India envisions itself as a global hub for cloud computing, content storage and distribution, and data communication systems and services, according to the National Digital Communications Policy of 2018. This would be accomplished by providing the necessary legal frameworks and financial incentives to encourage the development of global data centers, content delivery networks, and interconnect exchanges in India.

As a Cloud Service Provider, Alibaba Cloud intends to provide cloud services that would act as a catalyst or transformative force that paves the way for the rapid adoption of cutting-edge technologies. At the same time, we are committed to ensuring that these services and products offered meet the relevant international best practices and regulatory requirements, where applicable. For details, please refer to General Regulatory Environment and Financial Services Sector below. Our expert team will support you throughout the whole cloud adoption process, ensuring of a smooth, secure and compliant cloud project delivery.

Information Technology Act 2000 ("IT Act")
The IT Act is an applicable legislation to cloud services being offered in India. Section 43A of the IT Act governs the collection, disclosure, retention, transfer, security and use of sensitive personal information. Additionally, sections 69 and 79 of the IT Act extends the necessary resources and technical assistance to facilitate electronic surveillance to authorised Law Enforcement Agencies.

Indian Privacy Laws
Together with the "IT Act" the "Indian Privacy Laws" officially known as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 are relevant to cloud services being offered in India. Indian Privacy Laws regulate the collection, receipt, possession, storage, handling and transfer of personal information and sensitive personal data or information of natural persons within India. These laws apply to any entity collecting data, and any entity to whom such data is being transferred by the Data Collector for processing. A cloud service provider usually processes information passed on to it by its clients and users. To the extent the cloud service provider processes information of natural persons located within India, certain compliances will apply, including ensuring data security.

Overview:
Alibaba Cloud offers a high degree of flexibility in designing and implementing the IT architecture on the cloud with TWO Availability Zones in India. With proper solution design, it can meet the requirements of security, resilience, data residency, recoverability, and performance for regulated entities in the Financial Services industry. Customers can deploy systems across two Availability Zones to achieve higher levels of resilience. Alibaba Cloud has helped several customers minimize the risks of losses in confidentiality, integrity, and availability when moving to a public cloud.

Alibaba Cloud is committed to facilitating the customers in compliance with the financial industry-specific regulatory requirements. With initial high-level due diligence and risk assessment, solution selection, implementation and transition, and post-implementation assurance, Alibaba Cloud provides a full suite of offerings that can help, including responses in every due diligence evaluation aspects, best practices in services and products configuration, automated and continuous security check tools, as well as assurance over the design and operational effectiveness of internal controls.

Regulators
The Reserve Bank of India (RBI) is the central bank of India, which began operations on Apr. 1, 1935, under the Reserve Bank of India Act. The Reserve Bank of India uses monetary policy to create financial stability in India, and it is charged with regulating the country’s currency and credit systems.

The Insurance Regulatory and Development Authority of India (IRDAI) acts as the regulator of the insurance industry in India and oversees the functioning of the Life Insurance and General Insurance companies operating in the country.

Regulations/Guidelines to look at when using cloud computing services:
1.Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks, RBI
2.Guidelines on Information security, Electronic Banking,Technology risk management and cyber frauds, RBI
3.Outsourcing of Activities by Indian Insurers Regulation, IRDAI

The points listed above are not an exhaustive list of regulations, but it shows the most widely referenced ones.
Alibaba Cloud has engaged with an independent auditor to assess Alibaba Cloud's internal controls in accordance with applicable regulatory requirements. The user guide published below will be useful to assist customers in understanding how Alibaba Cloud comply with applicable requirements as a outsourced service provider.