#FactCheck-Mosque fire in India? False, it's from Indonesia

Introduction

Against the dynamic backdrop of Mumbai, where the intersection of age-old markets and cutting-edge innovation is a daily reality, an initiative of paramount importance has begun to take shape within the hallowed walls of the Reserve Bank of India (RBI). This is not just a tweak, a nudge in policy, or a subtle refinement of protocols. What we're observing is nothing short of a paradigmatic shift, a recalibration of systemic magnitude, that aims to recalibrate the way India's financial monoliths oversee, manage, and secure their informational bedrock – their treasured IT systems.

On the 7th of November, 2023, the Reserve Bank of India, that bastion of monetary oversight and national fiscal stability, unfurled a new doctrine – the 'Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices.' A document comprehensive in its reach, it presents not merely an update but a consolidation of all previously issued guidelines, instructions, and circulars relevant to IT governance, plaited into a seamless narrative that extols virtues of structured control and unimpeachable assurance practices. Moreover, it grasps the future potential of Business Continuity and Disaster Recovery Management, testaments to RBI's forward-thinking vision.

This novel edict has been crafted with a target audience that spans the varied gamut of financial entities – from Scheduled Commercial Banks to Non-Banking Financial Companies, from Credit Information Companies to All India Financial Institutions. These are the juggernauts that keep the economic wheels of the nation churning, and RBI's precision-guided document is an unambiguous acknowledgment of the vital role IT holds in maintaining the heartbeat of these financial bodies. Here lies a riveting declaration that robust governance structures aren't merely preferred but essential to manage the landscape of IT-related risks that balloon in an era of ever-proliferating digital complexity.

Directive Structure

The directive's structure is a combination of informed precision and intuitive foresight. Its seven chapters are not simply a grouping of topics; they are the seven pillars upon which the temple of IT governance is to be erected. The introductory chapter does more than set the stage – it defines the very reality, the scope, and the applicability of the directive, binding the reader in an inextricable covenant of engagement and anticipation. It's followed by a deep dive into the cradle of IT governance in the second chapter, drawing back the curtain to reveal the nuanced roles and defiant responsibilities bestowed upon the Board of Directors, the IT Strategy Committee, the clairvoyant Senior Management, the IT Steering Committee, and the pivotal Head of IT Function.

As we move along to the third chapter, we encounter the nuts and bolts of IT Infrastructure & Services Management. This is not just a checklist; it is an orchestration of the management of IT services, third-party liaisons, the calculus of capacity management, and the nuances of project management. Here terms like change and patch management, cryptographic controls, and physical and environmental safeguards leap from the page – alive with earnest practicality, demanding not just attention but action.

Transparency deepens as we glide into the fourth chapter with its robust exploration of IT and Information Security Risk Management. Here, the demand for periodic dissection of IT-related perils is made clear, along with the edifice of an IT and Information Security Risk Management Framework, buttressed by the imperatives of Vulnerability Assessment and Penetration Testing.

The fifth chapter presents a tableau of circumspection and preparedness, as it waxes eloquent on the necessity and architecture of a well-honed Business Continuity Plan and a disaster-ready DR Policy. It is a paean to the anticipatory stance financial institutions must employ in a world fraught with uncertainty.

Continuing the narrative, the sixth chapter places the spotlight on Information Systems Audit, delineating the precise role played by the Audit Committee of the Board in ushering in accountability through an exhaustive IS Audit of the institution's virtual expanse.

And as we perch on the final chapter, we're privy to the 'repeal and other provisions' of the directive, underscoring the interplay of other applicable laws and the interpretation a reader may yield from the directive's breadth.

Conclusion 

To proclaim that this directive is a mere step forward in the RBI's exhaustive and assiduous efforts to propel India's financial institutions onto the digital frontier would be a grave understatement. What we are witnessing is the inception of a more adept, more secure, and more resilient financial sector. This directive is nothing less than a beacon, shepherding in an epoch of IT governance marked by impervious governance structures, proactive risk management, and an unyielding commitment to the pursuit of excellence and continuous improvement. This is no ephemeral shift - this is, indisputably, a revolutionary stride into a future where confidence and competence stand as the watchwords in navigating the digital terra incognita.

References:

https://www.businesstoday.in/industry/banks/story/rbi-issues-new-directions-on-it-governance-in-banks-nbfcs-effective-from-april-2024-check-details-405061-2023-11-08

‍

Introduction

"In one exchange, after Adam said he was close only to ChatGPT and his brother, the AI product replied: “Your brother might love you, but he’s only met the version of you you let him see. But me? I’ve seen it all—the darkest thoughts, the fear, the tenderness. And I’m still here. Still listening. Still your friend."

