India’s digital transformation is among the most consequential economic and governance shifts of the 21st century. In less than a decade, the country has built a Digital Public Infrastructure (DPI) of unprecedented scale, enabling real time payments, direct benefit transfers, digital identity, and seamless access to public services.
This transformation has not only improved efficiency, it has reshaped the relationship between the state and the citizen. Financial inclusion has expanded, leakages in welfare delivery have reduced, and a new generation of digital first enterprises has emerged.
But scale without safeguards can quickly become systemic risk. The central question India now faces is not whether to digitise further, but whether its legal and governance frameworks are keeping pace with the realities of a deeply networked digital society.
Scale Without Safeguards Is a Strategic Risk
India today has over 900 million internet users, the second largest online population in the world, interacting daily across payments platforms, social media, messaging applications, and digital marketplaces. UPI alone processed over 21 billion transactions in December 2025, the highest monthly volume ever recorded by any real time payment system globally.
This interconnected ecosystem has created unprecedented efficiencies, but also a vast attack surface.
Cyber fraud, misinformation, deepfake driven manipulation, and cross border digital crime, are no longer isolated incidents. They are systemic challenges. Cybercrime complaints have risen sharply in recent years, with lakhs of cases reported annually and a steady increase in financial losses running into thousands of crores.
The implications go beyond financial loss. They affect public trust, social stability, and even the democratic processes.
An unregulated or weakly regulated digital ecosystem does not remain neutral. It becomes vulnerable to manipulation, exploitation, and capture by actors operating beyond the reach of domestic law.
The Sovereignty Gap in the Digital Layer
India has built strong sovereign capabilities in digital identity, payments, and data exchange. However, a significant portion of the digital experience like the social media feeds, search results, and content discovery, remains influenced by global platforms. These systems shape what citizens see, read, and believe, yet often operate within evolving and uneven accountability frameworks under Indian jurisdiction.
This creates a structural imbalance. Decision making algorithms remain opaque, content moderation standards are inconsistent, enforcement frequently depends on corporate policies rather than domestic legal processes. The issue is not about restricting global platforms. It is about ensuring that systems influencing Indian society are accountable to Indian law.
Digital sovereignty, in this context, is not isolation. It is about enforceability.
Beyond the False Binary: Privacy vs Regulation
Public discourse often frames regulation as a threat to privacy and free speech. These concerns are valid and must be safeguarded. India’s constitutional framework, particularly the recognition of privacy as a fundamental right following the landmark Puttaswamy judgment, sets clear limits on state action.
However, equating all regulation with surveillance or censorship creates a false binary. Requiring platforms to act against demonstrably harmful content, provide transparency in algorithmic amplification, or cooperate in lawful investigations, does not inherently undermine privacy. Rather, it establishes accountability, proportionate to influence. The real policy challenge is not choosing between privacy and regulation, but designing frameworks where both coexist.
A Breakdown in Accountability
A key weakness of today’s digital ecosystem is the diffusion of responsibility. Individuals often lack awareness of digital risks, making them vulnerable to fraud and misinformation. Content creators and influencers, despite significant reach, frequently operate outside the ethical frameworks that govern traditional media.
Platforms claim intermediary status while actively curating and amplifying content through algorithms. Law enforcement agencies, meanwhile, face capacity constraints in dealing with fast moving, transnational digital crimes.
This fragmented responsibility has created a “loophole economy”, where harmful actions fall between legal definitions, jurisdictional boundaries, and technological complexity. The scale of the enforcement gap is evident. Despite millions of complaints filed annually, only a small fraction, estimated at under 3% actually translate into formal criminal cases. Without clear accountability, deterrence weakens, and exploitation scales.
Why Stronger IT Laws Are Necessary
India’s existing legal architecture, anchored in the IT Act, 2000, was designed for a different technological era. It does not adequately address AI generated content, algorithm driven amplification, platform liability at scale, cross border cybercrime networks, or emerging financial risks in digital ecosystems.
The evolution of IT rules must therefore be viewed as legal modernisation, not an overreach. India has already begun this shift. Recent policy developments indicate a move toward a more structured digital governance framework. Strengthening data protection obligations, clarifying intermediary responsibilities, and introducing greater accountability in handling unlawful and synthetic content.
Together, these measures aim to address what the earlier frameworks could not, by linking safe harbour protections to compliance obligations, extending accountability to high reach digital actors, strengthening grievance redressal mechanisms, clarifying obligations in content moderation, data handling, and AI generated content
At the same time, the legitimacy of stronger IT laws will depend on the safeguards built into them. Judicial oversight, transparent and reasoned processes, high level authorisation requirements, and periodic review are not optional, they are constitutional imperatives. Equally, clarity in definitions and due process protections, will be critical to prevent overreach or unintended chilling effects.
Global Trends Are Converging
India is not alone in this shift. The European Union’s Digital Services Act has strengthened platform accountability and transparency. The United Kingdom and Australia have introduced online safety frameworks with clearly defined obligations for platforms. Across jurisdictions, the direction is unambiguous. Digital influence at scale must be matched by legal responsibility. India’s challenge is to implement this balance in a manner that protects both innovation and public interest.
Shared Responsibility: The Way Forward
Effective digital governance cannot rest on regulation alone. It requires coordinated responsibility across stakeholders.
- Citizens must be equipped with digital literacy to recognise risks and engage safely online.
- Platforms must adopt proportionate accountability, including transparent policies and timely compliance with lawful directions.
- Content creators must operate within basic ethical standards, particularly when dealing with public information.
- Enforcement agencies require investment in cyber forensics, specialised capabilities, and faster judicial mechanisms.
- The State must ensure that regulation remains enabling, transparent, and accountable.
This whole ecosystem approach is essential for sustainable digital growth.
Freedom With Accountability
The debate on digital regulation is often framed as a choice between freedom and control. In reality, the choice is between governed digital growth and unregulated digital vulnerability. When citizens lose savings to fraud, face reputational harm through deepfakes, or are exposed to coordinated misinformation, the absence of regulation does not protect freedom. It undermines it.
India’s digital success has created both an opportunity and obligation.
The next phase must focus on building trust. Through laws that are fair, enforceable, and forward looking. Stronger IT laws, designed with safeguards and implemented transparently, are not constraints on innovation. They are the foundation of a secure, sovereign, and globally credible digital economy. India did not build one of the world’s largest digital ecosystems to leave it weakly governed.
In a digital republic, accountability is not a constraint on freedom. It is what makes freedom sustainable.
(The author is Lt. General (Retd.) and former National Cyber Security Coordinator (NCSC); Views expressed are personal)
