The Information Technology Act of 2000, which serves as the de facto framework for internet regulation in India, is now 23 years old and the Act was last amended in 2008. The internet has evolved significantly over the past two decades, becoming a multi-dimensional space with videos, photos, texts, and community participation. While technological advancements have empowered citizens, they have also led to challenges such as cyberstalking, misinformation, fake news, cyber fraud, security concerns, and safety issues for women and children.
To address these challenges, the government is drafting the Digital India Act (DIA), which will serve as a comprehensive framework encompassing various areas, including the regulation of intermediaries, addressing other digital crimes like dis/misinformation, establishing guidelines for the safety of women and children online, and enabling enhanced regulatory oversight for objectionable content on over-the-top (OTT) service platforms. The Act will regulate emerging technologies such as the metaverse, artificial intelligence, and the Internet of Things. It will address regulatory concerns and tackle complex user harms like doxxing, catfishing, cyber trolling, gaslighting, phishing, and more. The goal is to establish a dynamic framework that governs emerging technologies, prioritising the preservation of individual rights and user autonomy while promoting innovation and fostering the growth of the digital economy.
Metaverse
One of the most discussed concepts in emerging technology is the metaverse which is a 3-D-enabled digital space that allows people to have lifelike personal and business experiences online. It functions on the pillars of virtual reality (VR), digital avatars, augmented reality (AR), artificial intelligence, advanced sensors, 5G, the Internet of Things, etc.
The smooth working of the metaverse environment will require the interoperability and interconnection of many devices and platforms across the digital ecosystem while, at the same time, addressing issues from user safety, cyber-bullying, defamation, doxing, to content moderation for minors, psychological impact, etc. Buying and selling goods, services and property in the metaverse raises questions about IP protection, licensing, and enforcement. In addition, there are concerns about money-laundering in the metaverse and its potential impact on financial markets.
While the metaverse ecosystem takes shape, regulators will need to strike a balance between facilitating a competitive environment and ensuring that innovation is not inhibited. In addition, it will be important for the DIA to make laws on how responsibility will be attributed in the metaverse for fighting harmful and illegal practices, misleading advertising practices, and addressing the severe negative impacts of digital immersion on health, including mental health, especially for vulnerable groups, like minors, who will need special protection.
Digital identity, which encompasses personal information and attributes tied to an individual’s online presence, will have significant implications for legal frameworks. For example, the misuse of digital identity may lead to various criminal activities, such as identity theft, fraud, cyberbullying, or online harassment. These criminal offences will intersect with other prevalent laws like the Indian Penal Code 1860, Code of Criminal Procedure 1973, Indian Evidence Act 1872, etc.
It will be important for the DIA to establish legal mechanisms that create harmony with prevalent laws in the investigation and prosecution of digital crimes.
Artificial Intelligence
We are stepping into a period of generational change with the new wave of generative AI systems transforming entire industries. Given the widespread use of artificial intelligence in critical fields such as healthcare, agriculture, education, banking, and aviation, it will be subject to scrutiny under the DIA. Risks like automation-spurred job loss, deep fakes, privacy violations, algorithmic biases, alignment problems, copyright issues, socio-economic inequality, market volatility, threatening academic integrity and creativity, etc., will need to be addressed.
To mitigate these concerns, AI regulation has been the central focus in many countries, with the US and European Union, taking the lead in building regulations to manage the spread of artificial intelligence. The Artificial Intelligence Act devised by the EU aims to classify different AI tools according to their perceived level of risk, from low to unacceptable. Depending on the risk level, different tools will be made subject to different obligations alongside complying with laws such as the General Data Protection Regulation (GDPR).
Internet of Things
The demand for IoT in India is on the rise across various industries like manufacturing, transportation, utilities, automotive, and logistics. There is a growing consumer base in India for IoT-enabled smart devices for wellness, health, and personal safety trackers, and also a growing market for smart home systems. To further augment the potential of IoT, flagship initiatives by the government like Digital India & Make in India have pitched IoT as a key enabler of public services and utilities.
This brings us to the need for a strong regulatory and policy framework surrounding IoT. It would be interesting to see how the DIA drives the development of IoT to maximise capacity building, incubation, R&D, and foster incentives and engagements. Security and data protection would remain to be key areas of concern and will need to be safeguarded.
The conversations around DIA are ripe with the MeitY holding public consultations around the regulation. As the deliberations increase, it will be significant to see what structure this law takes and what guardrails are put into place that finds the right balance between regulation and innovation. The interplay of sectoral laws with the DIA will also be significant. The formulation of the DIA will indeed be a watershed moment in the country that will catalyse our digital ambitions and govern the transforming online ecosystem in India.
Patnaik is a Rajya Sabha MP and a former CAG bureaucrat. Sahiba is a lawyer and tech policy professional