On India’s CSR Day: Reframing Digital Literacy Through Cyber Safety in CSR Frameworks
Introduction
" सर्वे भवन्तु सुखिनः, सर्वे सन्तु निरामयाः " May all be happy, may all be free from suffering. This timeless invocation reflects a vision of collective well-being, where progress is meaningful only when shared, and protection extends to every individual in society. This very philosophy lies at the heart of Corporate Social Responsibility, which seeks to ensure that growth is not isolated or unequal, but inclusive, ethical, and mindful of the broader social good.
At its core, Corporate Social Responsibility is not merely a statutory obligation, it is a reflection of a deeper ethical commitment, an acknowledgement that growth must carry with it a sense of duty towards society. In many ways, CSR embodies the idea that progress without responsibility is incomplete, and that corporations, as key actors shaping modern life, must help safeguard the very communities they engage with.
Reframing Digital Literacy Through Cyber Safety in CSR Frameworks
In India, this moral vision has been given a legal structure under the Companies Act, 2013, CSR Schedule VII, which mandates certain classes of companies to allocate a portion of their profits towards socially beneficial activities. Section 135 of the Act requires companies meeting specified financial thresholds to undertake CSR initiatives, guided by principles of inclusivity, sustainability, and social welfare. The underlying values are clear, CSR is intended not as charity, but as a strategic and accountable contribution to societal development.
Schedule VII of the Act further outlines the broad areas that qualify as CSR, including “Education and Digital Literacy”, gender equality, rural development, and measures for reducing inequalities. Within this framework, promoting “digital literacy” has increasingly been recognised as a legitimate and necessary CSR activity, especially in the context of a rapidly digitising society like India.
However, the current understanding of digital literacy within CSR remains incomplete. It often emphasises access and usage, teaching individuals how to navigate digital platforms, use devices, and engage with online services. What remains insufficiently addressed is the question of safety. In an environment where cyber fraud, data breaches, online harassment, and identity theft are becoming increasingly common, digital literacy without cyber awareness risks becoming a partial and potentially harmful intervention.
Embedding cyber awareness and capacity building within ‘digital literacy’ in explicit form is therefore not optional, it is essential. This includes equipping individuals with the ability to recognise online threats, protect personal data, understand digital consent, and respond effectively to cyber risks. It also requires recognising that vulnerable populations, including first-time internet users, women, and marginalised communities, often face disproportionate exposure to cyber harm.
“It is pertinent to note that Cybersecurity awareness training is relevant to CSR but is not yet consistently implemented as an explicit CSR activity. It is often included indirectly within digital literacy programs, highlighting the need for a more structured, progressive and integrated approach.”
Given this reality, there is a strong case for explicitly recognising cyber awareness as a distinct and integral component of CSR activities, rather than treating it as an implicit subset of digital literacy. Doing so would not only align CSR with contemporary societal risks but also ensure that corporate interventions move beyond enabling access to actively ensuring safety.
In a digital society, empowerment without protection is incomplete. If CSR is to truly reflect its foundational values, it must evolve to address not just the opportunities of the digital age, but also its risks.
Why Cyber Safety Must Be Central to CSR
The current state of digital ecosystems, which used to operate as secondary systems, now functions as essential systems that support government operations, banking systems, educational institutions, and social communication. The digital environment has its vulnerabilities, which create direct dangers for people in society. The elderly, first-time internet users, and rural communities face higher cyber threat risks because they often lack knowledge and protective resources on responsible use. The implementation of CSR initiatives that provide digital access to these groups, along with how to handle risks, will create greater benefit for their safety. Organisations must encourage the implementation of cyber safety training in their CSR programs because doing so will create value while fulfilling their ethical obligations. The empowerment process needs to achieve complete success, which protects people from any potential dangers according to the "do no harm" principle.
