Under Indian Law, Section 84A of the Information Technology Act, 2000 [amended in the year 2008] empowers the government to prescribe the modes or methods of encryption "for secure use of the electronic medium and for promotion of e-governance and e-commerce". But no rules have been notified so far, although draft recommendations have been made available.
As a general practice 40 bit encryption equipment has been used in India with a more advanced encryption system for sensitive information. Although, there are a few exceptions like SEBI and RBI which have prescribed industry specific but different encryption standard ranging from 64 bit to 128 bit. As for the Department of Telecommunications [DoT], the National and International Long Distance License Agreements [NLD and ILD] demands prior approval of the DoT pertaining to installation of encryption equipment whereas the Internet Service Provider [ISP] license agreements specifically bars encryption strength of over 40 bits without the permission of DoT.
Moreover, the restriction pertaining to 40 bits encryption [now proposed to be 128 bits] is a generally applicable rule. In case where the encryption equipment uses more than 40 bits, the equipment needs to be approved by the Government of India and in most cases, the Government asks for the decryption key. Presently, the Government of India has the infrastructure to monitor networks that employ 40 bits encryption and a decryption key in such cases is not required to be submitted to the Government.
Please note that there is no uniformity amongst various Government Departments and Regulatory authorities. DoT permitted encryption standards are not uniform with the standards prescribed by other regulatory bodies and are also inconsistent with the International Standards.