#FactCheck: Viral Video Claiming IAF Air Chief Marshal Acknowledged Loss of Jets Found Manipulated

Introduction

The Indian Computer Emergency Response Team, CERT-In, is the national statutory agency that responds to Cybersecurity Incidents under the Ministry of Electronics and Information Technology (MeitY) of the Government of India. CERT-In and Information Sharing and Analysis Center (ISAC) have joined hands to develop a focused pool of Cybersecurity Leaders through the National Cyber Security Scholar Program (NCSSP). This National Cyber Security Scholar Program is to create a pool of credible and ethical cybersecurity leaders in the country who prioritise national cyber security in their professional endeavours. This program allows both organisations to jointly issue joint certifications for Cohort 6 of the National Cyber Security Scholar Program (NCSSP). This certification is provided to cybersecurity professionals who complete one of the world’s leading cybersecurity management programs.

About the Program

The National Cybersecurity Scholar (NCSS) is a comprehensive 18-week, 160-hour Instructor-led program for emerging cybersecurity leaders. The ISAC will conduct the program with CERT-IN and KDEM as knowledge partners. This Cyber Security Scholar program aims to provide an extraordinary opportunity, for scholars, to gain hands-on experience in real-world scenarios through activities such as war games. It will allow scholars to acquaint themselves with roles such as that of stakeholders,  including attackers, Security Operations Centre (SOC) teams, Forensicators, Chief Information Security Officers (CISOs), and CEOs, and engage in tabletop exercises that simulate a cyber crisis. This program would allow scholars to understand how responses to cyber crises impact the financial performance of an organisation, including, stock prices and sales.  It offers a treasure trove of insights into the economic impact of cybersecurity decisions and the importance of proactive risk management. 

The program invites applications from various scholars including Mid to senior-level leaders, diplomats and diplomatic corps officers, mid to senior-level government officials involved in homeland and cybersecurity operations, experienced executives from Managed Security Services Providers (MSSPs), faculty members who specialise in new and emerging technologies, cybersecurity professionals in CII sectors and post-doctoral or research scholars in cybersecurity. 

CyberPeace Outlook

The National Cyber Security Scholar Program subsumes several key dimensions working towards building a resilient cybersecurity ecosystem for India.

1. The program focuses on skill development and enhancing scholars’ knowledge in domains of network security, ethical hacking, cyber forensics, incident response, malware analysis, and threat intelligence. 
2. The partnership between CERT-In and ISAC, government and Industry entities, ensures that scholars are exposed to different policy-level frameworks and technical expertise, offering a unique blend of perspectives that cater to the country's national security goals and industry best practices.
3. The scholar program encourages the development of new methodologies, tools, and frameworks that could be instrumental in tackling future cyber challenges and advancing India's position as a global leader in cybersecurity research and development. Research and innovation in cybersecurity are critical to the program.
4. It plays a significant role in providing opportunities for career development by further providing networking platforms with professionals, researchers, and thought leaders in the cybersecurity field, giving them exposure to internships, job placements, and further academic pursuits.

This program aims to support upskilling India’s broader cyber defence strategy through the creation of highly skilled professionals. The scholars are expected to contribute actively to national cybersecurity efforts, whether through roles in government, private sector, or academia, helping to create a more secure and resilient cyberspace. The National Cyber Security Scholar Program is a major advancement in strengthening cybersecurity resilience in India. In a digital world where cyber threats crossing boundaries, such programs are essential for maintaining our national security and economic stability.

References

• https://theprint.in/ani-press-releases/cert-in-and-isac-collaborate-to-develop-focussed-pool-of-cybersecurity-leaders-through-the-national-cyber-security-scholar-program-ncssp/2318021/ 
• https://isacfoundation.org/national-cyber-security-scholar/
• https://cyberversefoundation.org/national-cyber-security-scholar/ 

‍

Introduction

In today's digital economy, data is not only a business asset but also the fuel for innovation, decision-making, and consumer trust. However, the digitisation of services has made personal or sensitive data a top target for cybercriminals. The stakes are high: a data breach can cost millions of fines, cause damage to reputation and devastate the confidence of consumers. Therefore, regulatory compliance and data protection have become a strategic imperative.

From the General Data Protection Regulation (GDPR) in the EU to the Digital Personal Data Protection (DPDP) Act of India, various sector-specific regulations like HIPAA for healthcare in the US, companies are now subject to a web of data protection and compliance laws. The challenge is to balance compliance efforts with strong security, a balance that demands both policy restraint and technical resilience. This blog examines pivotal pillars, shifting trends and actionable best practices for dominating data protection and compliance in 2025 and beyond.

Why Data Protection and Compliance Matter More Than Ever

Data protection isn't just about keeping fines at bay, it's about preserving the relationship with customers, partners and regulators. A 2024 IBM report says the average data-breach cost has now exceeded USD 4.5 million, with regulatory fines constituting a large portion of the cost. In addition to economics, breaches tend to result in intellectual property loss, customer loss and long-term brand attenuation. Compliance ensures organisations remain within certain legislative necessities for collecting, holding, transferring and setting of personal and sensitive information. Failure to conformity can lead to serious penalties: under GDPR, fines could be up to 4% of the company's annual turnover or €20 million, whichever is higher. In regulated sectors like banking and healthcare, compliance breaches can also lead to the suspension of licenses.

