Singapore is actively exploring the establishment of a Data Embassy in GIFT City, Gujarat. This initiative aims to create a secure facility for the storage, management, and protection of critical sovereign data against external cyber and physical threats.
Dipesh Shah, Executive Director of the International Financial Centres Authority (IFSCA), has noted that Singapore has publicly expressed its intentions regarding this initiative.
Data Embassies are designed to employ advanced cybersecurity measures and physical security protocols to mitigate risks such as cyber threats, unauthorized access, and geopolitical instability. By setting up these data facilities, governments and organizations seek to enhance data security, ensure compliance with regulations, and promote international collaboration in data management.
The idea of establishing Data Embassies in GIFT City was first introduced in the Union Budget of 2023. The Indian government has stated that the formation of these embassies will largely occur through bilateral agreements with interested nations, as outlined in its interim budget announcements for 2024. However, crucial regulatory amendments from the Government of India have been pending for over a year.
When questioned about the necessary amendments for the establishment of Data Embassies, Shah explained that a separate law could be implemented to grant these embassies a level of immunity similar to that enjoyed by Indian embassies abroad, which would exempt them from local laws.
Like traditional diplomatic embassies, Data Embassies will operate under the jurisdiction and protection of the host country, providing a secure environment for sensitive information that necessitates strict security and regulatory compliance. They will also enjoy immunity from the local laws of the host nation.
According to Akshaya Suresh, a partner at JSA Advocates & Solicitors, data sharing agreements and bilateral treaties will be essential for hosting these embassies. “India needs to develop a specific policy regarding Data Embassies to clarify jurisdiction over the data stored, outline minimum investment requirements, clarify the responsibilities of the host country, and establish provisions for emergency access,” Suresh emphasized. He pointed out that while the Indian Digital Personal Data Protection Act 2023 and its draft rules address data localization in certain situations, they do not specifically cover the concept of Data Embassies.
A Gujarat government official, who preferred to remain unnamed, indicated that additional clarity regarding the size of data centers required and what constitutes a Data Embassy in India is essential for successful implementation.
Globally, Data Embassies have emerged as a practical option for storing copies of vital state information in a foreign location, ensuring continuity of government services in the event that domestic servers are compromised.
The promise of regulatory immunity is expected to attract significant investment to India’s data sector, contributing to the development of a reliable data storage ecosystem in the country.
Arun Prabhu, a partner and head of Technology at the Mumbai-based law firm Cyril Amarchand Mangaldas, posits that India has the potential to become a global “data banker,” acting as a trusted repository for foreign data.
He notes that both current and proposed laws recognize that Data Embassies hosting foreign data should not be regulated in the same way as domestic operations. Establishing a clearly defined “special zone” for Data Embassies, along with stringent conditions for accessing data stored within them, could significantly facilitate the development of this ecosystem.
Beyond the direct economic advantages of creating hyperscale storage and computing infrastructure in India, as well as increased telecom capacity, Data Embassies would foster innovation ecosystems centered around artificial intelligence, machine learning, big data, and other technologies.
