8 Dec 2015

Merger And Acquisitions (M&A) Policy And Guidelines 2014 For Telecom Sector Of India

The regulatory environment for telecom sector of India is fast changing to the betterment of various stakeholders. Foreign companies have been demanding a liberal telecom policy before they invest in India. Indian government started accepting these demands one by one.

The first assurance in this regard can be found in the form of the FDI policy for telecom sector of India 2014 (PDF). Indian government has liberalised and enhanced the FDI limit with FIPB approval. Similarly, Indian government has also given approval to establish two semiconductor wafer fabrication manufacturing facilities in India (PDF). This would benefit companies of Japan and Korea in expanding their bases in India. The electronic system design and manufacturing (ESDM) policy of India has also been streamlined by Indian government.

The guidelines for merger and acquisitions of telecom companies in India 2014 (PDF) have also been issued and many international telecom companies have shown their interest in this regard. The M&A policy for the telecom sector is likely to be presented before the cabinet for approval by 27 February 2014.

However, companies like Tata Tele and Aircel, which carry non-auctioned spectrum in their fold, may not be benefited much by this policy. All companies that are purely targeting spectrum acquisition would prefer to avoid the M&A route as it involves debt intake and risks, heavy costs and regulatory approvals. Rather they would opt for engaging in spectrum trading or sharing, policies for which are on the anvil. The M&A route would be generally preferred by those who wish to improve and enhance their subscriber base or infrastructure.

The new M&A guidelines prescribes that an acquirer will have to pay market price for spectrum of an acquired company in case of non-auction airwaves and came in with entry fee along with the licence. This has to be paid on a pro-rata basis for the remaining period of the licence. The guidelines are also liberal and pro active in the sense that they have removed the condition of a three-year lock-in period before any new spectrum can be sold. The guidelines also allow a higher 50% combined market share for the merged entity instead of the 35% proposed earlier, making it easier for bigger companies to engage in M&As.

Due Diligence In Telecom Mergers And Acquisitions (M&A) In India

With the announcement of merger and acquisition (M&A) guidelines for telecom sector of India 2014, negotiations and dealings in the telecom sector have significantly increased. While these negotiations and dealings are at the infancy stage yet they have indicated how things would take a shape in the near future.

As on date memorandum of understandings (MOUs) and letter of intents (LOIs) are being signed by various stakeholders. The next stage would be conducting of due diligence exercise for various fields like management, finance, legal, etc that are essential part of any business including telecom business.

The legal due diligence exercise may involve examination of the legal structure of business, contracts, potential regulatory issues and impact on the business, statutory clearances made till date, list of legal cases filed by and against the Company and the current status. Partner agreements, DOT license Agreements, VAS Services, liquidated damages, if any levied by licensor and list of all IPR Audits and IPR regulation issues could also be analysed during the legal due diligence exercise.

The primary regulators governing M&A activity in India are the Securities and Exchange Board of India (“SEBI”), the Reserve Bank of India (“RBI”) the Foreign Investment Promotion Board (“FIPB”) and the Competition Commission of India (“CCI”). The provisions of Indian Companies Act, 2013 (PDF), Income Tax of India, 1961, Foreign Exchange Management Act, 1999 (FEMA), The Competition Act, 2002, etc have to be duly complied with in this regard.  Further, telecom stakeholders exploring the M&A route must also comply with the Internet intermediaries requirements and cyber law due diligence requirements (PDF) as prescribed by the Information Technology Act, 2000 (IT Act 2000).

The Securities and Exchange Board of India (SEBI) has announced that it would release corporate governance rules for the listed entities in India. Further, the Parliament of India passed the Indian Companies Act, 2013 (PDF) to improve the corporate culture in India. Powers of Serious Fraud Investigation Office (SFIO) were also enhanced so that they can effectively deal with corporate frauds and crimes in India.

