Income Tax Rule 46(8) has become one of the most important compliance requirements for businesses maintaining digital books of account. Effective from 1 April 2026, the rule mandates daily backups of electronic books of account on servers physically located in India.
This bulletin explains the rule in plain language, identifies who is affected, details what auditors must now report, and sets out concrete steps your finance and compliance teams should take today.
At a Glance: Key Compliance Facts
| Particulars | Details |
| Rule Reference | Rule 46(8), Income-tax Rules 2026 |
| Effective Date | 1 April 2026 (already in force) |
| Applicable Provisions | Section 62 (books of account) and Section 63 (tax audit) |
| Backup Frequency Required | Daily — without exception |
| Server Location Requirement | Physically located in India |
| Penalty | Non-maintenance | ₹ 25,000 |
| Penalty | Incorrect Certification | ₹ 10,000 (applicable to the auditor) |
Background: Why Was This Rule Introduced?
India has witnessed an explosive shift towards digital and cloud-based accounting over the past decade. Businesses ranging from small traders using Tally to large enterprises running Oracle or SAP now maintain their primary books of account in electronic form. However, the legal framework for such records lacked clarity on where data must reside and how frequently backups must be made.
Rule 46(8) plugs this gap. It is a direct response to growing concerns about data sovereignty, accessibility by tax authorities during assessments, and the integrity of financial records maintained on foreign or dispersed servers. By requiring daily backups within India’s borders, the government ensures that accounting data remains within its jurisdictional reach.
Who Does Rule 46(8) Apply To?
Businesses covered under Income Tax Rule 46(8) must ensure that daily backups are maintained on servers located in India.
The rule applies to two broad categories of taxpayers:
Category 1 | Persons under Section 62 (Books of Account)
Section 62 of the Income-tax Act 2025 requires certain persons to maintain prescribed books of account. This generally includes:
- Businesses with annual turnover or gross receipts above the prescribed threshold
- Professionals such as doctors, lawyers, architects, and chartered accountants
- Companies, LLPs, and other entities covered by Section 62
Category 2 | Persons Subject to Tax Audit under Section 63
Section 63 mandates tax audits for:
- Businesses with turnover exceeding ₹1 crore (subject to applicable thresholds and presumptive taxation elections)
- Professionals with gross receipts exceeding ₹50 lakh
- Any other persons specifically covered by audit provisions
If your organisation maintains books of account in electronic form; whether through accounting software, an ERP system, or a cloud platform; and falls under either category, Rule 46(8) applies to you.
The Core Requirement | What Must You Do?
Rule 46(8) requires the following, in specific terms:
- Books of account maintained electronically must be backed up every day.
- The backup must be stored on a server that is physically located within India.
- Mere accessibility of data via a globally hosted cloud platform does not satisfy the requirement.
- The backup must be a genuine, recoverable copy — not merely a synchronisation or cache.
Special Focus: Cloud-Based Accounting Systems
This rule has its most significant impact on businesses using cloud-based platforms such as Tally on Cloud, Zoho Books, QuickBooks Online, SAP Business One, Microsoft Dynamics 365, Oracle NetSuite, or similar enterprise accounting systems.
Most cloud providers replicate data across multiple global regions for performance and redundancy. Having data replicated to an Indian region is not the same as having your designated backup stored on an India-based server. The distinction matters; and it is something your vendor must confirm in writing.
What You Must Verify With Your Cloud Vendor
- Whether their India-based data centres (e.g., AWS Mumbai, Azure Central India, Google Cloud Delhi/Mumbai) store your financial data
- Whether daily backup replication is configured specifically for an Indian server
- Whether they can issue a certificate or formal documentation confirming data residency in India
- Whether your Service Level Agreement (SLA) contains a data residency clause covering India
Impact on Tax Audit Reporting
Businesses covered under Income Tax Rule 46(8) must ensure that daily backups are maintained on servers located in India.
For businesses covered by Section 63, the tax audit report is expected to include specific disclosures related to Rule 46(8). Auditors will need to report:
- The name and version of accounting software used to maintain books of account
- The physical location(s) of servers where books of account are stored
- Whether daily backup compliance under Rule 46(8) has been maintained throughout the relevant financial year
- Details and addresses of the India-based backup servers
- Any qualifications, observations, or exceptions the auditor has noted in respect of non-compliance
This creates a shared responsibility between the taxpayer and the Chartered Accountant. If the auditor certifies compliance without independently verifying actual server locations, they become exposed to the incorrect-certification penalty.
Penalties for Non-Compliance
| Non-Compliance Type | Penalty Amount |
| Non-maintenance of books as prescribed under Rule 46(8) | ₹ 25,000 |
| Incorrect certification in tax audit report by the auditor | ₹ 10,000 |
These monetary penalties are a starting point, not a ceiling. Non-compliance with Rule 46(8) can trigger broader consequences:
- Adverse audit findings and qualifications in the tax audit report
- Enhanced scrutiny during income tax assessments
- Questions about the reliability and integrity of the books of account themselves
- Reputational exposure with the Income-tax Department
Compliance Action Plan
| Area | Action Required | Why It Matters |
| Accounting Software Audit | Identify the software in use and confirm server hosting location | Basis for audit disclosure and compliance verification |
| Cloud Vendor Inquiry | Request a written certificate confirming India-based data storage | Mandatory documentation for audit and assessment |
| Backup Configuration | Ensure daily backup replication to an India-hosted server | Core legal requirement under Rule 46(8) |
| Backup Logs | Maintain timestamped daily backup records | Evidence of ongoing compliance |
| SLA / Contract Review | Check data residency clauses in software vendor agreements | Prevents inadvertent non-compliance |
| Audit Working Papers | Document server name, location, and backup frequency | Auditor professional obligation |
| Management Representation | Obtain written confirmation of compliance from management | Protects auditor from incorrect-certification penalty |
| Infrastructure Upgrade | Switch to India-based cloud provider if current setup is non-compliant | AWS Mumbai, Azure India, GCP Delhi/Mumbai available |
Author’s Comments
Rule 46(8) reflects a deliberate policy shift in India’s approach to digital tax administration. As businesses migrate to cloud platforms and as assessments become more data-driven, the government’s ability to access and verify financial records in real time depends on those records being on Indian soil. The rule is not simply about backups; it is about data sovereignty and auditability.
The compliance pathway is clear: identify where your data lives, confirm that your vendor can provide India-based backup storage, put it in writing, and document your daily backup activity. For businesses already using major cloud providers, this may be a configuration exercise rather than a full infrastructure change. For those on smaller or global-only platforms, the change may be more significant.
Chartered Accountants and auditors must update their audit checklists immediately. The incorrect-certification penalty serves as a signal that the government expects auditors to actively verify; not merely accept management representations; on this issue.


