Category Archives: regulatory updates

Telecom regulatory Authority of India (TRAI) – Certificate of compliance

TRAI vide its direction no F. No 123-1/2018 NSL-II dated 7 September 2018 has withdrawn the Direction No. 101-41/2006-MN dated 21 August 2006 which had directed all the telecom service providers to furnish a certificate of compliance to TRAI by 31 July every year in respect of the following:

  1. Direction dated 28 October to all Universal Access Service Providers (UASPs) and M/s Bharat Sanchar Nigam Limited (BSNL) regarding posting of information to Universal Service Obligation (USO) related activities on their website;
  2. Direction dated 6 January 2005 to all service providers on opening of allotted codes;
  3. Direction dated 16 June 2004 to all the Cellular Mobile Service Providers (CMSPs) on auto-roaming services to all pre-paid subscribers; and
  4. Direction dated 11 July  2002 to all CMSPs to include standard terms and conditions in all tariff-plans for pre-paid cards.

A committee was formed comprising of officers of TRAI as representatives of the telecom service providers and associations, to identify the infructuous/redundant regulations and amendments and it was observed that the obligations of the above cited directions are no longer required.

Available at:


Draft rules for  Operation of E-Pharmacies in India

Regulatory Update: Ministry of Health and Family Welfare

The Ministry of Health and Family Welfare vide its notification G.S.R. 817 (E) dated 28th August, 2018 introduced a draft to amend the Drugs and Cosmetics Rules,1945 (“Rules”). These rules have been currently released in the public domain for comments and suggestions from various stakeholders. The draft rules shall come into force after their final publication in the Official Gazette.

The draft rules make provisions for sale of drugs by e-pharmacy. As a result Part VI-B is inserted into the Rules. Some of the notable changes brought by the draft rules are as follows:

Registration and Customer Support: The draft rules make it mandatory that no person shall sell, stock, exhibit or offer for sale drugs through e-pharmacy portal unless registered. Further an e-pharmacy registration holder shall have a facility for customer support and grievance redressal for all stakeholders. The customer support and grievance redressal shall operate for not less than 24 (twenty four) hours for all 7 (seven) days of a week. Also the facility shall also have a registered pharmacist in place to answer the queries of customers through customer helpline.

The draft rules also mandate that the information which is received by the e-pharmacy registration holder from the customer by way of prescription or any other means shall not be disclosed to any other third person.

Data Localisation: Also as per the draft rules the e-pharmacy portals have to be established in India through which they are conducting their business and shall keep the data generated localised. The draft rules clearly stipulates that under no means the data generated or mirrored through e-pharmacy portal shall be sent or stored by any means outside India.

Application for Registration for e-pharmacy: Any person intending to conduct business of e-pharmacy shall apply for registration to the Central Licensing Authority in Form 18AA through the online portal and along with an online fee of INR 50,000 (Rupees Fifty thousand only) and the documents specified in Form 18AA.

Registration: The detailed conditions for registration for an e-pharmacy registration holder are laid down in rule 67-M. Some of the conditions include being compliant with Information Technology Act, 2000 and the rules therein, details of the patients to be kept confidential, the supply of drugs being made against cash or credit memo generated through e-pharmacy portal, informing the Central License Authority in the case of any change in the constitution of the firm taking place, uploading, e-pharmacy activities not being carried out with respect to any drug referred in e Narcotic Drugs and Psychotropic Substances Act, 1985 (61 of 1985), tranquilizers and the drugs as specified in the Schedule X of the Rules.

Certain information needs to be disclosed on the e-pharmacy portal such as the registration issued, constitution of the firm including the details of directors, partners, official logo of the e-pharmacy, details of the logistics service provider, return policy etc.

Periodic Inspection: The draft rules also provide the detailed conditions for registration for an e-pharmacy and provides for a period inspection of the same. The premise where the e-pharmacy business is conducted shall be inspected every 2 (two) years by the Central Licensing Authority.

Procedure for distribution of sale of drugs through e-Pharmacy: It is the duty of the registered pharmacist on the behalf of e-pharmacy registration holder to verify the details of the patients, registered medical practitioner and arrange for dispense of the drugs.  Further in cases of e-prescriptions the same shall be uploaded on the e-pharmacy portal and shall be kept in record by the dispenser.

Validity of registration and renewal: The registration issued to any person shall be valid for a period of 3 (three) years and shall be renewed subject to a fee of INR 50000 (Rupees Fifty Thousand).

Further the draft rules stipulate that no e-pharmacy shall advertise any drug on radio or television or internet or any print media. And in case where the drug supplied is not of standard quality or misbranded or a spurious drug a complaint can be made to the State Drugs Controller as the.

