India designates ICEGATE, ECCS and ACES-GST as critical information infrastructure
The Indian government has formally classified key customs and tax digital systems as Critical Information Infrastructure under the Information Technology Act, strengthening legal protections for platforms central to customs clearance and indirect tax administration.
The Government of India has declared several core digital systems operated by the Central Board of Indirect Taxes and Customs (CBIC) as Critical Information Infrastructure (CII). The designation was made through a notification issued on 2 January 2026 by the Ministry of Finance’s Department of Revenue under Section 70 of the Information Technology Act, 2000.
The systems covered include the Indian Customs Electronic Data Interchange Gateway (ICEGATE), together with its interconnected platforms, the Express Cargo Clearance System (ECCS) and the Automation of Central Excise and Service Tax. Goods and Services Tax portal, commonly referred to as ACES-GST. According to the notification, these systems are considered protected computer resources due to their role in safeguarding national economic security and ensuring continuity in tax and customs administration.
ICEGATE and its associated systems underpin a wide range of critical functions, including customs clearance, processing of trade data, and administration of indirect taxes. They handle large volumes of sensitive commercial and fiscal information on a daily basis and are central to India’s digital trade and revenue infrastructure.
Under the CII designation, access to these systems is restricted to clearly defined categories of authorised users. These include CBIC employees authorised in writing, approved personnel from contracted managed service providers or third-party vendors on a need-based basis, and other stakeholders such as consultants, regulators, auditors, or government officials who receive specific written authorisation from CBIC.
The notification aims to strengthen cybersecurity safeguards, prevent unauthorised access, and reduce the risk of disruption to essential digital services supporting customs and tax operations. The measures take effect from the date of publication in the Official Gazette, formally bringing these systems under the enhanced protection framework предусмотрed by the Information Technology Act.
