[Answered] Analyze the crisis in global cyber-governance amidst rising trans-border cybercrime. Evaluate the necessity for India to augment its multi-level technical capacities to safeguard institutional autonomy and effectively shape international digital norms in an increasingly fragmented cyberspace.

Introduction

By 2026, global cybercrime losses exceeding $10 trillion annually (Cybersecurity Ventures) expose fractured cyber governance, as UN cybercrime negotiations and AI norms reveal deep rifts between sovereignty, security, and human rights.”

The Crisis of Global Cyber-Governance in an Era of Trans-Border Cybercrime

1. Fragmented Normative Architecture: Global cyber governance suffers from the absence of a universally accepted legal framework akin to a ‘Geneva Convention for cyberspace’. The UN Convention against Cybercrime (2024) illustrates this fragmentation—while intended to be inclusive, it remains divided over definitions of cybercrime, surveillance powers, and safeguards for civil liberties. Parallelly, the Budapest Convention continues as a Eurocentric regime, underscoring normative pluralism rather than consensus.
2. Attribution, Jurisdiction and Enforcement Failures: Cybercrime thrives on the ‘attribution problem’—the technical difficulty of identifying perpetrators operating through proxy servers, botnets, and state-sponsored groups. INTERPOL notes that over 60% of ransomware attacks in 2025 involved cross-border jurisdictions, yet weak Mutual Legal Assistance Treaties (MLATs) create ‘legal black holes’ exploited by criminals.
3. Polycentric and Politicised Multilateralism: The cyber domain mirrors wider multilateral decay—UNSC paralysis, WTO dispute settlement deadlock, and declining US financial support to UN institutions. Governance is shifting toward ‘polycentricism’, where overlapping plurilateral and bilateral arrangements replace universal rulemaking, increasing compliance costs and institutional stress for states like India.

India’s Institutional Autonomy in a Fragmented Cyberspace

1. Strategic Non-Alignment in Digital Governance: India has resisted binary choices between the US-led ‘multi-stakeholder internet’ model and the Sino-Russian ‘sovereign internet’ paradigm. Its refusal to accede to both the Budapest Convention and the 2024 UN Convention reflects a desire to preserve ‘institutional autonomy’ over data, due process, and domestic lawmaking.
2. Data Sovereignty as State Capacity: Through the Digital Personal Data Protection Act, 2023 and sectoral localisation mandates, India seeks control over citizens’ ‘digital DNA’. This aligns with the Supreme Court’s Puttaswamy judgment (2017), which affirmed informational privacy as intrinsic to constitutional liberty and state responsibility.

The Imperative of Building Multi-Level Technical Capacities

1. The Technical Level – ‘Code as Power’: Autonomy without indigenous capability risks becoming rhetorical. India must invest in quantum-safe cryptography, cyber-forensics, AI-driven attribution engines, and trusted hardware ecosystems. The National Cyber Security Strategy (draft) and initiatives like DRDO’s cyber labs are steps toward ‘sovereign tech’, reducing dependence on foreign proprietary systems.
2. The Legal-Administrative Level – ‘Real-Time Governance’: Institutions such as CERT-In, the Indian Cyber Crime Coordination Centre (I4C), and sectoral SOCs require modernisation for active defence, real-time information sharing, and cross-border evidence exchange. The World Bank (2023) highlights that cyber resilience is now a determinant of investment confidence.
3. The Diplomatic Level – ‘Norm Entrepreneurship’: India’s influence hinges on proactive engagement in ICANN, ITU, UN OEWG, and G20 Digital Economy Working Groups—not merely as a participant but as a norm-setter articulating Global South concerns on data flows, lawful access, and human rights-compatible enforcement.

Way Forward: From Rule-Taker to Cyber-Leading Power

1. Trusted Digital Partnerships: By exporting cyber-resilience templates and DPI-linked security frameworks to Africa and Southeast Asia, India can build a ‘trusted cyber bloc’, amplifying its leverage in norm-setting.
2. Public–Private Fusion: Emulating Israel’s cyber-security ecosystem, tighter integration between startups, academia, and national security institutions can sustain technological edge and workforce readiness.

Conclusion

India’s cyber autonomy demands capability, not caution—shaping norms through strength, restraint, and democratic fidelity.