Law in 30 Seconds? The Rise of Influencer Hype and Legal Misinformation

Introduction 

Public infrastructure has traditionally served as the framework for civilisation, transporting people, money, and ideas across time and space, from the iron veins of transcontinental railroads to the unseen arteries of the internet. In democracies where free markets and public infrastructure co-exist, this framework has not only facilitated but also accelerated progress. Digital Public Infrastructure (DPI), which powers inclusiveness, fosters innovation, and changes citizens from passive recipients to active participants in the digital age, is emerging as the new civic backbone as we move away from highways and towards high-speed data. 

DPI makes it possible for innovation at the margins and for inclusion at scale by providing open-source, interoperable platforms for identities, payments, and data exchange. Examples of how the Global South is evolving from a passive consumer of technology to a creator of globally replicable governance models are India’s Aadhaar (digital identification), UPI (real-time payments), and DigiLocker (data empowerment). As the ‘digital commons’ emerges, DPI does more than simply link users; it also empowers citizens, eliminates inefficiencies from the past, and reimagines the creation and distribution of public value in the digital era. 

Securing the Digital Infrastructure: A Contemporary Imperative

As humans, we are already the inhabitants of the future, we stand at the temporal threshold for reform. Digital Infrastructure is no longer just a public good. It’s now a strategic asset, akin to oil pipelines in the 20th century. India is recognised globally for the introduction of “India Stack”, through which the face of digital payments has also been changed. The economic value contributed by DPIs to India’s GDP is predicted to reach 2.9-4.2 percent by 2030, having already reached 0.9% in 2022. Its role in India’s economic development is partly responsible for its success; among emerging market economies, it helped propel India to the top of the revenue administrations’ digitalisation index. The other portion has to do with how India’s social service delivery has changed across the board. By enabling digital and financial inclusion, it has increased access to education (DIKSHA) and is presently being developed to offer agricultural (VISTAAR) and digital health (ABDM) services. 

Securing the Foundations: Emerging Threats to Digital Public Infrastructure

The rising prominence of DPI is not without its risks, as adversarial forces are developing with comparable sophistication. The core underpinnings of public digital systems are the target of a new generation of cyber threats, ranging from hostile state actors to cybercriminal syndicates. The threats pose a great risk to the consistent development endeavours of the government. To elucidate, targeted attacks on Biometric databases, AI-based Misinformation and Psychological Warfare, Payment System Hacks, State-sponsored malware, cross-border phishing campaigns, surveillance spyware and Sovereign Malware are modern-day examples of cyber threats. 

To secure DPI, a radical rethink beyond encryption methods and perimeter firewalls is needed. It requires an understanding of cybersecurity that is systemic, ethical, and geopolitical. Democracy, inclusivity, and national integrity are all at risk from DPI. To preserve the confidence and promise of digital public infrastructure, policy frameworks must change from fragmented responses to coordinated, proactive and people-centred cyber defence policies.

CyberPeace Recommendations

Powering Progress, Ignoring Protection: A Precarious Path

The Indian government is aware that cyberattacks are becoming more frequent and sophisticated in the nation. To address the nation’s cybersecurity issues, the government has implemented a number of legislative, technical, and administrative policy initiatives. While the initiatives are commendable, there are a few Non-Negotiables that need to be in place for effective protection: 

• DPIs must be declared Critical Information Infrastructure. In accordance with the IT Act, 2000, the DPI (Aadhaar, UPI, DigiLocker, Account Aggregator, CoWIN, and ONDC) must be designated as Critical Information Infrastructure (CII) and be supervised by the NCIIPC, just like the banking, energy, and telecom industries. Give NCIIPC the authority to publish required security guidelines, carry out audits, and enforce adherence to the DPI stack, including incident response protocols tailored to each DPI. 
• To solidify security, data sovereignty, and cyber responsibility, India should spearhead global efforts to create a Global DPI  Cyber Compact through the “One Future Alliance” and the G20. To ensure interoperable cybersecurity frameworks for international DPI projects, promote open standards, cross-border collaboration on threat intelligence, and uniform incident reporting guidelines. 
• Establish a DPI Threat Index to monitor vulnerabilities, including phishing attacks, efforts at biometric breaches, sovereign malware footprints, spikes in AI misinformation, and patterns in payment fraud. Create daily or weekly risk dashboards by integrating data from state CERTs, RBI, UIDAI, CERT-In, and NPCI. Use machine learning (ML) driven detection systems. 
• Make explainability audits necessary for AI/ML systems used throughout DPI to make sure that the decision-making process is open, impartial, and subject to scrutiny (e.g., welfare algorithms, credit scoring). Use the recently established IndiaAI Safety Institute in line with India’s AI mission to conduct AI audits, establish explanatory standards, and create sector-specific compliance guidelines. 

