The Central Government has strengthened cybersecurity around key customs and indirect tax platforms by declaring them “protected systems” under Section 70 of the Information Technology Act, 2000. This decision places India’s core trade and tax digital infrastructure under higher legal and technical safeguards.
1. GOI Notification Overview
On 2 January 2026, the Ministry of Finance issued a notification No. S.O. 9(E) declaring that several major systems used by the Central Board of Indirect Taxes and Customs (CBIC) are now part of Critical Information Infrastructure. This includes:
- ICEGATE (Indian Customs Electronic Data Interchange Gateway) and all connected systems
- ECCS (Express Cargo Clearance System)
- ACES–GST (Automation of Central Excise and Service Tax) portal
- All related databases, servers, and dependent applications
These platforms are essential for processing customs declarations, monitoring cargo, and managing indirect tax functions. Because they handle sensitive trade and revenue data, they now fall under enhanced statutory protection.
2. Significance of Protection to these Portals
Declaring these systems as protected ensures:
Higher Cybersecurity
These platforms contain confidential import, export, and tax information. Stronger legal protection reduces risks of hacking, data leaks, and system misuse.
Controlled Access
Only authorised individuals can access the systems. This lowers the chance of internal or external cyber threats.
Clear Accountability
Any access to these systems must be documented and approved, creating a transparent and secure governance structure.
3. Who are Allowed to Access such Portals?
The notification strictly limits access to people who receive written authorisation from CBIC. Access may be granted to:
i) Designated CBIC Employees: Only staff members officially authorised in writing can access the systems.
ii) Approved Service Providers and Vendors: Technical teams from managed service providers or third‑party vendors may be allowed need‑based access, but only with written approval.
iii) Consultants and Other Officials: Consultants, regulators, auditors, government officers, and other stakeholders may access the systems only on a case‑by‑case basis, again with written authorisation.
This ensures that only verified and accountable individuals work with critical systems.
4. Effective Date
The notification becomes effective from the date it is published in the Official Gazette, which is 2 January 2026.
5. Conclusion
The government’s decision strengthens the digital backbone of India’s customs and indirect tax administration. By giving ICEGATE, ECCS, ACES-GST, and related systems protected status under the IT Act, the Central Government has:
- established stronger cybersecurity measures
- defined clear rules for system access
- safeguarded sensitive taxpayer and trade data
- improved accountability across digital revenue systems
This move ensures that India’s core revenue infrastructure continues to operate in a secure and regulated environment.