The Ministry of Corporate Affairs (MCA) has also issued some Rules under Chapter XIV of Indian Companies Act, 2013 pertaining to Inspection, Inquiry and Investigation by Indian Authorities and Serious Frauds Investigation Office (SFIO). The Suggestions Regarding Rules Pertaining to Inspection, Inquiry and Investigation (SFIO) by Perry4Law (PDF) has already been provided by us in this regard.

Taxation issues have been at the core of dispute between big telecom companies and Indian Government. For instance, companies having commercial presence in India were accused of violating the transfer pricing laws of India. Transfer pricing orders have already been issued against Vodafone and Shell India and Nokia has been accused of violating the income tax and transfer pricing laws of India.

There are provisions under the Income Tax Act for avoidance of tax by certain transactions in securities and avoidance of income-tax by transactions resulting in transfer of income to non residents. To further curb income tax avoidance and to check black money accumulation in foreign jurisdictions, Income Tax Overseas Units (ITOUs) of India in foreign countries would also be established.

With the advance in information technology, costs pertaining to sharing and storing of information, details and data of the merging company can be significantly reduced as all information can be stored in a secured online environment known as data rooms. The virtual legal due diligence in India has already taken a shape and many companies are using the same to ensure economy and a timely legal due diligence.

Perry4Law wishes all the best to all the stakeholders who are exploring M&A in telecom sector and contemplating engaging in electronic system design and manufacturing (ESDM) business in India.

Telecom Commission Approves Satellite Based Mobile Services In India

The Telecom Commission is an essential and core segment of Indian Department of Telecommunications (DoT). It has been playing a major role in bringing order to the chaotic telecom situation existing in India. The Commission along with the DoT manages the policy formulation, licensing, wireless spectrum management, administrative monitoring of PSUs, research and development and standardization/validation of equipment etc.

The Telecom Commission was constituted by the Government of India vide Notification dated 11th April, 1989 with administrative and financial powers of the Government of India to deal with various aspects of Telecommunications. The composition of the Commission consists of a Chairman, four full time members, who are ex-officio Secretary to the Government of India in the Department of Telecommunications and four part time members who are the Secretaries to the Government of India of the concerned Departments.

One of the areas covered by the Commission pertains to satellite based services management in India. The Satellite phones are permitted in India only with specific permission from DoT. Presently use of specific types of International Mobile Satellite Organisation (INMARSAT) terminals is only permitted as per details available under the link INMARSAT.

In a welcome move, the Telecom Commission has given the approval for introducing satellite based mobile services in India. The approval comes after a recommendation from the Telecom Regulatory Authority of India (TRAI) to introduce a regulatory mechanism to govern satellite phones. Initially, the services will be offered by Bharat Sanchar Nigam Ltd through a partnership with INMARSAT. INMARSAT provides its satellite services with a constellation of four satellites which are located in the Geo-stationary earth orbit.

Currently, in India, the satellite services of INMARSAT are used by maritime users through the Tata Communications Ltd under its international long-distance licence. Some limited numbers of users of land mobile have also been permitted by the DoT on a case-to-case basis.

Satellites provide telephone and broadcasting services, covering large geographical areas. A satellite-based communication system provides an ideal solution for connecting remote and inaccessible areas. In addition, satellite communication is widely used for the transmission of emergency traffic, such as distress and safety messages, to and from vessels at sea or remote locations.

While the INMARSAT services cater to maritime communication, the Government had envisaged satellite services, namely, Global Mobile Personal Communication by Satellite (GMPCS) in the new telecom policy 1999. Under this licence, satellite-based communication services were permitted. However, establishment of GMPCS Gateway in India by the licensee was a mandatory license condition, which dampened interest from potential investors. This required substantial financial expenditure which was not feasible to be recovered from the limited number of users.

