#FactCheck - Debunking Viral Photo: Tears of Photographer Not Linked to Ram Mandir Opening

Introduction 

As the world is being "Digitally Interlaced", cyber security has become a continuous wrangle. The “Gambling industry” is considered an incredibly lucrative mark for cybercriminals, principally due to the enormous quantities of cash on hand and the sensitive details it processes day to day. Cybercriminals may use susceptibilities in gambling scaffolds to achieve financial scams or launder unlawful funds. An analysis by Security Scorecard discovered that the online gambling industry was ranked third in the possibility of encountering a cyber attack, following the energy and financial services sectors. Similarly, Online gambling is a bending matter that demands meticulous contemplation by policymakers and nationals. The incredible rise of online gambling has led to a terse acclivity in unlawful activities such as online scams, fraud, etc. Also, online sports gambling has become a thriving endeavour in contemporary years as millions of people are putting stakes and gambles on their electronic devices.

The Challenges

Online gambling has thus become a widespread frolicking for numerous youngsters, with the industry tossed to be worth billions of dollars in the forthcoming decades. The prominent cyber security challenges in the gambling industry are money laundering, financial laundering, ransomware, personal information theft, data breaches, distributed Denial of Service (DDoS), system disruptions and Insider perils and employee malfeasance. Challenges of online gambling also include being properly not regulated and a lack of social interaction with near and dear ones. The spread of Internet gambling has presented many problems affecting consumer behaviour online, motivations to gamble, problem gambling, security of websites, and the righteousness and virtue of the games. The rise of online gambling among young people due to the lack of clear regulations has likewise produced an abundant backdrop for financial ruination.

Web games and betting are among the fastest-evolving areas of the Internet. Over the past several years, there has been an international flare-up in online gambling, permitting customers to play from the convenience of home, work, and public locations. Numerous offshore betting websites and apps usually permit parties to win in the start with sound returns, whereas after the user gets addicted and invests considerable sums, they either keep failing or have the website refuse to cash out the winnings. Also, the information demonstrates that online games have been employed to commit wrongdoings (Child sexual exploitive material, religious conversion, cyberbullying, fraud, betting in virtual online casinos, etc.)

India's laws and regulations surrounding online gambling are complex and constantly evolving. While the legal framework is not entirely clear, a few state in India have their own set of rules.

Recently In April 2023, the Union Ministry of Electronics and Information Technology (“MeitY”), by virtue of the rule-making powers available to the central government under the Information Technology Act, 2000 (“IT Act 2000”), implemented a new central legal framework for online gaming through amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules 2021”).  These amendments (“Online Gaming Rules”) propose a light-touch, co-regulatory regime whereby MeitY-recognised, independent self-regulatory bodies (“SRB”) will verify whether an “online real-money game” is to be made available to the general public or not – in accordance with the baseline criteria prescribed by the Online Gaming Rules.

The Online Gaming Rules attempt to regulate online gaming platforms by treating them as an “online gaming intermediary” (“OGI”) and prescribing intermediary due diligence obligations for them under the IT Rules 2021.  An OGI has been defined in the Online Gaming Rules as “any intermediary that enables the users of its computer resource to access one or more online games”.  Under the Online Gaming Rules, an online game can be a “permissible online game” if (i) it is not an online real-money game, or (ii) it is an online real-money game but is “verified” by an SRB in accordance with the baseline criteria prescribed by the Online Gaming Rules and any additional criteria prescribed by the SRB itself.

Global Perspective

The global gaming industry worth over US$227 billion in 2022 is further projected to grow to US$312 billion by 2027. Several countries have set regulatory frameworks about online gaming, though these are skewed, concentrating mainly on gambling and circumventing numerous of the more typical cyber threats. The US spends about $60 billion annually on online gambling and sports betting. In Europe, gambling is an even larger moneymaker. Also, numerous countries in Europe, like the UK, have legalised gambling. Nevertheless, it is prohibited for a US based company to operate an online gambling site. Yet, sports betting online is permitted in some states.

