Hacking GST database can now lead to 10 year imprisonment
Hacking into the government’s India's goods and services tax (GST) database and its associated infrastructure dependencies installed at GST Network (GSTN) can now lead to 10-year imprisonment, as the assets have been declared as 'protected systems...
By Gulveen Aulakh, ET Bureau | Updated:
Getty Images
NEW DELHI: Hacking into the government’s India's goods and services tax (GST) database and its associated infrastructure dependencies installed at GST Network (GSTN) can now lead to 10-year imprisonment, as the assets have been declared as 'protected systems' by the finance ministry, under the IT Act.
Protected systems are part of critical information infrastructure and their destruction can have a debilitating impact on national security, economy, public health or safety. Since the information stored on the assets has national security significance, the facilities will get additional security cover.
“The Ministry of Finance hereby declares the Goods and Services Tax Database and its associated infrastructure dependencies installed at Goods and Services Tax Network (GSTN), as the protected system for the purpose of said Act,” a notification dated February 4 noted.
Access to the system and its facilities has been limited to authorised GSTN employees, designated tax officers of the Central Government, State Government, Union territories, auditing agencies and accounting authorities.
Authorised members or employees of the service providers that manage the GSTN, such as Infosys and Tech Mahindra, or third-party vendors and GSTN authorized business partner, shall be allowed access, the notification added.
Under sub-section (1) of Section 70 of the Information Technology Act, 2000, which has been cited by the finance ministry, the government can declare any computer resource as a protected system and as per the Act a person who attempts to access such a system can be jailed up to 10 years, besides being fined.
“Incapacitation of GSTN database would be considered as blow to national security, economy, public health or safety and the person responsible for it would be punishable with imprisonment for a term which may extend to 10 years together with a fine,” said Rajat Mohan, senior partner at AMRG Associates.
The government has already declared Central Identities Data Repository (CIDR) facilities of Unique Identification Authority of India besides its information assets, logistics infrastructure and dependencies, as protected systems under the Act.
Protected systems are part of critical information infrastructure and their destruction can have a debilitating impact on national security, economy, public health or safety. Since the information stored on the assets has national security significance, the facilities will get additional security cover.
“The Ministry of Finance hereby declares the Goods and Services Tax Database and its associated infrastructure dependencies installed at Goods and Services Tax Network (GSTN), as the protected system for the purpose of said Act,” a notification dated February 4 noted.
Access to the system and its facilities has been limited to authorised GSTN employees, designated tax officers of the Central Government, State Government, Union territories, auditing agencies and accounting authorities.
Authorised members or employees of the service providers that manage the GSTN, such as Infosys and Tech Mahindra, or third-party vendors and GSTN authorized business partner, shall be allowed access, the notification added.
Under sub-section (1) of Section 70 of the Information Technology Act, 2000, which has been cited by the finance ministry, the government can declare any computer resource as a protected system and as per the Act a person who attempts to access such a system can be jailed up to 10 years, besides being fined.
ADVERTISEMENT
“Incapacitation of GSTN database would be considered as blow to national security, economy, public health or safety and the person responsible for it would be punishable with imprisonment for a term which may extend to 10 years together with a fine,” said Rajat Mohan, senior partner at AMRG Associates.
The government has already declared Central Identities Data Repository (CIDR) facilities of Unique Identification Authority of India besides its information assets, logistics infrastructure and dependencies, as protected systems under the Act.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Black Hack Down OTT release in India: When and where to watch Ridley Scott's 144-minute-long war epic movie after 25 years2026-06-14T10:14:45Z- Woman’s ₹40K monthly budget hack goes viral: Saves ₹7.2 lakh in 18 months, then quits her corporate job2026-06-12T16:51:28Z
- AC running all day at 18°C but your room still hot? 9 hacks to help you solve this summer heatwave problem2026-06-11T09:07:47Z
ADVERTISEMENT
