#Fact Old image of Hindu Priest with Donald trump at White house goes viral as recent.

Introduction

The Data Security Council of India’s India Cyber Threat Report 2025 calculates that a staggering 702 potential attacks happened per minute on average in the country in 2024.  Recent alleged data breaches on organisations such as Star Health, WazirX, Indian Council of Medical Research (ICMR), BSNL, etc. highlight the vulnerabilities of government organisations, critical industries, businesses, and individuals in managing their digital assets. India is the second most targeted country for cyber attacks globally, which warrants the development and adoption of cybersecurity governance frameworks essential for the structured management of cyber environments. The following global models offer valuable insights and lessons that can help strengthen cybersecurity governance.

Overview of Global Cybersecurity Governance Models 

Cybersecurity governance frameworks provide a structured strategy to mitigate and address cyber threats. Different regions have developed their own governance models for cybersecurity, but they all emphasize risk management, compliance, and cross-sector collaboration for the protection of digital assets. Four such major models are: 

1. NIST CSF 2.0 (U.S.A): The National Institute of Standards and Technology Cyber Security Framework provides a flexible, voluntary, risk-based approach rather than a one-size-fits-all solution to manage cybersecurity risks. It endorses six core functions, which are:  Govern, Identify, Protect, Detect, Respond, and Recover. This is a widely adopted framework used by both public and private sector organizations even outside the U.S.A. 
2. ISO/IEC 27001: This is a globally recognized standard developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a risk-based approach to help organizations of all sizes and types to identify, assess, and mitigate potential cybersecurity threats to Information Security Management Systems (ISMS) and preserve the confidentiality, integrity, and availability of information.  Organizations can seek ISO 27001 certification to demonstrate compliance with laws and regulations.
3. EU NIS2 Directive: The Network and Information Security Directive 2 (NIS2) is an updated EU cybersecurity law that imposes strict obligations on critical services providers in four overarching areas: risk management, corporate accountability, reporting obligations, and business continuity. It is the most comprehensive cybersecurity directive in the EU to date, and non-compliance may attract non-monetary remedies, administrative fines up to at least €10 million or 2% of the global annual revenue (whichever is higher), or even criminal sanctions for top managers. 
4. GDPR: The General Data Protection Regulation (GDPR)of the EU is a comprehensive data privacy law that also has major cybersecurity implications. It mandates that organizations must integrate cybersecurity into their data protection policies and report breaches within 72 hours, and it prescribes a fine of up to €20 million or 4% of global turnover for non-compliance. 

India’s Cybersecurity Governance Landscape 

In light of the growing nature of cyber threats, it is notable that the Indian government has taken comprehensive measures along with efforts by relevant agencies such as the Ministry of Electronics and Information Technology, Reserve Bank of India (RBI), National Payments Corporation (NPCI) and Indian Cyber Crime Coordination Centre (I4C), CERT-In. However, there is still a lack of an overarching cybersecurity governance framework or comprehensive law in this area. Multiple regulatory bodies in India oversee cybersecurity for various sectors. Key mechanisms are: 

1. CERT-In Guidelines: The Indian Computer Emergency Response Team, under the Ministry of Electronics and Information Technology (MeitY), is the nodal agency responsible for cybersecurity incident response, threat intelligence sharing, and capacity building. Organizations are mandated to maintain logs for 180 days and report cyber incidents to CERT-In within six hours of noticing them according to directions under the Information Technology Act, 2000 (IT Act).
2. IT Act & DPDP Act: These Acts, along with their associated rules, lay down the legal framework for the protection of ICT systems in India.  While some sections mandate that “reasonable” cybersecurity standards be followed, specifics are left to the discretion of the organisations. Enforcement frameworks are vague, which leaves sectoral regulators to fill the gaps. 
3. Sectoral regulations: The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), the Department of Telecommunications, the Securities Exchange Board of India (SEBI), National Critical Information Infrastructure Protection Centre (NCIIPC) and other regulatory bodies require that cybersecurity standards be maintained by their regulated entities. 

