Trust as the Missing Link in Cybersecurity Governance

Introduction

In a world where Artificial Intelligence (AI) is already changing the creation and consumption of content at a breathtaking pace, distinguishing between genuine media and false or doctored content is a serious issue of international concern. AI-generated content in the form of deepfakes, synthetic text and photorealistic images is being used to disseminate misinformation, shape public opinion and commit fraud. As a response, governments, tech companies and regulatory bodies are exploring ‘watermarking’ as a key mechanism to promote transparency and accountability in AI-generated media. Watermarking embeds identifiable information into content to indicate its artificial origin. 

Government Strategies Worldwide

Governments worldwide have pursued different strategies to address AI-generated media through watermarking standards. In the US, President Biden's 2023 Executive Order on AI directed the Department of Commerce and the National Institute of Standards and Technology (NIST) to establish clear guidelines for digital watermarking of AI-generated content. This action puts a big responsibility on large technology firms to put identifiers in media produced by generative models. These identifiers should help fight misinformation and address digital trust.

The European Union, in its Artificial Intelligence Act of 2024, requires AI-generated content to be labelled. Article 50 of the Act specifically demands that developers indicate whenever users engage with synthetic content. In addition, the EU is a proponent of the Coalition for Content Provenance and Authenticity (C2PA), an organisation that produces secure metadata standards to track the origin and changes of digital content.

India is currently in the process of developing policy frameworks to address AI and synthetic content, guided by judicial decisions that are helping shape the approach. In 2024, the Delhi High Court directed the central government to appoint members for a committee responsible for regulating deepfakes. Such moves indicate the government's willingness to regulate AI-generated content. 

China, has already implemented mandatory watermarking on all deep synthesis content. Digital identifiers must be embedded in AI media by service providers, and China is one of the first countries to adopt stern watermarking legislation.

Understanding the Technical Feasibility

Watermarking AI media means inserting recognisable markers into digital material. They can be perceptible, such as logos or overlays or imperceptible, such as cryptographic tags or metadata. Sophisticated methods such as Google's SynthID apply imperceptible pixel-level changes that remain intact against standard image manipulation such as resizing or compression. Likewise, C2PA metadata standards enable the user to track the source and provenance of an item of content.

Nonetheless, watermarking is not an infallible process. Most watermarking methods are susceptible to tampering. Aforementioned adversaries with expertise, for instance, can use cropping editing or AI software to delete visible watermarks or remove metadata. Further, the absence of interoperability between different watermarking systems and platforms hampers their effectiveness. Scalability is also an issue enacting and authenticating watermarks for billions of units of online content necessitates huge computational efforts and routine policy enforcement across platforms. Scientists are currently working on solutions such as blockchain-based content authentication and zero-knowledge watermarking, which maintain authenticity without sacrificing privacy. These new techniques have potential for overcoming technical deficiencies and making watermarking more secure.

Challenges in Enforcement

Though increasing agreement exists for watermarking, implementation of such policies is still a major issue. Jurisdictional constraints prevent enforceability globally. A watermarking policy within one nation might not extend to content created or stored in another, particularly across decentralised or anonymous domains. This creates an exigency for international coordination and the development of worldwide digital trust standards. While it is a welcome step that platforms like Meta, YouTube, and TikTok have begun flagging AI-generated content, there remains a pressing need for a standardised policy that ensures consistency and accountability across all platforms. Voluntary compliance alone is insufficient without clear global mandates.

User literacy is also a significant hurdle. Even when content is properly watermarked, users might not see or comprehend its meaning. This aligns with issues of dealing with misinformation, wherein it's not sufficient just to mark off fake content, users need to be taught how to think critically about the information they're using. Public education campaigns, digital media literacy and embedding watermarking labels within user-friendly UI elements are necessary to ensure this technology is actually effective.

Balancing Privacy and Transparency

While watermarking serves to achieve digital transparency, it also presents privacy issues. In certain instances, watermarking might necessitate the embedding of metadata that will disclose the source or identity of the content producer. This threatens journalists, whistleblowers, activists, and artists utilising AI tools for creative or informative reasons. Governments have a responsibility to ensure that watermarking norms do not violate freedom of expression or facilitate surveillance. The solution is to achieve a balance by employing privacy-protection watermarking strategies that verify the origin of the content without revealing personally identifiable data. "Zero-knowledge proofs" in cryptography may assist in creating watermarking systems that guarantee authentication without undermining user anonymity.

