Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products

‘Digital India’ is one of the flagship programmes of the Government of India (GoI) with an aim to transform the country into a digitally empowered economy. Given the massive push that the government is giving to this programme, some radical changes have taken place across the country at both the public as well as at the government level in terms of digitization. However, it is also a reality that the growing digitization has increased vulnerability to data breaches and cyber security threats.

According to the Indian Computer Emergency Response Team (CERT-In), more than 22,000 Indian websites, including 114 government portals were hacked between April 2017 and January 2018, including the Aadhaar data leak in May 2017. These incidents clearly emphasized a strong need for cyber security products to tackle the threat to India’s digital landscape. In fact, last year, the Union Ministry of Electronics & Information Technology (MeitY) had directed all ministries to spend 10% of their IT budgets on cyber security and strengthen the Government’s IT structure in the wake of cyber threats.

Now, in order to be prepared for cyber breaches, the government entities need sophisticated security products and solutions. Currently, there is a heavy reliance on the foreign manufacturers to source these products as there are a handful of domestic players operating in this space. MeitY had issued a draft notification in June 2017 stating its preference to procure domestic cyber security products and give further impetus to the government’s flagship programme ‘Make in India’, thereby also boosting income and employment in the country.

The good news is that now the government has mandated ‘Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products’ policy which was released on July 2, 2018. With this policy in place, the local manufacturers will get the much required clarity and support to produce cyber security products. As the participation of domestic players increases in the cyber security industry, it will not only make the digital economy stronger and safer for the nation, but also enhance the ability of the suppliers to compete at a global business level. At the same time, it will also give an opportunity to foreign players to invest in the Indian cyber security product manufacturers which in turn will enable India to channel more FDI into the economy.

Let’s take a look at the key highlights of this policy are:

What is the objective?

Cyber Security being a strategic sector, preference shall be provided by all procuring entities to domestically manufactured/produced cyber security products to encourage ‘Make in India’ and to promote manufacturing and production of goods and services in India with a view to enhancing income and employment

Who are the procuring entities?

Ministry or department or attached or subordinate office of, or autonomous body controlled by the Government of India (GoI) which includes government companies.

Who qualifies to be a ‘local supplier’ of domestically manufactured/produced cyber security products?

A company incorporated and registered in India as governed by the applicable Act (Companies Act, LLP Act, Partnership Act etc.) or startup that meets the definition as prescribed by DIPP, Ministry of Commerce and Industry Government of India under the notification G.S.R. 364 (E) dated 11th April 2018 and recognized under Startup India initiative of DIPP.


Revenue from the product(s) in India and revenue from Intellectual Property (IP) licensing should accrue to the aforesaid company/startup in India.

How big is the government opportunity?

There is a huge government opportunity waiting to be leveraged, especially because MeitY had asked all ministries to spend 10% of their IT budgets on cyber security.

What are the key benefits of the policy to the local supplier?

The main benefits of the policy that local suppliers can avail are:

  • Procurement of goods from the local supplier if the order value is Rs.50 lacs or less.
  • For goods that are divisible in nature and the order value being more than Rs.50 lacs, procurement of full quantity of goods from the ‘local’ supplier if it is L1 (refer the note below). If not, at least 50% procurement from the local supplier subject to the local suppliers’ quoted price falling within the margin of purchase preference.
  • For goods that are not divisible in nature and the order value being more than Rs50 lacs, the procurement of the full quantity of goods from the local supplier if it is L1. If not, then the local supplier will be invited to match the L1 bid and the contract will be awarded to the local supplier on matching the L1 price.
  • The cyber security products notification shall also be applicable to the domestically manufactured/produced cyber security products covered in turnkey/system integration projects. In such cases the preference to domestically manufactured/produced cyber security products would be applicable only for the value of cyber security product forming part of the turnkey/ system-integration projects and not on the value of the whole project.

Note: L1 means the lowest tender or lowest bid or lowest quotation received in a tender, bidding process or other procurement solicitation as adjudged in the evaluation process as per the tender or other procurement solicitation.

