CHAPTER IV
SOFTWARE EXPORTS – REGULATORY FRAMEWORK
AND DEVELOPMENT ISSUES
The Government of India has announced IT as a thrust area. Accordingly, it is providing for more liberal policy framework for the sector. Major laws and regulations that affect the IT industry are listed in this chapter. One of the major factors of excellent and consistent growth of Indian software industry can be attributed to the continuous liberalization of policies of the Government of India. NASSCOM and the government have worked together in close co-operation over a long time for forming and implementing these policies. During 1991, NASSCOM lobbied with the government and for the first time, secured income tax exemption from profits of software exports. Later, the government, systematically and gradually, reduced import duty on computer software from a high 114 percent to nil. Copyright laws were also amended. Some of the fiscal and non-fiscal incentives provided by the Government of India to IT software and services industry are listed.
PROCEDURE FOR SETTING UP IT COMPANY
Setting up IT software and services operations in India are governed by certain rules and regulations. A brief list of legal guidelines for individuals/ companies interested in setting up such operations like; setting up of operations in India by an Indian citizen / company. An Indian citizen can set up IT software and services operations in India in the following manner; as an individual / proprietor; or as a partnership firm / trust; or as a company registered under the Companies Act, 1956. No prior permission of the Government of India is required to set up IT/ software units in India.
Moreover, to encourage units in this sector, Government of India has announced many schemes.
Export Promotion Capital Goods (EPCG) Scheme:
This scheme allows import of capital goods at a concessional customs duty rate of 5 percent, where the importer as a condition is required to achieve a specified export obligation. The export obligation and the period within which the same is required to be achieved vary based on the nature of the unit and value of imported capital goods.
Special Economic Zones (SEZs):
SEZs are designated areas dedicated towards growth of exports, having full flexibility of operations that are permitted to import duty free capital goods and raw material. The movement of goods to and fro between ports and SEZ are unrestricted. The units in SEZ have to export the entire production subject to permitted sales in the DTA. Currently, there are 11 operational SEZs in India which include the Santacruz Electronic Export Promotion Zone, Kandla Export Promotion Zone, Vizag Export Promotion Zone and Cochin Export Promotion Zones which have been converted to SEZs. Fiscal incentives available to SEZ units have been discussed in detail earlier.
100 Percent Export Oriented Unit (EOU):
In terms of the benefits available, the EOU scheme, on a general basis, is similar to SEZ scheme. But in this scheme, there is no need to be physically located in the designated area (as in the case of SEZs). This scheme offers zero import duty on import of all capital goods, special 10 years income tax rebate (however, such rebate will not be available for Assessment Year 2010-2011 and onwards). The incentives provided to EOUs are generally similar to those provided to SEZ units, except the exemption from central sales tax on purchases.
Software Technology Park (STP):
This is a special scheme under the Ministry of Information Technology, similar to EOU scheme, which is specific for the software industry. STPs are located at Noida, Navi Mumbai, Pune, Gandhinagar, Hyderabad, Bangalore, Chennai, Bhubaneshwar, Jaipur, Mohali and Thiruvanathapuram. This scheme offers zero import duty on import of all capital goods, special 10 years income tax rebate (however, such rebate will not be available for Assessment Year 2010-2011 and onwards), availability of infrastructure facilities like high-speed data communication links, etc. The incentives provided to EOUs are generally similar to those provided to SEZ units, except the exemption from central sales tax on purchases.
PROVISIONS UNDER EXCHANGE CONTROL REGULATIONS Setting up of operations in India by Overseas Company/ Non-Resident
A foreign company or a non-resident planning to set up business operations in India can do so ‘as a foreign company through a Liaison Office/ Representative Office, Project Office or a Branch Office; or as an Indian company through a Joint Venture or a Wholly Owned Subsidiary. A foreign company is one that has been incorporated outside India and conducts business in India. These companies are required to comply with the provisions of the Company Act 1956.
Liaison Office/ Representative Office
A liaison office is not allowed to undertake any business activity in India and earn any income in India. The role of liaison office is limited to collecting information about possible market opportunities and providing information about the company and its products to prospective Indian customers. The Foreign Exchange Management Act (FEMA) regulates the
opening and operation of liaison offices. Prior approval of the Reserve Bank of India (RBI) is required for opening of such offices. Permission for such offices is typically granted for a period of three years initially and may be extended from time to time. These offices have to ensure compliance with the conditions like; expenses are met entirely through inward remittances of foreign exchange from the Head Office abroad; these offices do not undertake any trading or commercial activities. Activities should be limited to collecting and transmitting information between the overseas Head Office and the potential Indian customers; such offices should not charge any commission or receive other income from Indian customers for provision of liaison services. A person residing outside India permitted by RBI to establish a liaison office in India may carry out activities like; represent in India the parent company/ group companies; promote export import from/ to India; promote technical/ financial collaborations between parent/ group companies and companies in India; act as a communication channel between the parent company and the Indian companies. Further, liaison/ representative offices are required to furnish an annual compliance certificate, from their auditors, to the RBI.
Project Office
Foreign companies planning to execute specific projects in India can set up temporary project/ site offices in India. Under the earlier provisions of FEMA, specific approval was required to be obtained from RBI for establishment of a Project Office. Recently, the RBI has accorded general permission to foreign companies for establishment of Project Offices in India subject to the conditions; it has secured from an Indian company a contract to execute a project in India; the project is funded by inward remittance from abroad or bilateral/ multilateral International Finance Agency or the project has been cleared by an appropriate authority or the contracting entity has been
granted term loan by a public financial institution or a bank in India for the project; and intimation is required to be filed with the regional office of RBI in the prescribed manner. Further, until recently an approval from the RBI was required for opening of foreign currency accounts by Project Offices in India; and/ or intermittent remittances are to be made by such Project Offices.
