraph Act 1885. It took 109 years to get the first national telecom policy of India, in 1994. Since then, this is the third policy statement, the other two having been released in 1999 and 2012.
The significant ways in which it differs from the other three in recent times (1994, 1999 and 2012 versions) is that while all of them were called National Telecom Policy, the current draft replaces ‘telecom’ with broader and more contemporary ‘communication’, while ‘digital’ has been inserted.
The policy is available on the DoT website and is open for public comments, at the time of writing this.
According to the policy document, the policy aims to accomplish the following Strategic Objectives by 2022:
- Provisioning of Broadband for All
- Creating 4 Million additional jobs in the Digital Communications sector
- Enhancing the contribution of the Digital Communications sector to 8% of India’s GDP from ~ 6% in 2017
- Propelling India to the Top 50 Nations in the ICT Development Index of ITU from 134 in 2017
- Enhancing India’s contribution to Global Value Chains
- Ensuring Digital Sovereignty
While the first five objectives have traditionally guided policymaking in all sectors, the last two—that deal with India’s position in the world—are new additions to this policy statement.
When we asked about the policy to CIOs and some senior IT managers, few had any knowledge about what it contains, other than the fact that such a policy has been announced. The only respondent who seemed to be familiar with the policy was from the telecom industry!
While we are not defending the lack of awareness by the IT managers’ community, part of the blame should go to the government. Despite being fairly holistic, it has been positioned as just the latest ‘telecom’ policy.
By its content, specific goals and possible implications, the policy goes well beyond telecom sector. Yet, both its stated objectives—enable creation of a vibrant competitive telecom market to strengthen India’s long-term competitiveness—and the channel through which it was released (the administrative department DoT rather than a NITI Aayog or PMO), tends to indicate that it is a sectoral policy.
Take for example, the specific goal, ‘establish a strong, robust and flexible’ data protection regime, on which the Government has already acted by establishing a committee headed by Justice B.N Srikrishna.
What is ‘telecom’ about it?
There are three mission statements mentioned in the policy—Connect India (creating robust infrastructure), Propel India (promoting innovation and tech ecosystem and leverage emerging technologies) and Secure India (ensuring privacy, security and digital sovereignty). Only the first part is a logical sequel to previous telecom policies in its scope. The rest two are completely new additions.
In that sense, it is a digitech policy, rather than a telecom policy.
Not too surprisingly, one of the areas for which the provisions have direct implications, is enterprise IT, including information security.
While almost the entire policy has implications for IT, there are several provisions and objectives that will have direct impact on enterprise IT operations (including information security). We have identified 18 such specific points from the draft policy text. You are advised to go through the entire policy at the DoT’s website though by the time the issue reaches you, the time for registering your comments would have elapsed.
Here are the 18 points we strongly suggest you need to go through, and take them as inputs while working out your long-term plans. Most of them have positive implications but nevertheless, if you miss them, in a highly competitive market, you may just incur an opportunity cost!
We have indicated the specific clause in the policy within parentheses () against each of the points. This will help you locate them within policy text easily in case you need to understand the context, know specific actions points etc.
Here we go…
#1 Ensuring Inclusion of uncovered areas and digitally deprived segments of society (1.4)
Possible impact: Expansion of access today means expansion of the market. For many products and services, this will give access to new market segments, some of which at the ‘bottom of the pyramid’. That itself may foster further innovation!
This is also the only point from the first section of the policy (Connect India) that finds a place in this listing.
#2 Deployment and adoption of new and emerging technologies (2.2.a)
The policy talks about creating a roadmap for emerging technologies such as 5G, Artificial Intelligence, Robotics, Internet of Things, Cloud Computing and M2M by simplifying licensing and regulatory frameworks whilst ensuring appropriate security frameworks for IoT/ M2M.
It also explicitly mentions another emerging challenge—earmarking adequate licensed and unlicensed spectrum for IoT/M2M service.
Encouraging use of Open APIs for emerging technologies is another progressive stance that the policy envisages.
Possible impact: Today, most of the experimentations with new technologies like IoT and M2M do not scale up because businesses are unwilling to take the investment risks, because the regulatory directions in a lot of issues including spectrum availability are still unknown. A proactive policy stance like this will open up investments and accelerate the deployment of new technologies.
#3 Transition to IPv6 for all existing communications systems, equipment, networks and devices (2.2.c)
Possible impact: For network managers, especially those managing large and complex networks, everything changes.
#4 Enabling hi-speed Internet, IoT and M2M by 5G rollout (2.2.d)
Possible impact: As sensor technologies become mainstream, the demand for speed will go up exponentially. And most of that speed has to be on wireless networks. So, 5G is a natural evolution. Just that a proactive stance like a policy statement makes the evolution a bit faster and seamless.
