Ah! The subtle art of overreach. Calculating. Quiet. Amidst all the brouhaha, sliding unnoticeably through until it’s revealed. That, in a nutshell, would be the Telecom Regulatory Authority of India (Trai) in the year 2018; a year when little can (or should) surprise you anymore.

Since its inception, for twenty-one years, Trai has limited itself to the telecom business. Ambling. Regulating. Putting out recommendations. Until July this year, when it decided it wanted more. The body put out its data privacy recommendations to the Department of Telecom (DoT). By referring to mobile devices and applications as faucets to the telecom pipes, it overreached to control whatever faucets do. A super-regulator in the making, perhaps. It prescribed a need for data privacy and security audits across the entire digital ecosystem. And Trai would be the one to monitor it.

Except, there’s a bit of a hitch. Trai is not alone.

The Reserve Bank of India has similar ideas.

As does the Insurance Regulatory Development Authority of India (IRDAI).

The National Housing Bank is also keen.

The Unique Identification Authority of India (UIDAI) wants to do the same.

Everyone wants the whole, or, at least, some part of it. And all of this, even as a drafting committee appointed by the Centre is putting together its own data privacy law. One that is supposed to encompass the full scope of data privacy across sectors.

If you’ve heard the analogy too many cooks spoil the broth, this is the living example of it. Except here, the cooks don’t even talk to each other. In the end, though, it is businesses who pay the price.

Because making demands is easy. You know what isn’t? Compliance. Even for the most basic compliance, you need an expert, her expertise and her seal of certification of compliance. All of this already costs a lot of money and time. And now in an interconnected world, with data privacy and security at the heart of most businesses, and a bunch of organisations trying to play regulator without any semblance of direction, it looks like things are going to get worse. Perhaps, we are sitting on the cusp of a new compliance industry in the making. Of course, this is not good news.

The cost of compliance

Let’s start with UIDAI. Early last year, the organisation was getting ready to conduct a security assessment of its ecosystem partners. After a tender process initiated in May 2017, it empanelled the audit firm Deloitte to audit all its ecosystem partners. A fee was decided, and ecosystem partners were told to pay Deloitte for every site audited. Banks protested against this fiat by UIDAI, arguing that they be allowed to appoint their own systems auditors. In the end, UIDAI relented, allowing all its ecosystem partners to appoint auditors empanelled by India’s premier agency dealing with cybersecurity threats—Computer Emergency Response Team or Cert-In.


Vivek Ananth

After dabbling with an auditing job and then at a software product company, Vivek Ananth has decided to take the plunge into journalism. In his last assignment, Vivek was at Cogencis, a financial newswire. A Chartered Accountant, Vivek completed his post-graduate diploma in journalism from IIJNM Bengaluru in 2016. At The Ken, Vivek will write on the intersection of technology and business.

View Full Profile

Available exclusively to subscribers of The Ken India

This story is a part of The Ken India edition. Subscribe. Questions?


Annual Subscription

12-month access to 200+ stories, archive of 800+ stories from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 2,750


Quarterly Subscription

3-month access to 60+ new stories with 3-months worth of archives from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 1,750


Single Story

Instant access to this story for a year along with comment privileges.

Rs. 500


Annual Subscription

12-month access to 150+ stories from Southeast Asia.

$ 120


Quarterly Subscription

3-month access to 35+ stories from Southeast Asia.

$ 50


Single Story

Instant access to this story for a year along with comment privileges.

$ 20



What is The Ken?

The Ken is a subscription-only business journalism website and app that provides coverage across two editions - India and Southeast Asia.

What kind of stories do you write?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics.

We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

What do I get if I subscribe?

For subscribers of the India edition, we publish a new story every weekday, a premium daily newsletter, Beyond The First Order and a weekly newsletter - The Nutgraf.

For subscribers of the Southeast Asia edition, we publish a new story three days a week and a weekly newsletter, Strait Up.

The annual subscription will get you complete, exclusive access to our archive of previously published stories for your edition, along with access to our subscriber-only mobile apps, our premium comment sections, our newsletter archives and several other gifts and benefits.

Do I need to pay separately for your premium newsletters?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

Does a subscription to the India edition grant me access to Southeast Asia stories? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

Do you offer an all-access joint subscription for both editions?

Not yet. If you’d like to access both editions, you’ll have to purchase two subscriptions separately - one for India and the other for Southeast Asia.

Do you offer any discounts?

No. We have a zero discounts policy.

Is there a free trial I can opt for?

We don’t offer any trials, but you can sign up for a free account which will give you access to the weekly free story, our archive of free stories and summaries of the paid stories. You can stay on the free account as long as you’d like.

Do you offer refunds?

We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Please write to us at [email protected] detailing the error or queries.