When big tech pulls the plug: What Nayara's service disruption reveals
What happened with Nayara Energy?
Nayara Energy, an Indian refinery company, is part-owned – less than 50% – by Russia's Rosneft Oil Company. Tech giant Microsoft abruptly suspended its core communication and productivity tools that Nayara uses to comply with European Union (EU) sanctions.
In response, Nayara filed a case in the Delhi High Court on Monday, alleging that its fully paid-up licences for services such as Outlook and Teams were suddenly revoked and access to its own business data was blocked without due process—effectively crippling its daily operations. Nayara (formerly Essar Oil) said it contributes about 8% of India's refining capacity, about 7% of its retail petrol pump network and an estimated 8% of polypropylene capacity. Microsoft has not commented on the court matter.
On Wednesday, though, Nayara Energy informed the court that Microsoft restored its services, following which it was withdrawing the case.
What is the legal position?
On 18 July, the EU imposed sanctions on Nayara Energy, a buyer of Russian oil, as part of a package targeting Russian interests over the war in Ukraine. However, unlike many major economies, India lacks the legal framework to block the extraterritorial application of foreign sanctions. Nayara has argued that it is not subject to EU sanctions and that Microsoft is under no legal obligation—under either US or Indian laws—to enforce the EU's restrictions.
What questions does the incident raise?
While the case stands withdrawn, the episode raises two critical questions: How protected are businesses from geopolitical overreach when they depend on a single technology provider based in a different jurisdiction? And what steps can they take to safeguard themselves against such disruption?
Isn't big tech supposed to be neutral?
Big tech companies can no longer claim to be neutral platforms. Their global operations are inevitably shaped by the geopolitical priorities of the jurisdictions they operate from, often at the expense of customers elsewhere. Even if not legally compelled, they may choose to err on the side of compliance to avoid reputational or regulatory fallout in major markets like the US, EU or even the Middle East.
Are there any precedents?
In 2022, Elon Musk instructed SpaceX engineers to disable Starlink satellite internet services over Ukraine, abruptly disrupting military and civilian communication and raising issues about private tech firms exerting unilateral control in geopolitical hotspots.
Canadian company Sandvine was placed on the US export entity list in 2024 because its digital tools were used by the regimes in Egypt and Belarus to censor internet traffic. The US government banned US companies from working with Sandvine, effectively cutting services through regulatory action.
Many governments have also banned the purchase/use of Kaspersky antivirus software from Russia on grounds of national security. Chinese company Huawei, too, has been banned or restricted in the US, the UK, Australia, Japan, India and parts of the EU from participating in 5G and critical digital infrastructure over national security concerns.
The merits and demerits of such geopolitical decisions notwithstanding, companies such as Apple, Microsoft, Oracle, SAP and Amazon reduced or even severed business ties—blocking sales, cloud services, and developer tools—in response to sanctions on Russia. Many companies did so proactively, even when not legally required in certain jurisdictions.
As on 29 July, over 1,000 companies have publicly announced they are voluntarily curtailing operations in Russia to some degree beyond the bare minimum legally required by international sanctions, as per a survey done by the Chief Executive Leadership Institute at the Yale School of Management. Likewise, geopolitical tensions between the US and China have also led to companies reassessing their presence in China.
Is this digital colonialism?
'What this situation really exposes," asserted Jayanth N Kolla, founder and partner at deep tech consultancy Convergence Catalyst Kolla, 'is a textbook case of digital colonialism—where big tech companies wield enormous control over the day-to-day operations and futures of other businesses."
The irony, he added, is hard to miss.
'Microsoft's action was based on its interpretation of EU sanctions, but it's the same EU that is leading the global call to curb big tech's overreach. Yet here we have a real-world demonstration of that very power—one where a single decision can halt the operations of an entire energy company. This is digital colonialism in action."
What must enterprises do while picking tech vendors?
Companies must assess the geopolitical exposure of global technology vendors. Is a cloud provider based in a country that actively imposes sanctions or faces diplomatic tensions? Has it previously suspended services in other countries due to regulatory pressure?
Nayara may have used rediff.com's service for internal communication in the absence of Microsoft's service, as per a Reuters article. Yet, its reliance on Microsoft illustrates the broader risk of single-vendor lock-in. If core communication and productivity tools are suddenly cut off, companies will be forced to scramble for local alternatives.
