#FactCheck-A manipulated image showing Indian cricketer Virat Kohli allegedly watching Rahul Gandhi's media briefing on his mobile phone has been widely shared online.

Introduction

‍

In the hyperconnected world, cyber incidents can no longer be treated as sporadic disruptions; such incidents have become an everyday occurrence. The attack landscape today is very consequential and shows significant multiplication in its frequency, with ransomware attacks incapacitating a health system, phishing attacks hitting a financial institution, or state-sponsored attacks on critical infrastructures. Towards counteracting such threats, traditional ways alone are not enough, they gravely rely on manual research and human intellect. Attackers exercise speed, scale, and stealth, and defenders are always four steps behind. With such a widening gap, it is deemed necessary to facilitate incident response and crisis management with the intervention of automation and artificial intelligence (AI) for faster detection, context-driven decision-making, and collaborative response beyond human capabilities.

‍

Incident Response and Crisis Management

‍

Incident response is the structured way in which organisations deal with responding to detecting, segregating, and recovering from security incidents. Crisis management takes this even further, dealing not only with the technical fallout of a breach but also its business, reputation, and regulatory implications. Echelon used to depend on manual teams of people sorting through logs, cross-correlating alarms, and generating responses, a paradigm effective for small numbers but quickly inadequate in today's threat climate. Today's opponents attack at machine speed, employing automation to launch attacks. Under such circumstances, responding with slow, manual methods means delay and draconian consequences. The AI and automation introduction is a paradigm change that allows organisations to equate the pace and precision with which attackers initiate attacks in responding to incidents.

‍

How Automation Reinvents Response

‍

Cybercrime automation liberates cybercrime analysts from boring and repetitive tasks that consume time. An analyst manually detects potential threats from a list of hundreds each day, while automated systems sift through noise and focus only on genuine threats. Malware can automatically cause infected computers to be disconnected from the network to avoid spreading or may automatically have its suspicious account permissions removed without human intervention. The security orchestration systems move further by introducing playbooks, predefined steps describing how incidents of a certain type (e.g., phishing attempts or malware infections) should be handled. This ensures fast containment while ensuring consistency and minimising human error amid the urgency of dealing with thousands of alerts.

Automation takes care of threat detection, prioritisation, and containment, allowing human analysts to refocus on more complex decision-making. Instead of drowning in the sea of trivial alerts, security teams can now devote their efforts to more strategic areas: threat hunting and longer-term resilience. Automation is a strong tool of defence, cutting response times down from hours to minutes.

‍

The Intelligence Layer: AI in Action

‍

If automation provides speed, then AI is what allows the brain to be intelligent and flexible. Working with old and fixed-rule systems, AI-enabled solutions learn from experiences, adapt to changes in threats, and discover hidden patterns of which human analysts themselves would be unaware. For instance, machine learning algorithms identify normal behaviour on a corporate network and raise alerts on any anomalies that could indicate an insider attack or an advanced persistent threat. Similarly, AI systems sift through global threat intelligence to predict likely attack vectors so organisations can have their vulnerabilities fixed before they are exploited.

AI also boosts forensic analysis. Instead of searching forever for clues, analysts let AI-driven systems trace back to the origin of an event, identify vulnerabilities exploited by attackers, and flag systems that are still under attack. During a crisis, AI is a decision support that predicts outcomes of different scenarios and recommends the best response. In response to a ransomware attack, for example, based on context, AI might advise separating a single network segment or restoring from backup or alerting law enforcement. 

‍

Real-World Applications and Case Studies

‍

Already, this mitigation has been provided in the form of real-world applications of automation and AI. Consider, for example, IBM Watson for Cybersecurity, which has been applied in analysing unstructured threat intelligence and providing analysts with actionable results in minutes, rather than days. Like this, systems driven by AI in DARPA's Cyber Grand Challenge demonstrated the ability to automatically identify an instant vulnerability, patch it, and reveal the potential of a self-healing system. AI-powered fraud detection systems stop suspicious transactions in the middle of their execution and work all night to prevent losses. What is common in all these examples is that automation and AI lessen human effort, increase accuracy, and in the event of a cyberattack, buy precious time.

