India’s Cybersecurity Architecture Under The Lens: Legal Adequacy, Institutional Gaps, And Reform Imperatives

Adarsh Vaibhav, BBA LLB, National University of Study and Research in Law, Ranchi

ABSTRACT

The process of digital transformation in India has been so immense that it has transformed the sphere of governance, business, as well as the provision of national services, and now with almost 850 million internet users, cybersecurity has become an essential pillar of national security, economic stability, and constitutional governance. The spread of digital infrastructure, such as e-governance systems, e-payment systems, and critical information networks, has also increased vulnerability to multipolar cyber threats, such as ransomware attacks, data breaches, state-sponsored efforts, and disruption of critical infrastructure.

The Indian cybersecurity environment is only mainly based on the Information Technology Act, 2000 (IT Act) amended in 2008, and with the Digital Personal Data Protection Act, 2023 (DPDP Act), alongside sector- specific subsidiary legislation. The Indian Computer Emergency Response Team (CERT -In), National Critical Information Infrastructure Protection Centre (NCIIPC), and Indian Cybercrime Coordination Centre (I4C) have been established, as institutional mechanisms that can facilitate the response of an incident and secure critical infrastructure. However, there are still certain issues of institutional fragmentation, limited enforcement capacity, jurisdictional ambiguities, and lack of number of sector-specific standards.

This framework falls under constitutional requirements of protection of fundamental rights under Articles 14,19, and 21. Rulings of the court in Justice K.S. Puttaswamy (Retd.) v. Union of India, Shreya Singhal v. Union of India have emphatically underscored the necessity to balance national security with privacy, expression, and proportionality.

By conducting a thorough review of historical changes in the legislation, institutional ecosystems, landmark court cases, and high-profile incidents, including AIIMS ransomware attack, CoWIN breach claims, and Aadhaar vulnerabilities, this paper critically analyses the Indian readiness on cybersecurity. It pinpoints flaws in systems of enforcement, coordination, and foreign collaboration and reveals an urgent need of overall omnibus laws, unified command system, capacity-building measures, and enhanced cooperation between the citizens and business organizations.

This paper hypothesizes that cybersecurity needs to be radically reimagined as a multidimensional governance problem at the nexus of law, technology, national security, and human rights - as a strategically indispensable necessity to India becoming a leading digital powerhouse in the world.

Keywords: Cybersecurity governance, Information Technology Act, Digital transformation, Data protection, Constitutional rights, Institutional reform, Cyber resilience, Critical infrastructure protection.