Important Regulatory Frameworks Informing 2025

‍

1. GDPR and Its Global Ripple Effect

GDPR was enacted in 2018 and continues to have a ripple effect on privacy legislation worldwide. Its tenets of lawfulness, transparency, data minimisation and purpose limitation have been replicated in many jurisdictions such as Brazil's LGPD and South Korea's PIPA.

2. India's DPDP Act

The DPDP Act, 2023, gives high importance to consent-based processing of data, transparent notice rules and fiduciary responsibilities for data. With a penalty for default of up to INR 250 crore, it's amongst the most impactful laws for digital personal data protection.

3. Sectoral Regulations

• HIPAA for healthcare information in the US.
• PCI DSS for payment card security.
• DORA (Digital Operational Resilience Act) in the EU for financial organisations.
• These industry-specific models generate overlapping compliance responsibilities, making cross-enterprise compliance programs vital.

Key Pillars of a Sound Data Protection & Compliance Program

‍

1. Data Governance and Classification

Having insight into what data you have to store, where it is stored and who can have access to it is the keystone of compliance. Organisations need to have data classification policies in place to group information based on sensitivity and impose more rigorous controls on sensitive data.

2. Security Controls and Privacy by Design

Strong technical defences, encryption, multi-factor authentication, and intrusion detection are the initial defences. Privacy by design integrated in product development guarantees compliance is thought through from the initial stage, not added on afterwards.

3. Consent and Transparency

Contemporary data legislation highlights informed consent. This entails simple, non-technical privacy notices, detailed opt-in choices, and straightforward withdrawal options. Transparency produces trust and lessens legal danger.

4. Incident Response and Breach Notification

Most laws demand timely breach notifications, and GDPR insists on reporting within 72 hours. Having a documented incident response plan maintains legal deadlines and reduces harm.

5. Employee Training and Awareness

Human mistake is the top source of data breaches. Ongoing training in prevention of phishing, password management, basic cyber hygiene and compliance requirements is crucial.

Upcoming Trends in 2025

1.  AI-Powered Compliance Monitoring

Organisations are embracing AI-powered solutions to systematically monitor data flows, identify policy breaches and auto-create compliance reports. The solutions assist in closing the loop between IT security teams and compliance officers.

2. Cross-Border Data Transfer Mechanisms

With increasingly severe regulations, companies are spending more on secure cross-border data transfer frameworks like Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs).

3. Privacy-Enhancing Technologies (PETs)

Methods such as homomorphic encryption and differential privacy are picking up steam, enabling organisations to sift through datasets without revealing sensitive personal data.

4. ESG and Data Ethics

Data handling is increasingly becoming a part of Environmental, Social and Governance (ESG) reporting. Ethical utilisation of customer data, not just compliance, has become a reputational differentiator.

Challenges in Implementation

Despite having transparent frameworks, data protection plans encounter challenges like jurisdictions having competing needs, and global compliance is becoming expensive. The emerging technologies, such as generative AI, often bring privacy threats that haven’t been fully covered by legislation. Small and micro enterprises have neither the budget nor the skills to implement enterprise-level compliance programs. Qualifying these challenges often needs a risk-based strategy, allocations of resources to top areas of impact and automating the compliance chores wherever possible.

Best Practices for 2025 and Beyond

In 2025, regulatory compliance and data protection are no longer a precaution or a response to a breach but are strategic drivers of resilience and trust. As regulatory analysis rises, cyber threats evolve, and consumer expectations grow, administrations need to integrate compliance into the very fabric of their actions. By bringing governance and technology together, organisations can break free from a "checklist" mentality and instead adopt a proactive and risk-sensitive approach. Eventually, data protection is not just about not getting in trouble; it's about developing a kind that succeeds in the digital era.

References

1. GDPR – Official EU Regulation Page: https://gdpr.eu 
2. India’s DPDP Act Overview – MeitY: https://www.meity.gov.in/data-protection-framework 
3. HIPAA – US Department of Health & Human Services: https://www.hhs.gov/hipaa 
4. PCI DSS Standards: https://www.pcisecuritystandards.org 
5. IBM Cost of a Data Breach Report 2024: https://www.ibm.com/reports/data-breach 
6. OECD – Privacy Guidelines: https://www.oecd.org/sti/privacy-guidelines 

‍

Introduction

‍

The courts in India have repeatedly emphasised the importance of “enhanced customer protection” and “limited liability” on their part. The rationale behind such imperatives is to extend security against exploitation by institutions that are equipped with all the means to manipulate customers. India, with its looming financial literacy gaps that have to be addressed, needs to curb any manipulation on the part of banking institutions. Various studies have highlighted this gap in recent times; for example, according to the National Centre for Financial Education, only 27% of Indian people are financially literate, which is much less than the 42% global average. With only 19% of millennials exhibiting sufficient financial awareness yet expressing high trust in their financial skills, the issue is very worrisome. Thus, the increasing number of financial frauds intensifies the issue. 

