Centre Proposes New Bills for Criminal Law

Introduction 

Governments worldwide are enacting cybersecurity laws to enhance resilience and secure cyberspace against growing threats like data breaches, cyber espionage,  and state-sponsored attacks in the digital landscape. As a response, the EU Council has been working on adopting new laws and regulations under its EU Cybersecurity Package- a framework to enhance cybersecurity capacities across the EU to protect critical infrastructure, businesses, and citizens. Recently, the Cyber Solidarity Act was adopted by the Council, which aims to improve coordination among EU member states for increased cyber resilience. Since regulations in the EU play a significant role in shaping the global regulatory environment, it is important to keep an eye on such developments.

Overview of the Cyber Solidarity Act 

The Act sets up a European Cyber Security Alert System consisting of Cross-Border Cyber Hubs across Europe to collect intelligence and act on cyber threats by leveraging emerging technology such as Artificial Intelligence (AI) and advanced data analytics to share warnings on cyber threats with other cyber data centres across the national borders of the EU. This is expected to assist authorities in responding to cyber threats and incidents more quickly and effectively. 

Further, it provides for the creation of a new Cybersecurity Emergency Mechanism to enhance incident response systems in the EU.  This will include testing the vulnerabilities in critical sectors like transport, energy, healthcare, finance, etc., and creating a reserve of private parties to provide mutual technical assistance for incident response requests from EU member-states or associated third countries of the Digital Europe Programme in case of a large-scale incident.  

Finally, it also provides for the establishment of a European Cybersecurity Incident Review Mechanism to monitor the impact of the measures under this law. 

Key Themes

1. Greater Integration: The success of this Act depends on the quality of cooperation and interoperability between various governmental stakeholders across defence, diplomacy, etc. with regard to data formats, taxonomy, data handling and data analytics tools. For example, Cross-Border Cyber Hubs are mandated to take the interoperability guidelines set by the European Union Agency for Cybersecurity (ENISA) as a starting point for information-sharing principles with each other.  
2. Public-Private Collaboration: The Act provides a framework to govern relationships between stakeholders such as the public sector, the private sector, academia, civil society and the media, identifying that public-private collaboration is crucial for strengthing EUs cyber resilience. In this regard, National Cyber Hubs are proposed to carry out the strengthening of information sharing between public and private entities.  
3. Centralized Regulation: The Act aims to strengthen all of the EU's cyber solidarity by outlining dedicated infrastructure for improved coordination and intelligence-sharing regarding cyber events among member states. Equal matching contribution for procuring the tools, infrastructure and services is to be made by each selected member state and the European Cybersecurity Competence Centre, a body tasked with funding cybersecurity projects in the EU. 
4. Setting a Global Standard: The underlying rationale behind strengthening cybersecurity in the EU is not just to protect EU citizens from cyber-threats to their fundamental rights but also to drive norms for world-class standards for cybersecurity for essential and critical services, an initiative several countries rely on.

Conclusion

In the current digital landscape, governments, businesses, critical sectors and people are increasingly interconnected through information and network connection systems and are using emerging technologies like AI, exposing them to multidimensional vulnerabilities in cyberspace. The EU in this regard continues to be a leader in setting standards for the safety of participants in the digital arena through regulations regarding cybersecurity. The Cyber Solidarity Act’s design including cross-border cooperation, public-private collaboration, and proactive incident-monitoring and response sets a precedent for a unified approach to cybersecurity. As the EU’s Cybersecurity Package continues to evolve, it will play a crucial role in ensuring a secure and resilient digital future for all. 

Sources

• https://www.consilium.europa.eu/en/press/press-releases/2024/12/02/cybersecurity-package-council-adopts-new-laws-to-strengthen-cybersecurity-capacities-in-the-eu/ 
• https://data.consilium.europa.eu/doc/document/PE-94-2024-INIT/en/pdf 
• https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy 
• https://www.weforum.org/stories/2024/10/cybersecurity-regulation-changes-nis2-eu-2024/

Introduction

The role of ‘Small and Medium Enterprises’ (SMEs) in the economic and social development of the country is well established. The SME sector is often driven by individual creativity and innovation. With its contribution at  8% of the country’s GDP, and 45% of the manufactured output and 40% of its exports, SMEs provide employment to about 60 million persons through over 26 million enterprises producing over six thousand products. 