Finally under the draft rules the Central Licensing Authority and the State Licensing Authority shall have the power to monitor the data with regard to drugs available with e-pharmacist, types of drugs offered for sale, supply channels etc. to ensure compliance with the Drugs and Cosmetics Act, 1940.

(Online available at: )

Regulatory Update:Notification of Regulations For Civil Use Of Remotely Piloted Aircraft System (RPAS)

The Ministry of Civil Aviation on 27 August 2018 by way of a Press Note released the Drone Regulations 1.0 in the furtherance of enabling safe, commercial usage of drones effective from 1 December 2018. The Press Note provides for the setting up of a Drone Task Force under the Chairmanship of the Minister of State to provide draft recommendations for Drone Regulations 2.0.

The Office of the Director of Civil Aviation furthermore released a detailed document containing requirements for the operation of RPAS on 29 August 2018.

The Regulations provide for an online platform for registering and operation of drones by the name of the Digital Sky Platform. This platform is designed to be an unmanned traffic management (UTM) platform which can be operated through a mobile application and users will be required to seek permission on this application. The request for use of drone would be processed by an automated algorithm and the request would be subjected to acceptance or refusal almost immediately.

These Regulations implement the policy of no usage without registration. Every drone user would be required to register their drones and a Unique Identification Number (UIN) would be generated against such registration. This registration would be in regard to the drone and not the user. The user would be required to seek permission to use the drones before every instance of usage.

Under the Regulations RPAS have been categorised into 5 categories based on their maximum take-off weight:

  1. Nano :       Less than or equal to 250 gm
  2. Micro :       Greater than 250 gm and less than or equal to 2 kg.
  3. Mini :       Greater than 2 kg and less than or equal to 25 kg.
  4. Small  :        Greater than 25 kg and less than or equal to 150 kg.
  5. Large :       Greater than 150 kg

The requirement for seeking permission for use of RPAS systems does not apply for drones falling under the nano category. The UTM would operate as a traffic regulator in the drone airspace and would co-ordinate closely with defence and civilian air traffic controllers to prevent unauthorised flights and to ensure that drones remain on approved flight paths.

Additionally, an Unmanned Aircraft Operator Permit would be required by RPA operators. The requirement to obtain this permit does not apply in the case of nano RPAS operating below 50 feet, micro RPAS operating below 200 feet and for RPAS owned by the NTRO, ARC or Central Intelligence Agencies. However, micro RPAS operators would be required to provide an intimation to their local police station at least 24 hours prior to usage. In regard to usage by agencies, they would be required to provide an intimation to local police stations and ATS units prior to usage.

For all RPAS other than those falling under the nano category, the mandatory equipment required for operation are:

  1. Global Navigation Satellite System (GPS)
  2. Return-to-home
  3. Anti-collision light
  4. ID plate
  5. Flight controller with flight data logging capability
  6. Radio Frequency Identification (RFID) and SIM/ No Permission No Takeoff

In addition, RPAS are under a requirement to operate within visual line of sight, during the day and only upto a maximum altitude of 400 feet. The Regulations also demarcate the permissible zones for operation of drones. The zones have been categorised into three categories:

  1. Red Zone: operation of drones not permitted
  2. Yellow Zone: this is a controlled zone and operation of drones would be subject to prior approval. For operation of drones in this zone, filing of flight plans and obtaining Air Defence Clearance/ Flight Information Centre number would be necessary.
  3. Green Zone: this would form the uncontrolled airspace with an automatic permission for operation of drones.

The Regulations also define No Drone Zones which would cover the following areas:

  1. Radius areas of 5 kms from airports
  2. Within a radius of 50 km from the international borders
  3. Within a radius of 5 km from Vijay Chowk
  4. Buildings such as State Secretarial Complex in State Capitals, strategic and military installations

The enforcement actions provided for include:

  1. Suspension or cancellation of registration or permit
  2. Penalties under the Aircraft Act, 1934 or Aircraft Rules
  3. Penalties under Indian Penal Code


Regulatory Update: Ministry of Electronics and Information Technology- Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018.

The Ministry of Electronics and Information Technology (MEITY) vide notification dated 22nd May, 2018 has notified the Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018 (“Rules”) which shall come into force on the date of publication in the Official Gazette.

The Rules detail the responsibilities to be met by various organisations which have a protected system. “Protected System” means any computer, computer system or computer network of any organisations notified under section 70 of the Act, in the official gazette by appropriate Government.

Constitution of Information Security Steering Committee

The Rules mandate that an organisation having a Protected System shall constitute an Information Security Steering Committee (ISSC) whose chairman shall be the Chief Executive Officer/ Managing Director/ Secretary of the organisation (Rule 3 (1) (a)). The composition of the ISSC as mentioned Rule 3 (1) (b) shall be as follows:

  • IT Head or equivalent;
  • Chief Information Security Officer (CISO);
  • Financial Advisor or equivalent;
  • Representative of National Critical Information Infrastructure Protection Centre (NCIIPC);
  • Any other expert(s) to be nominated by the organisation.

