Here's an article from 1999 http://www.rediff.com/computer/1999/jul/26gatewa.htm

Last week it announced the 'Guidelines and general information for setting up of international gateways for Internet'.

Another quote:

There is a view in the industry that 40-bit key length is too weak for most commercial applications and can be easily broken.

Surprisingly, Singhal [secretary, Internet Service Providers' Association of India] is not very worked up over this. He clarifies that it is just an initial step. "It is not a hard and fast rule that higher bit encryption is not allowed. If encryption over 40 bits is used then the key will have to be given to the government. The DoT seems to have taken the worldwide standard. As and when they receive complaints that it can be easily broken, they will consider going for stronger encryption.

It is from 2001, It can be verified by using google search with a date range.

https://www.google.com/search?hl=en&q=%22Individuals/Gro...

My apologies for jumping the gun. Its easy to get confused as there was no date on that page.

I think google doesn't have info about page dates prior to 2001. I think the actual date must be 1999 as linked by the parent post.

http://www.google.co.in/search?q=www.google.com&hl=en...

PS: I'm the one who should apologize.

Yeah. Here is the archive history for linked guidelines in the rediff article - http://wayback.archive.org/web/20060815000000*/http://www.do... Dates back to 2000 at least. So must be from 1999

Is the policy still applicable if it doesn't seem to be updated?