Now the regulatory environment for telecom sector of India has changed and there is good sense in making such expenditure. The FDI Policy in telecom sector of India 2014 (PDF) is also conducive for investment purposes. Indian government has also given approval to establish two semiconductor wafer fabrication manufacturing facilities in India (PDF). This is in conformity with the policy of India government to encourage electronic system design and manufacturing in India. The new merger and acquisition (M&A) guidelines issued by Indian government is also seen as a pro active step by many telecom stakeholders. These developments would encourage establishment of GMPCS Gateway in India by the concerned licensee and widespread use of Satellite Based Mobile Services in India.

Until now, DoT was giving permission to procure the INMARSAT handsets and taking services from a foreign service provider was given to meet the requirement of paramilitary forces and disaster management. However, there are security related limitations in this arrangement.  There is a possibility of monitoring of calls outside the country as the earth station is located outside the country. In view of the above drawbacks, the Defence forces have not procured these handsets. They are continuing to use the old terminals. However, as declared by the INMARSAT, some of these old terminals will cease to be supported by their satellites from September. Thus, the decision by the Telecom Commission to permit BSNL to offer satellite services could help tide over the problems.

21 Nov 2015

Microsoft Adopts The Robust ISOIEC 27018 Standard For Cloud Privacy But Challenges Continue In India

Privacy is a cherished human rights that needs to be protected at global level. Right now the mentality of governments around the world is that privacy rights are dependent upon charity of government and only to the extent permitted by the government. But privacy is the human right of every individual and is not a government charity. Similarly, privacy rights cannot be taken away by citing some vague and invented national security requirements.

Privacy protection in the information era is not easy to manage. Even our governments are not at all interested in protecting privacy rights of their citizens. They are not interested in reconciling the conflicting ideals of civil liberties and national security requirements. This is the reason why human rights protection in cyberspace must be internationally recognised by United Nations.

It is also the duty of technology companies to safeguard the data and information provided to them by various individuals and companies from unreasonable and illegal e-surveillance activities. These companies held the personal data of their users in fiduciary capacity and they can be held liable for violating the laws of various countries if they start sharing the data with law enforcement agencies on the drop of a hat.

Cloud computing is increasingly being used by individuals and companies to store their information, data and personal information. It is of utmost importance that cloud storage must not only be cyber secure but they must also be civil liberties compliant. In India, there are certain legal and regulatory issues that all cloud computing providers must comply with. However, most of the businesses and entrepreneurs of India are not complying with these laws and regulations. They are miserably poor in the fields of privacy and data protection (PDF) and very few of them are complying with cyber law due diligence (PDF) requirements.

It has been reported that Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers’ data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. Google along with other companies has been fighting against e-surveillance activities of U.S. agencies. In the past, FBI’s National Security Letters (NSLs) with gag orders were declared unconstitutional by a U.S. District Judge. However, this order was subsequently narrowed down by the Judge and allowed the U.S. Department of Justice to appeal the decision to the United States Court of Appeals for Ninth Circuit.

Microsoft has declared that it would adopt the ISO/IEC 27018, published last year by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which outlines a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a processor of personally identifiable information. This initiative of Microsoft would help in strengthening users’ privacy around the world.

However, there are many issues that have to be managed by Microsoft despite its latest declaration. For instance, the ISO/IEC 27018 standards provides that although law enforcement requests for disclosure of personally identifiable data must be disclosed to enterprise customers yet gag orders may prohibit such disclosures. Similarly, Microsoft has to manage conflict of laws in cyberspace as what is legal in U.S. may not be legal in India. In fact, if we go by the trends in India, cyber litigations against foreign websites would further increase in India and companies like Google, Microsoft, Facebook, etc must be well prepared for the same in advance.

Online Card Games Websites May Be Legally Risky If Not Properly Drafted And Managed

At Perry4Law we are frequently approached by online cards and non cards games providers to ascertain the legality of their business models. We guide them as per their business models and requirements but there cannot be a single solution for various gaming stakeholders. This is because different states have different laws regarding online gaming and gambling in India.