On the transparency side, watermarking can be an effective antidote to misinformation and manipulation. For example, during the COVID-19 crisis, misinformation spread by AI on vaccines, treatments and public health interventions caused widespread impact on public behaviour and policy uptake. Watermarked content would have helped distinguish between authentic sources and manipulated media and protected public health efforts accordingly.

Best Practices and Emerging Solutions

Several programs and frameworks are at the forefront of watermarking norms. Adobe, Microsoft and others' collaborative C2PA framework puts tamper-proof metadata into images and videos, enabling complete traceability of content origin. SynthID from Google is already implemented on its Imagen text-to-image model and secretly watermarks images generated by AI without any susceptibility to tampering. The Partnership on AI (PAI) is also taking a leadership role by building out ethical standards for synthetic content, including standards around provenance and watermarking. These frameworks become guides for governments seeking to introduce equitable, effective policies. In addition, India's new legal mechanisms on misinformation and deepfake regulation present a timely point to integrate watermarking standards consistent with global practices while safeguarding civil liberties.

Conclusion

Watermarking regulations for synthetic media content are an essential step toward creating a safer and more credible digital world. As artificial media becomes increasingly indistinguishable from authentic content, the demand for transparency, origin, and responsibility increases. Governments, platforms, and civil society organisations will have to collaborate to deploy watermarking mechanisms that are technically feasible, compliant and privacy-friendly. India is especially at a turning point, with courts calling for action and regulatory agencies starting to take on the challenge. Empowering themselves with global lessons, applying best-in-class watermarking platforms and promoting public awareness can enable the nation to acquire a level of resilience against digital deception. 

References

1. https://artificialintelligenceact.eu/
2. https://www.cyberpeace.org/resources/blogs/delhi-high-court-directs-centre-to-nominate-members-for-deepfake-committee
3.  https://c2pa.org
4. https://www.cyberpeace.org/resources/blogs/misinformations-impact-on-public-health-policy-decisions
5.  https://deepmind.google/technologies/synthid/
6. https://www.imatag.com/blog/china-regulates-ai-generated-content-towards-a-new-global-standard-for-transparency

‍

On 6 June 2025, the EU Council officially adopted the revised Cybersecurity Blueprint, marking a significant evolution from the 2017 guidance. This framework, formalised through Council Recommendation COM(2025) 66 final, responds to a transformed threat environment and reflects new legal milestones like the NIS2 Directive (Network and Information Security Directive) and the Cyber Solidarity Act.

From Fragmented Response to Cohesive Strategy

‍

Between 2017 and now, EU member states have built various systems to manage cyber incidents. Still, real-world events and exercises highlighted critical gaps - uncoordinated escalation procedures, inconsistent terminology, and siloed information flows. The updated Blueprint addresses these issues by focusing on a harmonised operational architecture for the EU. It defines a clear crisis lifecycle with five stages: Detection, Analysis, Escalation, Response, and Recovery. Each stage is supported by common communication protocols, decision-making processes, and defined roles. Consistency is key; standardised terminology along with a broad scope of application that eases cross-border collaboration and empowers coherent response efforts.

Legal Foundations: NIS2, ENISA & EU‑CyCLONe

‍

Several core pillars of EU cybersecurity directly underpin the Blueprint:

• ENISA – The European Union Agency for Cybersecurity continues to play a central role. It supports CSIRTs' Network operations, leads EU‑CyCLONe ( European cyber crisis liaison organisation network) coordination, conducts simulation exercises, and gives training on incident management
• NIS2 Directive, particularly Article 16, is a follow-up of NIS. NIS2 mandates operators of critical infrastructure and essential services to implement appropriate security measures and report incidents to the relevant authorities. Compared to NIS, NIS2 expands its EU-wide security requirements and scope of covered organisations and sectors to improve the security of supply chains, simplify reporting obligations, and enforce more stringent measures and sanctions throughout Europe. It also formally legitimises the EU‑CyCLONe network, which is the crisis liaison mechanism bridging technical teams from member states.

‍

These modern tools, integrated with legal backing, ensure the Blueprint isn’t just theoretical; it’s operationally enforceable.

