#FactCheck - Viral Video Falsely Linked to India; Actually from Bangladesh

Executive Summary

‍

A photo allegedly showing injuries to Seema Haider has been widely circulated on social media. Users are claiming that her husband Sachin Meena assaulted her. However, a fact-check by CyberPeace Research Wing  has found the claim to be false. The research reveals that the viral image is AI-generated and is being shared with a misleading narrative.

‍

Claim

‍

On X (formerly Twitter), a user shared the image on May 14, 2026, claiming that Sachin Meena assaulted Seema Haider.

• https://x.com/AarunKosli/status/2054873311612752053 
• https://archive.ph/N5IRl 

‍

‍

‍

Fact Check

‍

A keyword-based search on Google did not return any credible media reports supporting the viral claim.

‍

A closer visual examination of the image raised suspicions of AI generation. The image was first analysed using the AI detection tool Hive Moderation, which indicated a 99% probability that the image is AI-generated.

‍

‍

Further analysis using another AI detection tool, Sightengine, also produced similar results, confirming a 99% likelihood that the image was generated using AI tools.

‍

Conclusion

‍

The viral image is AI-generated and misleading. The claim that Sachin Meena assaulted Seema Haider is false and has no factual basis.

‍

Introduction

‍

In today's era, where the threat from the digital world is growing rapidly, good developments in the war against cybercrimes cannot be ignored when they do happen. The state, which was notorious for being one of the most notorious criminal states in the country concerning digital crimes, has brought about remarkable changes in the law and order situation in the country in the last few years. According to the most recent data released by the Union Ministry of Home Affairs, Assam recorded only 408 cybercrimes in the year 2024, while the figure for the previous year was 909, which means a decline of over 55% in one year. But what is even more notable about the feat is the fact that, on the other hand, the country as a whole witnessed a rise of nearly 18% in the cybercrimes recorded. 

‍

 Assam's Cybercrime Journey

‍

To understand where Assam is today can only achieve this by understanding how far it has come. In 2021, it was ranked the 5^th highest state or union territory in India in the realm of cybercrime, with a staggering number of 4846 cases. The state kept the worrisome numbers continuing in the year 2022, as it ranked 9^th with 1,733 cases before sliding down to 13^th place in 2023 with 909 cases. However, the steep fall to a minuscule 408 cases in 2024 is an amazing narrative of how a state managed to completely eradicate the cybercrime infrastructure.

This is not a mere coincidence in statistics. This has proved to be a sustained, systematic operation by the law-enforcing agencies. Police sources say the decline is the result of consistent law enforcement action against cybercrime networks and the positive effect of awareness campaigns. Assam recorded 360 arrests under cybercrime-related offences and charge-sheeted 285 in the year 2024.

‍

The National Picture: A Troubling Contrast
‍

While the case of Assam is inspiring, the numbers on a pan-Indian level look bleak. India saw as many as 101,928 cybercrimes registered on its soil in the year 2024; a sharp rise from 2023, when 86,420 incidents had been reported. And it's not just in the number of cases that have seen an alarming rise; the economic implications are equally devastating. As many as 19.18 lakh complaints were lodged on the National Cyber Crime Reporting Portal in 2024. These complaints were an outcome of the financial losses to the tune of almost Rs 22,811.95 crore, according to a statement by the Home Ministry.

In 2024, the states that stood out at the top were Telangana (27,230), Karnataka (21,993), Uttar Pradesh (11,073), Maharashtra (9,922), and Bihar (6,380), among others. This clearly goes on to prove how the occurrences of cybercrime are not uniform across all states in the country due to various local and state-specific factors like the enforcement provided by state police forces, literacy levels of the general public, and the range of awareness campaigns carried out.

Even within Assam, the trend is not uniform, as almost every other Northeastern state has recorded a rise in cybercrimes this year, the figures being Arunachal Pradesh 24 to 78, Mizoram 31 to 50, Meghalaya 64 to 97, and Nagaland 2 to 14. It is only Tripura that saw a dip in reported cybercrimes, from 36 to 33. Considering these statistics, it becomes even more crucial to study and emulate Assam's success.
‍

The Drivers and Disrupters of Cybercrime
‍

It is in understanding how cybercrimes in Assam are committed that one might derive how these should be combatted. Of the 408 cases registered so far in 2024, 253 were registered for transmitting, or publishing, electronically, any obscene or sexually explicit material, and 115 cases were under computer-related offences. As for motive, they vary widely; 121 cases were registered out of revenge, 55 for fraud, 43 for extortion, and 42 for sexual exploitation. Sadly, out of 408 crimes reported so far in 2024, 196 victims are women, and 20 are children; in essence, the real impact is on society's most vulnerable.

