#FactCheck - Edited Video of ‘India-India’ Chants at Republican National Convention

India’s online gaming industry has grown at lightning speed, drawing millions of users across age groups. From casual games and e-sports to fantasy leagues and online poker, digital entertainment has become both a social and economic phenomenon. But with this growth came rising concerns of addiction, financial loss, misleading ads, and even criminal misuse of gaming platforms for illegal betting. To address these concerns, the Government of India introduced the Promotion and Regulation of Online Gaming Act and draft Rules in October 2025. While the Act represents a crucial step toward accountability and user protection, it also raises difficult questions about freedom, innovation, and investor confidence.

‍

The Current Legal Framework

‍

The 2025 Act, along with corresponding changes in the Information Technology and GST laws, aims to create a safer and more transparent gaming environment.

1. Ban on real-money games:

Any online game where money is involved, whether it’s entry fees, bets, or prizes, is now banned, regardless of whether it is based on skill or chance. As a result, previously permitted formats such as fantasy sports, rummy, and poker once defended as “games of skill” now fall within the category of banned activities.

 2. Promotion of e-sports and social gaming

Not all gaming is banned. Casual games, e-sports, and social games that don’t involve money are fully allowed. The government is encouraging these as part of India’s growing digital economy.

3. Advertising and financial restrictions: Banks, payment gateways, and advertisers cannot facilitate or promote real-money games. Any platform offering deposits or prize pools can be blocked.

4. Central regulatory authority: The law establishes a national body to classify games, monitor compliance, and address complaints. It has the power to order the locking of violative content and websites.

‍

Why Regulation Was Needed

‍

The push for regulation came after a surge in online betting scams, debt-related suicides, and disputes about whether certain apps were skill-based or chance-based. State governments had taken conflicting positions, some banning, others licensing such games. Meanwhile, offshore gaming apps operated freely in India’s grey market.

The 2025 Act thus attempts to impose uniformity, protect minors, and bring moral and fiscal discipline to a rapidly expanding digital frontier. Its underlying philosophy resembles that of the Digital Personal Data Protection Act, encouraging responsible use of technology rather than an unregulated free-for-all.

‍

Key Challenges and Gaps

‍

(a) Clarity of Definitions

The Act bans all real-money games, ignoring the difference between skill-based games and chance-based games. This could lead to legal challenges under Article 19(1)(g), which protects the right to do business. Games like rummy or fantasy cricket, which need real skill, arguably shouldn’t be banned outright

(b) Weak Consumer and Child Protection

Although age verification and KYC are mandated, compliance at the user-end remains uncertain. India needs a Responsible Gaming Code covering:

• Spending limits and cooling-off periods;
• Self-exclusion options;
• Transparent disclosure of odds; and
• Algorithmic fairness audits.
  These measures can help mitigate addiction and prevent exploitation of minors.

(c) Federal Conflicts

“Betting and gambling” fall within the State List under India’s Constitution, yet the 2025 Act seeks national uniformity. States like Tamil Nadu and Karnataka already have independent bans. Without harmonisation, legal disputes between state and central authorities could multiply. A cooperative federal framework allowing states to adopt central norms voluntarily could offer flexibility without fragmentation.

(d) Regulatory Transparency

The gaming regulator has a lot of power, like deciding which games are allowed and blocking websites. But it’s not clear who chooses its members or how people can challenge its decisions. Including court oversight, public input, and regular reporting would make the regulator fairer and more reliable.

‍

What’s Next for India’s Online Gaming

‍

India’s online gaming scene is at a turning point. Banning all money-based games might reduce risks, but it also slows innovation and limits opportunities. A better approach could be to license skill-based or low-risk games with proper KYC and audits, set up a Responsible Gaming Charter with input from government, industry, and civil society, and create rules for offshore platforms targeting Indian players. Player data should be protected under the Digital Personal Data Protection Act, 2023, and the law should be reviewed every few years to keep up with new tech like the metaverse, NFTs, and AI-powered games.

‍

Conclusion

‍

CyberPeace has already provided its detailed feedback to MEITy as on 30th October, 2025 hopes the finalised rules are released soon with the acknowledgment of the challenges discussed. The Promotion and Regulation of Online Gaming Act, 2025, marks an important turning point since this is India’s first serious attempt to bring order to a chaotic digital arena. The goal is to keep players safe, stop crime, and hold platforms accountable. But the tricky part is moving away from blanket bans. We need rules that let new ideas grow, respect people’s rights, and keep players safe. With a few smart changes and fair enforcement, India could have a gaming industry that’s safe, responsible, and ready to compete globally.