‍

Challenges and Limitations

‍

While promising, the technology is still not fully mature. The quality of an AI system is highly dependent on the training data provided; poor training can generate false positives that drown teams or worse false negatives that allow attackers to proceed unabated. Attackers have also started targeting AI itself by poisoning datasets or designing malware that does not get detected. Aside from risks that are more technical, the operational and financial costs involved in implementing advanced AI-based systems present expensive threats to any company. Organisations will have to make expenditures not only on technology but also for the training of staff to best utilise these tools. There are some ethical and privacy issues to consider as well because systems may be processing sensitive personal data, so global data protection laws such as the GDPR or India's DPDP Act could come into conflict.

‍

Creating a Human-AI Collaboration

‍

The future is not going to be one of substitution by machines but of creating human-AI synergy. Automation can do the drudgery, AI can provide smarts, and human professionals can use judgment, imagination, and ethical decisions. One would want to build AI-fuelled Security Operations Centres where technology and human experts work in tandem. Continuous training must be provided to AI models to reduce false alarms and make them most resistant against adversarial attacks. Regular conduct of crisis drills that combine AI tools and human teams can ensure preparedness for real-time events. Likewise, it is worth integrating ethical AI guidelines into security frameworks to ensure a stronger defence while respecting privacy and regulatory compliance.

‍

Conclusion

‍

Cyber-attacks are an eventuality in this modern time, but the actual impact need not be so harsh. The organisations can maintain the programmatic method of integrating automation and AI into incident response and crisis management so that the response against the very threat can be shifted from reactive firefighting to proactive resilience. Automation gives speed and efficiency while AI gives intelligence and foresight, hence putting the defenders on par and possibly exceeding the speed and sophistication of the attackers. But an utmost system without human inquisitiveness, ethical reasoning, and strategic foresight would remain imperfect. The best defence is in that human-machine relationship symbiotic system wherein automation and AI take care of how fast and how many cyber threats come in, whereas human intellect ensures that every response is aligned with larger organizational goals. This synergy is where cybersecurity resiliency will reside in the future-the defenders won't just be reacting to emergencies but will rather be driving the way.

‍

References

‍

• https://www.sisainfosec.com/blogs/incident-response-automation/
• https://stratpilot.ai/role-of-ai-in-crisis-management-and-its-critical-importance/
• https://www.juvare.com/integrating-artificial-intelligence-into-crisis-management/
• https://www.motadata.com/blog/role-of-automation-in-incident-management/

‍

Modern international trade heavily relies on data transfers for the exchange of digital goods and services. User data travels across multiple jurisdictions and legal regimes, each with different rules for processing it. Since international treaties and standards for data protection are inadequate, states, in an effort to protect their citizens' data, have begun extending their domestic privacy laws beyond their borders. However, this opens a Pandora's box of legal and administrative complexities for both, the data protection authorities and data processors. The former must balance the harmonization of domestic data protection laws with their extraterritorial enforcement, without overreaching into the sovereignty of other states. The latter must comply with the data privacy laws in all states where it collects, stores, and processes data. While the international legal community continues to grapple with these challenges, India can draw valuable lessons to refine the Digital Personal Data Protection Act, 2023 (DPDP) in a way that effectively addresses these complexities.

Why Extraterritorial Application? 

Since data moves freely across borders and entities collecting such data from users in multiple states can misuse it or use it to gain an unfair competitive advantage in local markets, data privacy laws carry a clause on their extraterritorial application. Thus, this principle is utilized by states to frame laws that can ensure comprehensive data protection for their citizens, irrespective of the data’s location.  The foremost example of this is the European Union’s (EU) General Data Protection Regulation (GDPR), 2016,  which applies to any entity that processes the personal data of its citizens, regardless of its location. Recently, India has enacted the DPDP Act of 2023, which includes a clause on extraterritorial application.

The Extraterritorial Approach: GDPR and DPDP Act

The GDPR is considered the toughest data privacy law in the world and sets a global standard in data protection. According to Article 3, its provisions apply not only to data processors within the EU but also to those established outside its territory, if they offer goods and services to and conduct behavioural monitoring of data subjects within the EU. The enforcement of this regulation relies on heavy penalties for non-compliance in the form of fines up to €20 million or 4% of the company’s global turnover, whichever is higher, in case of severe violations. As a result, corporations based in the USA, like Meta and Clearview AI, have been fined over  €1.5 billion and €5.5 million respectively, under the GDPR. 

