India stands up against EU demand

At a time India is debating the rules on DPDPA 023, an interesting controversy has arisen between RBI and the EU authorities regarding security trading by EU Banks in India.

Four EU banks namely, Credit Agricole, Societe Generale, Deutsche Bank, and BNP Paribas have sought RBI and ESMA (European Securities and Market Authority) to resolve the differences. The point of controversy is that ESMA wants a right to audit CCIL (Clearing Corporation of India) in order to allow the EU Banks invest in Indian securities through CCIL.

The Government of India has categorically refused any right to the EU authorities to exercise their jurisdiction on Indian organizations which are governed by the Indian regulatory agencies like RBI and SEBI. Way back in 2022 ESMA de-recognized the CCIL and in October 2024, these Banks need to stop investing through CCIL.

It is unlikely that Government of India is likely to yield to the request of ESMA even now.

According to the report in Business Standard the concerns revolve around client confidentiality, in the context of third-party clearing, especially for custodian banks tasked with holding securities on behalf of other financial entities.

Banks have now sought an extension of at least 6 months from their national regulators to provide extension of the current deadline.

It is stated that he challenge lies in reconciling client confidentiality requirements when clearing through a third-party bank instead of CCIL.

However, DPDPA 2023 provides for processing of data on a pseudonymisation basis which can be used to contain the risk of confidentiality with the Banks and not transfer it to the celaring agency. The clients are not Indians and hence the data belongs to non-Indians. Such data processing can also be notified as outside the scope of DPDPA 2023 through a notification.

Hence the issue is simple to resolve and if the Banks and RBI take into account the provisions of DPDPA 2023, there should be no reason to extend the controversy.

For the same reason, there is no reason for RBI to agree to the demand of ESMA to exercise audit rights on Indian organizations. This needs to be made clear to EU.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.