Some stakeholders have already approached the Supreme Court of India to get clarity on the legality of online games like rummy, poker, etc. In response of the same, the Supreme Court asked the opinion of Central Government in this regard but the same has been informally denied by the Central Government.  This means that till the time Supreme Court actually says that online rummy, online poker and online card games are legal in India, majority of these gaming stakeholders may be exposing themselves to legal risks and civil and criminal liabilities.

Another problem related to this litigation is that this is an issued between parties to the litigation alone and other cannot derive benefit out of this litigation even if the ultimate decision allows online poker and rummy in India. This is the reason that many gaming companies have approached the Supreme Court to implead them as necessary party to this litigation. While this may be beneficial to clarify the position regarding these additional parties as well yet it would also make them bound the decision of Supreme Court. If an adverse decision is given by the Supreme Court, that would be binding on them as well.

Another related problem with the proceedings taking place at the Supreme Court is that till the time Supreme Court decides this issue, various High Courts would not touch the games with stakes issue at all. This is more so regarding online poker and rummy legal issues as the matter is pending before the Supreme Court.

This is exactly what is happening in India as on date. It has been reported that the Hyderabad High Court has refused to grant relief to clubs in the city who wanted the Hyderabad police prevented from interfering or obstructing in any manner from running card rooms on club premises where members and guests are allowed to play rummy with stakes.

Justice Vilas V. Afzulpurkar was dealing with a petition by the managements of Chiran Fort Club and nine others challenging the action of the police in closing their card rooms. The petitioners contended that in view of the declaration of the Supreme Court in the case of Kishan Chander versus state of Madhya Pradesh, the game of Rummy is not entirely a game of chance and is a game of skill. So the closure of card rooms by the police was illegal.

While refusing interim relief, the judge said in view of new findings in a similar case by the SC and the Madras HC, the case needs a detailed examination to determine whether playing Rummy with stakes will attract provisions under the Gambling Act or not. This is a logical conclusion as the issue of playing poker or rummy with stakes is still not clear despite the contrary beliefs. It is certainly very risky when it comes to online poker and online rummy in India.

Online card games websites may be legally risky if not properly drafted and managed. In fact a majority of online poker and rummy websites are flouting laws of India and they can be punished any time by the Government.

Perry4Law strongly recommends that till the time Indian Supreme Court or Central Government clarifies the legal position regarding online gaming in India, the online gaming/gambling stakeholders must comply with existing and applicable techno legal requirements of Indian laws.

20 Nov 2015

Google Services Temporarily Cut Off Due To Hathway’s Incorrect Traffic Routing

The original design of Internet and its protocols presupposes existence of mutual trust and this at times also cause troubles. In the initial age of Internet, there were very few Internet protocol addresses and they use to communicate with each other directly. There was little reason for abuse or distrust among these IP addresses and their owners. There were also no fears of impersonation and IP spoofing as well.

However, as the Internet and these protocols grew, they became more unstable and untrustworthy. Now if we send something in plain text, chances are great that such plain text information maybe intercepted and misused. Nevertheless, networks and systems still need to trust each other to make the Internet function in a speedier manner. If one system or service provider falters, the services of other may be hampered.

In one such incidence, users around the world were not able to access Google’s service for a short period of time due to a technical glitch. Users were cut off due to the routing leak from Indian broadband Internet provider Hathway. The leak is similar to a 2012 incident caused by an Indonesian ISP, which took Google offline for 30 minutes worldwide.

Routing leaks occur when a network provider broadcasts all or part of its internal routing table to one or more peered networks via the Border Gateway Protocol (BGP) causing network traffic to be routed incorrectly. In the present case Hathway’s boundary router incorrectly announced routing data for over 300 network prefixes belonging to Google to the Internet backbone via its provider Bharti Airtel. Bharti in turn announced these routes to the rest of the world and a number of international ISPs accepted these routes.

Now why would Google rely upon Hathway for its services? This is because Hathway peers with Google to provide better speed to Google’s cloud, directing traffic to the closest Google data centers. That peering is a private network connection. As a result, when the routing table was accidentally broadcast to the world instead of just to Hathway’s customers, much of the world was trying to access Google via Mumbai, through Hathway, instead of over the public Internet.