Like the GDPR, the DPDP Act extends its jurisdiction to foreign companies dealing with personal data of data principles within Indian territory under section 3(b). It has a similar extraterritorial reach and prescribes a penalty of up to Rs 250 crores in case of breaches. However, the Act or DPDP Rules, 2025, which are currently under deliberation, do not elaborate on an enforcement mechanism through which foreign companies can be held accountable. 

Lessons for India’s DPDP on Managing Extraterritorial Application 

1. Clarity in Definitions: GDPR clearly defines ‘personal data’, covering direct information such as name and identification number,  indirect identifiers like location data, and, online identifiers that can be used to identify the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person. It also prohibits revealing special categories of personal data like religious beliefs and biometric data to protect the fundamental rights and freedoms of the subjects. On the other hand, the DPDP Act/ Rules define ‘personal data’ vaguely, leaving a broad scope for Big Tech and ad-tech firms to bypass obligations. 
2. International Cooperation: Compliance is complex for companies due to varying data protection laws in different countries. The success of regulatory measures in such a scenario depends on international cooperation for governing cross-border data flows and enforcement. For DPDP to be effective, India will have to foster cooperation frameworks with other nations. 
3. Adequate Safeguards for Data Transfers: The GDPR regulates data transfers outside the EU via pre-approved legal mechanisms such as standard contractual clauses or binding corporate rules to ensure that the same level of protection applies to EU citizens’ data even when it is processed outside the EU. The DPDP should adopt similar safeguards to ensure that Indian citizens’ data is protected when processed abroad.
4. Revised Penalty Structure: The GDPR mandates a penalty structure that must be effective, proportionate, and dissuasive. The supervisory authority in each member state has the power to impose administrative fines as per these principles, up to an upper limit set by the GDPR. On the other hand, the DPDP’s penalty structure is simplistic and will disproportionately impact smaller businesses. It must take into regard factors such as nature, gravity, and duration of the infringement, its consequences, compliance measures taken, etc.
5. Governance Structure: The GDPR envisages a multi-tiered governance structure comprising of   

• National-level Data Protection Authorities (DPAs) for enforcing national data protection laws and the GDPR, 
• European Data Protection Supervisor (EDPS) for monitoring the processing of personal data by EU institutions and bodies,  
• European Commission (EC) for developing GDPR legislation
• European Data Protection Board (EDPB) for enabling coordination between the EC, EDPS, and DPAs

In contrast, the Data Protection Board (DPB) under DPDP will be a single, centralized body overseeing compliance and enforcement. Since its members are to be appointed by the Central Government, it raises questions about the Board’s autonomy and ability to apply regulations consistently. Further, its investigative and enforcement capabilities are not well defined.

Conclusion 

The protection of the human right to privacy ( under the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights) in today’s increasingly interconnected digital economy warrants international standard-setting on cross-border data protection. In the meantime, States relying on the extraterritorial application of domestic laws is unavoidable. While India’s DPDP takes measures towards this, they must be refined to ensure clarity regarding implementation mechanisms. They should push for alignment with data protection laws of other States, and account for the complexity of enforcement in cases involving extraterritorial jurisdiction. As India sets out to position itself as a global digital leader, a well-crafted extraterritorial framework under the DPDP Act will be essential to promote international trust in India’s data governance regime.

Sources

• https://gdpr-info.eu/art-83-gdpr/ 
• https://gdpr-info.eu/recitals/no-150/ 
• https://gdpr-info.eu/recitals/no-51/ 
• https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf 
• https://www.eqs.com/compliance-blog/biggest-gdpr-fines/#:~:text=ease%20the%20burden.-,At%20a%20glance,In%20summary 
• https://gdpr-info.eu/art-3-gdpr/ 
• https://www.legal500.com/developments/thought-leadership/gdpr-v-indias-dpdpa-key-differences-and-compliance-implications/#:~:text=Both%20laws%20cover%20'personal%20data,of%20personal%20data%20as%20sensitive. 

