IT resources of ICICI Bank, HDFC Bank and NPCI declared as ‘critical information infrastructure’

The government has declared the IT resources of ICICI Bank, HDFC Bank and National Payments Corporation of India (NPCI) as ‘critical information infrastructure’.

What is critical information infrastructure?
As per Section 70 of the IT Act, 2000 ‘critical information infrastructure’ refers to a computer resource which when incapacited or destroyed, will have a “debilitating impact on national security, economy, public health or safety.”

The government is empowered to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.

Anyone who gains or attempts to gain access to a protected system in contravention of the provisions will face imprisonment of a term which may extend to 10 years and shall also be liable for a fine.

What are the resources?
In particular, computer resources relating to the: Core Banking Solution, Real Time Gross Settlement and National Electronic Fund Transfer comprising Structured Financial Messaging Server have been declared critical information infrastructure of the ICICI Bank.

Who can access them?
The notification grants official access of IT resources of the notified entities by their designated employees, authorised team members of contractual managed service providers or third-party vendors who have been authorised by them for need-based access and any consultant, regulator, government official, auditor and stakeholder authorised by the entities on case-to-case basis.