BharatNotes
What is CERT-In?
The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency for responding to cyber security incidents in India. It operates under the Ministry of Electronics and Information Technology (MeitY) and was established in 2004, receiving statutory backing through Section 70B of the Information Technology Act, 2000 (inserted by the 2008 amendment).
CERT-In's mandate includes collecting, analysing, and disseminating information on cyber incidents, issuing advisories and vulnerability notes, coordinating incident response across government and private sectors, and promoting cyber security awareness. It serves as India's primary interface with global CERTs and cyber security organisations.
In April 2022, CERT-In issued landmark Directions under Section 70B(6) mandating all organisations — including service providers, data centres, government bodies, and corporates — to report cyber incidents within 6 hours of detection. This directive, effective from 25 September 2022, is among the strictest globally in terms of reporting timelines.
Key Features
| # | Feature | Details |
|---|---|---|
| 1 | Established | 2004; statutory basis under Section 70B of IT Act, 2000 (inserted 2008) |
| 2 | Parent Ministry | Ministry of Electronics and Information Technology (MeitY) |
| 3 | Core Functions | Incident response, advisories, vulnerability analysis, cyber forensics, training |
| 4 | Incident Reporting | Mandatory 6-hour reporting window for all cyber incidents (2022 Directive) |
| 5 | Applicability | Service providers, intermediaries, data centres, government organisations, body corporates |
| 6 | Log Retention | Organisations must maintain ICT system logs for a rolling period of 180 days within Indian jurisdiction |
| 7 | VPN Compliance | VPN service providers, cloud providers, and virtual asset exchanges must maintain KYC records for 5 years |
| 8 | Global Coordination | Works with FIRST (Forum of Incident Response and Security Teams) and APCERT (Asia Pacific CERT) |
Current Status / Latest Data
- 2022 Directive mandating 6-hour incident reporting remains the cornerstone regulation; fully enforced since September 2022.
- CERT-In tracked and responded to a significant rise in cyber threats in 2024-2025, including ransomware, phishing, AI-enabled scams, and attacks on critical infrastructure.
- India reported over 16 lakh cyber security incidents in 2024 as per CERT-In data.
- CERT-In has been pivotal in securing India's expanding digital payments ecosystem (UPI processed over 17 billion transactions in FY 2024-25).
- The 2026 IT Rules Amendment (effective 20 February 2026) further strengthens CERT-In's role by mandating platforms to report deepfake and synthetic content incidents.
UPSC Exam Corner
Prelims: Key Facts
- CERT-In was established in 2004 under Section 70B of IT Act, 2000
- Functions under MeitY (not MHA or NSA)
- 6-hour mandatory reporting of cyber incidents (2022 Directive)
- Organisations must retain logs for 180 days within India
- CERT-In is not a law enforcement agency — it is a technical response body
Mains: Probable Themes
- Evaluate India's cyber security architecture — role of CERT-In, NCIIPC, and Defence Cyber Agency
- Challenges in implementing the 6-hour reporting mandate for small enterprises
- Cyber threats to critical infrastructure and CERT-In's response capabilities
- India's digital economy growth and corresponding cyber vulnerabilities
- International cooperation in cyber security — India's role in global CERT networks
Sources: CERT-In Official, MeitY — CERT-In, PIB — CERT-In 2022 Directions, CERT-In Directive PDF