How do I get my cyber security product listed to start getting the benefits of this policy?

You need to get your product evaluated and approved by the empowered committee of the government.

The ‘Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products’ policy is a commendable step in the direction of providing a robust leap to ‘Digital India’ and ‘Make in India’ programmes.

Get complete details about the policy here. You can also reach the author for more details @ [email protected]

About Author:

Ashish Tandon, Founder & CEO – Indusface

Ashish Tandon a first-generation entrepreneur with a rare combination of strong technology understanding and business expertise has successfully lead and exited several ventures in the areas of security, internet services and cloud based mobile and video communication solutions. Under his leadership as founder & CEO, Indusface a bootstrapped, fast growing and profitable company, has been recognized as an award-winning Application Security company with over 1000+ global customers and a multi-million $ ARR. He is also closely associated with the government and industry bodies of India in drafting of the various Software Product & Security related acts, regulations & policies. Connect with him on LinkedIn or Twitter.

Cross-Border Alliances: Strengthening India’s Cyber-Entrepreneurs

India’s product-thinkers in the cyber-domain are a unique breed of cyber-warriors that could significantly benefit through cross-border partnerships. Credited with being one of the first nations to possess an IT road map, India has devoted additional focus to create a secure IT road map. Cybersecurity remains a critical concern for not only governments or businesses, but also for individuals.

Our increased connectivity has produced increased vulnerabilities, and has subsequently amplified cyber-attacks. Grey and Black-hat hackers choose targets indiscriminately, and are not necessarily loyal to specific foreign governments, competing corporations, or other organizations. On the contrary, India’s cyber-entrepreneurs are capable of demonstrating undying commitment to a vision – a vision to secure India’s cybersecurity ecosystem.

The Indian government has repeatedly underscored the significance of public-private partnerships (PPP), and conception of international governmental partnerships. However, our cybersecurity ecosystem seems unable to intensify active cyber-partnerships within the private sector itself. Undoubtedly, the government has proven to be instrumental in recognizing cybersecurity as a challenge, but, the private sector must spearhead change through global partnerships.

India’s modern cyber-entrepreneurs are our nation’s cyber-warriors; individuals who exceedingly need innovation and an exchange of ideas from foreign counterparts to secure our cyberspace. Indian cyber-thinkers must focus on formulating cross-border partnerships to engage in revolutionary activities such as joint-product development, formulation of joint ventures, and other forms of high-impact cooperation.

India’s cyber-entrepreneurs have undoubtedly developed a handful of world-class cybersecurity solutions, but clearly, the emphasis seems to be more on delivering services rather than creating innovative products. Living up to India’s reputation of being a leader of IT services; Indian cybersecurity companies continue to successfully service needs of various governmental, corporate, and academic entities. Nevertheless, this trend must not be viewed as a problem, but as an opportunity to reflect on the massive scope to conduct more meaningful activity!

Most product-based Indian cybersecurity companies primarily contribute to defense of our cyberspace by providing indigenous products/solutions for hardware and software entities. However, our cyberspace is an arena where deploying offensive cyber-tools is easier than conduct of cyber-defense. Increased collaboration with foreign counterparts could be a rewarding venture to enhance existing products, or develop new products to address multiple cyber-threats.

Such cross-border collaborative activity by India’s product-thinkers in the cyber-domain can stimulate productivity for respective cybersecurity organizations. More importantly, creating cross-border ties with capable cybersecurity firms will serve as a catalyst in enhancing India’s existing cybersecurity ecosystem.

Vishal Dharmadhikari is the Founder and CEO of India Cyber Connect, an organization that envisions filling gaps in India’s cyberspace through formulation of cross-border ties for the conduct of meaningful collaboration. Vishal is also the concept initiator of a business-event – India-Israel Cybersecurity Connect (IICC), an event featuring governmental and corporate leaders along with start-ups to promote Indo-Israeli cybersecurity cooperation