Today, though the gaming market has been overpowered by China and the US, future growth in the sector is anticipated to come from emerging economies like India with increasing populations. The permitted status of online gambling in India is nonetheless imprecise, vamoosing space for exploitation by cyber criminals and disarray for players involved. One of the climactic points that ought to be addressed is the sudden upsurge of online games, which increases gambling. Skill-based games such as poker, rummy etc., have additionally been developed to circumvent the legal definition of gambling in India. The recent instances of the online gaming industry not being properly regulated have also come to light in India. For instance, the Enforcement Directorate (ED) is still investigating the vast Mahadev Online Betting scandal, exposing an unknown money laundering method using Unified Payment Interface (UPI) IDs. Also, the Cyber Cell in Agra has taken proactive action against copyright violations, illegal online gambling and betting activities, shutting down 27 Illegal cricket betting sites in major operations, safeguarding several lakhs of Indians with thousands of crores from being transferred to overseas shores principally China. 

Consequently, though India has announced new regulations on online gaming, its contemporary policy framework cannot contend with the problems endangering this sector. The Public Gambling Act of 1867 makes it unlawful to use a public gambling house or to be seen in one. Nevertheless, the act does not explicitly cite online gambling, leading to further interpretation. The Ministry of Home Affairs (MHA) has released a further awareness campaign for offshore illegal gambling apps, notifying users to be mindful of foreign apps as they may be fraudulent and might induce monetary damage to the user. Also, state laws control gambling in India with each state having its own directive on the subject.  Yet, the Supreme Court of India has maintained that skilled games are not gambling and are thus legal. Furthermore, the Information Technology (IT) Act, of 2000 does not precisely handle online gambling or games that enable gambling.

Today, developers have strived for new ways to monetise the growing popularity of online gaming, which oversaw the creation of in-game currencies that can be bought using actual money, usually through credit cards.  Several nations have prohibited the usage of in-game currency and loot boxes, considering them a kind of online gambling. The in-game currency has thus caused much disagreement about becoming a state of hunting monetisation by developers, especially targeting minor or newbie players. The gambling industry, therefore, faces unique cybersecurity challenges that require a comprehensive and proactive approach to cybersecurity.

Conclusion

Presently, there are approximately 3.09 billion active video game players worldwide, and the number is expected to reach 3.32 billion by 2024 as of 2023. In the contemporary digital era, information is priceless, and encryption acts as a necessary means to safeguard it. Thus, Regulators are working to maintain the swiftness of shift in the industry, as the dearth of transparency in the law has made it challenging to implement regulations. There is also less awareness about cyber security in India due to the following grounds such as the lack of ethical hackers in the country, companies in India lacking focus on cyber security and hiring a team of ethical hackers and cyber security experts. Furthermore, there has been a lack of knowledge among the citizens as well. 

It is essential to realise the conceivable social and economic consequences and take measures to handle the online gambling industry. The industry has thus been undersized in the mode of research following online crime and Internet gambling, even though it is an acute emphasis.  There is also a pressing necessity to rebuild these regulations to tackle the more unbridled cyber security hazards swarming the gaming industry. Similarly, there is an urgent need for governments and policymakers around the world to start paying more attention to the gaming industry as cyber security threats continue to rise. There should be a further need to strengthen the regulatory framework, establish Self Regulatory Organizations (SROs), create ethical gaming designs and increase awareness among gamers. The Government of India should consider devising its own rating system to rate games so that players under 18 cannot access them.

Eventually, cyber security is a shared commitment, and everyone in the online gambling ecosystem must function jointly to provide a secure and safe setting for all.

References:

• https://truefort.com/gambling-industry-cybersecurity/
• https://www.orfonline.org/research/cybersecurity-threats-in-online-gaming-learnings-for-india
• https://www.hackread.com/chinese-scammers-cloned-websites-gambling-network/
• https://www.civilsdaily.com/news/cybersecurity-threats-from-online-gaming/
• https://www.linkedin.com/pulse/legal-considerations-online-gambling-india-sudden-increase-mathur/
• https://www.jsheld.com/insights/articles/the-importance-of-cybersecurity-in-the-online-sports-betting-industry
• https://www.the420.in/agra-cyber-cell-takes-down-27-illegal-betting-sites/
• https://g2g.news/gaming/ministry-of-home-affairs-releases-new-awareness-campaign-for-online-gaming-in-india/
• https://smestreet.in/technology/kaspersky-warns-of-increased-phishing-scams-and-data-breaches-in-apac-for-2024-2381601
• https://economictimes.indiatimes.com/tech/newsletters/morning-dispatch/govt-bans-mahadev-other-illegal-betting-apps-cyber-attacks-against-india-spike/articleshow/104996017.cms?from=mdr
• https://cipher.com/cybersecurity-for-gambling/
• https://www.mangalorean.com/tightening-the-reins-indian-government-blocks-over-550-illegal-betting-and-gambling-apps/
• https://cybersecurityasean.com/news-press-releases/kaspersky-predicts-rise-cyber-threats-across-apac-2024
• https://www.cnbctv18.com/technology/mahadev-betting-app-scam-ed-money-laundering-upi-celebrities-under-scanner-17815661.htm
• https://iclg.com/practice-areas/gambling-laws-and-regulations/india