#5 Establishing India as a global hub for cloud computing, content hosting and delivery, and data communication systems and services (2.2.f)
The policy promises regulatory frameworks for promoting international data centres, content delivery networks and independent in exchanges in India, while promising a light-touch regulation.
Possible impact: Lower latency, drop in prices and more choice
#6 Leveraging AI and Big Data to enhance the overall quality of service, spectrum management, network security and reliability (2.2.g)
Possible impact: Though it is targeted at the telecom sector, a large and mature sector like telecom can drive down the price as well as help grow skills.
#7 Recognizing Digital Communications as the core of Smart Cities (2.2.h)
The policy proposes developing, in collaboration with Ministry of Urban Development (MOUD), a Common Service Framework and Standards for Smart Cities. There are similar initiatives globally. The government needs to evaluate whether it makes sense to adapt one of these to India or start working on it from scratch, though.
Possible impact: Accelerated smart city rollout will directly impact the volume sales of many technologies like IoT/M2M, Big Data, leading to more use cases, availability of skills and lower cost of these technologies.
#8 Promoting Start-ups (2.4)
One of the important objectives and 2022 goals is supporting start-ups through various fiscal and non-fiscal benefits such as academic collaboration, promoting start-ups in government procurements, measures for application service providers
Possible impact: A vibrant start-up environment leads to better innovation and flexibility of deploying technologies for enterprises.
#9 Accelerating Industry 4.0 (2.8)
The policy lists, among its objectives, creation of a roadmap for transition to Industry 4.0 by 2020 taking a sectoral approach. It explicitly mentions development of markets for IoT/ M2M connectivity services in sectors including agriculture and smart cities components. It also talks of establishing a multi-stakeholder led collaborative mechanism for this purpose.
Possible impact: Faster deployment of robotics, IoT and other similar technologies leading not just to huge efficiency gains but better decision making through data analytics.
#10 Establish a strong, flexible and robust Data Protection Regime (3.1)
While the Government has already taken measures on this regard, like the appointment of an expert committee under the chairmanship of Justice Srikrishna, which has already issued a draft stance document and has taken feedback from public, it is probably incorporated in the communication policy document to show its importance in the overall policy making.
Possible impact: This has major implications for enterprise IT and compliance teams. Compliance with newer provisions like right to forget may need significant efforts including investment.
#11 Assure Security of Digital Communications (3.3.a)
The policy talks of infrastructure security (physical infrastructure, cyber-physical infrastructure, hardware and network elements), systems security (equipment, devices, distributed systems, virtual servers) as well as application and platform security (web, mobile, device and software security).
Possible impact: One more layer of security at the service provider level is good news for enterprises, especially small and medium businesses.
#12 Participating in global standard setting organisations (3.3.c)
The policy talks about establishing comprehensive security certification regime based on global standards
Possible impact: It was a long-desired requirement. A country of over a billion people should have a say in what direction the standards should go.
#13 Formulating a policy on encryption and data retention (3.3.e)
This is a hotly debated issue globally. While the government has made a mention of it in the policy, its exact stance is not known.
Possible impact: A policy with clear guidelines is always better than a vague and ad-hoc approach. But keep your fingers crossed.
#14 Facilitating lawful interception agencies with state of art lawful intercepts (3.3.f.ii)
Mentioned as a sub-point of a clause, this one is tricky. The challenge is not technology always, though it is also becoming one. It is how robust is the process and what real powers do the service providers enjoy to say no to a request that is not mandated by policy bought sought by the enforcement agencies.
Possible impact: Depends on how the policy making proceeds, it may make things easier or far more difficult.
#15 Establishing a Security Incident Management and Response System for communications (3.3.g)
Since communication industry is the basic foundation of a digital ecosystem, it has to be made thoroughly secure. Instituting a sectoral CERT that works in tandem with CERT-in is a welcome step.
Possible impact: More secure infrastructure; also lessons for other sectors
#16 Enforcing obligations on service providers to report data breaches (3.3.g.iii)
Part of the requirements is to report data breaches, not just to authorities but also to affected users. The breach of data at a major telco in India reported in media sometimes back was a major cause of concern.
Possible impact: A lot but we have to see how much teeth does the legislation will have
#17 Developing a comprehensive plan for network preparedness
Targeted at improving network resilience and disaster response, this will surely help all those who depend on these networks; i.e., all of us.
Possible impact: More resilient infrastructure is good news for all users, be it business users or common citizens
#18 Developing a Unified Emergency Response Mechanism
In a natural disaster-prone country like India, creating a permanent mechanism for emergency response is a welcome step. While many a times it happens because of alert officials, the approach is always ad-hoc. An institutional framework with clearly defined roles and responsibilities, standard operating procedures and technical guidelines will surely go a long way in making disaster response far more effective.
One welcome approach is to force service providers share infrastructure in emergency situations.
Possible impact: Many of the other disaster management mechanisms can be effective if the basic connectivity is available.