It would be an understatement to say that the SMEs sector in India is highly heterogeneous in terms of the size of the enterprises, variety of products and services produced and the levels of technology employed. With the SME sector booming across the country, these enterprises are contributing significantly to local, state, regional and national growth and feeding into India’s objectives of inclusive, sustainable development. 

As the digital economy expands, SMEs cannot be left behind and must integrate online to be able to grow and prosper. This development is not without its risks and cybersecurity concerns and digital threats like misinformation are fast becoming a pressing pain point for the SME sector. The unique challenge posed to SMEs by cyber threats is that while the negative consequences of digital risks are just as damaging for the SMEs as they are for larger industries, the former’s ability to counter these threats is not at par with the latter, owing to the limited nature of resources at their disposal. The rapid development of emerging technologies like artificial intelligence makes it easier for malicious actors to develop bots, deepfakes, or other forms of manipulated content that can steer customers away from small businesses and the consequences can be devastating. 

Misinformation is the sharing of inaccurate and misleading information, and the act can be both deliberate and unintentional. Malicious actors can use fake reviews, rumours, or false images to promote negative content or create backlash against a business’ brand and reputation. For a fledgling or growing enterprise, its credibility is a critical asset and any threat to the same is as much a cause for concern as any other operational hindrance. 

Relationship Building to Counter Misinformation

We live in a world that is dominated by brands. A brand should ideally inspire trust. It is the single most powerful and unifying characteristic that embodies an organisation's culture and values and once well-established, can create incremental value. Businesses report industry rumours where misinformation resulted in the devaluation of a product, sowing mistrust among customers, and negatively impacting the companies’ revenue. Mitigating strategies to counter these digital downsides can include implementing greater due diligence and basic cyber hygiene practices, like two-factor or multi-factor authentication, as well as open communication of one’s experiences in the larger professional and business networks. 

The loss of customer trust can be fatal for a business, and for an SME, the access to the scale of digital and other resources required to restore reputations may simply not be a feasible option. Creating your brand story is not just the selling pitch you give to customers and investors, but is also about larger qualitative factors such as your own motivation for starting the enterprise or the emotional connection your audience base enjoys with your organisation. The brand story is a mosaic of multiple tangible and intangible elements that all come together to determine how the brand is perceived by its various stakeholders. Building a compelling and fortified brand story which resonates deeply with people is an important step in developing a robust reputation. It can help innoculate against several degrees of misinformation and malicious attempts and ensure that customers continue to place their faith in the brand despite attempts to hurt this dynamic.

Engaging with the target audience, ie, the customer base is part of an effective marketing tool and misinformation inoculation strategy. SMEs should also continuously assess their strategies, adapt to market changes, and remain agile in their approach to stay competitive and relevant in today's dynamic business environment. These strategies will lead to greater customer engagement through the means of feedback, reviews and surveys which help in building trust and loyalty. Innovative and dynamic customer service engages the target audience and helps in staying in the competition and being relevant.

Crisis Management and Response

Having a crisis management strategy is an important practice for all SMEs and should be mandated for better policy implementation. Businesses need greater due diligence and basic cyber hygiene practices, like two-factor authentication, essential compliances, strong password protocols, transparent disclosure, etc. 

The following steps should form part of a crisis management and response strategy:

• Assessing the damage by identifying the misinformation spread and its impact is the first step.  
• Issuing a response in the form of a public statement by engaging the media should precede legal action. 
• Two levels of communication need to take place in response to a misinformation attack. The first tier is internal, to the employees and it should clarify the implications of the incident and the organisation’s response plan. The other is aimed at customers via direct outreach to clarify the situation and provide accurate information in regard to the matter.  If required the employees can be provided training related to the handling of the customer enquiries regarding the misinformation.
• The digital engagement of the enterprise should be promptly updated and social media platforms and online communications must address the issue and provide clarity and factual information. 
• Immediate action must include a plan to rebuild reputations and trust by ensuring customers of the high quality of products and services. The management should seek customer feedback and show commitment to improving processes and transparency. Sharing positive testimonials and stories of satisfied customers can also help at this stage. 
• Engaging with the community and collaborating with organisations is also an important part of crisis management.