‍

References 

1. https://ssrana.in/articles/indias-online-gaming-bill-2025-regulation-prohibition-and-the-future-of-digital-play/ 
2. https://www.google.com/amp/s/m.economictimes.com/news/economy/policy/new-online-gaming-law-takes-effect-money-games-banned-from-today/amp_articleshow/124255401.cms 
3. https://www.google.com/amp/s/timesofindia.indiatimes.com/technology/tech-news/government-proposes-to-make-violation-of-online-money-game-rules-non-bailable-draft-rules-ban-/amp_articleshow/124277740.cms 
4. https://www.egf.org.in/ 
5. https://www.pib.gov.in/PressNoteDetails.aspx?NoteId=155075&ModuleId=3 

‍

Introduction 

Public infrastructure has traditionally served as the framework for civilisation, transporting people, money, and ideas across time and space, from the iron veins of transcontinental railroads to the unseen arteries of the internet. In democracies where free markets and public infrastructure co-exist, this framework has not only facilitated but also accelerated progress. Digital Public Infrastructure (DPI), which powers inclusiveness, fosters innovation, and changes citizens from passive recipients to active participants in the digital age, is emerging as the new civic backbone as we move away from highways and towards high-speed data. 

DPI makes it possible for innovation at the margins and for inclusion at scale by providing open-source, interoperable platforms for identities, payments, and data exchange. Examples of how the Global South is evolving from a passive consumer of technology to a creator of globally replicable governance models are India’s Aadhaar (digital identification), UPI (real-time payments), and DigiLocker (data empowerment). As the ‘digital commons’ emerges, DPI does more than simply link users; it also empowers citizens, eliminates inefficiencies from the past, and reimagines the creation and distribution of public value in the digital era. 

Securing the Digital Infrastructure: A Contemporary Imperative

As humans, we are already the inhabitants of the future, we stand at the temporal threshold for reform. Digital Infrastructure is no longer just a public good. It’s now a strategic asset, akin to oil pipelines in the 20th century. India is recognised globally for the introduction of “India Stack”, through which the face of digital payments has also been changed. The economic value contributed by DPIs to India’s GDP is predicted to reach 2.9-4.2 percent by 2030, having already reached 0.9% in 2022. Its role in India’s economic development is partly responsible for its success; among emerging market economies, it helped propel India to the top of the revenue administrations’ digitalisation index. The other portion has to do with how India’s social service delivery has changed across the board. By enabling digital and financial inclusion, it has increased access to education (DIKSHA) and is presently being developed to offer agricultural (VISTAAR) and digital health (ABDM) services. 

Securing the Foundations: Emerging Threats to Digital Public Infrastructure

The rising prominence of DPI is not without its risks, as adversarial forces are developing with comparable sophistication. The core underpinnings of public digital systems are the target of a new generation of cyber threats, ranging from hostile state actors to cybercriminal syndicates. The threats pose a great risk to the consistent development endeavours of the government. To elucidate, targeted attacks on Biometric databases, AI-based Misinformation and Psychological Warfare, Payment System Hacks, State-sponsored malware, cross-border phishing campaigns, surveillance spyware and Sovereign Malware are modern-day examples of cyber threats. 

To secure DPI, a radical rethink beyond encryption methods and perimeter firewalls is needed. It requires an understanding of cybersecurity that is systemic, ethical, and geopolitical. Democracy, inclusivity, and national integrity are all at risk from DPI. To preserve the confidence and promise of digital public infrastructure, policy frameworks must change from fragmented responses to coordinated, proactive and people-centred cyber defence policies.

CyberPeace Recommendations

Powering Progress, Ignoring Protection: A Precarious Path

The Indian government is aware that cyberattacks are becoming more frequent and sophisticated in the nation. To address the nation’s cybersecurity issues, the government has implemented a number of legislative, technical, and administrative policy initiatives. While the initiatives are commendable, there are a few Non-Negotiables that need to be in place for effective protection: 

• DPIs must be declared Critical Information Infrastructure. In accordance with the IT Act, 2000, the DPI (Aadhaar, UPI, DigiLocker, Account Aggregator, CoWIN, and ONDC) must be designated as Critical Information Infrastructure (CII) and be supervised by the NCIIPC, just like the banking, energy, and telecom industries. Give NCIIPC the authority to publish required security guidelines, carry out audits, and enforce adherence to the DPI stack, including incident response protocols tailored to each DPI. 
• To solidify security, data sovereignty, and cyber responsibility, India should spearhead global efforts to create a Global DPI  Cyber Compact through the “One Future Alliance” and the G20. To ensure interoperable cybersecurity frameworks for international DPI projects, promote open standards, cross-border collaboration on threat intelligence, and uniform incident reporting guidelines. 
• Establish a DPI Threat Index to monitor vulnerabilities, including phishing attacks, efforts at biometric breaches, sovereign malware footprints, spikes in AI misinformation, and patterns in payment fraud. Create daily or weekly risk dashboards by integrating data from state CERTs, RBI, UIDAI, CERT-In, and NPCI. Use machine learning (ML) driven detection systems. 
• Make explainability audits necessary for AI/ML systems used throughout DPI to make sure that the decision-making process is open, impartial, and subject to scrutiny (e.g., welfare algorithms, credit scoring). Use the recently established IndiaAI Safety Institute in line with India’s AI mission to conduct AI audits, establish explanatory standards, and create sector-specific compliance guidelines. 

