A&Y LEGAL

IT Act, CERT-In Compliance & Incident Response

Cyber Law Case Studies.

Matters where A&Y Legal supported clients through cyber incidents, regulatory notifications, and the structuring of intermediary liability frameworks under the IT Act and IT Rules.

Engage Counsel

If your matter resembles any of the engagements below, a 30-minute discovery call is the fastest next step.

Call +91 75977 21536
Case 01E-commerce · 2024

Coordinated Incident Response for an E-commerce Marketplace

Client: Indian e-commerce marketplace

6h

Reporting window met

Zero

Penalties

First review

Closure

Challenge

A marketplace discovered a credential-stuffing attack exposing partial seller PII, triggering CERT-In notification timelines and customer communication obligations.

Approach

  • ·Activated incident response protocol within the CERT-In 6-hour reporting window.
  • ·Coordinated with forensic vendor on chain-of-custody documentation.
  • ·Drafted customer-facing disclosures balancing transparency and litigation exposure.

Outcome

  • ·CERT-In notification filed within mandated window with full evidentiary record.
  • ·Zero regulatory penalties imposed; matter closed at first review.
  • ·Customer disclosure praised by industry observers as a template for proportionate response.

Counsel's Takeaway

"Incident response is a legal workflow before it is an engineering one — the playbook must exist before the breach."

Call +91 75977 21536

Confidential · 30-minute discovery call

Case 02Digital Platforms · 2023

Intermediary Liability Defence for a UGC Platform

Client: User-generated content platform

Withdrawn

Notice

Preserved

Safe harbour

79 IT Act

Section

Challenge

A UGC platform received take-down demands and a legal notice alleging hosting of infringing content, with potential loss of safe-harbour protection under Section 79.

Approach

  • ·Reviewed grievance officer SOP and Section 79 due-diligence posture.
  • ·Strengthened content moderation and KYC-of-uploader workflows.
  • ·Filed substantive reply demonstrating compliance with IT Rules 2021.

Outcome

  • ·Notice withdrawn after substantive reply; safe-harbour protection preserved.
  • ·Internal moderation workflow upgraded with documented audit trail.
  • ·Client now positioned to defend future notices on a documented record.

Counsel's Takeaway

"Safe harbour is not a status — it is a daily compliance discipline that must be visible on the record."

Call +91 75977 21536

Confidential · 30-minute discovery call

Explore the Practice

Read more about our Cyber Law practice

Service scope, methodology, and the philosophy that shapes how we engage.

Call +91 75977 21536

Free 30-minute discovery call · Response within 24 hours · Confidential