The risk is amplified in sectors like energy, telecom and finance, which are tied closely to national infrastructure and economic stability. Hence, it's critical to diversify service providers by using multi-cloud or hybrid-cloud strategies.
What are the alternatives to MNC tech providers?
Indian companies can now turn to domestic or geopolitically neutral alternatives. Zoho (office tools), CtrlS (data centres) and HCL Technologies (cloud services) are beginning to fill this gap. While they may not yet offer the same scale or feature-richness as global players, they may offer stability and reliance. But such transitions take time, cause productivity losses, and often involve compromises in functionality or integration.
What else do companies need to keep in mind?
Companies must plan regular data backups, alternative access points, and migration workflows to switch providers in days, not months. Kolla pointed out that most companies maintain redundancy for core cloud infrastructure and data hosting by working with multiple vendors.
"But when it comes to applications like email, Teams, and other executable services, redundancy is less common," he explained. 'Strategically, redundancy makes sense. Economically, however, maintaining a backup provider that might never be used is hard to justify." Kolla added that this incident reveals a potential market for on-demand or pay-per-use backup services for cloud-based productivity tools.
How could this incident change vendor contracts?
Experts said companies must include protective clauses in vendor contracts. They must ensure that provisions exist for data portability, redundancy, and advance notice in case of service suspension. Legal teams must review not only the technical service-level agreement but also the jurisdiction, force majeure, and termination clauses from a geopolitical risk perspective.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scroll.in
7 minutes ago
- Scroll.in
India's embrace of dangerous facial recognition technology is great for AI, terrible for privacy
In February, India, along with France, co-hosted the AI Action Summit held in Paris. At the end, it was announced that the next edition will be held in India. In its naming, priorities, and focus, the summit witnessed a clear shift from 'safety' to 'innovation' as the principal theme in artificial intelligence discourse. This move aligns with India's lax regulatory stance on AI governance, even in high-risk areas like healthcare and surveillance-driven technologies such as facial recognition technology. In the upcoming summit, this shift will enable the Indian government to steer discussions toward innovation, investment and accessibility while avoiding scrutiny over its weak legal protections, which create an environment conducive to unregulated technological experimentation. Shortly after the introduction of Chinese start-up DeepSeek's R1 model – which upended assumptions about large language models and how much it might cost to develop them – the Indian Ministry of Electronics and Information Technology announced plans to develop indigenous foundation models using Indian language data within a year and invited proposals from companies and researchers under its IndiaAI Mission. While local development in these areas is still in the early phase, the domain of AI that has already seen widespread adoption and deployment in India is facial recognition technology. As India contemplates a sustained push toward AI development and will likely seek to leverage its hosting of the next AI Summit for investments, it is instructive to look at how it has deployed and governed facial recognition technology solutions. Understanding Facial Recognition Technology Facial recognition technology is a probabilistic tool developed to automatically identify or verify individuals by analysing their facial features. It enables the comparison of digital facial images, captured via live video cameras (such as CCTV) or photographs, to ascertain whether the images belong to the same person. Facial recognition technology uses algorithms to analyse facial features, such as eye distance and chin shape, creating a unique mathematical 'face template' for identification. This template, similar to a fingerprint, allows facial recognition technology to identify individuals from photos, videos, or real-time feeds using visible or infrared light. Facial recognition technology has two main applications: identifying unknown individuals by comparing their face template to a database (often used by law enforcement) and verifying the identity of a known person, such as unlocking a phone. Modern facial recognition technology utilises deep learning, a machine learning technique. During training, artificial neurons learn to recognise facial features from labeled inputs. New facial scans are processed as pixel matrices, with neurons assigning weights based on features, producing labels with confidence levels. Liveness checks, like blinking, ensure the subject is real. Still, facial recognition technology faces accuracy challenges – balancing false positives (wrong matches) and false negatives (missed matches). Minimising one often increases the other. Factors like lighting, background and expressions also affect accuracy. Over the past seven years, facial recognition technology has seen widespread adoption in India, especially by the government and its agencies. This growth has coincided with debates surrounding Aadhaar (the national biometric ID system), frequent failures of other verification methods, a rise in street surveillance, and government efforts to modernise law enforcement and national security operations. In this review, I have surveyed the range of facial recognition technology deployment across sectors in India, both in public and private service delivery. This adoption tells the story of an exponential rise in the use of FRT in India, with barely any regulatory hurdles despite clear privacy and discrimination harms. Locating India's regulatory approach While efforts toward regulating AI are still in their infancy, with a handful of global regulations and considerable international debate about the appropriate approach, regulatory discussions about facial recognition technology predate them by a few years and are a little more evolved. Facial recognition technology systems can produce inaccurate, discriminatory, and biased outcomes due to flawed design and training data. A Georgetown Law study on the use of facial recognition technology in the US showed disproportionate impacts on African Americans and tests revealed frequent false positives, particularly affecting people of color. In 2019, the UK's Science and Technology Committee recommended halting facial recognition technology deployment until