While these steps are for rebuilding and crisis management, further steps also need to be taken:

• Monitoring customer sentiment and gauging the effectiveness of the efforts taken is also necessary. And if required, strategic adjustments can be made in response to the evolving circumstances. 
• Depending on the severity of the impact, management may choose to engage the professional help of PR consultants and crisis management experts to develop comprehensive recovery plans and help navigate the situation.
• A long-term strategy which focuses on building resilience against future attacks is important. Along with this, engaging in transparency and proactive communication with stakeholders is a must.

Legal and Ethical Considerations

SMEs administrators must prioritise ethical market practices and appreciate that SMEs are subject to laws which deal with defamation, intellectual property rights- trademark and copyright infringement in particular, data protection and privacy laws and consumer protection laws. Having the knowledge of these laws and ensuring that there is no infringement upon the rights of other enterprises or their consumers is integral in order to continue engaging in business legally. 

Ethical and transparent business conduct includes clear and honest communication and proactive public redressal mechanisms in the event of misinformation or mistakes. These efforts go a long way towards building trust and accountability. 

Proactive public engagement is an important step in building relationships. SMEs can engage with the community where they conduct their business through outreach programs and social media engagement. Efforts to counter misinformation through public education campaigns that alert customers and other stakeholders about misinformation serve the dual purpose of countering misinformation and creating deep community ties. SME administrators should monitor content and developments in their markets and sectors to ensure that their marketing practices are ethical and not creating or spreading misinformation, be it in the form of active sensationalising of existing content or passive dissemination of misinformation created by others. Fact-checking tools and expert consultations can help address and prevent a myriad of problems and should be incorporated into everyday operations.

Conclusion

Developing strong cybersecurity protocols, practising basic digital hygiene and ensuring regulatory compliances are crucial to ensure that a business not only survives but also thrives. Therefore, a crisis management plan and trust-building along with ethical business and legal practices go a long way in ensuring the future of SMEs.  In today's digital landscape, misinformation is pervasive, and trust has become a cornerstone of successful business operations. It is the bedrock of a resilient and successful SME. By implementing and continuously improving trust-building efforts, businesses can not only navigate the challenges of misinformation but also create lasting value for their customers and stakeholders. Prioritising trust ensures long-term growth and sustainability in an ever-evolving digital landscape.

References 

• https://SME.gov.in/sites/default/files/SME-Strategic-Action-Plan.pdf 
• https://carnegieendowment.org/research/2024/01/countering-disinformation-effectively-an-evidence-based-policy-guide?lang=en 
• https://dcSME.gov.in/Report%20of%20Expert%20Committee%20on%20SMEs%20-%20The%20U%20K%20Sinha%20Committee%20constitutes%20by%20RBI.pdf 

‍

AI systems have grown in both popularity and complexity on which they operate. They are enhancing accessibility for all, including people with disabilities, by revolutionising sectors including healthcare, education, and public services.  We are at the stage where AI-powered solutions that can help people with mental, physical, visual or hearing impairments perform everyday and complex tasks are being created. 

Generative AI is now being used to amplify human capability. The development of tools for speech-to-text and image recognition is helping in facilitating communication and interaction for visually or hearing-impaired individuals, and smart prosthetics are providing tailored support. Unfortunately, even with these developments, PWDs have continued to face challenges. Therefore, it is important to balance innovation with ethical considerations aand ensuring that these technologies are designed with qualities like privacy, equity, and inclusivity in mind. 

Access to Tech: the Barriers Faced by PWDs 

PWDs face several barriers while accessing technology. Identifying these challenges is important as they lack computer accessibility, in the use of hardware and software, which has become a norm in life nowadays. Website functions that only work when users click with a mouse, self-service kiosks without accessibility features, touch screens without screen reader software or tactile keyboards, and out-of-order equipment, such as lifts, captioning mirrors and description headsets, are just some difficulties that they face in their day-to-day life.