Branch Office
Foreign companies may set up Branch Offices in India, with prior permission of RBI, for the purposes like; to represent parent company/ other foreign companies in various matters in India e.g. acting as buying/ selling agents in India; to conduct research work in the area in which parent company is engaged; to undertake export and import; to promote possible technical and financial collaborations between Indian companies and parent/ overseas group companies; to render professional or consultancy services; to render services in Information Technology and development of software in India; to render technical support to products supplied by the parent/ overseas group companies. A Branch Office is not permitted to carry out manufacturing activities on its own. A Branch Office is required to file an annual compliance letter, from their auditors, with the RBI. Remittance of profits of the Branch Office is permissible by furnishing requisite documents with an authorized dealer. Further, RBI has granted general permission to foreign companies to establish Branch Offices/ units in SEZs to undertake manufacturing/ service activities subject to the conditions like; such units function in those sectors where 100 percent FDI is permitted; such units comply with the prescribed requirements of the Company Act; such units function on a stand-alone basis; and in the event of winding-up of business and for remittance of winding-up proceeds the branch/ unit shall approach an authorized dealer with the prescribed documents.
As an Indian Company
A foreign company can commence operations in India through incorporation of a company under the provisions of the Company Act. Foreign equity in such Indian companies can be up to 100 percent depending upon the business plan of the foreign investor, prevailing foreign investment policies of the government and receipt of requisite approvals.
Joint Venture with an Indian Partner
Foreign companies can set up their operations in India by forming strategic alliances with Indian partners. Setting up of operations through Joint Venture may entail the advantages to a foreign investor like; already established distribution/ marketing set up of the Indian partner; available financial resources of the Indian partner; already established contacts of the Indian partner that help smoothen the process of setting up operations.
Foreign investments are approved through two routes as under: Automatic Route:
Approvals for foreign equity up to 26 percent, 50 percent, 51 percent, 74 percent and 100 percent are given on an automatic basis subject to fulfillment of the prescribed parameters in certain industries as specified by the government, The RBI accords automatic approval to all such cases.
Government Approval:
Approval in all other cases where the proposed foreign equity exceeds 26 percent, 50 percent, 51 percent or 74 percent in the specified industries or if the industry is not in the specified list, it requires prior specific approval from Foreign Investment Promotion Board (FIPB).
ESTABLISHING A PRESENCE OUTSIDE INDIA Direct Investment outside India by Indian Corporates
Under the exchange control regulations, Indian corporates are permitted to invest in entities outside India. The investments could be made either under the automatic approval route or the specific prior approval route. Where the proposed investment does not satisfy the conditions of the automatic approval route, the same would require prior approval of the RBI. Some of the key conditions to be satisfied so as to qualify for the automatic approval route are as follows: terms and conditions for outbound investment under the automatic route are; investment is made in an overseas joint venture (JV) or wholly owned subsidiary (WOS) engaged in a bona fide business activity; total financial commitment of Indian entity does not exceed 200 percent of net worth of the Indian entity as on the date of last audited balance sheet; Indian entity is not on RBI’s caution list or under investigation by the Enforcement Directorate; Indian entity has to comply with certain filing requirements with the RBI; all transactions relating to such investments through only one branch of an authorised dealer designated by it.
Modes of funding the investment
The investment outside India may be funded out of the sources like; balance held in EEFC account of Indian entity maintained with an authorized dealer; withdrawal of foreign exchange from an Indian banker upto 200 percent of net worth of Indian investor as on the date of last audited balance sheet; utilization of proceeds of ADR/ GDR issues raised by Indian entity; acquisition of shares of a foreign company engaged in similar core activity in exchange of ADR/ GDRs issued to the latter, subject to certain terms and its
conditions; Capitalization of receivables in respect of export of plant, machinery, equipment and other goods/ software to the foreign entity or fees, royalties, commissions or other entitlements for supply of technical know-how, consultancy, managerial or other services. Prior approval of the RBI would be required where receivables are more than six months old; export of goods/ software/ plant and machinery from India towards equity contribution in a JV/ WOS outside India subject to certain compliances.
ADR/ GDR Linked option for employees of software companies in India Authorised dealers may permit resident employees (including working directors) of an Indian software company to purchase foreign securities under ADR/ GDR Linked Stock Option Schemes provided consideration for such purchase does not exceed USD 50,000 or its equivalent in a block of 5 calendar years per eligible employee.
Purchase/ acquisition of foreign securities under Employee Stock Option Plan (ESOP)
An individual who is an employee or a director of the Indian office or branch of a foreign company or of a subsidiary of a foreign company or an Indian company in which foreign equity holding is not less than 51 percent, may remit any amount towards purchase of equity shares offered by the said foreign company provided that the shares are offered at a concessional price. This relaxation is subject to further notice in this regard by RBI. In order to further liberalize overseas investment, it has been decided that even in cases where the foreign company is offering its shares under ESOP and has an indirect shareholding in the Indian company, ie through a Special Purpose Vehicle or a step down subsidiary, no prior permission of the RBI is required, as long as such holding is not less than 51 percent.
Investments abroad by a firm in India
Firms in India registered under the Indian Partnership Act, 1932 and having a good track record, have been permitted under the automatic route, to make direct investments outside India in an entity engaged in bonafide business activity provided such investment is upto 100 percent of its net worth or USD 10 million or its equivalent, whichever is less, in one financial year. Firms intending to undertake financial services activities would, however, have to satisfy certain additional requirements.