bias and effectiveness issues are resolved. The UK government countered the report by stating that the existing legal framework already offered sufficient safeguards regarding the application of facial recognition technology. Civil society organisations have been demanding bans or moratoriums on the use and purchase of facial recognition technology for years, most notably after a New York Times investigation in 2019 revealed that more than 600 law enforcement agencies in the US rely on the technology provided by a secretive company known as Clearview AI. An impact assessment commissioned by the European Commission in 2021 observed that facial recognition technology 'bear[s] new and unprecedentedly stark risks for fundamental rights, most significantly the right to privacy and non-discrimination.' The European Union and UK offer regulatory models for facial recognition technology in law enforcement. The EU's Law Enforcement Directive restricts biometric data processing to strictly necessary cases. While initial drafts of the EU's AI Act banned remote biometrics – such as the use of facial recognition technology – the final version has exceptions for law enforcement. In the UK, the Data Protection Act mirrors Europe's General Data Protection Regulation (GDPR), and a landmark court ruling deemed police facial recognition technology use unlawful, citing violations of human rights and data protection, and the technology's mass, covert nature. The EU's AI Act, while not explicitly banning discriminatory facial recognition technology, mandates data governance and bias checks for high-risk AI systems, potentially forcing developers to implement stronger safeguards. The GDPR generally bans processing biometric data for unique identification, but exceptions exist for data made public by the subject or when processing is for substantial public interest. In Europe, non-law enforcement facial recognition technology often falls under these exceptions. As per EU laws, facial recognition technology use may be permitted under strict circumstances in which a legislator can provide a specific legal basis regulating the deployment of facial recognition technology that is compatible with fundamental rights. US Vice President JD Vance's rebuke against ' excessive regulation ' of AI at the Paris Summit in February telegraphed a lack of intent for the current US federal government to regulate AI. However, there are numerous state-level regulations in operation in the US. Canada's Artificial Intelligence and Data Act (AIDA) follows the EU model of risk regulation. Countries like South Korea have taken a more light-touch approach, with Seoul's AI Basic Act including a smaller subset of protections and ethical considerations than those outlined in the EU law. Japan and Singapore have explored self-regulatory codes rather than command and control regulation. The Indian Supreme Court's Puttaswamy judgment, which upheld a right to privacy, outlines a four-part test for proportionality to test whether state actions violate fundamental rights: a legitimate goal, suitable means, necessity (meaning there are no less restrictive alternatives), and balanced impact on rights. Facial recognition technology applications, like those that use the technology to mark attendance and carry out authentication, often have less intrusive alternatives, suggesting they fail the necessity test. Street surveillance using facial recognition technology inherently involves indiscriminate mass surveillance, not targeted monitoring. India's newly legislated Digital Data Protection Act, whose rules are currently being framed, permits the government to process personal data without consent in certain cases. Section 17(2) grants a broad exemption from its provisions for personal data processing, exempting state entities designated by the Indian government for reasons as broad as sovereignty, security, foreign relations, public order, or preventing incitement to certain offenses. In India, the primary policy document on facial recognition technology is a Niti Aayog paper, ' Responsible AI for All,' which anticipates that India's data protection law will handle facial recognition technology privacy concerns. However, it lacks detailed recommendations for ethical facial recognition technology use. It suggests the government should not exempt law enforcement from data protection oversight. It remains to be seen whether this recommendation will be followed, but this alone would be insufficient protection. Data minimisation, a key data protection principle that recommends the collection only of such information as is strictly necessary, restricts facial recognition technology by preventing the merging of captured images with other databases to form comprehensive citizen profiles. Yet, tenders for Automated Facial Recognition Systems (AFRS), to be used by law enforcement agencies, explicitly called for database integration, contradicting data minimisation principles. India's lenient approach toward facial recognition technology regulation, even as there is widespread adoption of the technology by both public and private bodies, suggests a pattern of regulatory restraint when it comes to emerging digital technologies. Rest of World recently reported on an open-arms approach that India has taken to AI, with a focus on 'courting large AI companies to make massive investments.' As a prime example, both Meta and OpenAI are seeking partnerships with Reliance Industries in India to offer their AI products to Indian consumers, which would be hosted at a new three-gigawatt data center in Jamnagar, Gujarat. These investments in India need to be seen in the context of a number of geopolitical and geoeconomic factors: data localisation regulations under India's new data protection law, the negotiating power that the Indian government and the companies close to it possess by leveraging the size of its emerging data market, how these factors facilitate the emergence of domestic BigTech players like Reliance, and most importantly, the Indian government's overall approach toward AI development and regulation. It was earlier reported that the much-awaited Digital India Act would have elements of AI regulation. However, the fate of both the legislation or any other form of regulation is, for the moment, uncertain. As recently as December 2024, Ashwini Vaishnav, the Indian minister of electronics and information technology, stated in the Indian Parliament that a lot more consensus was needed before a law on AI can be formulated. This suggests that the Indian government currently has no concrete plans to begin work toward any form of AI regulation, and despite the widespread use of AI and well documented risks, will stay out of the first wave of global AI regulations.