Lessons for India & Way Forward 

As the world faces unprecedented security and privacy threats to its digital ecosystem, the need for more comprehensive cybersecurity policies, awareness, and capacity building has perhaps never been greater. While cybersecurity practices may vary with the size, nature, and complexity of an organization (hence “reasonableness” informing measures taken), there is a need for a centralized governance framework in India similar to NIST2 to unify sectoral requirements for simplified compliance and improve enforcement. India ranks 10th on the World Cybercrime Index and was found to be "specialising" in scams and mid-tech crimes- those which affect mid-range businesses and individuals the most. To protect them, India needs to strengthen its enforcement mechanisms across more than just the critical sectors. This can be explored by penalizing bigger organizations handling user data susceptible to breaches more stringently, creating an enabling environment for strong cybersecurity practices through incentives for MSMEs, and investing in cybersecurity workforce training and capacity building. Finally,  there is a scope for increased public-private collaboration for real-time cyber intelligence sharing.  Thus, a unified, risk-based national cybersecurity governance framework encompassing the current multi-pronged cybersecurity landscape would give direction to siloed efforts. It would help standardize best practices, streamline compliance, and strengthen overall cybersecurity resilience across all sectors in India.
‍

References

• https://cdn.prod.website-files.com/635e632477408d12d1811a64/676e56ee4cc30a320aecf231_Cloudsek%20Annual%20Threat%20Landscape%20Report%202024%20(1).pdf 
• https://strobes.co/blog/top-data-breaches-in-2024-month-wise/#:~:text=In%20a%20large%2Dscale%20data,emails%2C%20and%20even%20identity%20theft. 
• https://www.google.com/search?q=nist+2.0&oq=nist+&gs_lcrp=EgZjaHJvbWUqBggBEEUYOzIHCAAQABiPAjIGCAEQRRg7MgYIAhBFGDsyCggDEAAYsQMYgAQyBwgEEAAYgAQyBwgFEAAYgAQyBwgGEAAYgAQyBggHEEUYPNIBCDE2MTJqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 
• https://www.iso.org/standard/27001
• https://nis2directive.eu/nis2-requirements/ 
• https://economictimes.indiatimes.com/tech/technology/india-ranks-number-10-in-cybercrime-study-finds/articleshow/109223208.cms?from=mdr 

‍

Executive Summary:

A viral thumbnail and numerous social posts state that the government of India is giving unemployed youth ₹4,500 a month under a program labeled "PM Berojgari Bhatta Yojana." This claim has been shared on multiple online platforms.. It has given many job-seeking individuals hope, however, when we independently researched the claim, there was no verified source of the scheme or government notification.

Claim:

The viral post states: "The Central Government is conducting a scheme called PM Berojgari Bhatta Yojana in which any unemployed youth would be given ₹ 4,500 each month. Eligible candidates can apply online and get benefits." Several videos and posts show suspicious and unverified website links for registration, trying to get the general public to share their personal information.

Fact check:

In the course of our verification, we conducted a research of all government portals that are official, in this case, the Ministry of Labour and Employment, PMO India, MyScheme,  MyGov, and Integrated Government Online Directory, which lists all legitimate Schemes, Programmes, Missions, and Applications run by the Government of India does not posted any scheme related to the PM Berojgari Bhatta Yojana.

‍

‍

Numerous YouTube channels seem to be monetizing false narratives at the expense of sentiment, leading users to misleading websites. The purpose of these scams is typically to either harvest data or market pay-per-click ads that suspend disbelief in outrageous claims.

Our research findings were backed up later by the PIB Fact Check which shared a clarification on social media. stated that: “No such scheme called ‘PM Berojgari Bhatta Yojana’ is in existence. The claim that has gone viral is fake”.

‍

To provide some perspective, in 2021-22, the Rajasthan government launched a state-level program under the Mukhyamantri Udyog Sambal Yojana (MUSY) that provided ₹4,500/month to unemployed women and transgender persons, and ₹4000/month to unemployed males. This was not a Central Government program, and the current viral claim falsely contextualizes past, local initiatives as nationwide policy.

‍

‍

Conclusion:

‍

The claim of a ₹4,500 monthly unemployment benefit under the PM Berojgari Bhatta Yojana is incorrect. The Central Government or any government department has not launched such a scheme. Our claim aligns with PIB Fact Check, which classifies this as a case of misinformation. We encourage everyone to be vigilant and avoid reacting to viral fake news. Verify claims through official sources before sharing or taking action. Let's work together to curb misinformation and protect citizens from false hopes and data fraud.

• Claim: A central policy offers jobless individuals ₹4,500 monthly financial relief
• Claimed On: Social Media
• Fact Check: False and Misleading

‍

Introduction

In 2019 India got its bill on Data protection in the form of the Personal Data Protection Bill 2019. This bill focused on digital rights and duties pertaining to data privacy. However, the bill was scrapped by the Govt in mid-2022, and a new bill was drafted, Successor bill was introduced as the Digital Personal Data Protection Bill, 2022 on 18th November 2022, which was made open for public comments and consultations and now the bill is expected to be tabled at the parliament in the Monsoon session.