Investments by Proprietary concerns
A proprietary concern may accept shares of a company outside India, with prior approval of the RBI for a period of one year, in lieu of professional services rendered to such company subject to the conditions like; value of shares does not exceed 50 percent of fees receivable; and the concern’s shareholding in one company by virtue of acquisition as above does not exceed 10 percent of paid up capital of such company.
External Commercial Borrowings (“ECBs”)
The following are the key features of the revised ECB guidelines issued by the RBI. ECBs can be raised from internationally recognized sources such as (i) international banks, (ii) international capital markets, (iii) multilateral financial institutions (such as IFC, ADB, CDC etc.), (iv) export credit agencies, (v) suppliers of equipment, (vi) foreign collaborators and (vii) foreign equity holders. All corporates registered under the Company Act except financial intermediaries are eligible to raise ECBs. ECBs can be raised both under the automatic and the approval route. Under automatic route, maximum ECB amount permitted under the automatic route is USD 500 million with a minimum average maturity period of 5 years. ECBs upto USD
20 million is permitted with minimum average maturity period of 3 years. Under approval route, Indian entities proposing to raise ECBs, which do not satisfy the conditions of automatic route, would need to obtain prior approval of the RBI. The RBI has set up an Empowered Committee to consider proposals coming under the approval route.
a. End use restrictions
ECB proceeds can be utilized for investment in real sector-industrial sector and infrastructure sector for import of capital goods, new projects, modernization and expansion of existing projects. ECB proceeds cannot be used for onward lending or investment in the capital market or real estate business (other than development of integrated townships as defined under ECB guidelines) or for working capital, general corporate purpose and repayment of rupee loans.
b. Certain other conditions to be satisfied
All-in-cost ceilings (including interest, fees and other charges) for ECBs with minimum average maturity period of 3 years and upto 5 years is 200 basis points over six months LIBOR. For ECBs with minimum average maturity period of more than 5 years, the ceiling is 350 basis points over six months LIBOR. Prepayment of ECBs up to US$ 200 million is permitted without prior approval of the RBI, subject to compliance with the stipulated minimum average maturity period as applicable for the loan. Refinancing of existing ECB by raising fresh loans at lower cost is permitted subject to the condition that the outstanding maturity of the original loan is maintained. Foreign Equity Holder to be eligible as a recognized lender for ECB should directly hold minimum equity of 25 % in the Indian company. For ECB above USD 5 million, minimum equity of 25% should be held directly by the foreign
lender and the debt equity ratio of Indian company should not exceed 4:1 (i.e. proposed ECB cannot exceed 4 times the direct foreign equity holding).
Current account transactions
Under the exchange control regulations, remittance for any current account transactions is permitted without any prior RBI approval unless specifically restricted. Some of the restrictions that may be relevant for the software/ IT industry beyond which prior RBI approval would be required are; exchange facilities exceeding US$ 100,000 for persons going abroad for employment; release of foreign exchange, exceeding US$ 25,000 to a person per trip for business travel or attending a conference or specialized training; remittances exceeding US$ 1,000,000 per project for consultancy services procured from abroad; remittance exceeding US$ 100,000 towards reimbursement of pre-incorporation expenses; remittances for purchase of trade mark/ franchise in India. Some other restrictions that may be relevant for the software/ IT industry beyond which prior Central Government approval would be required are; remittances of royalty and payment of lump-sum fee exceeding 5 percent on local sales and 8 percent on exports and lump sum payments exceeding US$ 2 million; remittance of hiring charges of transponders subject to approval from Ministry of Information and Broadcasting.
Import of software up through Internet is permitted
The RBI has permitted remittance towards import of software through Datacom channels/ Internet subject to production of documentary evidence in support of the remittance e.g. invoice of the foreign supplier, user’s licence etc.
Use of International Credit Cards, ATM Cards, Debit cards, etc., for import of software, books, etc.
The RBI has clarified that International Credit Cards can be used on the internet for any purpose for which foreign exchange can be purchased from a banker in India such as import of books, purchase of software by downloading from the internet and any other item permitted to be imported under the EXIM policy. Further, there is no separate aggregate monetary ceiling prescribed for use of International Credit Cards through the internet. It has been further clarified that Debit cards and ATM cards can also be used for any purpose for which foreign exchange can be purchased from an authorized dealer in India. Inbound foreign investment
As per FEMA regulations, foreign direct investment upto 100 percent (equity and preference shares) is permitted in shares of an Indian company engaged in the business of software development/ IT enabled services. The Indian company issuing shares or convertible debentures to foreign investor is required to intimate the RBI within 30 days of receipt of the consideration for issue of shares, detailing the prescribed information such as name and address of the foreign investors etc; and subsequently, intimate in Form FC-GPR within 30 days of date of issue of shares, along with the prescribed documentation/ information. The price of shares to be issued by the Indian companies, shall have to comply with prescribed valuation norms. Dividends on foreign investments are freely repatriable.
Conversion of ECBs and lumpsum fee/ royalty into equity/ preference shares
The RBI has permitted conversion of ECBs into equity/ preference shares without any prior approval subject to the conditions like; the activity
of Indian company is covered under the automatic route for FDI or the company had obtained government approval for foreign equity in the company; the foreign equity after such conversion of debt into equity is within the sectoral gap, if any; pricing of shares is as per SEBI and erstwhile CCI guidelines/ regulations in the case of listed/ unlisted companies as the case may be; compliance with the requirements prescribed under any other statute and regulation in force. The RBI has also permitted conversion of lumpsum fee or royalty payable by an Indian company into equity/ preference shares subject to certain filing requirements and issue of shares under Employee Stock Option Scheme (ESOS). An Indian company may issue shares under the ESOS to its employees or employees of JV/ WOS outside India who are resident outside India, subject to certain conditions.
