India's New Criminal Laws: Implication on Cybersecurity

With the introduction of the (according to the news agency) Bharatiya Nyaya Sanhita (BNS), Bharatiya Nagarik Suraksha Sanhita (BNSS), and Bharatiya Sakshya Adhiniyam (BSA), experts see this as an overhaul of India's colonial criminal laws. This overhaul seems to have far-reaching implications for both individuals and businesses. This blog delves into how these new laws, particularly those impacting cybersecurity, will reshape the digital landscape in India.

The three new laws, Bharatiya Nyaya Sanhita (BNS), the Bharatiya Nagrik Suraksha Sanhita (BNSS), and the Bharatiya Sakshya Adhiniyam (BSA), replace the Indian Penal Code (IPC), 1860, the Criminal Procedure Code (CrPC), 1973, and the Indian Evidence Act, 1872 respectively, were published on the official gazette on December 25, 2023, and are effective from 1st July 2024. As per the notification, the three laws will focus on justice rather than punishment and are aimed at providing speedy justice.

Enhanced Cybercrime Provisions: A Double-Edged Sword

The BNS has significantly expanded its coverage, a total of 20 new crimes (including for Cybercrimes) have been added, and the imprisonment sentence has been increased for 33 for the existing. Introduction of these new provisions aim to address a wide range of modern digital offenses.

Cyber-crimes are included in/as the Organized crimes under Section 111, Sub-section 1.

Sub-section 2 provides for the punishments for committing the organized crimes, which varies from simple imprisonment, imprisonment for life, to death sentence.

Sub-section 3 provides for the abatement of the Organized crimes

Sub-section 3 provides for the Concealment of the organized crime

Sub-sections 6 & 7. provides for the possession of the proceeds from organized crime

However, we do not cite any definition of Cyber-crimes in the sanhitha or what constitutes to it, which may lead to ambiguity.

There are other provisions in the sanhitha which are ambiguous from the point of view of Cyber-crimes, starting with the Section 1, sub section 5 clause c which states that "any person in any place without and beyond India committing offence targeting a computer resource located in India." Is it ok if someone deploys bots to raise an attack targeting a computer resource located in India? The attacks are not limited to computer resources anymore but have expanded to IoTs. The definition of “offence" means a thing made punishable by this Sanhita as per Section 2 (24). But Sanhita does not classify cyber-bullying or cyber-harassment as an offence.

Section 78. (1) Any man who—

clause (ii) monitors the use by a woman of the internet, e-mail or any other form of electronic communication, commits the offence of stalking:

It is a normal procedure for any recruiter to visit linkedin profile to verify the background of a candidate. However, by the virtue of above definition if the candidate is a woman and the recruiter is a man he has committed an offence of stalking by visiting linkedin profile. All though the proviso "(iii) in the particular circumstances such conduct was reasonable and justified." provides some protection, the burden of proof lies on the recruiter to prove his actions were reasonable and justified.

Nevertheless, overall the provisions have been strengthened with more stringent penalties which. Below is how it may impact the individuals and businesses.

• Impact on Individuals: Individuals now have stronger legal recourse against cyber-crimes (provided the crimes are cognizable). However, the onus of literacy increases to protect oneself from falling victim to these crimes and remedy they have if they have fallen already.

• Impact on Businesses: While the enhanced legal framework provides a deterrent to cybercriminals, businesses face increased compliance burdens with some of the Sections like - Section 294. Sale, etc., of obscene books, etc.. Non-compliance can lead to severe penalties under sections [relevant sections for corporate liability].

Data Protection and Privacy: A Step Forward

The outlook of BNS and BNSS seems to have incorporated robust data protection provisions, complementing the Digital Personal Data Protection Act (DPDP). This highlights the government's commitment to safeguarding personal information.

• Impact on Individuals: Stronger data protection laws empower individuals to control their personal data and seek redress in case of breaches. However, the implementation and enforcement of these laws will be crucial to their effectiveness.

• Impact on Businesses: Businesses must implement stringent data protection measures to comply with the new laws. Data breaches can result in significant financial penalties and reputational harm. Investing in data privacy compliance and cybersecurity is essential to protect customer trust.

Digital Transactions and Financial Security

The BNS has introduced provisions aimed at combating online fraud and financial crimes. Sections such as 228, 241, 335, 336 339, 340 and 353 underscore the government's focus on safeguarding digital transactions.

• Impact on Individuals: Consumers are better protected from online scams and fraudulent transactions. However, it is essential to remain vigilant and adopt secure online practices.

• Impact on Businesses: The new laws impose additional responsibilities on businesses to prevent online fraud and secure digital payment systems. Compliance with these regulations is crucial to maintain customer trust and avoid financial losses.

Opportunities and Challenges for the Cybersecurity Industry

The evolving legal landscape presents both opportunities and challenges for the cybersecurity industry. Increased cybercrime and data protection regulations create a growing demand for cybersecurity solutions and services.

• Opportunities: Cybersecurity companies can develop innovative products and services to address the emerging threats. There is a significant market for cybersecurity consulting, training, and incident response services.

• Challenges: The industry must adapt to the rapidly changing legal framework and invest in research and development to stay ahead of cybercriminals.

Conclusion

India's new criminal laws mark a significant step towards a safer digital ecosystem. While challenges remain, the increased focus on cybersecurity is a positive development. Individuals and businesses must work together to create a secure digital environment by staying informed, adopting best practices, and supporting the growth of the cybersecurity industry.

Disclaimer: This blog provides general information and should not be construed as legal advice. It is essential to consult with legal experts for specific guidance on the new criminal laws and their impact on your individual or business situation.