Infosys Achieves Binding Corporate Rules Certification from EU Data Protection Authorities

Rhea-AI Summary

Infosys (NYSE: INFY) has received regulatory approvals for its Binding Corporate Rules (BCR) from the Hesse Data Protection Authority, Germany, with concurrence from the European Data Protection Board. This makes Infosys the first India-headquartered company to achieve BCR certification, establishing a lawful framework for international data transfers within group companies.

The certification includes two sets of BCRs - one as a data controller (BCR-C) and another as a data processor (BCR-P). This achievement enables seamless transfer of personal information from Europe to any Infosys Group location globally, strengthening the company's data privacy and protection standards in an AI-first world.

Positive

• First India-headquartered company to achieve BCR certification
• Enables seamless transfer of personal data from Europe to global Infosys locations
• Strengthens competitive position in handling EU client data
• Dual certification as both data controller and processor

Negative

• None.

Insights

Legal and Compliance Expert

The BCR certification marks a pivotal regulatory achievement for Infosys, particularly significant in the context of evolving global data protection frameworks. The dual certification as both data controller and processor positions Infosys advantageously in the European market, where GDPR compliance is paramount. This certification creates a competitive moat by enabling seamless cross-border data transfers within the Infosys group - a important capability for serving multinational clients. The timing is especially relevant given increased scrutiny of international data flows and the invalidation of previous data transfer mechanisms like Privacy Shield. This certification will likely translate into enhanced business opportunities in the EU market, where stringent data protection requirements often influence vendor selection. The first-mover advantage as an India-headquartered company with BCR certification could help Infosys capture market share from competitors still navigating these regulatory requirements.

Technology Strategy Analyst

This certification is strategically valuable for Infosys's AI and digital transformation initiatives. In today's AI-driven landscape, the ability to legally transfer and process data across borders is important for developing and deploying sophisticated AI solutions. The BCR certification effectively removes regulatory friction in data handling, potentially accelerating AI project implementations and enabling more comprehensive global delivery models. This regulatory clearance positions Infosys to more effectively compete in the $500+ billion global digital transformation market, particularly in data-sensitive sectors like healthcare, finance and government services. For investors, this represents a material advantage in Infosys's ability to execute large-scale digital transformation projects that increasingly rely on cross-border data flows and AI processing capabilities.

• First India-headquartered company to receive BCR certification
• An accredited data privacy compliance framework for international data transfers from the EU

BENGALURU, India, Dec. 19, 2024 /PRNewswire/ -- Infosys (NSE: INFY) (BSE: INFY) (NYSE: INFY), a global leader in next-generation digital services and consulting, today announced that it has obtained regulatory approvals for its Binding Corporate Rules (BCR) from the Hesse Data Protection Authority, Germany, following concurrence from the EDPB (European Data Protection Board).

BCR provides a lawful framework within which organizations can transfer personal data internationally within their group companies. Two sets of BCRs have been approved for Infosys, one as a data controller (BCR-C) and the other as a data processor (BCR-P).

This BCR certification, which has been achieved for both Infosys' own and client data, strengthens the company's focus in maintaining consistent standards of data privacy and protection. This further enables seamless transfer of personal information from Europe to any Infosys Group location globally, and it is a milestone achievement in today's AI-first world in addressing concerns around cross-border data transfers. 

"This accomplishment reinforces Infosys' commitment towards responsible business practices. Today, the need to protect personal data is critical, and Infosys is helping clients carry out their business in a compliant environment. This recognition is a key differentiator for us when it comes to processing personal data and further affirms our dedication to accountability and trust," said Inderpreet Sawhney, Group General Counsel and Chief Compliance Officer, Infosys.

About Infosys

Infosys is a global leader in next-generation digital services and consulting. Over 300,000 of our people work to amplify human potential and create the next opportunity for people, businesses and communities. We enable clients in more than 56 countries to navigate their digital transformation. With over four decades of experience in managing the systems and workings of global enterprises, we expertly steer clients, as they navigate their digital transformation powered by cloud and AI. We enable them with an AI-first core, empower the business with agile digital at scale and drive continuous improvement with always-on learning through the transfer of digital skills, expertise, and ideas from our innovation ecosystem. We are deeply committed to being a well-governed, environmentally sustainable organization where diverse talent thrives in an inclusive workplace.

Visit www.infosys.com to see how Infosys (NSE, BSE, NYSE: INFY) can help your enterprise navigate your next.

Safe Harbor

Certain statements in this release concerning our future growth prospects, or our future financial or operating performance, are forward-looking statements intended to qualify for the 'safe harbor' under the Private Securities Litigation Reform Act of 1995, which involve a number of risks and uncertainties that could cause actual results or outcomes to differ materially from those in such forward-looking statements. The risks and uncertainties relating to these statements include, but are not limited to, risks and uncertainties regarding the execution of our business strategy, increased competition for talent, our ability to attract and retain personnel, increase in wages, investments to reskill our employees, our ability to effectively implement a hybrid work model, economic uncertainties and geo-political situations, technological disruptions and innovations such as Generative AI, the complex and evolving regulatory landscape including immigration regulation changes, our ESG vision, our capital allocation policy and expectations concerning our market position, future operations, margins, profitability, liquidity, capital resources, our corporate actions including acquisitions, and cybersecurity matters. Important factors that may cause actual results or outcomes to differ from those implied by the forward-looking statements are discussed in more detail in our US Securities and Exchange Commission filings including our Annual Report on Form 20-F for the fiscal year ended March 31, 2024. These filings are available at www.sec.gov. Infosys may, from time to time, make additional written and oral forward-looking statements, including statements contained in the Company's filings with the Securities and Exchange Commission and our reports to shareholders. The Company does not undertake to update any forward-looking statements that may be made from time to time by or on behalf of the Company unless it is required by law.

Logo: https://mma.prnewswire.com/media/633365/5070465/Infosys_Logo.jpg

 

View original content:https://www.prnewswire.com/news-releases/infosys-achieves-binding-corporate-rules-certification-from-eu-data-protection-authorities-302336039.html

SOURCE Infosys

FAQ

What is the significance of INFY's BCR certification from EU authorities?

The BCR certification allows Infosys to legally transfer personal data internationally within its group companies and strengthens its data privacy standards, making it the first India-headquartered company to achieve this status.

How will the BCR certification impact INFY's European operations?

The certification enables Infosys to transfer personal information seamlessly from Europe to any global Infosys location, enhancing its ability to serve European clients while maintaining data protection compliance.

What types of BCR certifications did INFY receive in December 2024?

Infosys received two types of BCR certifications: BCR-C as a data controller and BCR-P as a data processor, covering both company and client data.

Which regulatory authorities approved INFY's BCR certification?

The BCR certification was approved by the Hesse Data Protection Authority in Germany, following concurrence from the European Data Protection Board (EDPB).