Transfer of shares in Indian companies
Transfer of shares (equity and preference) and convertible debentures in an Indian company, by a resident to non-resident and vice versa can be carried out under the automatic route i.e. without prior approval of the government or the RBI. The relaxation is subject to prescribed conditions and valuation norms and applies to all sectors other than the financial services sectors. Some of the key conditions to be fulfilled are; the activities of the Indian company are under the automatic route as per the Prevalent FDI regulations; the transfer complies with other relevant regulatory provisions; the foreign shareholding in the Indian company after the transfer complies with the sectoral caps under the FDI policy.
Facilities to units in STP/ Electronic Hardware Technology Park (EHTP) Units in STPs/ EHTPs have been permitted to credit upto 100 percent of their export receipts in their EEFC accounts. Units in STP/ EHTPs have
been permitted to provide services in the DTA in any mode upto 50% of FOB value of exports and/ or 50% of foreign exchange earned, where payment for such services is received in foreign exchange.
Remittances for normal business operations of overseas branch
Indian companies have been permitted to make remittances towards normal business operations of office (trading/ non-trading) / branch or representative outside India subject to the overseas office / branch / and the representative should not create any financial liability for the Indian entity and any surplus funds with the overseas branch should be repatriated to India. Overseas branch/ office of the Indian software exporter company is required to repatriate to India 100 percent of the contract value of each ‘off-site’ contract and 30 percent of the contract value of each ‘on-site’ contract.
IT POLICIES IN INDIA Overview
In May 1998, the Prime Minister of India Dr. Manmohan Singh has formed a National Taskforce on Information Technology and Software Development to formulate a long term National IT policy for the country and also remove impediments for the growth of the infotech industry. The main objective of this was to help India emerge as an IT software superpower. The taskforce submitted three key reports to the government – suggesting various measures to build India’s infotech industry and proliferate the use of IT in the country. In the last few years, 18 state governments have announced IT policies. These policies focus on the key issues of infrastructure, electronic governance, IT education and providing a facilitating environment for increasing IT proliferation in the respective states.
India’s IT policy enables the Indian IT industry to harness existing and emerging opportunities and create vast investment potential. While the IT policy has been constantly retouched and enhanced in tune with the changing technological landscape, there is also a thrust to formulate a long term National IT policy for the country and remove impediments for the growth of the IT-ITES industry and help India emerge as an IT software superpower. The use of ICT for social and human development in India is also a focal point in the government’s agenda.
TABLE - 4.1
WEBSITE ADDRESSES OF STATES/UTS
Andaman & Nicobar (UT) http://andaman.nic.in Andhra Pradesh http://www.aponline.gov.in Arunachal Pradesh http://arunachalpradesh.nic.in
Assam http://assamgovt.nic.in
Bihar http://bihar.nic.in
Chandigarh (UT) http://chandigarh.nic.in Chhattisgarh http://chhattisgarh.nic.in Dadra & Nagar Haveli (UT) http://oidc.nic.in Daman & Diu (UT) http://daman.nic.in
Delhi http://delhigovt.nic.in
Goa http://goagovt.nic.in
Gujarat http://www.gujaratindia.com
Haryana http://haryana.nic.in
Himachal Pradesh http://himachal.nic.in Jammu & Kashmir http://jammukashmir.nic.in Jharkhand http://jharkhand.nic.in Karnataka http://www.karnataka.gov.in
Kerala http://www.kerala.gov.in
Lakshdweep (UT) http://lakshadweep.nic.in Madhya Pradesh http://www.mp.nic.in Maharashtra http://maharashtra.gov.in
Manipur http://manipur.nic.in
Meghalaya http://meghalaya.nic.in
Mizoram http://mizoram.nic.in
Nagaland http://nagaland.nic.in Orissa http://orissagov.nic.in
Pondicherry (UT) http://pondicherry.nic.in Punjab http://punjabgovt.nic.in Rajasthan http://www.rajasthan.gov.in Sikkim http://sikkimgov.nic.in Tamil Nadu http://www.tn.gov.in Tripura http://tripura.nic.in Uttar Pradesh http://upgov.nic.in Uttranchal http://gov.ua.nic.in West Bengal http://www.wbgov.com Source: Source: www.mit.gov.in
TABLE - 4.2
DETAILS OF APPROVALS AND ITS DEPARTMENT
Details Ministry / Department Website URL
Approval for Industrial License / Carry-on-business License
Department of Industrial Policy & Promotion
http://dipp.nic.in Approval for Technology Transfer:
(i) Automatic route
(ii) Government approval (PAB)
Reserve Bank of India Department of Industrial Policy & Promotion
http://www.rbi.org.in http://dipp.nic.in Approval for financial collaboration:
(i) Automatic route
(ii) Government approval (FIPB)
Reserve Bank of India Department of Economic Affairs
http://www.rbi.org.in http://finmin.nic.in Approval of Industrial Park
(i) Automatic route (ii) Non-Automatic route
Department of Industrial Policy & Promotion
http://dipp.nic.in
Registration as a company & certificate of commencement of business Department of Company Affairs (Registrar of Companies) http://dca.nic.in
Matters relating to FDI policy and its promotion and facilitation as also promotion and facilitation of
investment by Non- resident Indians.