The ISSC shall be the apex body and its responsibilities (as mentioned under Rule 3(2)) shall be as follows:

  • All the information security policies of a Protected System has to be approved by the ISSC.
  • Any significant change in the network configuration which has an impact on the Protected System shall be approved by ISSC.
  • It is mandatory that each significant change in the application(s) of the Protected System shall be approved by ISSC.
  • A mechanism has to be established which ensures timely communication of the cyber incident(s) related to Protected System to the ISSC.
  • Protected System shall be validated for assessment after every 2 (two) years.

The Rules also lay down certain roles and responsibilities for the organisations having a Protected System (as mentioned under Rule 3(3)). Some of the key responsibilities are as follows:

  • Nominate an officer as CISO whose roles and responsibilities shall be as per the latest Guidelines for Protection of Critical Information Infrastructure (“Guidelines”) and “Roles and Responsibilities of CISOs of Critical Sectors in India” released by the (NCIIPC);
  • Plan, establish, implement, operate, monitor, review, maintain and continually improve Information Security Management System (ISMS) of its system as per the latest Guidelines released by the NCIIPC or an industry accepted standard duly approved by the said NCIIPC;
  • Ensure that the network architecture of Protected System shall be documented;
  • The same shall be reviewed at least once a year, or whenever required, or according to the (ISMS);
  • Plan, develop, maintain and review the documents of inventory of hardware and software related to Protected System;
  • Ensure that the vulnerability/threat/risk (V/T/R) analysis for the cyber security architecture of Protected System shall be carried out at least once a year. Further the (V/T/R) analysis shall be initiated whenever there is significant change or upgrade in the system, by intimation of the same to ISSC;
  • Plan, establish, implement, operate, monitor, review, and continually improve Cyber Crisis Management Plan (CCMP) in close coordination with NCIIPC;
  • Ensure conduct of internal and external Information Security audits periodically.
  • Establish a Cyber Security Operation Center (C-SOC) using such tools and technologies to implement preventive, detective and corrective controls to secure against advanced and emerging cyber threats.
  • The records of unauthorised access, unusual and malicious activity, if any, shall be documented;
  • Establish a Network Operation Center (NOC) using tools and techniques to manage control and monitor the network(s) of Protected System.
  • Plan, develop, maintain and review the process of taking regular backup of logs of networking devices, perimeter devices, etc. and services supporting “Protected System” and the logs shall be handled as per the ISMS as suggested.

The Rules also lay down responsibilities of the CISO towards NCIIPC (As mentioned under Rule 4). They are as follows:

  • CISO shall maintain regular contact with the NCIIPC and will be responsible for implementing the security measures.
  • CISO shall share inform the NCIIPC, whenever there is any change, and incorporate the inputs/feedbacks suggested by the said (NCIIPC)- with regard to details of Critical Information Infrastructure (CII), details of ISSC, network architecture of the Protected System., etc.
  • CISO shall establish a process, in consultation with the NCIIPC, for sharing of logs of “Protected System” with NCIIPC to help detect anomalies and generate threat intelligence on real time basis.
  • CISO shall also establish a process of sharing documented records of Cyber Security Operation Center (related to unauthorised access, unusual and malicious activity) of Protected System with NCIIPC to facilitate issue of guidelines, advisories and vulnerability, audit notes etc. relating to Protected System.
  • CISO shall establish a process in consultation with NCIIPC, for timely communication of cyber incident(s) on Protected System to the said NCIIPC.

Available at:

Notification of Insolvency and Bankruptcy (Amendment) Act, 2018

The Insolvency Bankruptcy Code (Second Amendment) Bill, 2018 was introduced in the Parliament on July 23, 2018 to amend the Insolvency and Bankruptcy Code, 2016 and replace the Insolvency and Bankruptcy (Amendment) Ordinance, 2018 that was released on June 6, 2018. The Bill was passed by the Lok Sabha on July 31, 2018 and by the Rajya Sabha subsequently on August 10, 2018, thereby making it a passed legislation (the Act). The various amendments to the existing legislative framework have been listed down below:

