#FactCheck: Old clip of Greenland tsunami depicts as tsunami in Japan

Digital vulnerabilities like cyber-attacks and data breaches proliferate rapidly in the hyper-connected world that is created today. These vulnerabilities can compromise sensitive data like personal information, financial data, and intellectual property and can potentially threaten businesses of all sizes and in all sectors. Hence, it has become important to inform all stakeholders about any breach or attack to ensure they can be well-prepared for the consequences of such an incident.  

The non-reporting of reporting can result in heavy fines in many parts of the world. Data breaches caused by malicious acts are crimes and need proper investigation. Organisations may face significant penalties for failing to report the event. Failing to report data breach incidents can result in huge financial setbacks and legal complications. To understand why transparency is vital and understanding the regulatory framework that governs data breaches is the first step. 

The Current Indian Regulatory Framework on Data Breach Disclosure

A data breach essentially, is the unauthorised processing or accidental disclosure of personal data, which may occur through its acquisition, sharing, use, alteration, destruction, or loss of access. Such incidents can compromise the affected data’s confidentiality, integrity, or availability. In India, the Information Technology Act of 2000 and the Digital Personal Data Protection Act of 2023 are the primary legislation that tackles cybercrimes like data breaches. 

• Under the DPDP Act, neither materiality thresholds nor express timelines have been prescribed for the reporting requirement. Data Fiduciaries are required to report incidents of personal data breach, regardless of their sensitivity or impact on the Data Principal. 
• The IT (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, along with the Cyber Security Directions, under section 70B(6) of the IT Act, 2000, relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet prescribed in 2022 impose mandatory notification requirements on service providers, intermediaries, data centres and corporate entities, upon the occurrence of certain cybersecurity incidents. 
• These laws and regulations obligate companies to report any breach and any incident to regulators such as the CERT-In and the Data Protection Board.

The Consequences of Non-Disclosure

A non-disclosure of a data breach has a manifold of consequences. They are as follows:

• Legal and financial penalties are the immediate consequence of a data breach in India. The DPDP Act prescribes a fine of up to Rs 250 Crore from the affected parties, along with suits of a civil nature and regulatory scrutiny. Non-compliance can also attract action from CERT-In, leading to more reputational damage.
• In the long term, failure to disclose data breaches can erode customer trust as they are less likely to engage with a brand that is deemed unreliable. Investor confidence may potentially waver due to concerns about governance and security, leading to stock price drops or reduced funding opportunities. Brand reputation can be significantly tarnished, and companies may struggle with retaining and attracting customers and employees. This can affect long-term profitability and growth.
• Companies such as BigBasket and Jio in 2020 and Haldiram in 2022 have suffered from data breaches recently. Poor transparency and delay in disclosures led to significant reputational damage, legal scrutiny, and regulatory actions for the companies.

Measures for Improvement: Building Corporate Reputation via Transparency

Transparency is critical when disclosing data breaches. It enhances trust and loyalty for a company when the priority is data privacy for stakeholders. Ensuring transparency mitigates backlash. It demonstrates a company’s willingness to cooperate with authorities. A farsighted approach instils confidence in all stakeholders in showcasing a company's resilience and commitment to governance. These measures can be further improved upon by:

• Offering actionable steps for companies to establish robust data breach policies, including regular audits, prompt notifications, and clear communication strategies. 
• Highlighting the importance of cooperation with regulatory bodies and how to ensure compliance with the DPDP Act and other relevant laws. 
• Sharing best public communications practices post-breach to manage reputational and legal risks.

Conclusion

Maintaining transparency when a data breach happens is more than a legal obligation. It is a good strategy to retain a corporate reputation. Companies can mitigate the potential risks (legal, financial and reputational) by informing stakeholders and cooperating with regulatory bodies proactively. In an era where digital vulnerabilities are ever-present, clear communication and compliance with data protection laws such as the DPDP Act build trust, enhance corporate governance, and secure long-term business success. Proactive measures, including audits, breach policies, and effective public communication, are critical in reinforcing resilience and fostering stakeholder confidence in the face of cyber threats.

References

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf 
• https://chawdamrunal.medium.com/the-dark-side-of-covering-up-data-breaches-why-transparency-is-crucial-fe9ed10aac27 
• https://www.dlapiperdataprotection.com/index.html?t=breach-notification&c=IN

Executive Summary:

The viral social media posts circulating several photos of Indian Army soldiers eating their lunch in the extremely hot weather near the border area in Barmer/ Jaisalmer, Rajasthan, have been detected as AI generated and proven to be false. The images contain various faults such as missing shadows, distorted hand positioning and misrepresentation of the Indian flag and soldiers body features. The various AI generated tools were also used to validate the same. Before sharing any pictures in social media, it is necessary to validate the originality to avoid misinformation.

‍

‍

Claims:

The photographs of Indian Army soldiers having their lunch in extreme high temperatures at the border area near to the district of Barmer/Jaisalmer, Rajasthan have been circulated through social media.

‍

Fact Check:

Upon the study of the given images, it can be observed that the images have a lot of similar anomalies that are usually found in any AI generated image. The abnormalities are lack of accuracy in the body features of the soldiers, the national flag with the wrong combination of colors, the unusual size of spoon, and the absence of Army soldiers’ shadows.

‍

Additionally it is noticed that the flag on Indian soldiers’ shoulder appears wrong and it is not the traditional tricolor pattern. Another anomaly, soldiers with three arms, strengtheness the idea of the AI generated image. 

