Does India's New IPR Policy Go Far Enough?Experts Say Intellectual Property Rights Policy Lacks Detail
Various stakeholders in the security industry are expressing some concerns about India's first National Intellectual Property Rights policy, which was adopted on May 13 (see: What Does PM's New 'Start-Up Action Plan' Mean for Cybersecurity?).
For example, some security leaders, while welcoming the policy as an important step toward protecting intellectual property and creating wider awareness of IP rights, argue that it lacks specifics. And they're concerned that the policy leaves in place India's prohibition of software patents.
Although the trade association NASSCOM welcomed the policy for encompassing the entire value chain, some security experts said the policy fails to adequately address specific concerns faced by the security ecosystem.
"This IPR policy looks more like a political document, and since the policy doesn't have timelines, it remains an eye wash for sideliners and foreign investors," says Mumbai-based Prashant Mali, president of Cyber Law Consulting. "I am skeptical about the outcome because the National Cyber Security Policy has also not yielded what it initially envisaged." (See: Is India Ready for an Email Privacy Act?)
Goals of Policy
The country's first IPR policy, approved by India's union cabinet, is designed to help create a conducive environment for new innovations and R&D. The policy broadly lays down seven objectives: IPR awareness, generation, legal framework, commercialization, mechanisms for combating IPR infringements and human capital development.
Goals spelled out in the policy include:
- Cut the time taken on clearing the backlog of IPR applications from the current five to seven years to 18 months by March 2018;
- Approve trademark applications within one month by 2018, down from the current average of 13 months;
- Develop mechanisms to strengthen the enforcement and adjudicatory mechanisms for combating IPR infringements;
- Designate the Department of Industrial Policy and Promotion as the nodal department to coordinate, guide and oversee implementation and future development of IPRs in India.
S. Ravichandran, a Coimbatore-based cybercrime investigator and member of CyberSociety of India, argues that law enforcement agencies have a very limited understanding of cybersecurity, which could pose a challenge when investigating IP violations and issuing penalties in the security software space. "The government should focus on developing the resources in investigating IP violations and make it clear what kind of protection can be given to patents owned by Indian companies," he adds.
The objectives stated in the new policy are so broad that it's difficult to know if the policy will actually help build awareness and enforcement of intellectual property rights, says Rashi Kapoor Mehta, associate partner at Universal Legal, a Mumbai-based law firm.
"There is a lack of awareness on the part of the IP creators in terms of the sort of legal protection that they have access to," she says. "There is also the lack of stringent laws to enforce IP rights. While the IPR policy seeks to address both these issues, the objectives stated are fairly broad and it remains to be seen how effective it actually proves to be in implementation."
The challenge facing the software industry, including the security sector, has been winning global recognition, acceptance and protection of the IP created in India, says Sandip Kumar Panda, CEO of Instasafe, a cloud security startup. The new IPR policy, he says, does not give much clarity on whether these challenges will be addressed.
"An organization puts in a lot of effort around innovative ideas for products, services or processes that benefit the customers and the organization," Panda says. "This is most true in the hyper-sensitive world of security and protection. Specific to the software sector, the need of the hour is to ensure that the IPR of the products and processes created in India are recognized and protected globally. This would encourage Indian organizations to create innovative new products, services and processes with an assurance that their IP would be safe."
The IPR policy was considered to be critical for the success of the Make in India and Digital India projects. But it fails to address the issue of software patenting.
The Indian Patents Act, 1970, clearly prohibits the patenting of software "per se" under Section 3. This means that software, in isolation, cannot be patented. This has been a huge challenge for security software companies.
"Since one can't patent the software per se, startups generally have to face a lot of patent infringement and they do not have the wherewithal to fight such cases, unlike the established security firms," says Tarun Wig, co-founder of Innefu Labs, a security consulting startup. "The new policy should have defined software patents more specifically and laws to protect IP around software could have been more stringent."
But Sahir Hidayatullah, CEO of Smokescreen Technologies, a cybersecurity startup, says that the move to introduce an IPR policy, despite its shortcomings, is a positive sign for security startups. "Software patents are still not valid in India, unless it meets certain criteria and has a hardware correlation," he says. "A lot of the startups who have disruptive ideas are forced to file a patent in the U.S., where the laws are more stringent."
It's premature to ascertain whether this policy will have any material impact on the security startup ecosystem.
"There is a specific mention [in the new policy] that IPR generation for cybersecurity technologies will be encouraged," Mehta says. "However, in terms of concrete steps, nothing has been outlined as yet. With the government taking on the responsibility of creating the awareness that startups often have a challenge creating, we should witness an uptick both in innovation as well as marketability of security products/services in India."