Department of Industrial Policy & Promotion
http://dipp.nic.in
Matters relating to Foreign Exchange "Reserve Bank of India http://www.rbi.org.in Matters relating to Taxation Department of Revenue http://finmin.nic.in Matters relating to Direct Taxation Central Board of Direct
Taxes
http://incometaxindia.gov. in
Matters relating to Excise Customs Central Board of Excise & Custom
Import of Goods Directorate General of Foreign Trade
http://dgft.delhi.nic.in Overseas investment by Indians Ministry of Overseas http://iic.nic.in
Source: Source: www.mit.gov.in
TABLE - 4.3
DETAILS SHOWING THE ADDRESS FOR FILING APPLICATIONS
Application Address for Filing
Industrial Licence/COB Licence
PR&C Section, SIA, Department of Industrial Policy & Promotion, Ministry of Commerce & Industry, Udyog Bhavan, New Delhi -11. India
IEM PR&C Section, SIA, Department of Industrial Policy & Promotion, Ministry of Commerce & Industry, Udyog Bhavan, New Delhi -11. India
Monthly Production Returns
Jt.Director, Industrial Statistics Unit (ISU),
Department of Industrial Policy & Promotion,Room No. 326, Udyog Bhavan, New Delhi -11. India. Fax:011-23014564 E-mail: [email protected]
FDI Application with NRI Investment & 100% EOU application
PR&C Section, SIA, Department of Industrial Policy & Promotion, Ministry of Commerce & Industry, Udyog Bhavan, New Delhi -11. India
Foreign Technology Agreement under Government Approval
Project Approval Board, SIA, Department of Industrial Policy & Promotion, Ministry of
Commerce & Industry, Udyog Bhavan, New Delhi -11. India Approval for Industrial
Park, Model town/Growth Center under Government Approval
PR&C Section, SIA, Department of Industrial Policy & Promotion, Ministry of Commerce & Industry, Udyog Bhavan, New Delhi -11. India
FDI under automatic route Regional Office concerned of Reserve Bank of India(Addresses are available at RBI website)
FDI application under government route
FIPB Unit, Department of Economic Affairs, Ministry of finance, North Block, New Delhi - 110001. India.
For registration and incorporation of company
Registrar of Companies, Ministry of Company Affairs,B Block, 2 nd floor, Paryavaran Bhavan, CGO complex,New Delhi -110003. India
For setting up liaison / Project/ Branch office of a foreign company
Reserve bank of India, Foreign Investment Division, Shaheed Bhagat Singh Road, Mumbai - 400001, India
Software is one of the most valuable technologies of the Information Age, running everything from PCs to the internet. Computer software affects every aspect of our lives, but most significantly the way we communicate. With the touch of a button or the click of a mouse, information is transmitted across the globe. With each passing year, software evolves into a faster, more sophisticated, versatile and easy-to-use technology. Computer software allows companies to save time, effort and money. Home software now includes a wide array of programs that enhance the user's productivity and creativity. And computer graphics have turned PCs into a veritable inventive. The industry thrives on original software packages that are paid for and from these not only the software publishers stand to benefit but users too.
But not only the software publishers stand to benefit but users too. But unfortunately, because most software is highly valuable, and computers make it easy to create an exact copy of a program in seconds, software piracy is widespread. From individual computer users to professionals who deal wholesale in stolen software, piracy exists in homes, schools, businesses and government.
In India, the Intellectual Property Rights (IPR) of computer software is covered under the Copyright Law. Accordingly, the copyright of computer software is protected under the provisions of Indian Copyright Act 1957. Major changes to Indian Copyright Law were introduced in 1994 and came into effect from 10 May 1995. These changes or amendments made the Indian Copyright Act, one of the toughest in the world. The amendments to the Copyright Act introduced in June 1994 were in themselves, a landmark in the India's copyright arena. For the first time in India, the Copyright Act clearly explained about the rights of a copyright holder; position on rentals of software; the rights of the user to make backup copies; and most importantly
the amendments imposed heavy punishment and fines for infringement of copyright of software.
Because most software is easy to duplicate and the copy is usually as good as the original, the Copyright Act was greatly in demand. According to this act, the infringer can be tried under both civil and criminal law. According to section 16 of this act, it is illegal to make or distribute copies of copyrighted software without proper or specific authorization. The only exception is provided by section 52 of the Act, which allows a backup copy purely as a temporary protection against loss, distribution or damage to the original copy.
The 1994 amendment to the Copyright Act also prohibits the sale or hiring, or any offer for sale or hire of any copy of the computer program without specific authorisation of the copyright holder. A civil and criminal action may be instituted for injunction, actual damages (including infringer's profits) or statutory damages per infringement etc. With these amendments, even the criminal penalties have substantially increased. Section 63 B, stipulates a minimum jail term of 7 days which can be extended up to 3 years. The act further states the fine would be ranging from Rs. 50,000 to Rs. 2,00,000.179
Government agencies have been very actively participating in protecting of the rights of the copyright holder. Both Ministry of Information Technology and Ministry of Human Resource Development have been active in incorporating amendments to the Indian Copyright Act. These agencies are now helping the law enforcing agencies e.g. the police in enforcing the law. Today, NASSCOM officers and those government agencies are committed to enforce copyright laws and eradicate the menace of software
_______________________________
piracy. The anti-piracy raids facilitated by NASSCOM and Business Software Alliance (BSA) over the last few years in metros as well as in smaller cities have already had salutary effect. The law enforcing authorities too supported these raids actively.
REGULATORY ENVIRONMENT IN INDIA
The US and the UK have well-defined and comprehensive laws on data security and privacy. The US has sector-specific laws and laws at the federal and the state level. The UK has a comprehensive Data Protection Act covering all sectors. While India lacks specific laws on privacy and data protection, there are proxy laws and other indirect safeguards, which provide adequate protection to companies off-shoring work. Further, the Indian Government is proactively strengthening the existing legal system to cover data protection issues. A few of the proxy laws are Section 65, 66 and 72 of the Indian IT Act, the Indian Contract Act, Section 406 and 420 of the Indian Penal Code, and the Indian Copyright Act.
