Books of Account Go Digital: New Income-tax Act Recognises Cloud Storage but Imposes Data Localisation Requirements

 

A Significant Expansion in the Definition of Books of Account

 

The Income-tax Act, 2025 has modernised the definition of “books or books of account” to align with contemporary business practices.

 

Section 2(19) now expressly includes books maintained not only in written form but also in electronic or digital form, cloud-based storage, and on electromagnetic data storage devices such as external hard drives, memory cards, portable storage devices, tapes, and floppy disks. Even printouts generated from such digital records are regarded as books of account for the purposes of the Act.

 

This represents a significant departure from the corresponding provisions under the Income-tax Act, 1961, which did not specifically recognise cloud-based storage within the statutory framework.

 

Recognition of the Cloud Era

 

The explicit inclusion of cloud-based storage reflects the legislature’s recognition that accounting records are no longer confined to physical ledgers or local servers. Modern businesses increasingly rely on ERP systems, cloud accounting software, and remotely hosted databases for maintaining their financial records.

 

By bringing cloud-hosted records within the statutory definition of books of account, the law removes any ambiguity regarding their evidentiary value and compliance status under the Income-tax framework.

 

The New Compliance Requirement: Records Must Remain in India

 

The expanded definition is accompanied by an important compliance requirement under Rule 46(8) of the Income-tax Rules, 2025.

 

Where books of account and prescribed documents are maintained electronically:

 

- The records must remain accessible in India at all times.

- A daily backup of such records must be maintained on servers physically located within India.

 

The apparent objective of this provision is to ensure that digital records remain within the effective reach of Indian tax authorities, notwithstanding the increasing use of global cloud infrastructure and cross-border data storage arrangements.

 

Who Needs to Be Concerned?

 

The practical implications of this requirement are likely to be most significant for businesses using foreign-hosted cloud platforms or multinational ERP systems where data may be stored outside India.

 

Such taxpayers may need to review their data storage architecture, hosting arrangements, and backup policies to ensure compliance with the requirement of maintaining daily backups on servers physically located in India.

 

Local Cloud and On-Premise Systems May Not Face Difficulties

 

For many businesses, however, the concern may be more theoretical than practical.

 

Where accounting records are maintained on local servers or through cloud service providers operating data centres in India, the requirements relating to accessibility and local backup are likely to be easier to satisfy.

 

For instance, businesses using locally hosted accounting solutions or cloud-based accounting software with Indian data centres are unlikely to encounter significant compliance challenges under Rule 46(8).

 

Precautions for Professionals and Taxpayers

 

In light of the new requirements under the Income-tax Act, 2025 and Rule 46(8) of the Income-tax Rules, 2025, professionals, businesses, and taxpayers should adopt appropriate safeguards to ensure effective compliance and avoid potential disputes during assessments, audits, or investigations.

 

1. Review Data Storage Arrangements

 

Taxpayers should identify the physical locations where their accounting and financial data are stored. Where cloud-based platforms are used, confirmation should be obtained regarding the location of primary servers and backup infrastructure.

 

2. Ensure Daily Backups on Indian Servers

 

Appropriate systems and procedures should be implemented to ensure that daily backups of books of account and prescribed documents are maintained on servers physically located in India, as required by Rule 46(8).

 

3. Obtain Confirmations from Cloud Service Providers

 

Businesses relying on third-party cloud vendors or ERP providers should seek periodic confirmations regarding compliance with Indian data localisation and backup requirements.

 

4. Preserve Evidence of Compliance

 

Taxpayers should maintain adequate documentation, including service agreements, backup logs, server-location declarations, system reports, and other records that may be required to substantiate compliance before tax authorities.

 

5. Review Cross-Border ERP and Cloud Deployments

 

Multinational groups and enterprises using globally integrated ERP systems should evaluate whether their existing technology infrastructure satisfies the requirements of accessibility in India and maintenance of local backups. Necessary corrective measures should be implemented where required.

 

6. Strengthen Internal Controls

 

Finance, compliance, and IT teams should work in coordination to establish internal controls and monitoring mechanisms to ensure continuous adherence to the statutory requirements.

 

7. Update Data Governance and Record Retention Policies

 

Existing policies relating to data governance, record retention, information security, and digital documentation should be reviewed and updated to align with the new legal framework.

 

8. Conduct Periodic Compliance Reviews

 

Regular internal reviews and professional compliance audits may assist in identifying gaps at an early stage and facilitate timely corrective action.

 

Professional Perspective

 

The formal recognition of cloud-based accounting records under the Income-tax Act, 2025 is a welcome and progressive development that aligns tax law with contemporary business realities. However, the accompanying requirement for accessibility within India and maintenance of daily backups on Indian servers introduces an important compliance obligation for taxpayers.

 

Businesses should not assume that the mere use of cloud-based accounting software automatically satisfies the new requirements. A careful review of existing technology infrastructure, cloud hosting arrangements, and backup policies is advisable, particularly where foreign-hosted applications or multinational ERP systems are involved.

 

Proactive compliance, proper documentation, and periodic review of data management practices will be essential in mitigating regulatory risks and ensuring readiness for future assessments or enquiries by tax authorities.

 

Conclusion

 

The Income-tax Act, 2025 marks a significant step towards recognising the digital transformation of business record-keeping by expressly including electronic and cloud-based records within the definition of books of account. Simultaneously, the introduction of data localisation requirements reflects the Government’s emphasis on ensuring accessibility, regulatory oversight, and effective tax administration in an increasingly digital economy.

 

Taxpayers and professionals should use this transition as an opportunity to reassess their accounting systems, data storage practices, and compliance frameworks to ensure full alignment with the new legal requirements.