This is a useful categorisation for the policymakers. It would not be beneficial if it were an all-encompassing strategy against cybercrimes when the motives and mechanisms behind them differ so widely. Customised campaigns educating women on cyberbullying, educating children on online security, and cautioning the public against online fraudulent schemes would be much more effective than general advice.

 On the national front, significant investments have been made by the central government for developing cybercrime-fighting infrastructure. Since the I4C was established in 2018, the launch of NCRP in 2019 provides a reporting and coordination framework against cybercrimes, and it is reported that over 5,489 crore have been saved by freezing illegal transactions, stemming from over 17.88 lakh complaints, through these platforms. Over 9.42 lakh SIM cards and 263,248 International Mobile Equipment Identities (IMEI) numbers have been blocked due to involvement in cybercrime.
‍

The Role of Awareness and Enforcement
‍

The biggest, and perhaps most transferable, lesson learned from Assam is the importance of both enforcement and awareness. Alone, neither proves useful: an enforcement operation without public knowledge leaves the public at risk for the next offence, while a purely informational approach gives criminals the license to proceed. Assam seems to have a more pragmatic approach; at least the statistics support this notion.

As the most persistent weakness, cyber hygiene is still a critical issue for India's cybersecurity. The core problem is the limited public knowledge on the importance of safer online practices, and it has been one of the primary hurdles to reducing crimes online; in instances where crimes were committed and reported, insufficient processes and infrastructure remained challenges in their investigation. Therefore, institutional investment in resources such as local police cyber cells and national coordinating agencies is an integral component to overcoming these challenges.z

‍

Conclusion
‍

By decreasing the rate of cybercrime in Assam by 55%, the successful combination of vigorous prosecution, constant pressure to uphold the law, and thorough public awareness campaigns has demonstrated a viable solution to ever-increasing online threats throughout India. Assam presents an attainable blueprint to diminish cybercrime, although the criminals of this evolving landscape cannot be constrained by individual state borders. To successfully achieve an e-economy that thrives on security and trust, India must adapt and expand the same law enforcement and awareness campaign strategies.

‍

References
‍

1. https://assamtribune.com/assam/assam-records-over-55-decline-in-cyber-crime-cases-in-2024-mha-1611895
   
   
2. https://ddnews.gov.in/en/cybercrime-complaints-cross-19-lakh-in-2024-97-drop-in-spoofed-calls-post-new-measures/
   
   
3. https://www.medianama.com/2025/08/223-india-cybercrime-500-percent-increase-2021-2024/
   
   
4. https://statista.com/topics/5054/cyber-crime-in-india‍
5. https://i4c.mha.gov.in
   

Modern international trade heavily relies on data transfers for the exchange of digital goods and services. User data travels across multiple jurisdictions and legal regimes, each with different rules for processing it. Since international treaties and standards for data protection are inadequate, states, in an effort to protect their citizens' data, have begun extending their domestic privacy laws beyond their borders. However, this opens a Pandora's box of legal and administrative complexities for both, the data protection authorities and data processors. The former must balance the harmonization of domestic data protection laws with their extraterritorial enforcement, without overreaching into the sovereignty of other states. The latter must comply with the data privacy laws in all states where it collects, stores, and processes data. While the international legal community continues to grapple with these challenges, India can draw valuable lessons to refine the Digital Personal Data Protection Act, 2023 (DPDP) in a way that effectively addresses these complexities.

Why Extraterritorial Application? 

Since data moves freely across borders and entities collecting such data from users in multiple states can misuse it or use it to gain an unfair competitive advantage in local markets, data privacy laws carry a clause on their extraterritorial application. Thus, this principle is utilized by states to frame laws that can ensure comprehensive data protection for their citizens, irrespective of the data’s location.  The foremost example of this is the European Union’s (EU) General Data Protection Regulation (GDPR), 2016,  which applies to any entity that processes the personal data of its citizens, regardless of its location. Recently, India has enacted the DPDP Act of 2023, which includes a clause on extraterritorial application.