References

• https://orfamerica.org/newresearch/dpi-catalyst-private-sector-innovation?utm_source=chatgpt.com 
• https://www.institutmontaigne.org/en/expressions/indias-digital-public-infrastructure-success-story-world 
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2116341 
• https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2033389 
• https://www.governancenow.com/news/regular-story/dpi-must-ensure-data-privacy-cyber-security-citizenfirst-approach 

‍

The UN established its first permanent Global Mechanism for cybersecurity which will begin operations in March 2026. The policy framework for Western countries exists because their current strategies are being developed. The situation in India presents greater complexity and higher levels of interest than any other country.

‍

The Fence That Became a Vantage Point
‍

The United Nations cybersecurity talks have seen India actively participate since their start. India brought its proposal for an open and inclusive multilateral framework which was supported by Western states who wanted to establish universal norms and responsible state behaviour but India did not accept their geopolitical viewpoint.

India did not support the Russia-led bloc which wanted a permanent open-ended working group that would focus only on plenary meetings and the country also rejected the European Union's Program of Action. India maintained its previous stance by supporting multilateralism as a general principle while showing hesitation about backing specific power structures.

The fence now provides an advantage because it no longer serves as a point of vulnerability. India's non-alignment provides him with operational power because the body operates through decision-making which requires all members to agree.

‍

Sovereignty First, Norms Second
‍

The digital sovereignty framework which defines India's long-standing cybersecurity diplomatic activities serves as the country's fundamental cybersecurity diplomatic framework. New Delhi has been reluctant to endorse frameworks that could constrain how it manages its own cyberspace, whether through content regulation, surveillance architecture, or incident response. The Indian government establishes its control over internet governance through its implementation of VPN regulations and CERT-In reporting requirements and data localization discussions. 

The new Global Mechanism creates a situation which India must handle because it creates an uncommon diplomatic situation. The framework's five pillars, threats, norms, international law, confidence-building measures, and capacity-building, each carry embedded assumptions that don't sit neatly with India's domestic policy posture. India supports the norm which prohibits countries from attacking each other's critical infrastructure while developing offensive cyber abilities and keeping its cyber response strategies secret.

‍

The Capacity-Building Opening
‍

The Indian government has a definite interest in dedicated thematic group 2 which focuses on building cybersecurity capacity. India exists in two opposing states because it operates as a developing nation which lacks basic national cybersecurity systems while also maintaining advanced cyber defense capabilities. The donor table exists as a platform which gives India both funding rights and complete rights to speak for developing nations. India should serve as a connecting force for DTG 2 by sharing its experience with CERT-In development and its sectoral frameworks for finance and telecom and its National Cyber Coordination Centre programs which train cybersecurity professionals while requesting capacity-building programs that follow demand-based needs assessment and local context understanding and which do not include the typical restrictions that accompany Western technical assistance.

India has done this before in other multilateral settings. The organization maintains its independence through its role as a credible Global South representative which it uses to speak for the Global South without aligning with any particular alliance.

‍

The DTG 1 Question: Critical Infrastructure and Strategic Ambiguity
‍

The DTG 1 study about ICT security challenges shows how resilience and cooperation and stability work together as different themes but creates complex challenges for India.

The 2020 Mumbai power grid incident which some researchers attribute to Chinese state-linked actors has become one of three major attacks against India's critical infrastructure together with AIIMS Delhi incidents in 2022 and ongoing cyber intrusions into defence and government networks. The international standards which govern critical infrastructure protection require actual implementation from India because the country possesses vital national assets.

