MeitY empanelled cloud service providers: complete India list

MeitY empanelment is the Indian government's mechanism for certifying cloud service providers that can be used by central and state government bodies, PSUs and other public sector organisations. All three major hyperscalers, AWS, Microsoft Azure and Google Cloud, are MeitY empanelled, along with several Indian providers. Empanelment confirms the provider meets a defined set of security, audit and operational standards but does not by itself certify any specific workload.

What MeitY empanelment means

The Ministry of Electronics and Information Technology, MeitY, runs an empanelment process administered by STQC, the Standardisation Testing and Quality Certification directorate. Empanelled providers are listed on the GI Cloud, MeghRaj, programme and can sell cloud services into government tenders without each buyer having to repeat foundational security and audit checks. Empanelment is renewed periodically and providers are audited against a defined catalogue of services. For background see what is cloud managed services.

Who is empanelled

Always verify the current empanelment list on the official MeitY portal because the catalogue of providers and services changes over time.

Practical guidance for public sector buyers

1. Confirm the specific service is in scope of the empanelment. A provider may be empanelled for VMs but not for a specific managed database or AI service.
2. Validate region. The empanelment may cover certain Indian regions and not others.
3. Check the audit window. Empanelments expire and renewals can lapse. Always use a provider with a current valid empanelment.
4. Layer additional certifications. ISO 27001, ISO 22301 and sector specific certifications add depth beyond empanelment.
5. Engage an MSP for operations. Empanelment certifies the provider, not how the workload is run. An MSP with public sector experience is essential.

How private sector buyers should think about it

Empanelment is primarily a public sector procurement signal but private sector buyers often treat it as a useful third party validation that the provider meets a baseline of Indian regulatory expectation. It is not a substitute for DPDP, RBI or sector specific compliance work.

How Opsio helps

Opsio works with Indian customers across MeitY empanelled hyperscalers and helps public sector and PSU customers design compliant landing zones, evidence collection and audit response. See our managed cloud services India pillar and our managed cloud services page, or contact us via the India contact page.

Frequently asked questions

Is empanelment mandatory for all government cloud purchases?

For most central and state government cloud procurement, the empanelled list is the default. Specific defence and intelligence workloads have additional or alternative paths. Always confirm with your procurement and security teams which path applies.

Does empanelment cover all services from a provider?

No. Empanelment covers a defined catalogue of services that the provider submitted for audit. Newer services or those in preview are typically not in scope. Validate per service before designing the architecture.

How long is an empanelment valid?

Typically three years with annual surveillance. Providers must reapply and pass a fresh audit at the end of the cycle. Always check the current validity on the MeitY portal.

Can a non empanelled provider serve government workloads?

Rarely directly. They may serve indirectly through an empanelled prime contractor or via specific exceptions, but the empanelled list is the default procurement channel.

Does empanelment make a workload automatically compliant?

No. Empanelment validates the provider, not the workload. The customer is still responsible for data classification, configuration, identity, encryption and audit evidence. An experienced MSP is essential to operationalise this.