By design users cannot access Google services with incorrect route information till it is rectified or routed correctly.

2 Nov 2015

RBI Decides To Set Up An IT Subsidiary To Deal With Cyber Crimes And Cyber Security Related Issues

India is treading on the digital highway and very soon most of the public services would be delivered through use of information and communication technologies (ICT). This is clear from the enthusiastic implementation of Digital India project that needs some fine tuning to get the best results. Nevertheless there is no escape from the reality that Digital India would be the face of Indian economy and culture very soon.

With this increased and omnipresent digital culture, cyber crimes and cyber security breaches would be the norm in future. This is the reason why the Delhi Police has decided to launch a mobile application that would help in filing of online FIR for economic frauds and cyber crimes. Now the Reserve Bank of India (RBI) has also showed its commitment to fight against cyber crimes and financial frauds by declaring that an information technology driven subsidiary would be established by it to deal with cyber nuisances. This IT subsidiary of RBI would also deal with cyber security and related issues with a special focus upon banking related technology issues. The IT subsidiary of RBI would also evaluate the technical capabilities of banks that is almost missing as on date.

We at Perry4Law Organisation (P4LO) welcome this move of RBI and extend our full techno legal support and expertise in this regard. As per the cyber security trends of India 2015 by P4LO cyber security related issues must be taken care of by various stakeholders including banks in India. Although RBI has announced many effective cyber security related initiatives for banks in India yet cyber security for banks in India is still not in good shape. Some of the initiatives already undertaken by RBI in this direction include formulation and implementation of Internet banking guidelines, formation of a RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, RBI Recommendation on Information Security and its implementation in India, etc.

RBI has also prescribed establishment of Steering Committees on Information Security by Banks in India and appointment of Chief Information Officers (CIOs) for all banks in India.  However, banks in India have failed to comply with the directions of RBI so far. As on date there is neither a legal framework nor any compulsion to ensure cyber security of banks in India. This gives little incentive to the banks to ensure cyber security of online banking system of India. On top of it, banks in India are not following cyber security due diligence and cyber law due diligence (PDF) despite RBI’s directions.

If we take the example of western countries, sophisticated malware are targeting banks of these countries. These countries are heavily relying upon ICT for their functioning and this makes them vulnerable to cyber crimes and cyber attacks. India has not faced this heat so far because till now India did not adopt technology to that extent. However, after the adoption of Digital India, cyber security and cyber crimes investigation would become major issues for not only the law enforcement agencies but also banks of India. RBI seems to be aware of this reality and has taken a good step by deciding to establish an IT subsidiary that would take care of all these issues. However, we at P4LO believe that this IT subsidiary of RBI should not be a mere paper tiger but must actually work towards establishing a robust and resilient cyber security environment for banks of India.

Sophisticated botnet and malware like Dump Memory Grabber has been targeting Indian banks and POS Terminals. Similarly, the Gameover Zeus or GOZ botnet is also capable of stealing sensitive banking and financial information and details. Recently, the US Justice Department even charged a Russian national for creation of Gameover Zeus (GOZ) Botnet.

In these circumstances we must consider the proposal of India to adopt and use mobile banking, Internet banking and other online banking and financial transactions methods. So far India and RBI has not considered the issues of mobile banking cyber security, internet banking cyber security, legal aspects of Internet banking, cyber security of e-governance services, etc. In these circumstances, Indian online banking transactions are vulnerable to cyber attacks.

The cyber security for banking and financial sectors of India must be ensured as soon as possible. Online payment market of India and e-commerce and online business legal compliances have further increased the requirements of banking cyber security in India. Similarly, cyber due diligence for Paypal and online payment transferors of India must also be ensured by these stakeholders. These are some of the suggestions that P4LO has shared with Indian Government and RBI through this platform. More detailed suggestions would also be shared by P4LO at appropriate stage and platform.