India's regulatory landscape for financial record-keeping has undergone a significant transformation as businesses migrate books of accounts to cloud-hosted platforms and SaaS-based ERP systems. The question of where financial data is stored has become a matter of acute legal consequence. The statutory framework spans the Companies Act 2013, Income-tax Act 1961, Income-tax Rules 2026, and the DPDP Act 2023 — each imposing distinct requirements on the physical location of financial data, audit trail integrity, and accessibility to Indian regulators.
Key Takeaways:
- Companies must maintain daily backups of electronic books of accounts on servers physically located in India under Rule 3(5) of the Companies (Accounts) Rules, 2014.
- Rule 46(8) of the Income-tax Rules, 2026 mandates daily backup compliance with penalties of Rs. 25,000 for non-compliance.
- Mere accessibility of data through a globally hosted cloud solution does not satisfy India's data-residency requirements.
- Foreign companies operating in India must also comply with data localization obligations under Section 384(3) of the Companies Act.
- Boards must treat electronic books compliance as a governance obligation requiring Board-level resolutions, designated responsible officers, and annual audit committee reviews.
Click to read this article