India has not yet established formal processes for cyberattack attribution while its officials avoid the norm-enforcement diplomacy which Western countries practice through their coordinated attribution and sanction procedures. 

India must either develop deeper transparency about its operations or create specialized operational plans which can keep its needed information undercover if it wants to participate in DTG 1 about cross-border interdependencies and incident response collaboration. India will likely engage selectively, supporting the idea of critical infrastructure norms while resisting mechanisms that operationalise accountability.

‍

Geopolitical Triangulation
‍

The new Global Mechanism needs countries to implement their national policies because states must stop merely restating their positions. Multilateral cybersecurity forums operate as Geopolitical triangulation platforms for India. India's security system must protect its interests against its two main cyber adversaries which include China and Pakistan-based groups. 

The US and EU strategic partnership between India and these Western governments requires India to show closer ties with democratic nations through its participation in international forums. The new Global Mechanism will require India to pursue its current position by participating in capacity-building activities while developing common norms through its work on general norms language. 

India will maintain its current position between Western liberal order enforcement and Russia-China sovereignty-maximalist counter-narrative through its capacity-building activities and general norms language work.

‍

What India Should Actually Do
‍

The document establishes core argument which states early DTG development needs to be established for proper assessment of future results which applies to Indian territory and European territory. India has the credibility and technical foundation and diplomatic ties which enable it to establish itself as an agenda-setter who takes proactive actions instead of following others. India should take the following actions to achieve its goals: lead or co-lead DTG 2 discussions which focus on the capacity requirements of the Global South while advancing DG 1 areas that protect developing nations from actual threats and establish South-South cybersecurity agreements through this system which will help them bypass Western capacity development restrictions. The Global Mechanism offers an essential multilateral platform which provides advantages to countries that take initial actions. India has the ability to make an impact because it possesses strategic advantages which will be activated through its choice between active participation and total disengagement.

‍

References
‍

• http://interface-eu.org/publications/the-new-united-nations-mechanism-on-cybersecurity#a-european-strategy-for-the-dtgs
• https://disarmament.unoda.org/en/our-work/emerging-challenges/developments-field-information-and-telecommunications-context
• https://www.recordedfuture.com/research/redecho-targeting-indian-power-sector
• https://www.saikrishnaassociates.com/cert-in-issues-directions-for-information-security-practices-procedure-prevention-response-and-reporting-of-cyber-incidents/

‍

Introduction

To every Indian’s pride, the maritime sector has seen tremendous growth under various government initiatives. Still, each step towards growth should be given due regard to security measures. Sadly, cybersecurity is still treated as a secondary requirement in various critical sectors, let alone to protect the maritime sector and its assets. Maritime cybersecurity includes the protection of digital assets and networks that are vulnerable to online threats. Without an adequate cybersecurity framework in place, the assets remain at risk from cyber threats, such as malware and scams, to more sophisticated attacks targeting critical shore-based infrastructure. Amid rising global cyber threats, the maritime sector is emerging as a potential target, underscoring the need for proactive security measures to safeguard maritime operations. In this evolving threat landscape, assuming that India's maritime domain remains unaffected would be unrealistic.

Overview of India’s Maritime Sector   

India’s potential in terms of its resources and its ever-so-great oceans. India is well endowed with its dynamic 7,500 km coastline, which anchors 12 major ports and over 200 minor ones. India is strategically positioned along the world’s busiest shipping routes, and it has the potential to rise to global prominence as a key trading hub. As of 2023, India’s share in global growth stands at a staggering 16%, and India is reportedly running its course to become the third-largest economy, which is no small feat for a country of 1.4 billion people. This growth can be attributed to various global initiatives undertaken by the government, such as “Sagarmanthan: The Great Oceans Dialogue,” laying the foundation of an insightful dialogue between the visionaries to design a landscape for the growth of the marine sector. The rationale behind solidifying a security mechanism in the maritime industry lies in the fact that 95% of the country’s trade by volume and 70% by value is handled by this sector. 

