The Central Government has notified that key customs and indirect tax digital platforms—ICEGATE, its interconnected systems, the Express Cargo Clearance System (ECCS), and the ACES–GST portal—are designated as “protected systems” and constitute Critical Information Infrastructure under Section 70 of the Information Technology Act, 2000. This declaration brings these systems and their associated databases under enhanced statutory protection to prevent unauthorised access, misuse, and cyber threats, given the sensitive trade and tax data they process. Access to these protected systems is now strictly limited to persons authorised in writing by the Central Board of Indirect Taxes and Customs, including designated CBIC employees, approved contractual service providers or vendors with need-based access, and consultants, regulators, auditors, government officials, or stakeholders approved on a case-by-case basis. Effective from the date of publication, the notification strengthens cybersecurity governance and establishes a clear legal framework for controlled, accountable access to core revenue administration infrastructure.
MINISTRY OF FINANCE
(Department of Revenue)
NOTIFICATION
New Delhi, the 2nd January, 2026
S.O. 9(E).— In exercise of the powers conferred by sub-sections (1) and (2) of section 70 of the Information Technology Act, 2000 (21 of 2000) (hereinafter referred to as the said Act), the Central Government hereby declares the computer resources relating to systems/applications and their respective databases, namely Indian Customs Electronic Data Interchange Gateway (ICEGATE) Portal along with its interconnected systems, Express Cargo Clearance System (ECCS) and Automation of Central Excise and Service Tax (ACES -GST) portal, being Critical Information Infrastructure of Central Board of Indirect Taxes & Customs, Department of Revenue, Ministry of Finance and the computer resources of their associated dependencies, to be protected systems for the purpose of the said Act and authorises the following personnel to access the protected systems, namely:
a. any designated employee of the Central Board of Indirect Taxes and customs authorized in writing by the Central Board of Indirect Taxes and customs to access the protected system;
b. any team member of contractual managed service provider or third-party vendor who have been authorised in writing by the Central Board of Indirect Saxes and customs for need-based access; and
c. any consultant, regulator, Government official, auditor and stakeholder authorised in writing by the Central Board of Indirect Taxes and customs on case-to-case basis.
2. This notification shall come into force on the date of its publication in the Official Gazette.
[F. No. N-24015/9/2025-Computer Cell]
MUKESH SUNDRIYAL, Under Secy. (Computer Cell)