The Extraterritorial Approach: GDPR and DPDP Act

The GDPR is considered the toughest data privacy law in the world and sets a global standard in data protection. According to Article 3, its provisions apply not only to data processors within the EU but also to those established outside its territory, if they offer goods and services to and conduct behavioural monitoring of data subjects within the EU. The enforcement of this regulation relies on heavy penalties for non-compliance in the form of fines up to €20 million or 4% of the company’s global turnover, whichever is higher, in case of severe violations. As a result, corporations based in the USA, like Meta and Clearview AI, have been fined over  €1.5 billion and €5.5 million respectively, under the GDPR. 

Like the GDPR, the DPDP Act extends its jurisdiction to foreign companies dealing with personal data of data principles within Indian territory under section 3(b). It has a similar extraterritorial reach and prescribes a penalty of up to Rs 250 crores in case of breaches. However, the Act or DPDP Rules, 2025, which are currently under deliberation, do not elaborate on an enforcement mechanism through which foreign companies can be held accountable. 

Lessons for India’s DPDP on Managing Extraterritorial Application 

1. Clarity in Definitions: GDPR clearly defines ‘personal data’, covering direct information such as name and identification number,  indirect identifiers like location data, and, online identifiers that can be used to identify the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person. It also prohibits revealing special categories of personal data like religious beliefs and biometric data to protect the fundamental rights and freedoms of the subjects. On the other hand, the DPDP Act/ Rules define ‘personal data’ vaguely, leaving a broad scope for Big Tech and ad-tech firms to bypass obligations. 
2. International Cooperation: Compliance is complex for companies due to varying data protection laws in different countries. The success of regulatory measures in such a scenario depends on international cooperation for governing cross-border data flows and enforcement. For DPDP to be effective, India will have to foster cooperation frameworks with other nations. 
3. Adequate Safeguards for Data Transfers: The GDPR regulates data transfers outside the EU via pre-approved legal mechanisms such as standard contractual clauses or binding corporate rules to ensure that the same level of protection applies to EU citizens’ data even when it is processed outside the EU. The DPDP should adopt similar safeguards to ensure that Indian citizens’ data is protected when processed abroad.
4. Revised Penalty Structure: The GDPR mandates a penalty structure that must be effective, proportionate, and dissuasive. The supervisory authority in each member state has the power to impose administrative fines as per these principles, up to an upper limit set by the GDPR. On the other hand, the DPDP’s penalty structure is simplistic and will disproportionately impact smaller businesses. It must take into regard factors such as nature, gravity, and duration of the infringement, its consequences, compliance measures taken, etc.
5. Governance Structure: The GDPR envisages a multi-tiered governance structure comprising of   

• National-level Data Protection Authorities (DPAs) for enforcing national data protection laws and the GDPR, 
• European Data Protection Supervisor (EDPS) for monitoring the processing of personal data by EU institutions and bodies,  
• European Commission (EC) for developing GDPR legislation
• European Data Protection Board (EDPB) for enabling coordination between the EC, EDPS, and DPAs

In contrast, the Data Protection Board (DPB) under DPDP will be a single, centralized body overseeing compliance and enforcement. Since its members are to be appointed by the Central Government, it raises questions about the Board’s autonomy and ability to apply regulations consistently. Further, its investigative and enforcement capabilities are not well defined.

Conclusion 

The protection of the human right to privacy ( under the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights) in today’s increasingly interconnected digital economy warrants international standard-setting on cross-border data protection. In the meantime, States relying on the extraterritorial application of domestic laws is unavoidable. While India’s DPDP takes measures towards this, they must be refined to ensure clarity regarding implementation mechanisms. They should push for alignment with data protection laws of other States, and account for the complexity of enforcement in cases involving extraterritorial jurisdiction. As India sets out to position itself as a global digital leader, a well-crafted extraterritorial framework under the DPDP Act will be essential to promote international trust in India’s data governance regime.

Sources

• https://gdpr-info.eu/art-83-gdpr/ 
• https://gdpr-info.eu/recitals/no-150/ 
• https://gdpr-info.eu/recitals/no-51/ 
• https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf 
• https://www.eqs.com/compliance-blog/biggest-gdpr-fines/#:~:text=ease%20the%20burden.-,At%20a%20glance,In%20summary 
• https://gdpr-info.eu/art-3-gdpr/ 
• https://www.legal500.com/developments/thought-leadership/gdpr-v-indias-dpdpa-key-differences-and-compliance-implications/#:~:text=Both%20laws%20cover%20'personal%20data,of%20personal%20data%20as%20sensitive. 

‍