INFORMATION TECHNOLOGY ACT, 2000
In May 2000, the Indian Parliament passed the Information Technology Bill now known as the Information Technology Act, 2000. The act covers cyber and related information technology laws in India. Some of the issues addressed by the Information Technology Act, 2000 include; Chapter II states that any subscriber can authenticate an electronic record with his digital signature, and subsequently any person can verify that document by using the subscriber's public key. Chapter III states that all electronic records and digital signatures have legal acceptance. The chapter also confers rights to the Central Government to make rules with respect to digital signatures. Chapter IV deals with the attribution, acknowledgement and dispatch of electronic
records and digital signatures. Chapter VI deals with the regulation of the certifying authorities. The chapter also lists the powers of the controller to investigate any contraventions to the provisions of the Act. Chapter VII and VIII state the conditions under which a digital signature may be suspended or revoked. Chapter IX states that any person who accesses, downloads, copies, extracts data without authorized means or permission is punishable. The section also states that any person tampering with, damaging, denying unwarranted access to or manipulating any computer/computer system shall be liable to pay damages by way of compensation not exceeding INR 10 million to the affected persons. Introducing viruses or causing disruptions in a computer are also punishable under the act. Chapter X describes the role of the Cyber Regulations Appellate Tribunal. Chapter XI deals with offences such as wrongful loss or damage or destruction of information, deletion or alteration of any information in a computer network, 'hacking' etc and prescribes their punishment. It also includes offences such as tampering with computer source documents; publishing obscene information, misrepresentation, and breach of confidentiality and privacy. Chapter XII states that if a network provider / intermediary can prove that he has taken diligent steps to prevent the offence he has been charged with, or that it was unintentional, he is not punishable under the act.
COMPUTER SOFTWARE AND INDIAN COPYRIGHT ACT
Under Indian law, computer programs have copyright protection, but no patent protection. A software program is an algorithm and patent law does not protect algorithms per se. The term 'software' includes computer programs, databases, computer files, preparatory design material and associated printed documentation, such as users' manuals. Under the Indian Copyright Act, copying from an engraving is an infringement of the copyright, but an engraving produced independently from the same picture is not.
Copyright laws generally do not protect the owner from independent creation or reverse engineering. Therefore, many software and hardware companies have been able to take advantage of the copyright law's lack of protection against reverse engineering. India has one of the most modern copyright protection laws in the world. A major development in the area of copyright was the amendment to the Copyright Act of 1957 in 1999, to make it fully compatible with the provisions of the TRIPS Agreement. Known as the Copyright (Amendment) Act, 1999, this act came into force on January 15, 2000.
The 1994 amendment of the Copyright Act of 1957 brought sectors such as satellite broadcasting, computer software and digital technology under Indian copyright protection. The present Copyright Act conforms fully to the TRIPS obligations. The other important development during 1999 was the issuance of the International Copyright Order, 1999, which extended the provisions of the Copyright Act to nationals of all World Trade Organization (WTO) member countries. As per the provision in the Indian Copyright Act, 1957 and as amended in 1994-1995, any person who knowingly makes use of a computer or an infringing copy of computer program shall be punishable. According to Section 63 B, copyright infringement attracts a minimum jail term of seven days. The act further provides for fines, which shall not be less than INR 50,000, but may extend up to INR 200,000, and a jail term up to three years or both. The Ministry of Information Technology has also taken several initiatives to upgrade security standards in India. These include setting up organizations such as the Standardization, Testing and Quality Certification (STQC) Directorate, the Computer Emergency Response Team (CERT), the Information Security Technology Development Council (ISTDC), etc.
INCOME TAX
Deduction under sections 10A/ 10B of Income tax Act, 1961 (IT Act) are made in respect of profits derived from export of computer software. The following undertakings are eligible to claim deduction in respect of profits derived from export of computer software under the provisions of sections 10A/ 10B of the IT Act: The profits and gains are derived by an undertaking located in free trade zone (FTZ)/ export processing zone (EPZ)/ special economic zone (SEZ)/ software technology park (STP)/electronic hardware technology park (EHTP) or by a hundred percent export oriented units (EOU) from the export of articles or things or computer software is deductible for a period of ten consecutive assessment year beginning with the assessment year relevant to previous year in which the undertaking begins to produce such articles or things or computer software.
However, no deduction under section 10A/ 10B shall be available to any unit after March 31, 2009. For the purpose of sections 10A/ 10B under the IT Act, computer software means ‘any computer program recorded on any disc, tape, perforated media or other information storage device; or ‘any customized electronic data or any product or service of similar nature, as may be notified by the Board, which is transmitted or exported from India to any place outside India by any means. The CBDT has notified a number of IT enabled services such as back office operations, call centers, data processing, revenue accounting, payroll, medical transcription, insurance claim processing, content development and animation, website services, etc that would qualify as 'computer software' for the purpose of sections 10A/ 10B of the act’.
Depreciation on computers and computer software at 60 percent
As per the provisions of the IT Act, annual depreciation on computers and computer software can be claimed at the rate of 60 percent of written down value at the beginning of the relevant financial year for income tax purposes. Therefore, under the written down value method, 84 percent of the cost of computers and software can be depreciated in the first 2 years.