‍

In recent months, conversations around the possible shortage of liquefied petroleum gas (LPG), a basic cooking fuel in Indian households, have quietly resurfaced across the country. From whispers in local markets to viral messages circulating on social media, concerns about LPG availability began to take hold in the public imagination. Though the immediacy of the situation has since faded, its echoes remain, reminding us how quickly uncertainty can spread. Like a ripple across still water, a single rumour can travel far, gathering force as it moves and blurring the line between perception and reality. 

Against this backdrop, in April 2026, reports began circulating about a potential LPG shortage. The Union Government moved quickly to counter what it identified as misinformation, emphasising that supply remained stable and urging citizens not to engage in panic buying.  A noticeable disconnect emerged between official communication and public perception. Across different regions, signs of anxiety-driven behaviour became evident. Instances of panic buying and hoarding increased, law enforcement agencies conducted raids to address such actions, and opportunistic thefts were reported, often exploiting widespread concern. These incidents highlight how misinformation, even when addressed promptly, can continue to shape public behaviour. 

It is worth noting that rising prices also played a role in shaping public response, as increases in LPG rates contributed to a sense of urgency among consumers. Therefore, the surge in panic buying cannot be attributed solely to misinformation, but rather to a combination of economic pressures and perceived scarcity.

‍

Misinformation Ecosystem - From Rumours to Behaviour
‍

The spread of misinformation is occurring at an unprecedented pace and is, in large part, driven by the viral nature of social media. Digital platforms not only enable the rapid dissemination of information but also allow it to be amplified in ways that would not be possible through traditional media outlets. Often, the drive for virality outweighs any concern for accuracy, meaning that many individuals who spread misinformation are motivated more by the pursuit of attention than by any ideological agenda. Recent arrests of individuals involved in spreading misinformation about LPG and petrol shortages, much of which went viral, suggest that misinformation today is frequently driven by the desire for visibility rather than ideological motives. The information being circulated has largely followed a similar pattern, focusing on fears of an LPG shortage, expectations of price increases, and concerns about supply disruptions. Even though this information has not been verified, it has triggered behavioural responses among individuals. In several areas, including parts of Uttar Pradesh and Goa, the spread of misinformation through social media has led to panic buying, despite official assurances that there would be sufficient LPG supply to meet demand. 

‍

The impact of panic buying, and its associated misinformation, has already been seen in multiple sectors; these increased demands have placed pressure on the distribution network, leading to disruptions in access, as well as being out of stock of certain products. In many cases, commercial users of products (especially restaurants) have experienced significant disruption, threatening their continued operations, and industry representatives have alerted others about the inconsistent supply of commercial cylinders; likewise, consumers (households) are beginning to switch to alternative products (e.g., induction cooking) as a reflection of the anticipatory mindset to address the uncertainty created through perceptions of Product Scarcity.
‍

‍

State Response: Managing Misinformation or Behaviour?
‍

‍

The government has taken a variety of approaches, from advisories and enforcement actions to communicating with citizens indirectly. For example, State Governments have been directed to combat misinformation, monitor supply chains and take action against hoarding and black market activity. There has been a significant increase in the level of large- scale enforcement activity, with over 3,700 raids carried out to crack down on hoarding and black marketing related to LPG, in addition to confiscating cylinders and issuing penalties to those who break the law. In addition, the authorities have also focused on maintaining regular communication with the public in order to reassure them about the supply of LPG and fuel stability.

‍

Geopolitical Context: Why Rumours Are Believable
‍

Understanding today’s panic requires an understanding of the global environment: i.e., due to the ongoing conflict in West Asia, the energy markets are unstable, and energy supply is uncertain not only in West Asia but across a large part of the world. Even if domestic supply remains stable, public perception is affected by global instability. A clear example of this can be seen in neighbouring countries to India; Pakistan has seen significant increases in the cost of fuel, implemented measures such as reducing the number of days individuals work each week, and has created public support mechanisms; Bangladesh has imposed restrictions on the use of energy, has shortened the number of hours individuals can operate businesses each day, and has restricted the total amount of energy used; Sri Lanka has begun to ration fuel, and to increase the price of petrol; and Nepal has reduced the numbers of days individuals may work each week, and has adjusted supply.