Key Components of CyberPeace-Aligned Digital Literacy
To make CSR initiatives more effective and future-ready, organisations should incorporate the following elements into their digital literacy programs:
- Cyber Awareness and Risk Recognition: The training program teaches participants how to recognise typical security threats, which include phishing attacks and scams, deepfake technology and misinformation.
- Data Protection and Privacy Literacy: The program teaches users how to protect their personal information, together with the process of giving consent and the methods used to handle their online presence.
- Responsible Digital Behaviour: The program teaches people how to use the internet responsibly by showing them how to make ethical decisions that require both respect and accountability while understanding the legal consequences of their actions.
- Incident Response and Reporting Mechanisms: The program teaches users about cyber incident response, which includes all reporting methods and available support resources.
- Inclusion-Focused Design: The program develops specific solutions which protect various demographic groups from their particular vulnerabilities while maintaining accessibility and essential programmatic relevance.
Policy and Institutional Alignment
The integration of cyber safety into corporate social responsibility lets organisations achieve their national objectives, which include:
- Strengthening digital trust and resilience
- Supporting safe digital inclusion initiatives
- Complementing the efforts of institutions working on cybersecurity awareness and capacity building
The structured approach requires organisations to execute three specific steps, which include:
- Partnering with cybersecurity organisations and civil society
- Developing standardised cyber awareness modules
- The organisation will use behavioural change indicators to evaluate its impact instead of relying on access metrics.
The Way Forward
Digital-era Corporate Social Responsibility needs to transition from its present state of providing access to digital resources toward establishing secure online platforms for users. The understanding of digital literacy needs to shift from its current status as a technical ability toward its new definition as a social competency that encompasses safety, responsibility and resilience training.
Companies need to understand their digital transformation obligations because their digital transformation efforts require them to handle all associated risks. The implementation of cyber safety within corporate social responsibility frameworks will enable organisations to develop a secure and trustworthy digital environment that includes all users.
Conclusion
The implementation of corporate social responsibility needs to fulfil its core mission of creating societal benefits through inclusive practices that span all current digital possibilities and their associated security threats. The field of digital literacy requires a new framework that combines digital safety practices with its existing educational materials.
The digital safety practice ensures that people obtain essential knowledge and skills that enable them to use digital resources securely when they access online content. The process of accomplishing shared community prosperity needs to establish a framework that benefits every person through social advancement and the protection of their rights.
References
- https://upload.indiacode.nic.in/schedulefile?aid=AC_CEN_22_29_00008_201318_1517807327856&rid=79
- https://www.allresearchjournal.com/archives/2025/vol11issue4/PartF/11-5-60-511.pdf
- https://www.unesco.org/en/dtc-finance-toolkit-factsheets/corporate-social-responsibility-csr
- https://www.investopedia.com/terms/c/corp-social-responsibility.asp
- https://digitalmarketinginstitute.com/blog/corporate-16-brands-doing-corporate-social-responsibility-successfully
- https://www.imd.org/blog/sustainability/csr-strategy/
Related Blogs
Data localisation refers to restrictions in the data flow by limiting the physical storage and processing of data within a given jurisdiction’s boundaries.
An obvious benefit contributing to the importance of data localisation is the privacy benefits it offers. In addition to this, data localisation also has the potential to safeguard sensitive data and decrease the probability of cyber-attacks. In India, data localisation has become a key issue in the last decade due to the increase in the discourse for data privacy.
The Legal Framework in India
India passed the Digital Personal Data Protection Act of 2023 which directs the data fiduciaries (collectors and processors of digital personal data) to store the data of Indian citizens within India. This push for data localisation aligns with India’s position to enhance privacy, national security and regulatory control. It further requires data fiduciaries to adhere to the principles of data minimisation, purposeful limitation and consent of the data principles. Further, Section 17 of the Act prohibits the transfer of sensitive personal data to foreign jurisdictions unless they meet satisfactory privacy protection standards.