Furthermore, we used the HIVE AI image detection tool and it was found that each photo was generated using an Artificial Intelligence algorithm.

We also checked with another AI Image detection tool named Isitai, it was also found to be AI-generated.

‍

‍

After thorough analysis, it was found that the claim made in each of the viral posts is misleading and fake, the recent viral images of Indian Army soldiers eating food on the border  in the extremely  hot afternoon of Badmer were generated using the AI Image creation tool.

Conclusion:

In conclusion, the analysis of the viral photographs claiming to show Indian army soldiers having their lunch in scorching heat in Barmer, Rajasthan reveals many anomalies consistent with AI-generated images. The absence of shadows, distorted hand placement, irregular showing of the Indian flag, and the presence of an extra arm on a soldier, all point to the fact that  the images are artificially created. Therefore, the claim that this image captures real-life events is debunked, emphasizing the importance of analyzing and fact-checking before sharing in the era of common widespread digital misinformation.

• Claim: The photo shows Indian army soldiers having their lunch in extreme heat near the border area in Barmer/Jaisalmer, Rajasthan.
• Claimed on: X (formerly known as Twitter), Instagram, Facebook
• Fact Check: Fake & Misleading

Introduction

‍

Law grows by confronting its absences, it heals through its own gaps. States often find themselves navigating a shared frontier without a mutual guide or lines of law in an era of expanding digital boundaries and growing cyber damages. The United Nations General Assembly ratified the United Nations Convention against Cybercrime on December 24, 2024, and more than sixty governments were in attendance in the signing ceremony on 24th & 25th October this year, marking a moment of institutional regeneration and global commitment. 

‍

A new Lexicon for Global Order

The old liberal order is being strained by growing nationalism, economic fracturing, populism, and great-power competition as often emphasised in the works of scholars like G. John Iken berry and John Mearsheimer. Multilateral arrangements become more brittle in such circumstances. Therefore, the new cybercrimes convention represents not only a legal tool but also a resurgence of international promise, a significant win for collective governance in an uncertain time. It serves as a reminder that institutions can be rebuilt even after they have been damaged. 

‍

In Discussion: The Fabric of the Digital Polis

‍

The digital sphere has become a contentious area. On the one hand, the US and its allies support stakeholder governance, robust individual rights, and open data flows. On the other hand, nations like China and Russia describe a “post-liberal cyber order” based on state mediation, heavily regulated flows, and sovereignty. Instead of focusing on ideological dichotomies, India, which is positioned as both a rising power and a voice of the Global South, has offered a viewpoint based on supply-chain security, data localisation, and capacity creation. Thus, rather than being merely a regulation, the treaty arises from a framework of strategic recalibration. 

‍

What Changed & Why it Matters

‍

There have been regional cybercrime accords up to this point, such as the Budapest Convention. The goal of this new international convention, which is accessible to all UN members, is to standardise definitions, evidence sharing and investigation instruments. 72 states signed the Hanoi signature event in October, 2025, demonstrating an unparalleled level of scope and determination. In addition to establishing structures for cooperative investigations, extradition, and the sharing of electronic evidence, it requires signatories to criminalise acts such as fraud, unlawful access to systems, data interference, and online child exploitation. 

For the first time, a legally obligatory global architecture aims to harmonise cross-border evidence flows, mutual legal assistance, and national procedural laws. Cybercrime offers genuine promise for community defence at a time when it is no longer incidental but existential, attacks on hospitals, schools and infrastructure are now common, according to the Global Observatory.

‍

Holding the Line: India’s Deliberate Path in the Age of Cyber Multilateralism 

‍

India takes a contemplative rather than a reluctant stance towards the UN Cybercrime Treaty. Though it played an active role during the drafting sessions and lent its voice to the shaping of global cyber norms, New Delhi is yet to sign the convention. Subtle but intentional, the reluctance suggests a more comprehensive reflection, an evaluation of how international obligations correspond with domestic constitutional protections, especially the right to privacy upheld by the Supreme Court in Puttaswamy v. UOI (2017). 

Prudence is the reason for this halt. Policy circles speculate that the government is still assessing the treaty’s consequences for national data protection, surveillance regimes, and territorial sovereignty. Officials have not provided explicit justifications for India’s refusal to join. India’s position has frequently been characterised by striking a careful balance between digital sovereignty and taking part in cooperative international regimes. In earlier negotiations, India had even proposed including clauses to penalise “offensive messages” on social media, echoing the erstwhile Section 66A of the IT Act, 2000, but the suggestion found little international traction. 

Advocates for digital rights such as Raman Jit Singh Chima of Access Now have warned that ensuring that the treaty’s implementation upholds constitutional privacy principles may be necessary for India to eventually endorse it. He contends that the treaty’s wording might not entirely meet India’s legal requirements in the absence of such voluntary pledges. 

UN Secretary-General Antonio Guterres praised the agreement as “a powerful, legally binding instrument to strengthen our collective defences against “cybercrime” during its signing in Hanoi. The issue for India is to make sure that multilateral collaboration develops in accordance with constitutional values rather than to reject that vision. Therefore, the path forward is one of assertion rather than absence, careful march towards a cyber future that protects freedom and sovereignty. 

‍

Sources: 

• https://www.icwa.in/show_content.php?lang=1&level=3&ls_id=12244&lid=7470 
• https://www.medianama.com/2025/10/223-72-nations-un-first-cybercrime-treaty-india-abstains-privacy/ ‍
• https://therecord.media/us-declines-signing-cybercrime-treaty