References

• https://orfamerica.org/newresearch/dpi-catalyst-private-sector-innovation?utm_source=chatgpt.com 
• https://www.institutmontaigne.org/en/expressions/indias-digital-public-infrastructure-success-story-world 
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2116341 
• https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2033389 
• https://www.governancenow.com/news/regular-story/dpi-must-ensure-data-privacy-cyber-security-citizenfirst-approach 

‍

Introduction:

CDR is a term that refers to Call detail records, The Telecom Industries holds the call details data of the users. As it amounts to a large amount of data, the telecom companies retain the data for a period of 6 months. CDR plays a significant role in investigations and cases in the courts. It can be used as pivotal evidence in court proceedings to prove or disprove certain facts & circumstances. Power of Interception of Call detail records is allowed for reasonable grounds and only by the authorized authority as per the laws. 

‍

Admissibility of CDR’s in Courts:

Call Details Records (CDRs) can be used as effective pieces of evidence to assist the court in ascertaining the facts of the particular case and inquiring about the commission of an offence, and according to the judicial pronouncements, it is made clear that CDRs can be used supporting or secondary evidence in the court. However, it cannot be the sole basis of the conviction. Section 92 of the Criminal Procedure Code 1973 provides procedure and empowers certain authorities to apply for court or competent authority intervention to seek the CDR. 

‍

Legal provisions to obtain CDR:

The CDR can be obtained under the statutory provisions of law contained in section 92 Criminal Procedure Code, 1973. Or under section 5(2) of Indian Telegraph Act 1885, read with rule 419(A) Indian Telegraph Amendment rule 2007. The guidelines were also issued in 2016 by Ministry of Ministry of Home Affairs for seeking Call details records (CDRs)

‍

How long is CDR stored with telecom Companies (Data Retention)

Call Data is retained by telecom companies for a period of 6 months. As the data amounts to high storage, almost several Petabytes per year, telecom companies store the call details data for a period of 6 months and archive the rest of it to tapes. 

‍

New Delhi 25Cr jewellery heist 

Recently, an incident took place where a 25-crore jewellery theft was carried out in a jewellery shop in Delhi, It was planned and executed by a man from Chhattisgarh. After committing the crime, the criminal went back to Chhattisgarh. It was a case of a 25Cr heist, and the police started their search & investigation. Police used technology and analysed the mobile numbers which were active at the crime scene. Delhi police used advanced software to analyse data. The police were able to trace the mobile number of thieves or suspects active at the crime scene. They discovered suspected contacts who were active within the range of the crime scene, and it helped in the arrest of the main suspects.  From around 5,000 mobile numbers active around the crime scene, police have used advanced software that analyses huge data, and then police found a number registered outside of Delhi.  The surveillance on the number has revealed that the suspected criminal has moved to the MP from Delhi, then moved further to Bhilai Chattisgarh. Police have successfully arrested the suspected criminal. This incident highlights how technology or call data can assist law enforcement agencies in investigating and finding the real culprits.

‍

Conclusion: 

CDR refers to call detail records retained by telecom companies for a period of 6 months, it can be obtained through lawful procedure and by competent authorities only. CDR can be helpful in cases before the court or law enforcement agencies, to assist the court and law enforcement agencies in ascertaining the facts of the case or to prove or disprove certain things. It is important to reiterated that unauthorized seeking of CDR is not allowed; the intervention of the court or competent authority is required to seek the CDR from the telecom companies. CDRs cannot be unauthorizedly obtained, and there has to be a directive from the court or competent authority to do so.

‍

References:

• https://indianlegalsystem.org/cdr-the-wonder-word/#:~:text=CDR%20is%20admissible%20as%20secondary,the%20Indian%20Evidence%20Act%2C%201872.
• https://timesofindia.indiatimes.com/city/delhi/needle-in-a-haystack-how-cops-scanned-5k-mobile-numbers-to-crack-rs-25cr-heist/articleshow/104055687.cms?from=mdr
• https://www.ndtv.com/delhi-news/just-one-man-planned-executed-rs-25-crore-delhi-heist-another-thief-did-him-in-4436494

‍