The Reserve Bank of India, via a circular for Payments Data Regulation in 2018, has mandated that all payment data be stored in India, though it can be processed abroad. It requires the telecom sector to ensure local storage and local processing of subscriber information. It further prohibits the transferring of subscribers’ account information overseas.
MeitY’s Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, emphasise data localisation, specifically when it involves government or critical data. The main idea behind this is that data related to Indian citizens or government activities should remain accessible to Indian law enforcement agencies and is not subject to external jurisdiction.
Common Misinformation about Data Localisation and its Impact
Misconceptions fuel misinformation and influence public perception and policy debates. A common misconception is that all data must be stored in India. It should be noted that non-critical and non-sensitive data are not subject to localisation, and can be cleared for cross-border transfers under specific circumstances.
Another misconception is that data localisation alone ensures complete security. A robust cybersecurity approach, infrastructure and capabilities are what guarantee security and this holds true regardless of the location of where the data is stored.
The notion that small businesses and startups will suffer the most is untrue. While data localisation policies may lead to increased costs, they foster innovation in the domestic infrastructure and services. This potentially fuels development and innovation in these small businesses and startups. Claims that data localisation will stifle global business are unfounded.
Proper regulations for data transfers can help balance data flows, enabling international trade while ensuring data sovereignty.
Real Impact of Data Localisation
Data localisation impacts several domains and has both positive and negative outcomes.
- It can be a driver for investment in local data centres and infrastructure, thereby inducing employment generation and boosting the domestic economy. And in contrast, the compliance costs may rise especially for MNCs that need to maintain multiple data storage systems.
- It can expedite the growth of local technology ecosystems while encouraging innovation in cloud computing and data storage solutions. On the other hand, small businesses might face struggles to afford the required infrastructure updates and upgrades.
- Law enforcement agencies will be able to gain access to data more swiftly while avoiding lengthy processes such as the Mutual Legal Assistance Treaties (MLATs). However, it should be noted that storing data locally does not automatically ensure that they are immune from attacks and breaches.
- A balance between sovereignty and global partnerships is a challenge that emerges with data localisation. International Trade Relationships are vulnerable to data localisations where countries favour a free data flow. This can hamper foreign collaborations with companies that rely on global data systems.
CyberPeace Outlook
It is important to clear misinformation about data localisation, some strategies that can be undertaken are:
- Launching public awareness campaigns to educate the stakeholders about the real requirements and the benefits of data localisation. Misinformation about data restrictions and security guarantees should be tackled fairly quickly.
- A balanced approach that promotes local economic development while at the same time allowing for the necessary cross-border data flows and creating a flexible and friendly business environment is important.
- India should work on international frameworks to streamline the process of data-sharing with other nations. This would protect national interests while making global cooperation easier.
Conclusion
Data localisation in India presents a valuable opportunity to enhance privacy, bolster national security, and stimulate economic growth through local infrastructure investment. Yet, addressing common misconceptions is crucial; the belief that all data must be stored domestically or that localisation alone ensures security is misleading.
It’s vital to pair local data storage with robust cybersecurity measures and foster international cooperation. Supporting small businesses, which may face challenges due to localisation requirements, is equally important. By addressing misinformation, promoting flexible regulations, and working towards global data-sharing frameworks, India can effectively manage the complexities of data localisation, safeguarding national interests while encouraging innovation and economic development.