OTHER TAXES
Beneficiary of ESOP/ ESOS to be taxed only at the time of sale as capital gains
In the event ESOPs/ ESOSs are in accordance with the guidelines issued by the Central Government, profits accruing to the employee on sale of shares/ debentures/ warrant allotted under the plan/ scheme will be taxed only as capital gains. In cases where such shares/ debentures/ warrants are gifted by the employee, the transfer would be taxable as capital gains in the hands of the transferee.
Dividends from Indian companies tax free in the hands of the shareholders
Dividends declared, distributed or paid by Indian companies on or after April 1, 2003 are not taxable in the hands of the shareholders as per section 10(34) of the IT Act. The company declaring dividend is however liable to pay a dividend distribution tax @ 12.5 percent (plus applicable surcharge and education cess) on the amount declared, distributed or paid as dividend.
Business connection of a foreign company to include dependent agent in India
A foreign company would be said to have a business connection in India, if a person carries out either of the following activities in India on
behalf of the foreign company, habitually exercises authority to conclude contracts on behalf of the foreign company; or habitually maintains stock of goods in India from which he regularly delivers such goods on behalf of the foreign company; or habitually secures orders for the foreign company. In such a scenario, the profits earned by the foreign company, to the maximum extent attributable to the above activities of the person would be deemed to accrue or arise in India and accordingly taxed in India. However, if the person acts independently and in the ordinary course of his business while carrying out the above activities on behalf of the foreign company, no business connection would arise.
Incentives for Venture Capital Fund ("VCF") and Venture Capital Company ("VCC")
A complete 'pass through' status has been provided to income distributed by a VCF/ VCC from investments in a Venture Capital Undertaking ("VCU"). Accordingly, income received by a person out of investments made in a VCF/ VCC shall be taxable in the hands of such person as if it were received from investments made directly in the VCU while income of a VCF/ VCC will be exempt from tax under section 10(23FB) of the IT Act.
SPECIAL ECONOMIC ZONES ACT, 2005 AND SPECIAL ECONOMIC ZONES RULES, 2006
The Government of India had announced a SEZ scheme in April, 2000 with a view to provide an internationally competitive environment for exports. The objectives of SEZs include making available goods and services free of taxes and duties supported by integrated infrastructure for export production, expeditious and single window approval mechanism and a package of incentives to attract foreign and domestic investments for promoting
export-led growth. In order to give a long term and stable policy framework with minimum regulatory regime and to provide expeditious and single window clearance mechanism, the Special Economic Zones Act, 2005 which has been brought into effect along with the Special Economic Zones Rules, 2006 from 10 February 2006. The act and the rules together aim to provide a single self contained legislation governing the operations of SEZs and replaces the hitherto applicable legislations and rules governing the operations of SEZ in India. Under the Act, SEZ could be set up either jointly or severally by the Central Government, State Government, or any person ( (including a private or public limited company, partnership or proprietorship); for manufacture of goods; or for rendering services; or for both manufacturing of goods and for rendering services; or as a Free Trade and Warehousing Zone.
CYBER LAWS
India became the 12th nation in the world to adopt a cyber law regime during 2000. The country’s cyber laws are contained in the Information Technology, Act 2000. The act came into effect following the clearance of the Information Technology Bill 2000 in May 2000 by both the Houses of the Parliament. The bill received the assent of the President of India in August 2000 (IT Act 2000). The IT Act 2000 aims to provide the legal infrastructure for e-commerce in India. At this juncture, it is relevant to understand what the IT Act 2000 offers and its various perspective. Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other
matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of digital signatures.
Chapter-IV of the said act gives a scheme for Regulation of Certifying Authorities. The act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the act details the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said act. Chapter-IX of the said act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said act or rules framed thereunder. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a police officer not below the rank of a Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.
The act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advise the government as regards any rules, or for any other purpose connected with the said act. The said act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.
ADVANTAGES OF CYBER LAWS
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the net through credit cards without fear of misuse. The act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and the communications carried out through electronic records, the act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that e-mail would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the act. Digital signatures have been given legal validity and sanction in the act. The act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. The act now allows government to issue notification on the web thus heralding e-governance. The act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate government in electronic form by means of such electronic form as may be prescribed by the appropriate government.
The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the government at a later date. Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the act is in the form of monetary damages, not exceeding Rs. 1 crore.
INFORMATION TECHNOLOGY (IT) SECURITY GUIDELINES INTRODUCTION
This document provides guidelines for the implementation and management of Information Technology Security. Due to the inherent dynamism of the security requirements, this document does not provide an exact template for the organizations to follow. However, appropriate suitable samples of security process are provided for guidelines. It is the responsibility
of the organizations to develop internal processes that meet the guidelines set forth in this document.
Implementation of an Information Security Programme
Successful implementation of a meaningful Information Security Programme rests with the support of the top management. Until and unless the senior managers of the organization understand and concur with the objectives of the information security programme its ultimate success is in question. The Information Security Programme should be broken down into specific stages as follows; adoption of a security policy; security risk analysis; development and implementation of a information classification system; development and implementation of the security standards manual; implementation of the management security self-assessment process; and on-going security programme maintenance and enforcement.
Purchase and Licensing of Hardware and Software
Hardware and software products that contain or are to be used to
enforce security, and intended for use or interface into any of the
organizations system or network must be verified to comply with these Information Technology Security Guidelines prior to the signing of any contract, purchase or lease. Software, which is capable of bypassing or modifying the security system or operating system, integrity features, must be verified to determine that they conform to these Information Technology Security Guidelines. Where such compliance is not possible, then procedures shall be in place to ensure that the implementation and operation of that software does not compromise the security of the system. There shall be procedures to identify, select, implement and control software (system and application software) acquisition and installation to ensure compliance with the Indian Copyright Act and Information Technology Security Guidelines.
