The centre may soon notify a policy permitting countries and corporations to set up “data embassies” within India that will offer “diplomatic immunity” from local regulations for national as well as commercial digital data, top lawmakers told ET.

The policy may be introduced as a part of the upcoming Digital Data Protection Bill, which is likely to be tabled in March, they said. Regulatory sanction for “data embassies” could spur greater investment in India from technology infrastructure and cloud storage companies.

“Suppose a country like UAE wants to shift its entire data processing to India, it can do so. It becomes a good, cohesive system. We will detail (the benefits) when we pass the digital data protection bill,” union minister for electronics and IT told ET.

In-depth | Data centre firms commit billions in India but view draft bill as huge setback

His comments follow finance minister Nirmala Sitharaman’s announcement in the budget on Wednesday that “for countries looking for digital continuity solutions, we will facilitate setting up of their Data Embassies in GIFT IFSC”. Such centres will act as physical embassies and enjoy “diplomatic immunity” from local laws and create “bubbles of trust” in times when geopolitics is leading to a complicated world order.

It can also help to address the concerns of data centre companies as well as cloud service providers over certain stipulations with regard to data storage and cross border data flows in the revised Data Bill. The initiative is part of a larger plan to build a trusted data storage ecosystem in India, said Rajeev Chandrasekhar, minister of state for electronics and IT.

Pointing out that “in the under-consultation Digital Personal Data Protection Bill, we have foreseen the future built around ‘corridors of trust’ and reciprocity implying that (Indian users’) data can be stored in foreign cloud as long as they are subject to Indian laws,” he said the “data embassy is a reciprocal concept so that data centers grow in India and more businesses use the Indian cloud ecosystem to store their data for business continuity purposes.”

As an add on “foreign entities can also create pockets of data where their own laws apply,” he noted. This forms part of the government’s efforts to boost the Indian cloud ecosystem. Further the production linked incentive (PLI) for the IT hardware that goes into the data centers that power cloud has also been incentivised, he added.

He said that the government will soon come up with a policy on this. A data embassy is very similar to a diplomatic embassy which enjoys immunity from the host country’s jurisdiction. Experts say the move is to address the concerns of the foreign data centres about domestic law being applicable to their operations.

Experts are of the view that allowing establishment of such centres will make India an attractive destination. Particularly for “many countries that are evaluating options for business continuity for their critical national digital assets,” said Rama Vedashree, former CEO of Data Security Council of India.

The concept has already been established globally. Following cyberattacks on its critical government websites, the Government of Estonia established a data embassy in Luxembourg in 2017. The centre hosts data backup and provides additional computing power for critical datasets like treasury information, taxpayer registry, e-court systems etc.

“Given the current geopolitical trust issues, and talent shortage in many countries, India holds a new potential for data embassies in a country’s friends-shoring strategy,” according to Vedashree who was a member of the Justice BN Srikrishna Committee that framed the first version of the data protection bill.

“India will have to create enabling policies and legal frameworks to assure other countries to host data embassies in India for their critical national data,” she added.

Global hub
India is already one of the largest global hubs for digital services and has become a preferable data centre destination for global cloud providers. The Indian data centers sector is expected to grow five-fold and add overall 3,900-4,100 MW of capacity involving investments of Rs 1.05-1.20 lakh crore in the next five years, according to ratings agency ICRA.

“This conversation has been going on for a few years and it is good to see this happening. The term Data Embassy is pretty much self-explanatory – it recognises that foreign data will fundamentally be governed by applicable foreign laws. This could unlock significant opportunities for the data management ecosystem in India to compete globally,” said Ashish Aggarwal, head of policy, Nasscom.

“By offering a data embassy at GIFT City for foreign data centre companies, Finance Minister has solved their concerns (of domestic law applicability). GIFT is India’s first International Financial Services Centre (IFSC), and in the SEZ zone, the domestic law is not applicable, as SEZ zones are deemed foreign territory,” said Vishal Mehta, managing director, Infibeam Avenues.

Similar to a separate regulation for aircraft leasing at GIFT city, there will be foreign data centre-specific regulation for global players easing off their concerns, Mehta said in a statement.

Experts are now calling on the government to expand the project to more areas outside the GIFT City and in places which have a huge data center footprint like Hyderabad, Mumbai, and Noida among others.