While they are helpful, much of the current technology doesn’t fully address all disabilities. For example, many assistive devices focus on visual or mobility impairments, but they fall short of addressing cognitive or sensory conditions. In addition to this, these solutions often lack personalisation, making them less effective for individuals with diverse needs. AI has significant potential to bridge this gap. With adaptive systems like voice assistants, real-time translation, and personalised features, AI can create more inclusive solutions, improving access to both digital and physical spaces for everyone.

The Importance of Inclusive AI Design

Creating an Inclusive AI design is important. It ensures that PWDs are not excluded from technological advancements because of the impairments that they are suffering from. The concept of an ‘inclusive or universal’ design promotes creating products and services that are usable for the widest possible range of people.  Tech Developers have an ethical responsibility to create advancements in AI that serve everyone. Accessibility features should be built into the core design. They should be treated as a practice rather than an afterthought. However, bias in AI development often stems from data of a non-representative nature, or assumptions can lead to systems that overlook or poorly serve PWDs. If AI algorithms are trained on limited or biased data, they risk excluding marginalised groups, making ethical, inclusive design a necessity for equity and accessibility.

Regulatory Efforts to Ensure Accessible AI

In India, the Rights of Persons with Disabilities Act of 2016 impresses upon the need to provide PWDs with equal accessibility to technology. Subsequently, the DPDP Act of 2023 highlights data privacy concerns for the disabled under section 9 to process their data. 

On the international level, the newly incorporated EU’s AI Act mandates measures for transparent, safe, and fair access to AI systems along with including measures that are related to accessibility. 

In the US, the Americans with Disabilities Act of 1990 and Section 508 of the 1998 amendment to the Rehabilitation Act of 1973 are the primary legislations that work on promoting digital accessibility in public services.

Challenges in implementing Regulations for AI Accessibility for PWDs

Defining the term ‘inclusive AI’ is a challenge. When working on implementing regulations and compliance for the accessibility of AI, if the primary work is left undefined, it makes the task of creating tools to address the issue an issue. The rapid pace of tech and AI development has more often outpaced legal frameworks in development. This leads to the creation of enforcement gaps. Countries like Canada and tech industry giants like Microsoft and Google are leading forces behind creating accessible AI innovations. Their regulatory frameworks focus on developing AI ethics with inclusivity and collaboration with disability rights groups. 

India’s efforts in creating an inclusive AI include the redesign of the Sugamya Bharat app. The app had been created to assist PWDs and the elderly.  It will now be incorporating AI features specifically to assist the intended users. 

Though AI development has opportunities for inclusivity, unregulated development can be risky.  Regulation plays a critical role in ensuring that AI-driven solutions prioritise inclusivity, fairness, and accessibility, harnessing AI’s potential to empower PWDs and contribute to a more inclusive society.

Conclusion

AI development can offer PWDs unprecedented independence and accessibility in leading their lives. The development of AI while keeping inclusivity and fairness in mind is needed to be prioritised. AI that is free from bias, combined with robust regulatory frameworks, together are essential in ensuring that AI serves equitably. Collaborations between tech developers, policymakers, and disability advocates need to be supported and promoted to build AI systems. This will in turn work towards bridging the accessibility gaps for PWDs. As AI continues to evolve, maintaining a steadfast commitment to inclusivity will be crucial in preventing marginalisation and advancing true technological progress for all.

References

• https://www.business-standard.com/india-news/over-1-4k-accessibility-related-complaints-filed-on-govt-app-75-solved-124090800118_1.html 
• https://www.forbes.com/councils/forbesbusinesscouncil/2023/06/16/empowering-individuals-with-disabilities-through-ai-technology/ .
• https://hbr.org/2023/08/designing-generative-ai-to-work-for-people-with-disabilities ‍
• Thehttps://blogs.microsoft.com/on-the-issues/2018/05/07/using-ai-to-empower-people-with-disabilities/andensur,personalization