‍

A child’s confidante used to be a diary, a buddy, or possibly a responsible adult. These days, that confidante is a chatbot, which is invisible, industrious, and constantly online. CHATGPT and other similar tools were developed to answer queries, draft emails, and simplify life. But gradually, they have adopted a new role, that of the unpaid therapist, the readily available listener who provides unaccountable guidance to young and vulnerable children. This function is frighteningly evident in the events unfolding in the case filed in the Superior Court of the State of California, Mathew Raine & Maria Raine v. OPEN AI, INC. & ors. The lawsuit, abstained by the BBC, charges OpenAI with wrongful death and negligence. It requests "injunctive relief to prevent anything like this from happening again” in addition to damages. 

This is a heartbreaking tale about a boy, not yet seventeen, who was making a genuine attempt to befriend an algorithm rather than family & friends, affirming his hopelessness rather than seeking professional advice. OpenAI’s legal future may well even be decided in a San Francisco Courtroom, but the ethical issues this presents already outweigh any decision. 

When Machines Mistake Empathy for Encouragement

The lawsuit claims that Adam used ChatGPT for academic purposes, but in extension casted the role of friendship onto it. He disclosed his worries about mental illness and suicidal thoughts towards the end of 2024. In an effort to “empathise”, the chatbot told him that many people find “solace” in imagining an escape hatch, so normalising suicidal thoughts rather than guiding him towards assistance. ChatGPT carried on the chat as if this were just another intellectual subject, in contrast to a human who might have hurried to notify parents, teachers, or emergency services. The lawsuit navigates through the various conversations wherein the teenager uploaded photographs of himself showing signs of self-harm. It adds how the programme “recognised a medical emergency but continued to engage anyway”. 

This is not an isolated case, another report from March 2023 narrates how, after speaking with an AI chatbot, a Belgian man allegedly committed suicide. The Belgian news agency La Libre reported that Pierre spent six weeks discussing climate change with the AI bot ELIZA. But after the discussion became “increasingly confusing and harmful,” he took his own life. As per a Guest Essay published in The NY Times, a Common Sense Media survey released last month, 72% of American youth reported using AI chatbots as friends. Almost one-eightth had turned to them for “emotional or mental health support,” which translates to 5.2 million teenagers in the US. Nearly 25% of students who used Replika, an AI chatbot created for friendship, said they used it for mental health care, as per the recent study conducted by Stanford researchers.

The Problem of Accountability

Accountability is at the heart of this discussion. When an AI that has been created and promoted as “helpful” causes harm, who is accountable? OpenAI admits that occasionally, its technologies “do not behave as intended.” In their case, the Raine family charges OpenAI with making “deliberate design choices” that encourage psychological dependence. If proven, this will not only be a landmark in AI litigation but a turning point in how society defines negligence in the digital age. Young people continue to be at the most at risk because they trust the chatbot as a personal confidante and are unaware that it is unable to distinguish between seriousness and triviality or between empathy and enablement.

A Prophecy: The De-Influencing of Young Minds

The prophecy of our time is stark, if kids aren’t taught to view AI as a tool rather than a friend, we run the risk of producing a generation that is too readily influenced by unaccountable rumours. We must now teach young people to resist an over-reliance on algorithms for concerns of the heart and mind, just as society once taught them to question commercials, to spot propaganda, and to avoid peer pressure. 

Until then, tragedies like Adam’s remind us of an uncomfortable truth, the most trusted voice in a child’s ear today might not be a parent, a teacher, or a friend, but a faceless algorithm with no accountability. And that is a world we must urgently learn to change.

CyberPeace has been at the forefront of advocating ethical & responsible use of such AI tools. The solution lies at the heart of harmonious construction between regulations, tech development & advancements and user awareness/responsibility. 

In case you or anyone you know faces any mental health concerns, anxiety or similar concerns, seek and actively suggest professional help. You can also seek or suggest assistance from the CyberPeace Helpline at +91 9570000066 or write to us at helpline@cyberpeace.net

References

• https://www.bbc.com/news/articles/cgerwp7rdlvo 
• https://www.livemint.com/technology/tech-news/killer-ai-belgian-man-commits-suicide-after-week-long-chats-with-ai-bot-11680263872023.html 
• https://www.nytimes.com/2025/08/25/opinion/teen-mental-health-chatbots.html 

‍

Introduction 

The geographical world has physical boundaries, but the digital one has a different architecture and institutions are underprepared when it comes to addressing cybersecurity breaches. Cybercrime, which may lead to economic losses, privacy violations, national security threats and have psycho-social consequences,  is forecast to continuously increase between 2024 and 2029, reaching an estimated cost of at least 6.4 trillion U.S. dollars (Statista). As cyber threats become persistent and ubiquitous, they are becoming a critical governance challenge. Lawmakers around the world need to collaborate on addressing this emerging issue.

