The Ministry of Finance, Department of Revenue, has officially declared key digital platforms of the Central Board of Indirect Taxes and Customs (CBIC) as 'Protected Systems' under the Information Technology Act, 2000.
The declaration was made through Notification S.O. 9(E) issued on January 2, 2026, in exercise of the powers conferred under Section 70 of the IT Act, 2000.
Platforms Declared as Critical Information Infrastructure
As per the notification, the following computer resources and their respective databases have been designated as Critical Information Infrastructure (CII) of CBIC:
- Indian Customs Electronic Data Interchange Gateway (ICEGATE) Portal, along with its interconnected systems
- Express Cargo Clearance System (ECCS)
- Automation of Central Excise and Service Tax (ACES-GST) Portal
- All associated dependencies connected with these systems
These platforms play a vital role in customs clearance, GST administration, excise compliance, and trade facilitation, making them critical to India's tax and trade ecosystem.
Restricted Access to 'Protected Systems'
With this declaration, the above systems will now be treated as protected systems, and access will be strictly regulated. The notification authorises access only to the following categories of persons:
- Designated CBIC employees, authorised in writing by the Board
- Contractual managed service providers or third-party vendors, granted need-based access through written authorisation
- Consultants, regulators, government officials, auditors and stakeholders, authorised on a case-to-case basis by CBIC
Any unauthorised access to these systems will attract penal provisions under the IT Act.
Strengthening Cybersecurity in Tax Administration
The move reflects the government's focus on strengthening cybersecurity and data protection for critical digital infrastructure handling sensitive trade and tax data. ICEGATE and ACES-GST serve as backbone systems for customs filings, cargo clearance, duty payments, and compliance reporting, handling millions of transactions daily.
Declaring these platforms as protected systems ensures enhanced safeguards against cyber threats, data breaches, and unauthorised access, thereby improving trust and resilience in India's indirect tax administration framework.
Effective Date
The notification comes into force with immediate effect from the date of its publication in the Official Gazette, i.e., January 2, 2026.
Key Takeaway
By declaring ICEGATE, ECCS and ACES-GST as protected systems under the IT Act, the government has taken a significant step toward securing India's digital tax and customs infrastructure, ensuring continuity, integrity and confidentiality of critical national data.
Official copy of the notification has been attached
CAclubindia