It is prohibited to knowingly install on any system whether test or production, any software which is not licensed for use on the specific systems or networks. No software will be installed and used on the system when appropriate licensing agreements do not exist, except during evaluation periods for which the user has documented permission to install and test the software under evaluation. Illegally acquired or unauthorized software must not be used on any computer, computer network or data communication equipment. In the event that any illegally acquired or unauthorized software is detected by the System Administrator or Network Administrator, the same must be removed immediately.
System Software
All system software options and parameters shall be reviewed and approved by the management. System software shall be comprehensively tested and its security functionality validated prior to implementation. All vendor supplied default user IDs shall be deleted or password changed before allowing users to access the computer system. Versions of system software installed on the computer system and communication devices shall be regularly updated. All changes proposed in the system software must be appropriately justified and approved by an authorised party. A log of all changes to system software shall be maintained, completely documented and tested to ensure the desired results.
Documentation Security
All documentation pertaining to application software and sensitive system software and changes made therein shall be updated to the current time, accurately and stored securely. An up-to-date inventory list of all documentation shall be maintained to ensure control and accountability. All documentation and subsequent changes shall be reviewed and approved by an
independent authorised party prior to issue. Access to application software documentation and sensitive system software documentation shall be restricted to authorised personnel on a "need-to-use" basis only. Adequate backups of all documentation shall be maintained and a copy of all critical documentation and manuals shall be stored off-site. Documentation shall be classified according to the sensitivity of its contents/implications. Organizations shall adopt a clean desk policy for papers, diskettes and other documentation in order to reduce the risks of unauthorized access, loss of and damage to information outside normal working hours.
Network Communication Security
All sensitive information on the network shall be protected by using appropriate techniques. The critical network devices such as routers, switches and modems should be protected from physical damage. The network configuration and inventories shall be documented and maintained. Prior authorization of the Network Administrator shall be obtained for making any changes to the network configuration. The changes made in the network configuration shall be documented. The threat and risk assessment of the network after changes in the network configuration shall be reviewed. The network operation shall be monitored for any security irregularity. A formal procedure should be in place for identifying and resolving security problems. Physical access to communications and network sites shall be controlled and restricted to authorized individuals pertaining to “Physical Access”. Communication and network systems shall be controlled and restricted to authorized individuals only in accordance with System Access Control. In this regard, use of Optical Fibre Cable and armoured cable may be preferred as transmission media as the case may be. Network diagnostic tools, e.g., spectrum analyzer, protocol analyzer should be used on a need basis.
Firewalls
Intelligent devices generally known as “Firewalls” shall be used to isolate organization’s data network with the external network. Firewall device should also be used to limit network connectivity for unauthorized use. Networks that operate at varying security levels shall be isolated from each other by appropriate firewalls. The internal network of the organization shall be physically and logically isolated from the Internet and any other external connection by a firewall. All firewalls shall be subjected to thorough test for vulnerability prior to being put to use and at least half-yearly thereafter. All web servers for access by Internet users shall be isolated from other data and host servers.
Connectivity
Organisations shall establish procedures for allowing connectivity of their computer network or computer system to non-organisation computer system or networks. The permission to connect other networks and computer system shall be approved by the Network Administrator and documented. All unused connections and network segments should be disconnected from active networks. The computer system/personal computer or outside terminal accessing an organization’s host system must adhere to the general system security and access control guidelines. The suitability of new hardware/software particularly the protocol compatibility should be assessed before connecting the same to the organization’s network. As far as possible, no Internet access should be allowed to database server/ file server or server hosting sensitive data.
Disaster Recovery/Management
Disaster recovery plan shall be developed, properly documented, tested and maintained to ensure that in the event of a failure of the information
system or destruction of the facility, essential level of service will be provided. The disaster recovery framework should include; (a) emergency procedures, describing the immediate action to be taken in case of a major incident (b) fall back procedure, describing the actions to be taken to relocate essential activities or support services to a backup site; (c) restoration procedures, describing the action to be taken to return to normal operation at the original site. The documentation should include; definition of a disaster; condition for activating the plan; stages of a crisis; who will make decisions in the crisis; role of individuals for each component of the plan; composition of the recovery team; and decision making process for return to the solid normal operation. Specific disaster management plan for critical applications shall be developed, documented, tested and maintained on a regular basis.
Responsibilities and reporting structure shall be clearly defined which will take effect immediately on the declaration of any disaster. Each component/aspect of the plan should have a person and a backup assigned to its execution. Periodic training of personnel and users associated with computer system and network should be conducted defining their roles and responsibilities in the event of a disaster. Test plan shall be developed, documented and maintained. The results of the tests shall be documented for management review.
The Indian Information Technology- Information Technology-Enabled Services (IT-ITES), particularly the software exports industry has continued to perform its role as the most consistent growth driver of the economy. Service, software exports and BPO remain the mainstay of the sector. Over the last five years, the IT & ITES industry has grown at a remarkable pace. Consider some of the significant indicators for these remarkable achievements. The IT/ITES exports have grown to US$ 46.3 billion in 2008-09, currently employing 2.2
million professionals directly and another 8 million people indirectly accounts for over 5% of GDP, a majority of the Fortune 500 and Global 2000 corporations are sourcing IT/ITES from India and it is the premier destination for the global sourcing of IT/ITES accounting for 55% of the global market in offshore IT services and garnering 35% of the ITES/BPO market. Today a country’s IT potential is paramount for its march towards global competitiveness, healthy GDP, improving defence capabilities and meeting up the energy and environmental challenges. All the above mentioned regulatory framework and development issues are emerging at present. Knowledge in the regulatory and promotion aspects will lead to better performance and success in the software exports field.
