Microsoft’s blocking of services to Indian refiner Nayara Energy last month, after the European Union (EU) put it on a sanction list, happened due to an automated “legacy” compliance system, and the company has changed its enforcement mechanism since, including adding a review process by its senior leadership before suspending services to an entity, The Indian Express has learnt.
The IT Ministry had sought Microsoft’s response on why it had suspended services to Nayara Energy, which resulted in its employees not being able to access their own data and communication channels.
In a written submission to the ministry earlier this week, the software giant said: “The outage was caused by an automated sanctions enforcement. Microsoft’s legacy compliance system was calibrated for a time when sanction regimes were less complex and was inclined to enforce ‘global’ compliance by default. At the time of suspension, Microsoft’s historical trade compliance posture assumed EU jurisdiction and measures to prevent the corollary risk that enabling access/return of data could violate EU sanctions. This automated approach led to an unintended disruption…”
But, acknowledging the flaw in that process, Microsoft said that its automated system “presumed” a jurisdictional nexus (legal necessity) to the EU due to the historically global nature of its operations. “However, Microsoft’s significant investments in India in recent years render this jurisdictional presumption no longer appropriate,” it added.
These specific reasons have not been reported before.
In a statement to The Indian Express, a spokesperson for the company said, “Microsoft remains steadfast in its commitment to India’s digital future—one built on trust, legal integrity, and collaborative governance. We have strengthened measures and jurisdictional validation checkpoints to ensure services resiliency. We will continue to work closely with the government, aligning with national priorities for trusted technology and transparent regulatory engagement, so that every customer in India can operate with confidence and continuity.”
The EU on July 18 announced that it was sanctioning Nayara Energy, in which Russian oil giant Rosneft holds 49.13 per cent stake, as part of its tranche of actions in the latest bid to force the Kremlin’s hand to end the war in Ukraine. The sanctions mean that Nayara Energy would not be able to export petroleum fuels and products to Europe, and potentially hit any of its dealings with European companies.
On July 22, Microsoft suspended its tech support to the company in response to the sanctions, affecting Nayara’s employees’ Outlook and Teams accounts. Soon after, Nayara Energy sued Microsoft in the Delhi High Court, following which it restored services to the oil refiner.
Story continues below this ad
Microsoft’s suspension of Nayara’s services has caused a great deal of concern within New Delhi’s policy circles, with questions being raised around the dependence Indian companies have on crucial digital infrastructure services offered by American companies and the need for them to build resilience against potential disruptions in the future. The ties between India and the US have faced a setback, with Washington criticising New Delhi’s purchase of Russian oil, and slapping a 50 per cent tariff.
To placate these concerns, Microsoft, in its submission, told the ministry that to avoid such suspensions in the future, it has implemented a series of “corrective actions” and governance reforms to strengthen its sanctions enforcement process. The company said that enforcement decisions are no longer fully automated, as it has introduced a structured, risk-based protocol that requires a thorough legal and jurisdictional analysis, reviewed and approved by senior leadership, before any service suspension is enacted. Microsoft will also provide advance notice to affected customers wherever legally permissible.
“These changes ensure that enforcement actions are legally grounded, proportionate, and sensitive to business impacts in every country where Microsoft operates,” the company added.
The IT Ministry had also raised concerns around Microsoft delaying responding to requests from Indian law enforcement agencies. Acknowledging this, Microsoft said, “We recognise and regret the recent delays in response to Indian law enforcement requests, which were due to multiple internal reasons. Since spring, we have made substantial progress and now respond to all Indian law enforcement orders within 72 hours…”