‍

What’s Inside the Blueprint?

‍

The 2025 Blueprint enhances several critical areas:

‍

1. Clear Escalation Triggers - It spells out when a national cyber incident merits EU-level attention, especially those affecting critical infrastructure across borders. Civilian Military Exchange. The Blueprint encourages structured information sharing with defence institutions and NATO, recognising that cyber incidents often have geopolitical implications 
2. Recovery & Lessons Learned – A dedicated chapter ensures systematic post-incident reviews and shared learning among member states.

‍

Adaptive & Resilient by Design

‍

Rather than a static document, the Blueprint is engineered to evolve:

• Regular Exercises: Built into the framework are simulation drills that are known as Blueprint Operational Level Exercises—to test leadership response and cross-border coordination via EU‑CyCLONe
• Dynamic Reviews: The system promotes continuous iteration- this includes revising protocols, learning from real incidents, and refining role definitions.
  
  

This iterative, learning-oriented architecture aims to ensure the Blueprint remains robust amid rapidly evolving threats, including AI-boosted hacks and hybrid cyber campaigns.

Global Implications & Lessons for Others

‍

The EU’s Cybersecurity Blueprint sets a global benchmark in cyber resilience and crisis governance:

• Blueprint for Global Coordination: The EU’s method of defined crisis stages, empowered liaison bodies (like EU‑CyCLONe), and continuous exercise can inspire other regional blocs or national governments to build their own crisis mechanisms.
• Public–Private Synergy: The Blueprint’s insistence on cooperation between governments and private-sector operators of essential services (e.g., energy, telecom, health) provides a model for forging robust ecosystems.
• Learning & Sharing at Scale: Its requirement for post-crisis lessons and peer exchange can fuel a worldwide knowledge network, cultivating resilience across jurisdictions.

Conclusion

‍

The 2025 EU Cybersecurity Blueprint is more than an upgrade; it’s a strategic shift toward operational readiness, legal coherence, and collaborative resilience. Anchored in NIS2 and ENISA, and supported by EU‑CyCLONe, it replaces fragmented guidance with a well-defined, adaptive model. Its adoption signals a transformative moment in global cyber governance as for nations building crisis frameworks, the Blueprint offers a tested, comprehensive template: define clear stages, equip liaison networks, mandate drills, integrate lessons, and legislate coordination. In an era where cyber threats transcend borders, this proves to be an important development that can offer guidance and set a precedent.

‍

For India, the EU Cybersecurity Blueprint offers a valuable reference point as we strengthen our own frameworks through initiatives like the DPDP Act, the upcoming Digital India Act and CERT-In’s evolving mandates. It reinforces the importance of coordinated response systems, cross-sector drills, and legal clarity. As cyber threats grow more complex, such global models can complement our national efforts and enhance regional cooperation.

‍

References

• https://industrialcyber.co/expert/the-eus-cybersecurity-blueprint-and-the-future-of-cyber-crisis-management/
• https://www.consilium.europa.eu/en/press/press-releases/2025/06/06/eu-adopts-blueprint-to-better-manage-european-cyber-crises-and-incidents/ 
• https://www.enisa.europa.eu/topics/eu-incident-response-and-cyber-crisis-management 
• https://www.enisa.europa.eu/news/new-cyber-blueprint-to-scale-up-the-eu-cybersecurity-crisis-management 
• https://www.isc2.org/Insights/2025/01/EU-Cyber-Solidarity-Act 
• https://www.enisa.europa.eu/topics/eu-incident-response-and-cyber-crisis-management/eu-cyclone 
• https://nis2directive.eu/what-is-nis2/ 

‍

Overview:

WazirX is the platform for cryptocurrencies, based in India that has been hacked, and it made a loss of more than $230 million in cryptocurrency. This case concerned an unauthorized transaction with a multisignature or multisig, wallet controlled through Liminal’a digital asset management platform. These attacking incidents have thereafter raised more questions on the security of the Cryptocurrency exchanges and efficiency of the existing policies and laws.

Wallet Configuration and Security Measures

This wallet was breached and had a multisig setting meaning that more than one signature was needed to authorize a transaction. Specifically, it had six signatories: five are funded by WazirX and one is funded by Liminal. Every transaction needed the approval of at least three signatories of WazirX, all of whom had addressed security concerns by using Ledger’s hardware wallets; while the Liminal, too, had a signatory, for approval.