Current Cybersecurity Landscape in the Maritime Sector 

All across the globe, various countries are recognising the importance of their seas and shores, and it is promising that India is not far behind its western counterparts. India has a glorious history of seas that once whispered tales of Trade, Power, and Civilizational glory, and it shall continue to tread its path of glory by solidifying and securing its maritime digital infrastructure. The path brings together an integration of the maritime sector and advanced technologies, bringing India to a crucial juncture – one where proactive measures can help bridge the gap with global best practices. In this context, to bring together an infallible framework, it becomes pertinent to incorporate IMO’s Guidelines on maritime cyber risk management, which establish principles to assess potential threats and vulnerabilities and advocate for enhanced cyber discipline. In addition, the guidelines that are designed to encourage safety and security management practices in the cyber domain warn the authorities against procedural lapses that lead to the exploitation of vulnerabilities in either information technology or operational technology systems. 

Anchoring Security: Global Best Practices & Possible Frameworks

The Asia-Pacific region has not fallen behind the US and the European Union in realising the need to have a dedicated framework, with the growing prominence of the maritime sector and countries like Singapore, China, and Japan leading the way with their robust frameworks. They have in place various requirements that govern their maritime operations and keep in check various vulnerabilities, such as Cybersecurity Awareness Training, Cyber Incident Reporting, Data Localisation, establishing secure communications, Incident management, penalties, etc.

Every country striving towards growth and expanding its international trade and commerce must ensure that it is secure from all ends to boost international cooperation and trust. On that note, the maritime sector has to be fortified by placing the best possible practices or a framework that is inclined towards its commitment to growth. The following four measures are indispensable to this framework, and in the maritime industry, they must be adapted to the unique blend of Information Technology (IT) and Operational Technology (OT) used in ships, ports, and logistics. The following mechanisms are not exhaustive in nature but form a fundamental part of the framework:

‍

• Risk Assessment: Identifying, analysing, and ensuring that all systems that are susceptible to cyber threats are prioritized and vulnerability scans are conducted of vessel control systems and shore-based systems. The critical assets that have a larger impact on the whole system should be kept formidable in comparison to other systems that may not require the same attention.
• Access Control: Restrictions with regard to authorisation, wherein access must be restricted to verified personnel to reduce internal threats and external breaches. 
• Incident Response Planning: The nature of cyber risks is inherently dynamic in nature; there are no calls for cyber attacks or warfare techniques. Such attacks are often committed in the shadows, so as to require an action plan to respond to and to recover from cyber incidents effectively. 
• Continuous Staff Training: Regularly educating all levels of maritime personnel about cyber hygiene, threat trends, and secure practices. 

CyberPeace Suggests: Legislative & Executive Imperatives

It can be said with reasonable foresight that the Indian maritime sector is in need of a national maritime cybersecurity framework that operates in cooperation with the international framework. The national imperatives will include robust cyber hygiene requirements, real-time threat intelligence mechanisms, incident response obligations, and penalties for non-compliance. The government must strive to support Indian shipbuilders through grants or incentives to adopt cyber-resilient ship design frameworks. 

The legislative quest should be to incorporate the National Maritime Cybersecurity Framework with the well-established CERT-In guidelines and data protection principles. The one indispensable requirement set under the framework should be to mandate Cybersecurity Awareness Training to help deploy trained personnel equipped to tackle cyber threats. The rationale behind such a requirement is that there can be no “one-size-fits-all” approach to managing cybersecurity risk, which is dynamic and evolving in nature, and the trained personnel will play a key role in helping establish a customised framework. 

References

• https://pib.gov.in/PressNoteDetails.aspx?NoteId=153432&reg=3&lang=1 
• https://bisresearch.com/industry-report/global-maritime-cybersecurity-market.html#:~:text=Maritime%20cybersecurity%20involves%20safeguarding%20digital,and%20protection%20against%20potential%20risks. 
• https://www.shipuniverse.com/2025-maritime-cybersecurity-regulations-a-simplified-breakdown/#:~:text=Japan%3A,for%20incident%20response%20and%20recovery. 
• https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.2%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat)%20(1).pdf 

‍