Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products

‘Digital India’ is one of the flagship programmes of the Government of India (GoI) with an aim to transform the country into a digitally empowered economy. Given the massive push that the government is giving to this programme, some radical changes have taken place across the country at both the public as well as at the government level in terms of digitization. However, it is also a reality that the growing digitization has increased vulnerability to data breaches and cyber security threats.

According to the Indian Computer Emergency Response Team (CERT-In), more than 22,000 Indian websites, including 114 government portals were hacked between April 2017 and January 2018, including the Aadhaar data leak in May 2017. These incidents clearly emphasized a strong need for cyber security products to tackle the threat to India’s digital landscape. In fact, last year, the Union Ministry of Electronics & Information Technology (MeitY) had directed all ministries to spend 10% of their IT budgets on cyber security and strengthen the Government’s IT structure in the wake of cyber threats.

Now, in order to be prepared for cyber breaches, the government entities need sophisticated security products and solutions. Currently, there is a heavy reliance on the foreign manufacturers to source these products as there are a handful of domestic players operating in this space. MeitY had issued a draft notification in June 2017 stating its preference to procure domestic cyber security products and give further impetus to the government’s flagship programme ‘Make in India’, thereby also boosting income and employment in the country.

The good news is that now the government has mandated ‘Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products’ policy which was released on July 2, 2018. With this policy in place, the local manufacturers will get the much required clarity and support to produce cyber security products. As the participation of domestic players increases in the cyber security industry, it will not only make the digital economy stronger and safer for the nation, but also enhance the ability of the suppliers to compete at a global business level. At the same time, it will also give an opportunity to foreign players to invest in the Indian cyber security product manufacturers which in turn will enable India to channel more FDI into the economy.

Let’s take a look at the key highlights of this policy are:

What is the objective?

Cyber Security being a strategic sector, preference shall be provided by all procuring entities to domestically manufactured/produced cyber security products to encourage ‘Make in India’ and to promote manufacturing and production of goods and services in India with a view to enhancing income and employment

Who are the procuring entities?

Ministry or department or attached or subordinate office of, or autonomous body controlled by the Government of India (GoI) which includes government companies.

Who qualifies to be a ‘local supplier’ of domestically manufactured/produced cyber security products?

A company incorporated and registered in India as governed by the applicable Act (Companies Act, LLP Act, Partnership Act etc.) or startup that meets the definition as prescribed by DIPP, Ministry of Commerce and Industry Government of India under the notification G.S.R. 364 (E) dated 11th April 2018 and recognized under Startup India initiative of DIPP.

 AND

Revenue from the product(s) in India and revenue from Intellectual Property (IP) licensing should accrue to the aforesaid company/startup in India.

How big is the government opportunity?

There is a huge government opportunity waiting to be leveraged, especially because MeitY had asked all ministries to spend 10% of their IT budgets on cyber security.

What are the key benefits of the policy to the local supplier?

The main benefits of the policy that local suppliers can avail are:

  • Procurement of goods from the local supplier if the order value is Rs.50 lacs or less.
  • For goods that are divisible in nature and the order value being more than Rs.50 lacs, procurement of full quantity of goods from the ‘local’ supplier if it is L1 (refer the note below). If not, at least 50% procurement from the local supplier subject to the local suppliers’ quoted price falling within the margin of purchase preference.
  • For goods that are not divisible in nature and the order value being more than Rs50 lacs, the procurement of the full quantity of goods from the local supplier if it is L1. If not, then the local supplier will be invited to match the L1 bid and the contract will be awarded to the local supplier on matching the L1 price.
  • The cyber security products notification shall also be applicable to the domestically manufactured/produced cyber security products covered in turnkey/system integration projects. In such cases the preference to domestically manufactured/produced cyber security products would be applicable only for the value of cyber security product forming part of the turnkey/ system-integration projects and not on the value of the whole project.

Note: L1 means the lowest tender or lowest bid or lowest quotation received in a tender, bidding process or other procurement solicitation as adjudged in the evaluation process as per the tender or other procurement solicitation.

How do I get my cyber security product listed to start getting the benefits of this policy?

You need to get your product evaluated and approved by the empowered committee of the government.

The ‘Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products’ policy is a commendable step in the direction of providing a robust leap to ‘Digital India’ and ‘Make in India’ programmes.

