Impact of India-Pakistan tensions on the IT and Digital Services sector

Recent conflicts between India and Pakistan and subsequent geopolitical tensions have seen ripple effects extend into the business ecosystem, especially for IT and digital services sectors.  Multinational IT firms and global companies, specifically those involving service provisioning and delivery through India or Pakistan based entities, have been exposed to greater regulatory scrutiny.

The impact of the recent tensions through the lens of businesses operating in the IT sector in India have risen – with a focus on cross-border delivery of goods and services, curbs on digital content, including cybersecurity and data protection related concerns.

Provision of goods to Pakistan: The Government of India has imposed a ban on any direct or indirect import or transit of goods originating from or exported to Pakistan, citing  national security and public policy. This reflects India’s position on deteriorating political relationship and indicates how the business dynamics between the two countries are likely to evolve.

Service delivery to Pakistan-based entities: There is no blanket prohibition on delivery of all types of services to / from Pakistan. However, companies must evaluate restrictions on a case-by-case basis depending on the sector. It is particularly critical where the service involves direct contracting or billing between Indian and Pakistani entities or where national security or sensitive technologies are involved. 

Pakistan-based content: OTT platforms, media streaming platforms and intermediaries operating in India have been directed to discontinue Pakistani-based content in India, including the web-series, films, songs, podcasts, and other streaming media content originating from Pakistan. Resultantly, various streaming platforms have removed or geo-blocked access to Pakistani content from India.

Data protection related concerns: Cross-border data flow issues have also been magnified amid the existing political climate. Indian IT, Global Capability Centers and BPO firms handle large volumes of data, potentially including sensitive business and personal data, which significantly enhances the risk of data breaches or leaks, if accessed by hostile entities. Hence, service-delivery models, particularly those involving entities in India and Pakistan, have to be carefully evaluated against the complex risk considerations. Compliance with applicable regulatory requirements and contractual obligations is key in such circumstances to avoid exposure to any legal action. 

Communications: Undertaking business communications with individuals in Pakistan-based entities must be exercised with caution, as it is likely to raise alarms and exposure to scrutiny and investigations in light of the current circumstances. Recently, the Government had ordered telecom companies to ensure disaster preparedness, enhance their network security, and safeguard border infrastructure to maintain seamless communication for national security and effective disaster response.

Cybersecurity Concerns: Following the recent hostilities, there have been reports of an increase in cyberattacks. Beyond national security, such cybersecurity breaches also threaten the integrity of IT service delivery and undermine consumer trust. In light of this, the CERT-In has issued security advisories aimed at the industry and MSMEs urging them to implement robust cybersecurity measures such as strengthening authentication and access control, monitoring of supply chain, securing network and endpoint devices, etc. The Government has also enforced geo-blocking and cybersecurity audits for certain industries amid the ongoing threats.

Conclusion

While active confrontations and hostilities have sharply declined post the announcement of the ceasefire, it is pertinent to bear in mind that the underlying discord remains unresolved. The IT and cross-border service industry is globally interconnected, and such tensions are likely to continue to have an enduring effect on the regulatory and policy landscape for the sector. Therefore, what seems like a return to normalcy, may not really be the case. Accordingly, it is imperative for businesses operating in or engaging with affected countries to stay vigilant, closely track government notifications and orders, be prompt in implementing applicable directives, and periodically assess regulatory risks.