Cyber Law

Articles Cyber Law

Surveillance Technology and Privacy: Legal Framework for Spyware Deployment, Pegasus Fallout, and the Absence of a Wiretapping Reform

Introduction The Pegasus spyware controversy of 2021 exposed, with unusual clarity, the structural inadequacies of India’s surveillance oversight framework. When the Forbidden Stories consortium and Amnesty International’s Security Lab published

Articles Cyber Law

Vulnerability Disclosure Policies and Bug Bounty Programs: Legal Protections for Ethical Hackers Under Indian Law

Introduction Security research is a public good. The identification and disclosure of software vulnerabilities before malicious actors exploit them protects individuals, organisations, and governments from harm. Ethical hackers, penetration testers,

Articles Cyber Law

Phishing, Vishing, and the Bank Liability Question: Apportioning Loss Between Financial Institutions and Individual Victims

Introduction The proliferation of digital financial services in India has been one of the defining economic achievements of the past decade. The Unified Payments Interface, launched in 2016, processed over

Articles Cyber Law

Social Media Intermediary Liability After IT Rules 2021: Where Grievance Redressal Mechanisms Have Succeeded and Failed

Introduction The regulation of social media intermediaries has been one of the most contentious legal developments in Indian cyberlaw in the present decade. The Information Technology (Intermediary Guidelines and Digital

Articles Cyber Law

Ransomware Attacks and Legal Responsibility: Victim Liability, Insurance Disputes, and Cross-Border Attribution Challenges

Introduction Ransomware has emerged as the defining cybercrime challenge of the 2020s. Unlike earlier forms of cybercrime that targeted individual financial accounts or stole data for immediate monetisation, ransomware attacks

Articles Cyber Law

Cybersecurity Obligations for Critical Information Infrastructure: CERT-In Directions, Incident Reporting, and Sector-Specific Compliance Gaps

Introduction The governance of cybersecurity for critical information infrastructure (CII) sits at the uncomfortable intersection of national security imperatives, regulatory fragmentation, operational feasibility, and fundamental rights. India’s approach to this

Articles Cyber Law

The Digital Personal Data Protection Act 2023: Consent Frameworks, Deemed Consent, and the Architecture of Data Fiduciary Obligations

Introduction The Digital Personal Data Protection Act, 2023 (DPDP Act) represents India’s most consequential legislative intervention in data governance since the Information Technology Act of 2000. Receiving Presidential assent on