Designation of ICEGATE and ACES-GST as Critical Information Infrastructure

In a decisive move to fortify the digital backbone of India's revenue administration, the Ministry of Finance (Department of Revenue) has issued a significant notification classifying major indirect tax and customs portals as "protected systems." This classification elevates the legal status of these digital platforms, placing them under the stringent purview of the Information Technology Act, 2000.

The following analysis details the implications of Notification S.O. 9(E), dated January 2, 2026, and what this signifies for data security, the Central Board of Indirect Taxes and Customs (CBIC), and the assessee.

The cornerstone of this notification lies in Section 70 of the Information Technology Act, 2000. This section grants the appropriate government the power to declare any computer resource which directly affects the facility of Critical Information Infrastructure (CII) as a "protected system."

By invoking sub-sections (1) and (2) of Section 70, the Central Government has effectively categorized the databases and applications of the indirect tax regime as assets essential to national economic security. The incapacitation or destruction of these systems would have a debilitating impact on national security, economy, public health, or safety.