Centre designates core customs and indirect tax digital platforms as “critical information infrastructure” under IT Act

Centre has formally designated its core customs and indirect tax digital platforms as “critical information infrastructure” under the Information Technology Act, a move that significantly tightens cybersecurity controls and restricts system access to a small pool of authorised users.

In a notification issued late on Friday, the Department of Revenue said the Indian Customs Electronic Data Interchange Gateway (ICEGATE), the Express Cargo Clearance System (ECCS) and the Automation of Central Excise and Service Tax (ACES-GST) portal-- along with their databases and interconnected systems--will now be treated as protected systems under India’s cyber law.

The decision elevates the security status of these platforms, aligning them with nationally sensitive infrastructure such as power grids, telecom networks and financial systems.


Under the new framework, access to these systems will be centralised and tightly controlled by the Central Board of Indirect Taxes and Customs (CBIC). Any unauthorised access could now attract criminal penalties under the Information Technology Act.

The notification said only the following categories of users will be permitted entry into the protected systems, subject to written authorisation by the CBIC:

• Designated CBIC employees authorised in writing
• Approved personnel of managed service providers or third-party vendors, on a need-based basis
• Consultants, regulators, auditors, government officials and other stakeholders cleared on a case-to-case basis

“In exercise of the powers conferred under section 70 of the Information Technology Act, 2000, the Central Government hereby declares the computer resources relating to ICEGATE, ECCS and the ACES-GST portal… as Critical Information Infrastructure of the Central Board of Indirect Taxes and Customs,” the notification added.