The Digital India Act is soon to be tabled in parliament in this monsoon session. This Digital India Act is coming as a successor of the 22-year-old Information & Technology Act. Considering the advances in the digital landscape and evolving use of technology such as AI and machine learning, this act will act as future-ready primary legislation for cyber regulations in India to meet the need of the hour. Admitting the evolving nature of cyber threats, including various cyber attacks and data breaches on individuals and on critical sectors, requires strong legislation to safeguard privacy and data protection and establish a robust cyber security framework. Hence upcoming Digital India Act is an opportunity to establish a future-ready cybersecurity framework.
Need of the hour
India needs strong legislation which can clearly define the roles with specific responsibilities, powers and accountability so as to address the evolving threats in cyberspace. Privacy, data protection, and cyber security are three aspects which need to be addressed properly in a more refined way.
- Digital India Act should properly define the responsibilities of agencies like the National Critical Information Infrastructure Protection Centre (NCIIPC), Computer Emergency Response Team-India (CERT-In), and the National Cybersecurity Coordinator. So as to enable these agencies to work efficiently and provide prompt response to cyber incidents.
- The act should also enhance collaboration with cybersecurity practitioners to create self-supporting communities.
- Data sharing framework among institutions such as CERT, NCIIPS and government and private entities should be encouraged to effectively establish a collective defence against evolving cyber threats.
- Legislation should consider the successful models from the United States, United Kingdom and Australia to establish advisory boards and agencies for cyber security. In Australia, there is a Cyber Security Centre which has a board of advisers who help in formulating policies and strategies. As well in the US, there is Cybersecurity Infrastructure Security Agency (CISA) which plays an important role in providing advisory aid to the federal government. In the UK, there is Cyber Defence Agency as performing a crucial role in protecting the country’s cyberspace. We can also establish similar agencies in India.
- The law should also facilitate that vulnerabilities are voluntarily reported by companies and individuals.
- The act must lay down extensive provisions for protecting privacy, establishing a robust data protection regime and provisions regarding informed consent.
- The act should facilitate secure and safe digital transactions.
- Looking at the evolving technologies, there is emphasised need for an extensive regulatory framework to deal with the evolving digital landscape while also adapting these advanced technologies.
The upcoming Digital India Act can be seen as future-ready legislation to fill up the present gaps in India’s current cybersecurity posture. It must comprehensively incorporate the aspects to ensure privacy, data protection, and cyber resilience. Incorporating and engaging a professional cadre of cybersecurity experts will also help in enhancing expertise and tackling cyber incidents. The act should encourage voluntary reporting of vulnerabilities. The act should align with global standards and evolving technologies. Hence establishing a safe digital environment for everyone.
Author: Neeraj Soni, Intern – Policy & Advocacy, CyberPeace Foundation