top of page
Search

Is India’s Cybersecurity Law Future-Ready

  • Writer: Lamisha Abidin
    Lamisha Abidin
  • Jun 3
  • 3 min read

“Every byte we send, every click we make, leaves behind a digital trail—vulnerable, valuable, and often invisible. In India, where digital transformation is at the heart of economic growth, the risk of cyberattacks is no longer a distant concern but a daily reality. From ransomware attacks on critical infrastructure to data leaks affecting millions, cybercrime is testing the limits of India’s legal system. With 1.2 billion mobile users900 million internet surfers, and UPI recording 12 billion+ annual transactions, India’s digital economy is booming. But as cybercriminals weaponize AI, deepfakes, and state-sponsored attacks


In November 2022, India’s premier AIIMS hospital went dark. For two weeks, hackers held 40 million patient records hostage in one of the country’s worst ransomware attacks. The incident wasn’t just a wake-up call—it was a screaming alarm about India’s cybersecurity preparedness.




The Information Technology Act, 2000, is India’s first and foundational legislation addressing cyber offenses, data protection, and electronic governance. Over the years, several amendments have enhanced its relevance, especially in combating cyber offenses and protecting digital infrastructure. Some of the most important sections include:

  • Section 43: Compensation for unauthorized access, data theft, or damage to computer systems.

  • Section 66: Punishment for hacking and dishonestly accessing computer systems.

  • Section 66C: Identity theft involving fraudulent use of digital signatures, passwords, or biometric data.

  • Section 66D: Punishment for cheating through impersonation via electronic means (e.g., phishing scams).

  • Section 66F: Defines and punishes cyber terrorism, with imprisonment up to life.

  • Section 69: Grants government the power to intercept, monitor, or decrypt information for national security and public order.

  • Section 70: Declares and protects Critical Information Infrastructure (CII).

  • Section 72: Penalizes breach of confidentiality and privacy by service providers or officials.


Can India’s Cyber Laws Keep Up With Modern Cyber Threats?


India’s cybersecurity laws are racing against AI-powered frauds, state-sponsored hacks, and ransomware epidemics but are they fast enough While the IT Act (2000) and DPDP Act (2023) provide a framework, gaps in enforcement, outdated provisions, and emerging tech challenges raise serious concerns.

While provisions like Sections 66 (hacking), 66F (cyber terrorism), and 69 (government surveillance) offer tools for enforcement, the reactive nature of these laws often lags behind real-time threats. Enforcement agencies face challenges such as lack of technical expertise, slow investigation processes, and jurisdictional limitations, especially with cybercrimes originating outside India.



Current Indian Cyber laws provide a foundation, but not a full defence.


Where Indian Cyber Laws Fall Short ?



  • AI & Deepfakes: No specific laws against AI-generated scams or synthetic media crimes.


A growing concern that underscores this gap is the rise of deepfake technology, which has been used for morphing, character assassination, and misinformation, yet remains poorly addressed under existing laws. While Sections 66E (violation of privacy) and 67 (obscene content) of the IT Act may be applied in certain cases, there is no explicit legal provision to tackle the creation or distribution of deepfakes. This makes deepfakes a perfect example of how current Indian laws provide a foundation, but not a full defense against modern cyber threats.


A notable case is the Priya Prakash Varrier Deepfake Incident (2018), where her face was digitally inserted into an adult video and circulated online. Despite public outrage, legal recourse was limited, highlighting the lack of a dedicated legal framework to address such violations in the digital space.



  • Cryptocurrency Fraud: No clear regulations for crypto-related cybercrimes (₹1,200+ crore lost in 2023).


Ajay Bhardwaj v. Union of India (2020) involves the ₹20,000 crore GainBitcoin Ponzi scheme, where Ajay and his brother Amit Bhardwaj allegedly duped over 80,000 investors by promising 10% monthly returns in Bitcoin. Instead, they paid in worthless MCAP tokens. The Supreme Court granted Ajay anticipatory bail but later rebuked him for failing to disclose crypto wallet credentials. Due to the scam's scale and lack of crypto regulation, the Court transferred the investigation to the CBI. The case exposed major gaps in India’s crypto laws and emphasized the urgent need for clear regulations and better investor protection.


  • Ransomware Attacks: Critical infrastructure (hospitals, power grids) remains vulnerable due to slow incident responses.


  • Cross-Border Crimes: Limited global cooperation to track hackers operating from foreign jurisdictions.


  • IoT & 5G Risks: No robust safeguards for smart devices and hyper-connected networks.


Conclusion

India urgently needs a robust and updated set of cyber laws to combat rising cyberattacks. Existing laws serve only as a foundation; they lack the depth and agility required for real-time defence. A comprehensive, modern legal framework is essential to ensure national cybersecurity and protect citizens in the digital age.

 
 
 

Yorumlar

bottom of page