Get complete details about the policy here. You can also reach the author for more details @ [email protected]

About Author:

Ashish Tandon, Founder & CEO – Indusface

Ashish Tandon a first-generation entrepreneur with a rare combination of strong technology understanding and business expertise has successfully lead and exited several ventures in the areas of security, internet services and cloud based mobile and video communication solutions. Under his leadership as founder & CEO, Indusface a bootstrapped, fast growing and profitable company, has been recognized as an award-winning Application Security company with over 1000+ global customers and a multi-million $ ARR. He is also closely associated with the government and industry bodies of India in drafting of the various Software Product & Security related acts, regulations & policies. Connect with him on LinkedIn or Twitter.

What to expect from National Policy on Software Products [Draft]?

Ministry of electronics and information technology (MeitY) has released the draft of National Policy of Software Product (NPSP) for public consultation.

Click here to see the announcement and how to respond to the consultation process.

Click here to see the draft pdf document.

This blog aims to explain where the draft NPSP policy statement stands at present and what to expect further.. The blog also answers many questions arising out in the minds of stakeholders in Software product industry as well as IT industry in general.

This may help Software product industry stake holders in responding to MeitY on this consultation process, which ends on 9th December 2016.

How does NPSP help India?

The first Software policy came up in 1986. It resulted into Software Technology Park (STP) scheme in 1991. Even after 25 years the old Software policy (1.0) of 1986 still prevails, with focus on IT services.

But, past few years have seen serious decline in growth, owing to rapid transformation in technology and Software industry, globally. India’s IT sector is strong enough to face changing technology challenges. India’s national competitive advantage has taken a shift towards innovative stage and ‘product’. Please see another blog on this subject here.

To address globally relevant strategic paradigm shifts, a Software 2.0 policy is needed with ‘product’ as focal to it.

This consultation process will lead this Software 2.0 policy. It will help in India in capitalizing on the existing matured IT industry and build a phase 2 of Industry in form of product based Industry. There are 3 advantages that NPSP announcement brings us.

Firstly, with NPSP announcement, India will give recognition to Software product industry.

Secondly, schemes and programs emergence from NPSP that will catalyze Software product industry eco-system.

Thirdly, Software product industry will have legitimate governance structure in Government of India that help solve problems and provide level playing field.

The draft policy does not have any actionable but only intent statements?

Yes, presently the draft is only a macro policy statement with a vision, mission to be achieved and ten strategic areas to be addressed. Let us understand different aspects of it.

There were two challenges to framing if this draft policy. One most people in Government system link the Industry policies framing directly to a package of fiscal incentives that help in direct market intervention. On the other hand, IT industry having matured, there is less appetite at ministry of finance to easily carve out a fiscal incentive program.

Two, iSPIRT believed that innovation and product based industry needs multi-layered action plan that can help promote the eco-system central to product industry. Adding any fiscal package right in beginning, to the policy statement would have put the efforts in jeopardy.

Hence, most areas that need to be acted upon are summed up in 10 Strategies in the draft. This macro policy announcement helps in getting policy rolled out in two stages.

First, set strategic intents and recognize a product industry.

Second, Action plans (schemes, programs, incentives and institutional setups) can follow on need basis and in phased manner after the policy is finally launched. Policy can be leveraged through multiple threads focused on defined actionable. It could be a) immediate action item list; b) ecosystem building programs; c) segment specific packages and lastly d) incentive schemes.  For example, SaaS based product segment needs an early support in form of a booster package that solves their multiple problems.

This is a right flexible approach adopted by MeitY. This is how it happened in Software 1.0 policy as well.

Let us achieve stage one and then proceed to stage two.

Are there stages envisaged further to announcement?

At iSPIRT, we believe, after the promulgation of NPSP the very first action that is required to be taken by MeitY is a new institutional setup (instead of relying on old or existing vehicles).

Hence, a ‘National Software Product Mission’ (NSPM) should be setup urgently, as nucleus of activity to cater to emerging Software product industry. NSPM can operate under an inter-ministry board, thus drawing legitimacy to understand and solve problems of this emerging industry, across Government departments, at a single point.

NSPM should become a forum for intellectuals and industry practitioners for issues of technology, boosting R&D, international competitive dynamics, steps and actions needed to handle challenges that industry face in a continually evolving dynamic world etc.

Let us welcome the NPSP with open mind and right expectation

Some point in NPSP may not be rightly synching with every segment of Industry. However, one must also note that, the Government’s stake in an industry policy is also multi fold which also including the generation of employment and income.

In view of above, it is in favour of Software product industry to welcome this step 1 of formulating a viable National Policy on Software products. An early approval of NPSP is in the interest of Software product industry of India as well as country to look at a bright future.

A positive welcoming feedback will help MeitY in early approval.

We sincerely hope NPSP will soon be approved and help in building a “Software product nation”.

If you still have any questions you can write to [email protected] or [email protected]