In a significant step toward enhancing digital accountability, the Ministry of Corporate Affairs (MCA) has mandated that Limited Liability Partnerships (LLPs) disclose their cybersecurity practices and policies as part of their annual compliance filings. The directive, which comes into effect from the financial year 2024–25, requires all LLPs to include a declaration on cybersecurity readiness, data protection protocols, and risk mitigation strategies in Form 11 (Annual Return). This move aligns with India’s growing emphasis on digital resilience and information security across all types of business entities.

Under the new disclosure norms, LLPs must report whether they have implemented basic cybersecurity measures such as firewalls, antivirus software, employee training, and secure data backup systems. Larger LLPs, especially those handling customer data or operating digital platforms, are encouraged to adopt more advanced frameworks like ISO/IEC 27001 or CERT-In guidelines, and mention the same in their filings. While the requirement is currently limited to disclosure and not mandatory enforcement, non-disclosure or misreporting could attract scrutiny during inspections or legal proceedings.

This initiative is part of a broader government strategy to improve cyber hygiene across the business landscape, especially in light of increasing ransomware attacks and digital fraud. MCA officials stated that the aim is to create awareness and encourage proactive adoption of cybersecurity practices, rather than penalize businesses at this stage. Industry experts have welcomed the move, noting that formalizing cybersecurity reporting will strengthen trust among clients, regulators, and investors and prepare LLPs for a more digitally secure future.