The Legal Framework For The Development and Regulation of Smart Cities In India
LegalStix Law School

The Legal Framework For The Development and Regulation of Smart Cities In India

Download FREE LegalStix App

The Smart Cities Mission (the "Mission") aims to develop 100 Smart Cities by 2020. It is one of the Indian government's most ambitious programs. In order to achieve its goals, the Government introduced the Smart Cities Guidelines (the “Guidelines”)1 in 2015. The guidelines serve as a comprehensive policy document that defines smart cities as cities that connect citizens, data, devices and facilities with a centralized network infrastructure used for urban planning and the socio-economic development of the city and its residents. Smart cities will rely on infrastructure and Information Communication data (defined as information, knowledge, facts, concepts or instructions processed in an information system or computer network) for their service delivery mechanisms.While the guidelines provide a clear strategy for implementing this mission at both the state and city levels, they fail to mention the necessary legal framework. While the government has put forward various bills for a smooth transition to smart cities, they have yet to be translated into regulations that could govern the mission.


1. Smart Cities Implementation and Challenges

smart city projects are being implemented across the city by special purpose vehicles registered as limited liability companies under the Companies Act 2013. They are responsible for project appraisal, approval, release of funds, implementation, evaluation and monitoring.

One of the main issues related to the implementation of the Mission arises from public-private partnerships in the implementation of projects. . While the government will allocate a significant amount to fund these projects, the mission is expected to require approximately US$150 billion in private sector investment. These investments will be in the development of sophisticated technologies such as Internet of Things ("IoT"), which refers to a network of objects and devices connected through the internet and Machine to Machine ("M2M"), meaning what, the communication between devices or machines over wireless and wired networks. This raises concerns about privacy, data sharing, protection of sensitive personal information, network hacking, identity theft, etc. Technologies that promote the common good and offer great development opportunities. Therefore, the Indian Ministry of Electronics and Information Technology published a strategy paper on IoT and M2M with the National Cybersecurity Policy, 2013. It should be noted that none of these guidelines have yet been implemented by the government.The government should ensure a stable and predictable regulatory environment, including a review of IT legislation before implementing the draft proposals.


2. Legal framework (or lack thereof)

Below is a general summary of the current regulations and how ill-equipped they are to deal with the challenges that may arise.


2.1 Information Technology Act

The Information Technology Act (the "Act") regulates the scope of Internet activity in India. The law was implemented to legally recognize electronic transactions, validate digital contracts and regulate online services. In the development of smart cities, different actors will be involved in networks, design, software, device manufacturing, etc. There will also be rapid growth of "Big Data", ie, vast collections of unstructured data that are computationally analyzed to understand patterns related to human behavior. Currently, the term "data" for the purposes of the Act is defined as any representation of information, knowledge, fact, concept or instruction formally developed and processed in a computer system. Of course, the definition does not take into account the impact of big data, which includes various data sets stored and processed by governments, private organizations and individuals. The development of big data would create new security challenges related to personal data and privacy. In addition, the term "cybersecurity", defined as the protection of information, equipment, devices, computer resources from unauthorized access, disclosure, disruption, alteration and destruction, must be able to adapt to the changing nature of security threats such as the emergence of smart cities give rise to criminal activity outside the scope of the current definition.This requires a review of the current legal provisions.


2.2 National Cyber Security Policy, 2013

To fill the current gaps in cybercrime legislation, in 2013 the Government introduced a National Cyber ​​Security Policy (the “Policy”), which recognizes cyberspace as a critical sector and aims to establish security mechanisms at the national level. . The policy recommends (a) the establishment of the National Center for Critical Information Infrastructure Protection to enforce security practices related to the design, acquisition, development and use of information, (b) a node agency to manage all matters related to the coordinates information security, (c ) appoints the chief information security officer who will direct the organization's internal security operations, (d) promotes collaboration between government and the private sector to improve open standards for certified information products, (and ). Work with other countries to develop a cybersecurity framework that recognizes the applicability of international law and the United Nations Charter.The policy, which will be implemented in phases, also offers cost-effective programs and incentives for companies to strengthen their IT infrastructure for cybersecurity, including global security best practices.


2.3 E-Government and the Right to privacy

The law recognizes e-government, which guarantees the legal inviolability of digital signatures, the provision of telematic services and the preservation of computer documents. Information sharing and sharing between government and private entities will be critical to the mission. The law currently does not address the risks involved and remains a gray area.


The right to privacy is a constitutional right, but the law is insufficient as the provisions are limited to the protection of sensitive personal data in information technology (appropriate security practices and procedures and sensitive personal data or information) rules, 2011 (the “Rules”). These regulations regulate private entities and exclude the government from their purview. The law and regulation define "personal data" as information relating to an individual and excludes real-time data, i.e. Data collected and processed by various applications to transmit information without delay.

Smart cities would involve communication between devices with little or no human intervention. The Services are provided over real-time networks and used for various purposes. The current regulation requires a legal entity to obtain written consent for data collection from the provider of sensitive personal data. The variety and speed of data exchange in the context of smart cities will make this impractical.


2.4 Internet of Things Policy

The draft directive anticipates the impact of the IoT on different sectors but makes no mention of a regulatory framework to address its risks. Because the IoT relies on communication between devices on internet networks, there can be instances of unauthorized access and misuse of personal data. IoT devices can facilitate attacks on other systems and pose a threat to personal security. The collection of personal data can also pose privacy risks. This law does not consider the collection and use of real-time data to be part of personally identifiable information and therefore offers weak or no protection for vulnerable users.The draft policy discloses the government's intention to (a) focus on research and development to advance the IoT, (b) encourage venture capital funds that help and support companies engaged in IoT-related fields, and a 100 -% tariff relief for imported raw materials offer the production of IoT products; and (c) supporting and promoting the production of IoT devices in support of the government's Make in India campaign. All of this has yet to be implemented.


2.5 Geospatial Information Regulation Act, 2016

The Ministry of Home Affairs enacted India’s first Geospatial Information Act (the “Act”) in 2016. The law aims to regulate citizens, private and foreign entities involved in the acquisition, dissemination, publication and distribution of geospatial data through a licensing framework.5 The law defines “spatial information” as images or geospatial data obtained via space or airborne platforms such as satellites, airplanes, dirigibles, aerostatic balloons, unmanned aerial vehicles, including added value; or graphical or numerical data illustrating natural or man-made physical features, phenomena or boundaries of the earth, or any related information, including coordinate-based measurements, graphics, maps, images and soil attributes. regulate information collected by private entities in relation to a threat to state security and sovereignty, which may have negative consequences for application service providers who upload real-time data to provide services individual information only by private entities6, i.e. under exclusion of the state.



In the absence of legislation specifically regulating smart cities, the government needs to amend existing legislation to align with the goals of the smart cities agenda. In the future, there may be a need to explore the possibility of developing a global cybersecurity, privacy, data protection and device standardization law.This can be done through legislative changes or new regulations that address the above challenges. The success of this program will depend on telecommunications infrastructure, which is a capital-intensive industry and requires close cooperation between governments and private entities. Against this background, it is important that legislators and policymakers bring clarity to the applicable regulations in order to inspire investor confidence.

Loading Result...

Download FREE LegalStix App

Get instant updates!

Request a callback
Register Now