wordpress blog stats
Connect with us

Hi, what are you looking for?

What does the wish-list of cybercrime experts and stakeholders for the Digital India Act entail? #NAMA

Sukanya Thapliyal, Project Officer at the Centre for Communications Governance, believes that speech-based offences must not be criminalised

“Increased transparency, more engagement with technology service providers, international agreements, more focus on fundamental rights, and finally, narrowly targeted requests [by law enforcement agencies],” Venkatesh Krishnamoorthy, from BSA-The Software Alliance, listed out his wish-list when asked about what are his expectations from the Digital India Act at MediaNama’s MarketsNama conference on May 19, 2023.

Krishnamoorthy was speaking as a panelist for the fourth session, which focused on interactions between law enforcement agencies and companies or service providers in the context of cybercrime and cybersecurity. As the panelists debated on the challenges that companies face when they have to meet data-requirement requests of law enforcement agencies, they also touched upon what the upcoming Digital India Act (DIA) must cover to improve cooperation between the two parties when it comes to the investigation of crimes.

In addition to specifically addressing the abovementioned matter, panelists and other speakers briefly listed some of their expectations from the DIA towards the end of the session. Here’s a quick roundup of the key points:

  1. Emerging tech and definition of harm:

Panelist Atul Kumar, from the Data Security Council of India, talked about the evolving definition of harm alongside emerging technologies. He states that the harm or damage is not just limited to users but can also include entities, communities, enterprises, etc., and with newer technological developments, defining harm will get trickier. Kumar is of the view that there is a need to qualify the technological aspect when defining harms and cybercrimes in future legislation.

MediaNama hosted this discussion with support from Salesforce, Google and Mozilla. Internet Freedom Foundation, and our community partners, the Centre for Internet and Society and Alliance of Digital India Foundation.

FREE READ of the day by MediaNama: Click here to sign-up for our daily newsletter with the top story of the day delivered daily before 9 AM in your inbox.

Advertisement. Scroll to continue reading.

  1. Non-criminalising cyber-enabled crimes:

Panelist Sukanya Thapliyal, Project Officer at the Centre for Communications Governance, believes that speech-based offences must not be criminalised. She adds that criminalising cyber-enabled crimes can cause more harm and that the government must look for “milder ways” to tackle them in the Digital India Act.

  1. Addressing cybercrimes against women and children:

Thapliyal also pointed out that crimes against women, children, LGBTQ groups and other minorities need attention and stated that India needs to delve deeper when it comes to provisions dealing with such crimes. “We can think about criminalising even non-monetarily motivated crimes against women, or in terms of how children are interacting with technology and what kind of harms are emanating from them,” she added.

  1. Categorization of timelines:

MediaNama Editor Nikhil Pahwa asked about the uncertainties about timelines set for addressing data requests of law enforcement agencies. As an example, he referred to the Cert-In cybersecurity directions issued in 2022 that require service providers, data centres, and others to report cyber incidents within 6 hours of noticing such incidents or being brought to notice about such incidents. Krishnamoorthy noted that there needs to be a difference in the timelines depending on the information requested and the risks related to harm. He adds that the Digital India Act must include guidelines on this to enable companies to respond effectively to such incidents.

Emphasising the need to categorise data requests for a given time frame, Kumar added that since the Cert-In directions are horizontal and applicable for every company, irrespective of the company size, there is a need to build “reasonable security practices and procedures”. This will help the company, based on the nature and the domain, to be ready with the required data and information. “I may not say codify in the law itself, but in one way or other, it should be there in the procedure,” Kumar added.

  1. On regulation by FAQs:

Vivek Abraham, an attendee at the event, shed light on procedural gaps between what’s written on paper and how entities operate in real life. Abraham was referring to the Cert-In cybersecurity directions and stated that during several meetings and discussions, they were assured about certain aspects of the directions and “inferences” were drawn on how they must be operating. While companies may be operating as per these confirmations, Abraham states that customers and other regulators are going by the initial directions layout.

“…today in the Cert-In framework that we are operating in, there is something that’s written on paper. There’s FAQs. There’s a lot of discussions and meetings from which we’ve got inferences and we’ve got comfort on how we can operate. But we are operating at the inference and the confirmations and everything at that level. But a lot of people, including our customers, other sector regulators, are going by what is there in the initial directions. I would love it if the government can put all the understandings and meetings and inferences put together in the official document so that it’s much easier for us to operate according to what is realistic,” Vivek explained.

In addition, Abraham pointed out that a lot of these discussions went beyond the scope of concerns covered by the FAQs on Cert-In directions that the IT Ministry released last year. The speaker’s wish list mainly includes an official document published by the government, which would collate all the inferences from these meetings and “informal briefings” and would enable companies to operate as per realistic practices.

“I think we are at a place where everybody understands there’s a lot of wink-wink, nudge-nudge going on. We understand that the directions are basically unimplementable. But it’s okay, as long as we are able to show good intent and we are working hard to meet the standard, people are okay with it,” he adds.

Note: This article’s headline was updated on May 29th, 2023, at 2:55 pm to improve clarity. 

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Advertisement. Scroll to continue reading.

Also Read:

What Are India’s Focus Areas In Its Proposals At The UN Cybercrime Convention? #NAMA

What Are The Problems That Companies Face When Law Enforcement Agencies Demand For Data? #NAMA

What Must The Digital India Act Cover To Improve Cooperation Between Law Enforcement And Service Providers? #NAMA

Will Companies Protect User Rights When Faced With Threats Of Criminal Liability From Law Enforcement Agencies? #NAMA

Advertisement. Scroll to continue reading.
Written By

Curious about privacy, surveillance developments and the intersection of technology with education, caste and welfare rights.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.


Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...


The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