The Central Government has exempted the Indian Computer Emergency Response Team (CERT-In) from the provisions of the Right to Information Act, 2005.
Set up by the Government in 2004, CERT-In was designated as the national agency for incident response under the Information Technology Act, 2000, in October 2009. CERT-In derives its authority from the Ministry of Electronics and Information Technology (MeitY) and is tasked with performing cybersecurity-related functions.
The provisions of the RTI Act do not apply to intelligence and security organisations established by the Central Government, as listed in the Second Schedule. This exemption is extended to the information provided by such organisations to the Central Government. However, the exemption will not apply if the information relates to human rights violations or corruption allegations. Section 24 of the Act provides that such intelligence or security organisations may be included in the said Schedule through a notification in the Official Gazette, which subsequently has to be laid before each House of the Parliament.
Following the procedure laid down under Section 24, the Central Government issued a notification on November 23, 2023, and introduced an amendment in the Second Schedule to the 2005 Act, by including the said nodal agency in the form of entry 27.