What is DPDP, 2022?

Digital Personal Data Protection Bill, is the lasted draft regulation for data privacy in India. The bill has been essentially focused towards data protection by companies and the keep aspect of Puttaswamy judgement of data privacy as a fundamental right has been upheld under the scope of the bill. The bill comes after nearly 150 recommendations which the parliamentary committee made when the PDP, 2019 was scrapped.

The bill highlights the following keen aspects-

• Data Fiduciary- The entity (an individual, company, firm, state, etc.) which decides the purpose and means of processing an individual’s personal data.
• Data Principle- The individual to whom personal data is related.
• Processing- The entire cycle of operations that can be carried out concerning personal data.
• Gender Neutrality- For the first time in India’s legislative history, “her” and “she” have been used to refer to individuals irrespective of gender.
• Right to Erase Data- Data principals will have the right to demand the erasure and correction of data collected by the data fiduciary.
• Cross-border data transfer- The bill allows cross-border data after an assessment of relevant factors by the Central Government.
• Children’s Rights- The bill guarantees the right to digital privacy under the protection of parents/guardians.
• Heavy Penalties- The bill enforces heavy penalties for non-compliance with the provisions, not exceeding Rs 500 crore.

Data Protection Board

The bill lays down provisions for setting up a Data Protection Board. This board will be an independent body acting solely on the factors of data privacy and protection of the data principles and maintaining compliance by data fiduciaries. The board will be headed by a chairperson of essential and relevant qualifications, and members and various other officials shall assist him/her under the board. The board will serve grievance redressal to the data principles and can conduct investigation, inquiry, proceeding, and pass orders equivalent to a Civil court. The proceeding will be undertaken on the principle of natural justice, and the aggrieved can file an appeal to the High Court of appropriate jurisdiction.

Global Comparison

Many countries have data protection laws that regulate the processing of personal data. Some of the notable examples include:

• European Union: The EU’s General Data Protection Regulation (GDPR) is one of the world’s most comprehensive data protection laws. It regulates public and private entities’ processing of personal data and gives individuals a wide range of rights over their personal data.
• United States: The US has several data protection laws that apply to specific sectors or types of data, such as health data (HIPAA) or financial data (Gramm-Leach-Bliley Act). However, there is no comprehensive federal data protection law in the US.
• Japan: Japan’s Personal Information Protection Act (PIPA) regulates the handling of personal data by private entities and gives individuals certain rights over their personal data.
• Australia: Australia’s Privacy Act 1988 regulates the handling of personal data by public and private entities and gives individuals certain rights over their personal data.
• Brazil: Brazil’s General Data Protection Law (LGPD) regulates the processing of personal data by public and private entities and gives individuals certain rights over their personal data. It also imposes heavy fines and penalties on entities that violate the provisions of the law.

Overall, while there are some similarities in data protection laws across countries, there are also significant differences in scope, applicability, and enforcement. It is important for organisations to understand the data protection laws that apply to their operations and take appropriate steps to comply with these laws.

Parliamentary Asscent

The case of violation of the privacy policy by WhatsApp at the Hon’ble Supreme Court resulted in a significant advocacy for Data privacy as a fundamental right, and it was held that, as suggested otherwise in the privacy policy, Whatsapp was sharing its user’s data with Meta. This massive breach of trust could have led to data mismanagement affecting thousands of Indian users. The Hon’ble Supreme Court has taken due consideration of data privacy and its challenges in India and asked the Govt to table the bill in Parliament. The bill will be tabled for discussion in the monsoon session. The Supreme Court has set up a constitutional bench to check the bill’s scope, extent and applications and provide its judicial oversight.  The constitution bench of Justices KM Joseph, Ajay Rastogi, Aniruddha Bose, Hrishikesh Roy and CT Ravikumar has fixed the matter for hearing in August in order to enforce the potential changes and amendments in the act post the parliamentary discussion.

Conclusion

India is the world’s largest democracy, so the crucial aspects of passing laws and amendments have always been followed by the government and kept under check by the judiciary. The discussion over bills is a crucial part of the democratic process, and bills as important as Digital Personal Data Protection need to be discussed and analysed thoroughly in both houses of Parliament to ensure the govt passes a sustainable and efficient law.