References
- https://www.thehindu.com/sci-tech/technology/are-data-localisation-requirements-necessary-and-proportionate/article66131957.ece
- https://carnegieendowment.org/research/2021/04/how-would-data-localization-benefit-india?lang=en
- https://www.rbi.org.in/commonperson/English/Scripts/FAQs.aspx?Id=2995
- https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Intermediary%20Guidelines%20and%20Digital%20Media%20Ethics%20Code%29%20Rules%2C%202021%20%28updated%2006.04.2023%29-.pdf
Executive Summary:
A video that circulated on social media to show Iranian President Ebrahim Raisi inside a helicopter moments before the tragic crash on May 20, 2024, has equally been proven to be fake. The validation of information leaves no doubt, that the video was shot in January 2024, which showed Raisi’s visiting Nemroud Reservoir Dam project. As a means of verifying the origin of the video, the CyberPeace Research Team conducted reverse image search and analyzed the information obtained from the Islamic Republic News Agency, Mehran News, and the Iranian Students’ News Agency. Further, the associated press pointed out inconsistencies between the part in the video that went viral and the segment that was shown by Iranian state television. The original video is old and it is not related to the tragic crash as there is incongruence between the snowy background and the green landscape with a river presented in the clip.
Claims:
A video circulating on social media claims to show Iranian President Ebrahim Raisi inside a helicopter an hour before his fatal crash.
Fact Check:
Upon receiving the posts, in some of the social media posts we found some similar watermarks of the IRNA News agency and Nouk-e-Qalam News.
Taking a cue from this, we performed a keyword search to find any credible source of the shared video, but we found no such video uploaded by the IRNA News agency on their website. Recently, they haven’t uploaded any video regarding the viral news.
We closely analyzed the video, it can be seen that President Ebrahim Raisi was watching outside the snow-covered mountain, but in the internet-available footage regarding the accident, there were no such snow-covered mountains that could be seen but green forest.
We then checked for any social media posts uploaded by IRNA News Agency and found that they had uploaded the same video on X on January 18, 2024. The post clearly indicates the President’s aerial visit to Nemroud Dam.
The viral video is old and does not contain scenes that appear before the tragic chopper crash involving President Raisi.
Conclusion:
The viral clip is not related to the fatal crash of Iranian President Ebrahim Raisi's helicopter and is actually from a January 2024 visit to the Nemroud Reservoir Dam project. The claim that the video shows visuals before the crash is false and misleading.
- Claim: Viral Video of Iranian President Raisi was shot before fatal chopper crash.
- Claimed on: X (Formerly known as Twitter), YouTube, Instagram
- Fact Check: Fake & Misleading
Executive Summary
Social media users, particularly Pakistani propaganda accounts, shared an image showing coffins wrapped in the Indian tricolour and claimed that India violated the ceasefire along the Line of Control (LoC). According to the posts, Pakistan retaliated with heavy firing, captured the Indian Army’s Kumar Top post, and several Indian soldiers were killed in the exchange.
One user wrote, “Breaking News: Indian Army once again violated the ceasefire in the Mandal sector, targeting civilians with mortar shelling. Pakistan responded strongly, captured the Indian Army’s Kumar Top post, and several soldiers were reportedly killed. Calm has now been restored after Pakistan’s response.”
Fact Check
Research by CyberPeace found the viral claim to be false. Using reverse image search, we traced the viral photo to the Shutterstock website. The image description states that it was taken on August 6, 2013, and shows Indian Army personnel standing near the coffins of soldiers who were killed by Pakistani infiltrators at a brigade headquarters in Poonch, located about 240 km from Jammu. This confirms that the image is old and unrelated to recent developments along the Line of Control.
Further verification led us to a report published by NBC News on August 8, 2013, which also featured the same visual in connection with the 2013 cross-border attack.
Additionally, posts from the official X (formerly Twitter) handle of the Indian Army 16 Corps (White Knight Corps) stated that based on intelligence inputs and continuous surveillance, suspicious terrorist activity was detected near Nathua Tibba in the Sunderbani sector close to the LoC in the early hours of February 19, 2026. Alert troops responded promptly and successfully foiled the infiltration attempt. The Army also confirmed that operational vigilance remains high across the sector. However, there were no reports of casualties due to Pakistani firing.
Conclusion:
The viral image showing coffins of Indian soldiers is not recent but dates back to 2013. There are no confirmed reports of casualties from Pakistani firing along the Line of Control in the current context. Therefore, the claim circulating on social media is misleading.