  1. Financial Creditors: The Act deems allottees under a real estate project to be financial creditors. Allottees under a real estate project would include a person to whom a plot, apartment, or building has been allotted, sold or transferred by a real estate developer or a development authority.
  2. Representative of Financial Creditors: As per the Act, a representative authority can be appointed to represent a class of financial creditors on the committee of creditors. Under the ordinance, the remuneration was to be borne collectively by the financial creditors but under the Act, this remuneration would be a part of the insolvency resolution costs.
  3. Voting Threshold: Under the Insolvency and Bankruptcy Code, 2016, the voting threshold for all decisions of the committee of creditors was by a majority of 75%. This threshold has been brought down to 51%. A voting threshold of 66% has been prescribed for decisions pertaining to appointment or replacement of resolution professional and approval of resolution plan.
  4. Disqualification of resolution applicant: Under the Insolvency and Bankruptcy Code, 2016, a person convicted of an offence which is punishable with two or more years of imprisonment was disqualified to be eligible to be a resolution applicant. The Act provides that such disqualification would cease to exist after two years of date of completion of punishment.
  5. Disqualification of NPAs and guarantors: The Insolvency and Bankruptcy Code, 2016 barred a person identified as an NPA for than a year and a guarantor of a defaulter from being a resolution applicant. This bar has been removed in regard to applicants applying for resolution of MSMEs.
  6. Withdrawal: The amendment provides for withdrawal of resolution application after initiation of resolution process provided the same has been approved by 90% vote of the committee of creditors.
  7. Implementation: The Act provides that the resolution plans should contain an implementation mechanism without which approval would not be given. Moreover, the Act also requires that if the resolution plan provides for a merger or acquisition of enterprises, the consent of the Competition Commission of India is required before approval of resolution plan by the committee of creditors.
  8. Appointment of Interim Resolution Professional: The Act also provides that in case of a delay in the appointment of Interim Resolution Professional, the Insolvency Commencement Date would be considered as the date on which the Interim Resolution Professional was appointed.

Regulatory Update: Ministry of Corporate Affairs – Companies (Accounts) Amendment Rules, 2018

The Ministry of Corporate Affairs(“MCA”) on 31 July 2018 published the Companies (Accounts) Amendment Rules 2018.

With the amendment coming into effect, the MCA has mandated few insertions to be made by a Company while preparing its Board Report and the disclosures to be made by a Small company and One Person Company while preparing their Board Report.

The MCA has brought below amendments in Rule 8 of the Companies (Accounts) Rules 2014 which provides for the matters to be included in the Board Report of a Company:

  1. The sub-rule 5 provides for additional details to be specified in the Board Report. The MCA has inserted two more disclosures to be included in the Board Report:
  • a disclosure, as to whether maintenance of cost records as specified by the Central Government under sub-section (1) of section 148 of the Companies Act, 2013, is required by the Company and accordingly such accounts and records are made and maintained,
  • a statement that the company has complied with provisions relating to the constitution of Internal Complaints Committee under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.
  1. The Rule 8 is not applicable on One Person Company or Small Company.

The MCA has also inserted Rule 8A to the Companies (Accounts) Rules 2014 which is applicable only for One Person Company and Small Company. The said rule prescribes following matters to be included in Board’s Report for One Person Company and Small Company:

(1) The Board’s Report of One Person Company and Small Company shall be prepared based on the stand-alone financial statement of the company, which shall be in abridged form and contain the following: –

(a) the web address, if any, where annual return referred to in sub-section (3) of section 92 has been placed;

(b) number of meetings of the Board;

(c) Directors’ Responsibility Statement as referred to in sub-section (5) of section 134;

(d) details in respect of frauds reported by auditors under sub-section (12) of section 143 other than those which are reportable to the Central Government;

(e) explanations or comments by the Board on every qualification, reservation or adverse remark or disclaimer made by the auditor in his report;

(f) the state of the company’s affairs;

(g) the financial summary or highlights;

(h) material changes from the date of closure of the financial year in the nature of business and their effect on the financial position of the company;

(i) the details of directors who were appointed or have resigned during the year;

(j) the details or significant and material orders passed by the regulators or courts or tribunals impacting the going concern status and company’s operations in future.

(2) The Report of the Board shall contain the particulars of contracts or arrangements with related parties referred to in sub-section (1) of section 188 in the Form AOC-2.



Regulatory Update : Ministry of Corporate Affairs on Commencement Notification dated 27 July 2018

The Ministry of Corporate Affairs(“MCA”) on 3 January 2018 notified the Companies Amendment Act 2018 (the “Act”). The Sections 5 & 6 of the Act relaxed the timelines provided under section 12 of the Companies Act 2013 (The “Principal Act”). The MCA has relaxed the timelines provided under the Principal Act and amended the sections 12 of the Principal Act and modified as follows:

  1. Within 30 days of its incorporation and at all times thereafter, should have its registered office and inform the same to Registrar of Companies.
  2. Notice of every change of the situation of the registered office, verified in the manner prescribed, after the date of incorporation of the company, shall be given to the Registrar within 30 days of the change in form INC-22, who shall record the same.

Therefore, the amendment now provides sufficient time to Companies to file the notice of situation/change in Registered office to Registrar.