Cyber Security Legal Framework in India – Overlaps, Problems and Challenges

Manvi Gupta; Ayush Gupta

doi:10.48001/jbmis.1201002

Authors

Manvi Gupta Institute for Law and Finance, Goethe University Frankfurt am Main, Frankfurt, Germany https://orcid.org/0009-0005-3705-439X
Ayush Gupta Cyber Security Professional, Helsinki, Finland https://orcid.org/0009-0009-4277-776X

DOI:

https://doi.org/10.48001/jbmis.1201002

Keywords:

cyber security, data privacy, information security, IT Act 2000, National security policy

Abstract

Cybersecurity in India is governed by a complex legal framework designed to protect information infrastructure, secure data, and mitigate cyber threats. The increasing digitalization across sectors has amplified the need for robust cybersecurity laws. The legal framework is still evolving and continuous steps have been taken by the authorities to promulgate legislations as and when required as evidenced in the last decade. In this paper, we examine the evolving cybersecurity legal framework in India and highlight the major problems and challenges. We explore the major legislation that deals with cyber crimes, data privacy and protection. We also conduct a comparative analysis of the regulation in the USA, EU and India and explore the major weaknesses. We find that the present legal framework is still sub-optimal with a host of issues relating to coverage, awareness and implementation. We also find that the overlapping nature of various laws, regulations, and guidelines often leads to confusion and compliance challenges for stakeholders, making it imperative to understand their scope and interaction.

References

Arora, K. (2020). Privacy and data protection in india and germany: A comparative analysis. SP III.

Bentotahewa, V., Hewage, C., & Williams, J. (2022). The normative power of the gdpr: A case study of data protection laws of south asian countries. SN Comput Sci, 3, 183. https://doi.org/10.1007/s42979-022-01079-z DOI: https://doi.org/10.1007/s42979-022-01079-z

Bondre, A., Pathare, S., & Naslund, J. (2021). Protecting mental health data privacy in india: The case of data linkage with aadhaar. Glob Health Sci Pract, 9, 467–480. https://doi.org/10.9745/GHSP-D-20-00346 DOI: https://doi.org/10.9745/GHSP-D-20-00346

Burman, A. (2023). Understanding india’s new data protection law.

Campbell, C. (2021). A review of data protection regulations and the right to privacy: The case of the us and india. Manohar Parrikar Institute for Defence Studies and Analyses.

Chandra, A. (2024). Strengthening india’s cybersecurity and data privacy landscape: A comprehensive overview. Indian Journal of Public Administration, 70, 466–478. https://doi.org/10 .1177/00195561241271616 DOI: https://doi.org/10.1177/00195561241271616

Christopher, K. (2021). The path to recognition of data protection in india: The role of the gdpr and international standards. National School of India Review, 33, 69–91.

Dar, M., & Wani, S. (2023). Covid-19, personal data protection and privacy in india. Asian Bioeth Rev,15, 125–140. https://doi.org/10.1007/s41649-022-00227-0 DOI: https://doi.org/10.1007/s41649-022-00227-0

Deloitte. (2024). Cybersecurity and cyber resilience framework (cscrf) for sebi-regulated entities.

Ekadshi, D. M. (2023). Comparative analysis of cyber security laws of india, united states, and united kingdom. International Journal of Law, 9, 88–91.

Kathuria, Y., Ruhani, V., Tyagi, M., & Jain, V. (2024). Protecting data privacy in the age of ai: A comparative analysis of legal approaches across different jurisdictions. AIP Conference Proceedings, 040007. https://doi.org/10.1063/5.0234669 DOI: https://doi.org/10.1063/5.0234669

Lochab, H., & Agarwal, S. (2024). Companies grapple with costs, complexity of overlapping cybersecurity laws. The Economic Times.

Marikyan, D., Papagiannidis, S., Rana, O. F., & Ranjan, R. (2024). General data protection regulation: A study on attitude and emotional empowerment. Behaviour Information Technology, 43, 3561–3577. https://doi.org/10.1080/0144929X.2023.2285341 DOI: https://doi.org/10.1080/0144929X.2023.2285341

Mishra, N., & Kapadia, Y. (2020). Lack of jurisprudence in data protection laws in india vis a vis the russian scenario. https://blog.ipleaders.in/lack-jurisprudence-data-protection-laws-india/.

P. Romansky, R., & S. Noninska, I. (2020). Challenges of the digital age for privacy and personal data

protection. Mathematical Biosciences and Engineering, 17, 5288–5303. https://doi.org/10.3934/mbe.2020286 DOI: https://doi.org/10.3934/mbe.2020286

pwc. (2022). A comparison of cybersecurity regulations: India.

Robb, L., Candy, T., & Deane, F. (2023). Regulatory overlap: A systematic quantitative literature review. Regul Gov, 17, 1131–1151. https://doi.org/10.1111/rego.12504 DOI: https://doi.org/10.1111/rego.12504

Sadonian, L. (2024). Gdpr’s influence on indian data protection practices.

Shahid, J., Ahmad, R., Kiani, A., Ahmad, T., Saeed, S., & Almuhaideb, A. (2022). Data protection and privacy of the internet of healthcare things (iohts). Applied Sciences, 12, 1927. https ://doi.org/10.3390/app12041927 DOI: https://doi.org/10.3390/app12041927

Singh, N. (2024). Data protection and privacy challenges in digital age in india. White Black Legal International Law Journal, 16.