NPR, Census Database notified as Critical Information Infrastructure

The Central Government notified websites and applications related to the decennial Census exercise and the National Population Register (NPR) as “protected system” or “Critical Information Infrastructure” under the IT Act.

What did the notification say?

The Registrar General of India (RGI), under the Ministry of Home Affairs, issued a notification to declare certain computer assets of the Indian Government as “protected system” or “Critical Information Infrastructure” under the Information Technology Act, 2008. These computer assets include:

  1. Computer resources related to Census Monitoring and Management System
  2. Self-enumeration and Civil Registration System (CRS) web portals
  3. Mobile applications for House Listing
  4. Population Enumeration and National Population Register updation
  5. Database and computer resources set up and installed in National Data Centre, Office of the Registrar General and Census Commissioner, Delhi, and Disaster Recovery Site and Data Centres

These resources were declared as critical information infrastructure of the Office of the Registrar General and Census Commissioner, India.

What is critical information infrastructure?

  • According to the Information Technology Act, 2008, the critical information infrastructure is a computer resource, the incapacitation of which can have significant impact on national security, economy, public health or safety.
  • Any data, database, IT network or communication infrastructure can be declared as critical information infrastructure to secure the digital asset.
  • Section 70 of the IT Act states that any appropriate government can notify the Official Gazette to declare any computer resource that directly or indirectly affect the facility of Critical Information Infrastructure as protected system.
  • Any individual who access or alter these assets without authorization will face imprisonment up to 10 years.

Who protects the critical information infrastructure?

National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency involved in the protection of critical information infrastructure. This statutory body was established in 2014 under Section 70A of the IT Act. It is a unit of the National Technical Research Organisation (NTRO), which comes under the aegis of the Prime Minister’s Office.



Leave a Reply