Mint
7 minutes ago
- Mint
Home by home, Russia is selling occupied Ukraine to Russians
Photographs posted on the official Telegram channel of the Mariupol City Council showing the Clock House before and after the bombings. In a brochure, the property developer touts the 'majestic style" of the building's architecture and its prime location just a 15-minute walk from the sea, adding a caveat: It was damaged during 'military events." The building that once stood there was in fact demolished by developers after Russia conquered Mariupol in a brutal onslaught that killed thousands of people and devastated the Ukrainian port city's housing stock. Residents of the Clock House counted themselves lucky to survive, but are now excluded from the redevelopment of the building, which has been sold largely to newcomers from Russia. 'We, the previous owners, don't have the right to be there," said Elena Pudak, whose mother owned a spacious apartment in the building but now lives in Germany. Once a landmark of Mariupol's unique heritage, the Clock House now stands as a monument to Russia's transformation of the city for both profit and its own political designs. Across occupied territory, Russia-backed authorities have seized thousands of apartments after declaring them 'ownerless," leaving the Ukrainians who fled faced with growing barriers to return and prove their ownership or claim compensation. Newcomers from Russia, meanwhile, enjoy a range of perks, such as 2% mortgage rates on new building developments. The strategy of replacing the people who once lived in conquered territories with ethnic Russians is one that Moscow has long pursued. The eastern Donbas region of Ukraine, for example, was flooded with Russians in the 1930s as the Soviet Union industrialized the region while starving millions of Ukrainian peasants to death in what the Ukrainian government and many historians consider a genocide. Mariupol is a symbol of Russian brutality and Ukrainian resistance during a siege in the early weeks of the war that destroyed swaths of the city, including the smoke-billowing Azovstal steel works. Real-estate agents tout the city's newly-clean air. Russia conquered Mariupol in a brutal onslaught that killed thousands of people and devastated the Ukrainian port city's housing displacement and destruction has thrown open Mariupol's real-estate market. One new arrival, a Russian woman from Siberia, said she was dazzled by the bright orange of the sun when she first visited last year. She bought an apartment there needing only minor repairs and intends to retire there, fulfilling her husband's dream of living by the sea. For now, she said she would rent it out to a tenant—a woman from Moscow who now lives and works in Mariupol. Oleksandr Nosochenko, a former Mariupol resident, said a Russian military service member had taken over his summer cottage by the seaside on the city's outskirts. As a man of military age, Nosochenko couldn't make the journey back to Mariupol to claim compensation himself, and his wife, who had endured Russia's siege of the city, refused to return there on principle. The Clock House, built in the 1950s, was one of the most coveted addresses in what had been a thriving city. A new clock was installed during repairs to the building's roof and facade in 2021, with a light show that then-mayor Vadym Boychenko hailed as a symbol of 'the era of Mariupol's rebirth." Months later, residents found themselves huddling in the basement as Russian forces besieged the city. In March 2022, a missile tore a hole in the Clock House, killing several residents. 'That's when we realized we had nowhere to go back to," said Pudak, who had escaped the city with her husband and three children days before, leaving the keys to her mother's apartment with a neighbor. Mass displacement and destruction threw open the real-estate market. While workers started clearing rubble, realtors snapped up property on the cheap from fleeing residents. Residents of the Clock House scattered across Ukraine, Russia and Europe, but some remained in the building's basement until a leak appeared in the summer. Despite the damage, residents hoped the building's historic value would ensure its preservation. In a master plan for Mariupol's redevelopment approved by Putin in 2022, the Clock House was marked for restoration. The bulldozers arrived toward the end of 2022. Residents watched helplessly as the building was torn down. Three diggers broke in the process, according to the head of the residents association Maria Tikhovskaya. 