To further increase the level of security of the transactions, a whitelisting policy was introduced, only limited addresses were authorized to receive funds. This system was rather vulnerable, and the attackers managed to grasp the discrepancy between the information available through Liminal’s interface and the content of the transaction to seize unauthorized control over the wallet and implement the theft.

Modus Operandi: Attack Mechanics

The cyber attack appears to have been carefully carried out, with preliminary investigations suggesting the following tactics: 

• Payload Manipulation: The attackers apparently substituted the transaction’s payload during signing; hence, they can reroute the collected funds into an unrelated wallet. 

• Chain Hopping: To make it much harder to track their movements, the attackers split large amounts of money across multiple blockchains and broke tens of thousands of dollars into thousands of transactions involving different cryptocurrencies. This technique makes it difficult to trace people and things. 

• Zero Balance Transactions: There were also some instances where it ended up with no Ethereum (ETH) in the balance and such wallets also in use for the purpose of further anonymization of the transactions.

• Analysis of the blockchain data suggested the enemy might have been making the preparations for this attack for several days prior to their attack and involved a high amount of planning. 

Actions taken by WazirX:

Following the attack, WazirX implemented a series of immediate actions:

• User Notifications: The users were immediately notified of the occurrence of the breach and the possible risk it posed to them. 

• Law Enforcement Engagement: The matters were reported to the National Cyber Crime Reporting Portal and specific authorities of which the Financial Intelligence Unit (FIU) and the Computer Emergency Response Team (CERT-In). 

• Service Suspension: WazirX had suspended all its trading operations and user deposits’ and withdrawals’ to minimize further cases and investigate. 

• Global Outreach: The exchange contacted more than 500 cryptocurrency exchanges and requested to blacklist the wallet’s addresses linked to the theft. 

• Bounty Program: A bounty program was announced to encourage people to share information that can enable the authorities to retrieve the stolen money. A maximum of 23 million dollars was placed on the bounty. 

Further  Investigations 

WazirX stated that it has contracted the services of cybersecurity professionals to help in the prosecution process of identifying and compensating for the losses. The exchange is still investigating the forensic data and working with the police for tracking the stolen assets. Nevertheless, the prospects of full recovery may be quite questionable primarily because of complexity of the attack and the methods used by the attackers. 

Precautionary measures: 

 The WazirX cyber attack clearly implies that there is the necessity to improve the security and the regulation of the cryptocurrency industry. As exchanges become increasingly targeted by hackers, there is a pressing need for: 

• Stricter Security Protocols: The commitment to technical innovations, such as integration of MFA, as well as constant monitoring of the users’ wallets’ activities. 

• Regulatory Oversight: Formalization of the laws that require proper security for the cryptocurrency exchange platforms to safeguard their users as well as their investments. 

• Community Awareness: To bypass such predicaments, there is a need to study on emergent techniques in spreading awareness, particularly in cases of scams or phishing attempts that are likely to follow such breaches. 

Conclusion:

The cyber attack on WazirX in the field of cryptocurrency market, shows weaknesses and provides valuable lessons for enhancing the security.  This attack highlights critical vulnerabilities in cryptocurrency exchanges, even though employing advanced security measures like multisignature wallets and whitelisting policies. The attack's complexity, involving payload manipulation, chain hopping, and zero balance transactions, underscores the attackers' meticulous planning and the challenges in tracing stolen assets. This case brings a strong message regarding the necessity of solid security measures, and constant attention to security in the rapidly growing world of digital assets. Furthermore, the incident highlights the importance of community awareness and education on emerging threats like scams and phishing attempts, which usually follow such breaches. By fostering a culture of vigilance and knowledge, the cryptocurrency community can better defend against future attacks.

Reference:

https://wazirx.com/blog/important-update-cyber-attack-incident-and-measures-to-protect-your-assets/

https://www.moneycontrol.com/news/opinion/the-230-million-crypto-theft-at-wazirx-is-a-wake-up-call-for-indian-regulators-government-12772563.html

https://www.linkedin.com/pulse/wazirx-cyberattack-in-depth-analysis-jyqxf

‍