‍

All of these examples are not isolated instances, but are markers of a common regional environment. As we live in a global community that is connected in many ways, these developments will quickly affect public expectations everywhere. Therefore, for consumers in India, seeing evidence of rationing of fuel and shortages of fuel in neighbouring countries increases their belief that these types of problems could occur in their country.

‍

Critical Perspective: Between Panic and Precaution
‍

The LPG incident has brought about questions surrounding the nature of misinformation in terms of its definition & regulation. One of the main concerns is whether or not "misinformation" is being cast too widely. To be sure, false claims need to be addressed; however, not everything that is responded to publicly is based on untrue facts, as many times public responses are based on perceived risk via global and/or local incidents that occur. Perhaps the greatest challenge is the difficulty in differentiating precaution and panic. People’s memories of the COVID-19 pandemic are fresh in their minds and will serve to influence their behaviours moving onward, in that many people are stockpiling or preparing for uncertainty not out of irrational fear, but as an anticipatory response to their prior experiences.

‍

Conclusion
‍

The Indian LPG "crisis" is not so much a problem with actual supply chain breakdown as it is a result of how information and behaviour are connected through perception. This cohabitating environment of panic buying, law enforcement, and government assurance demonstrates an evident disconnect and gap between how governments present a narrative and how the public responds. While there is some role of misinformation within this discourse, the misinformation itself extends beyond any or all false claims about LPG supply and operates within a greater ecosystem of global uncertainty and personal experience.  As such, and because of this, perception becomes an incredibly strong force in itself that produces true economic consequences.

‍

Reference
‍

1. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2248640&utm_source&reg=3&lang=2 
2. https://www.pmindia.gov.in/en/news_updates/pm-addresses-the-lok-sabha-on-the-ongoing-conflict-in-west-asia/ 
3. https://www.ndtv.com/delhi-news/iran-war-middle-east-conflict-why-the-lpg-crisis-is-forcing-migrants-to-quietly-leave-delhi-11313629 
4. https://timesofindia.indiatimes.com/city/bareilly/thieves-steal-108-lpg-cylinders-from-godown-in-up/articleshow/130035518.cms 
5. https://indianexpress.com/article/india/arrested-rumours-lpg-petrol-shortage-police-chasing-views-10614193/ 
6. https://www.hindustantimes.com/cities/lucknow-news/social-media-rumours-fuel-panic-buying-in-some-up-districts-situation-normal-in-lucknow-101774465353107.html 
7. https://timesofindia.indiatimes.com/city/goa/fear-of-shortage-price-rise-fuels-panic-buying-across-goa/articleshow/129810144.cms 
8. https://www.news18.com/cities/new-delhi-news/online-rumours-offline-rush-panic-buying-sweeps-petrol-pumps-across-cities-whats-the-truth-ws-ln-9995684.html 
9. https://m.economictimes.com/news/india/3700-raids-conducted-across-country-to-wipe-out-lpg-black-marketing-says-centre/articleshow/130025232.cms 
10. https://www.reuters.com/business/energy/induction-stoves-fly-off-shelves-india-gas-shortage-fears-spark-panic-buying-2026-03-12/ 
11. https://www.ndtv.com/india-news/restaurant-body-warns-of-closures-over-commercial-lpg-supply-concerns-writes-to-minister-11194418 
12. https://www.freepressjournal.in/mumbai/fpj-dialogue-we-are-getting-only-1-cylinder-instead-of-10-says-ahar-president-vijay-shetty-on-mumbai-lpg-crisis 
13. https://www.hindustantimes.com/world-news/fuel-cuts-wfh-and-more-how-indias-neighbours-are-dealing-with-global-energy-crisis-triggered-by-us-iran-war-101775397199941.html 
14. https://www.abc.net.au/news/2026-03-30/four-step-fuel-supply-plan-national-cabinet-fuel-crisis/106512706 ‍
15. https://tribune.net.ph/2026/04/07/philippines-scrambles-as-regional-oil-crisis-hits