'The house itself was fighting the demolition," she said in a video posted online. Satellite images show most of the building had been leveled by early 2023. Still, residents expected to receive apartments in the new building. A 2022 decree entitled them to be rehoused on the site of their former home. Unknown to them, however, the building had been allocated for redevelopment by a subsidiary of a company called Roskapstroy, which is owned by Russia's construction ministry. The reality began to sink in when they saw the floor plans and computer generated images of the new building on a Telegram channel that popped up in July 2023. It was several stories higher than the building they knew, and had a completely different layout. Instead of spacious two-bedroom apartments, it had been subdivided mainly into studios. Residents attempted to contact the developer, RKS Development, but were ignored. The developer instead opened a sales office near the site. Among the buyers was a real-estate agent from Mariupol, who reserved three apartments in the new Clock House. 'There was a lot of interest," said the 28-year-old. Most of the other buyers he encountered were from Russia, he said. As for the former residents, he knew of their grievances but had little sympathy. If they wanted to keep living there, they could have put down a deposit like everyone else, he said. Nevermind that the price was about three times what residents say they were offered in compensation for their apartments. 'It's barely enough to buy a burial plot," said one resident. Even if they could have afforded it, many former residents objected on principle: Why should they pay the price for the destruction of Mariupol? Within a week, the apartments had sold out, the real-estate agent said. The bulk of the planned construction cost of 850 million Russian rubles, or around $10.5 million, was covered by future owners, according to a project disclosure statement from the developer. The U.S. sanctioned Roskapstroy and its subsidiaries for operating in occupied Mariupol later in 2023. The developer didn't respond to a request for comment. The central avenue of Mariupol in the early months of the war, as Russian troops intensified a campaign that destroyed swaths of the a strategic port city, is a symbol of Russian brutality and Ukrainian resistance during a siege in the early weeks of the war. As construction work began, residents mobilized, appealing to official bodies in the so-called Donetsk People's Republic, the Russian name for the government it installed in eastern Ukraine. In response, they were told the law had changed: Residents were no longer entitled to be rehoused on the site of their former homes, but anywhere within the city limits. Meanwhile, Elena Pudak's mother attempted to travel back to Mariupol to claim compensation for her apartment. She was denied entry at Russia's Sheremetyevo airport—the sole legal entry point for Ukrainians seeking to return to occupied territories. There was no explanation, but Pudak suspects the authorities are trying to keep people with property claims out. With dwindling options, Clock House residents filed a lawsuit against the Donetsk People's Republic, arguing that their rights as newly minted citizens of Russia had been violated. In a letter addressed to Putin, they pleaded their case. There was no response, and late last year, the court ruled against them.
Economic Times
7 minutes ago
- Economic Times
Godrej Properties plans its largest-ever bond issue: Report
Godrej Properties, the real estate unit of India's Godrej Industries, is set to tap the corporate bond market later this month with its largest issue to date, three sources aware of the matter said. ADVERTISEMENT The real estate developer is likely to raise around 20 billion rupees ($230 million) through the sale of shorter duration bonds, with a maturity of three to five years, the sources said last week. "The company could look to tap the market after the central bank's monetary policy decision this week, in the hope that yields ease further," one of the sources said. All the sources requested anonymity as the talks are private. Godrej Properties did not reply to a Reuters email seeking comment. The bonds are rated 'AA+', and this will be the company's first bond issuance in nearly a year. Last September, it had raised around 650 million rupees through the sale of five-year bonds at an annual coupon of 8.50%. ADVERTISEMENT Godrej Properties has borrowed 25 billion rupees through bonds since September 2023. The upcoming sale would take its outstanding issuances to 45 billion rupees. The Mumbai-based firm last month acquired around 50 acres of land for premium plotted residential units in the Indian state of Chhattisgarh. ADVERTISEMENT ($1 = 87.2300 Indian rupees) (You can now subscribe to our ETMarkets WhatsApp channel)