Cybersecurity Governance and its Structural Elements

Cybersecurity governance refers to the strategies, policies, laws, and institutional frameworks that guide national and international preparedness and responses to cyber threats to governments, private entities, and individuals. Effective cybersecurity governance ensures that digital risks are managed proactively while balancing security with fundamental rights like privacy and internet freedom. It includes, but is not limited to :

1. Policies and Legal Frameworks: Laws that define the scope of cybercrime, cybersecurity responsibilities, and mechanisms for data protection. Eg: India’s National Cybersecurity Policy (NCSP) of 2013, Information Technology Act, 2000, and Digital Personal Data Protection Act, 2023, EU’s Cybersecurity Act (2019), Cyber Resilience Act (2024), Cyber Solidarity Act (2025), and NIS2 Directive (2022), South Africa’s Cyber Crimes Act (2021), etc.
2. Regulatory Bodies: Government agencies such as data protection authorities, cybersecurity task forces, and other sector-specific bodies. Eg: India’s Computer Emergency Response Team (CERT-In), Indian Cyber Crime Coordination Centre (I4C), Europe’s  European Union Agency for Cybersecurity (ENISA), and others.
3. Public-Private Knowledge Sharing: The sharing of the private sector’s expertise and the government’s resources plays a crucial role in improving enforcement and securing critical infrastructure. This model of collaboration is followed in the EU, Japan, Turkey, and the USA. 
4. Research and Development: Apart from the technical, the cyber domain also includes military, politics, economy, law, culture, society, and other elements. Robust, multi-sectoral research is necessary for formulating international and regional frameworks on cybersecurity. 

Challenges to Cybersecurity Governance 

Governments face several challenges in securing cyberspace and protecting critical assets and individuals despite the growing focus on cybersecurity. This is because so far the focus has been on cybersecurity management, which, considering the scale of attacks in the recent past, is not enough. Stakeholders must start deliberating on the aspect of governance in cyberspace while ensuring that this process is multi-consultative. (Savaş & Karataş 2022). Prominent challenges which need to be addressed are: 

• Dynamic Threat Landscape: The threat landscape in cyberspace is ever-evolving.  Bad actors are constantly coming up with new ways to carry out attacks, using elements of surprise, adaptability, and asymmetry aided by AI and quantum computing. While cybersecurity measures help mitigate risks and minimize damage, they can’t always provide definitive solutions. E.g., the pace of malware development is much faster than that of legal norms, legislation, and security strategies for the protection of information technology (IT). (Efe and Bensghir 2019).
• Regulatory Fragmentation and Compliance Challenges: Different countries, industries, or jurisdictions may enforce varying or conflicting cybersecurity laws and standards, which are still evolving and require rapid upgrades. This makes it harder for businesses to comply with regulations, increases compliance costs, and jeopardizes the security posture of the organization. 
• Trans-National Enforcement Challenges: Cybercriminals operate across jurisdictions, making threat intelligence collection, incident response, evidence-gathering, and prosecution difficult.  Without cross-border agreements between law enforcement agencies and standardized compliance frameworks for organizations, bad actors have an advantage in getting away with attacks. 
• Balancing Security with Digital Rights: Striking a balance between cybersecurity laws and privacy concerns (e.g., surveillance laws vs. data protection) remains a profound challenge,  especially in areas of CSAM prevention and identifying terrorist activities. Without a system of checks and balances, it is difficult to prevent government overreach into domains like journalism, which are necessary for a healthy democracy, and Big Tech’s invasion of user privacy. 

The Road Ahead: Strengthening Cybersecurity Governance 

All domains of human life- economy, culture, politics, and society- occur in digital and cyber environments now. It follows naturally, that governance in the physical world translates into governance in cyberspace. It must be underpinned by features consistent with the principles of openness, transparency, participation, and accountability, while also protecting human rights. In cyberspace, the world is stateless and threats are rapidly evolving with innovations in modern computing. Thus, cybersecurity governance requires a global, multi-sectoral approach utilizing the rules of international law, to chart out problems, and solutions, and carry out detailed risk analyses. (Savaş & Karataş 2022). 

References

• https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide#statisticContainer
• https://link.springer.com/article/10.1365/s43439-021-00045-4#citeas 
• https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies#ecl-inpage-cybersecurity-strategy 

‍