Government of India recognizes email as an important mode of official communication. Government is upgrading the legacy e-mail system to a cloud based, secure and scalable system. This upgrade is being carried out through M/s Zoho Corporation Ltd., a reputed Indian software service provider, selected through an open competitive process.

This model ensures timely upgrades, quick scaling up, seamless migration of existing accounts, and the integration of modern office productivity tools—such as word processors, spreadsheets, and presentation software with email service.

The security architecture of the e-mail platform has been defined rigorously to protect critical government data. The solution mandates that all email data be encrypted both at rest and in transit, with specific requirements for end-to-end encryption using RSA 256 and TLS 1.3 standards.

The service provider is required to comply with rigorous control standards and certifications, including ISO 27001, ISO/IEC 27017, and ISO 27018. Key technical security requirements include the implementation of Multi-Factor Authentication (MFA) for user identities across all protocols (Web, IMAP, SMTP, POP, and Calendar), the application of Geo-fencing and IP-based restrictions, and the use of industry standards and policies to combat email spoofing.

The service is integrated with the NIC-CERT Security Information and Event Management (SIEM) system. Furthermore, the system requires Multi-Factor Authentication (MFA), mobile device management (MDM), and advanced threat protection mechanisms to prevent phishing, malware, and data loss (DLP).

The contract with the service provider ensures strict adherence to data sovereignty. The service provider has ensured that the cloud-based solution, including Primary and Disaster Recovery data centers, are physically located within India, and no data can be shared or replicated outside the country.

M/s Zoho is a registered Indian entity subject to Indian laws and jurisdiction. The contract emphasizes "Make in India" products, ensuring that the government’s digital communication infrastructure is sovereign, with the government retaining full ownership of all data and intellectual property created during the contract.

The service is designed for high reliability, mandating a service availability uptime of at least 99.9% on a 24x7x365 basis.

To ensure high reliability, the service provider is required to maintain Disaster Recovery sites in different seismic zones at least 500 kilometres apart, with strict Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to minimize data loss during contingencies.

Arattai, a messaging platform developed by M/s Zoho, is not part of the e-mail solution.

This information was submitted by Union Minister of State for Electronics and Information Technology Shri Jitin Prasada in Rajya Sabha on 05.12.2025.

***

MSZ

(रिलीज़ आईडी: 2199413) आगंतुक पटल : 192