Zero Liability in Cyber Frauds: Regulatory Safeguards for Digital Banking Customers

‍

In light of the growing emphasis on financial inclusion and consumer protection, and in response to the recent rise in complaints regarding unauthorised debits from customer accounts and cards, the framework for assessing customer liability in such cases has been re-evaluated. The RBI’s circular dated July 6, 2017 titled “Customer Protection-Limited Liability of Customers in Unauthorised Electronic Banking Transactions”  serves as the foundation for regulatory protections for Indian customers of digital banking. A clear and organised framework for determining customer accountability is outlined in the circular, which acknowledges the exponential increase in electronic transactions and related scams. It assigns proportional obligations for unauthorised transactions resulting from system-level breaches, client carelessness, and bank contributory negligence. Most importantly it establishes the zero responsibility concept, which protects clients from monetary losses in cases when the bank or another system component is at fault and the client promptly reports the breach. 

This directive’s sophisticated approach to consumer protection is what makes it unique. It requires banks to set up strong fraud prevention systems, proactive alerting systems, and round-the-clock reporting systems. Furthermore, it significantly alters the power dynamics between financial institutions and customers by placing the onus of demonstrating customer negligence completely on the bank. The circular emphasises prompt reversal of funds to impacted customers and requires banks to implement Board-approved policies on liability to redress. As a result, it is a consumer rights charter rather than just a compliance document, promoting confidence and financial accountability in India’s digital banking sector. 

Judicial Endorsement in Reinforcing the Zero Liability Principle

‍

 In the case of Suresh Chandra Negi & Anr. v. Bank of Baroda & Ors. (Writ (C) No. 24192 of 2022) The Allahabad High Court reaffirmed that the burden of proving consumer accountability rests firmly on the banking institution, hence reaffirming the zero liability concept in circumstances of unapproved electronic banking transactions. The Division bench emphasised the regulatory requirement that banks provide adequate proof before assigning blame to customers, citing Clause 12 of the RBI’s circular dated June 6, 2017, Customer Protection—Limited Liability of Customers in Unauthorised Electronic Banking Transactions. In a similar scenario, the Bombay HC held that a customer is entitled to zero liability when an authorized transaction occurs due to a third-party breach, where the deficiency lies neither with the bank nor the customer, provided the fraud is promptly reported. 

The zero liability principle, as envisaged under Clause 8 of the RBI circular, has emerged as a cornerstone of consumer protection in India’s digital banking ecosystem.  

Another landmark judgment that has given this principle the front stage in addressing banking frauds is Hare Ram Singh vs RBI &Ors. (W.P. (C) 13497/2022) laid down by Delhi HC which is an important legal turning point in the development of the zero liability principle under the RBI’s 2017 framework. The court reiterated the need to evaluate customer diligence in light of new fraud tactics like phishing and vishing by holding the State Bank of India (SBI) liable for a cyber fraud incident even though the transactions were authenticated by OTP. The ruling made it clear that when complex social engineering or technical manipulation is used, banks are nonetheless accountable even if they only rely on OTP validation. The legal protection provided to victims of unauthorised electronic banking transactions is strengthened by the court’s emphasis on the bank having the burden of evidence in accordance with RBI standards. 

Importantly, this ruling lays the full burden of securing digital banking systems on financial organisations and supports the judiciary’s increasing acknowledgement of the digital asymmetry between banks and consumers. It emphasises that prompt consumer reporting, banks’ failure to disclose important credentials, and their own operational errors must all be taken into consideration when determining culpability. As a result, this decision establishes a strong precedent that will increase consumer confidence, promote systemic advancements in digital risk management, and better integrate the zero liability standard into Indian digital banking law. In a time when cyber vulnerabilities are growing, it acts as a beacon for financial accountability. 

Conclusion

‍

The Zero Liability Principle serves as a vital safety net for customers navigating an increasingly intricate and precarious financial environment in a time when digital transactions are the foundation of contemporary banking. In addition to codifying strong safeguards against unauthorized electronic transactions, the RBI’s 2017 framework rebalanced  the fiduciary relationship by putting financial institutions squarely in charge. Through significant rulings, the courts have upheld this protective culture and emphasised that banks, not the victims of cybercrime, bear the burden of proof. 

It would be crucial to execute these principles consistently, review them frequently, and raise public awareness as India transitions to a more digital economy. In order to ensure that consumers are not only protected but also empowered must become more than just a policy on paper. 

‍

References

• https://www.business-standard.com/content/specials/making-money-vs-managing-money-india-s-critical-financial-literacy-gap-125021900786_1.html 
• https://www.livelaw.in/high-court/allahabad-high-court/allahabad-high-court-ruling-bank-liability-unauthorized-electronic-transaction-and-customer-fault-297962 
• https://www.mondaq.com/india/white-collar-crime-anti-corruption-fraud/1635616/cyber-law-series-2-issue-10-the-zero-liability-principle-in-cyber-fraud-hare-ram-singh-v-reserve-bank-of-india-ors-case 

‍