‍

Introduction

‍
The Digital Personal Data Protection (DPDP) Act 2023 of India is a significant transition for privacy legislation in this age of digital data. A key element of this new law is a requirement for organisations to have appropriate, user-friendly consent mechanisms in place for their customers so that collection, use or removal of an individual's personal data occurs in a clear and compliant manner. As a means of putting this requirement into practice, the Ministry of Electronics and Information Technology (MeitY) issued a comprehensive Business Requirements Document (BRD) in June 2025 to guide organizations, as well as Consent Managers, on how to create a Consent Management System (CMS). This document establishes the technical and functional framework by which organizations and individuals (Data Principals) will exercise control over the way their data is gathered, used and removed.

‍

Understanding the BRD and Its Purpose

‍

BRD represents an optional guide created as part of the "Code for Consent" programme run by MeitY in India. The purpose of the BRD is to provide guidance to startups, digital platforms and other enterprises on how to create a technology system that supports management of user consent per the requirements of the DPDP Act. Although the contents of the BRD do not carry any legal weight, it lays out a clear path for organisations to create their own consent mechanisms using best practices that align with the principles of transparency, accountability and purpose limitation in the DPDP Act.

‍

The goal is threefold:

‍

1. Enable complete consent lifecycle management from collection to withdrawal.
2. Empower individuals to manage their consents actively and transparently.
3. Support data fiduciaries and processors with an interoperable system that ensures compliance.

‍

Key Components of the Consent Management System

‍

The BRD proposes the development of a modular Consent Management System (CMS) that provides users with secure APIs and user-friendly interfaces. This system will allow for a variety of features and modules, including:

‍

1. Consent Lifecycle Management – consent should be specific, informed and tied to an explicit purpose. The CMS will manage the collection, validation, renewal, updates and withdrawal of consent. Each transaction of consent will create a tamper-proof “consent artifact,” which will include the timestamp of creation as well as an ID identifying the purpose for which it was given.
2. User Dashboard – A user will be able to view and modify the status of their active, expired or withdrawn consent and revoke access at any time via the multilingual user-friendly interface. This would make the system accessible to people from different regions and cultures.
3. Notification Engine – The CMS will automatically notify users, fiduciaries and processors of any action taken with respect to consent, in order to ensure real-time updates and accountability.
4. Grievance Redress Mechanism – The CMS will include a complaints mechanism that allows users to submit complaints related to the misuse of consent or the denial of their rights. This will enable tracking of the complaint resolution status, and will allow for escalation if necessary.
5. Audit and Logging – As part of the CMS's internal controls for compliance and regulatory purposes, the CMS must maintain an immutable record of every instance of consent for auditing and regulatory review. The records must be encrypted, time-stamped, and linked permanently to a user and purpose ID.
6. Cookie Consent Management – A separate module will enable users to manage cookie consent for websites separately from any other consents.

‍

Roles and Responsibilities

‍

The BRD identifies the various stakeholders involved and their associated responsibilities.

‍

1. Data Principals (Users): The user has full authority to give, withhold, amend, or revoke their consent for the use of their personal data, at any time.
2. Data Fiduciaries (Companies): Companies (the fiduciaries) must collect the data principals' consents for each particular reason and must only begin processing a data subject's personal data after validating that consent through the CMS. Companies must also provide the data principals with any information or notifications needed, as well as how to resolve their complaints.
3. Data Processors: Data Processors must strictly adhere to the consent stated in the CMS, and Data Processors may only process personal data on behalf of the Data Fiduciary.
4. Consent Managers: The Consent Managers are independent entities that are registered with the Data Protection Board. They are responsible for administering the CMS, allowing users to manage their consent across different platforms.

‍

This layered structure ensures transparency and shared responsibility for the consent ecosystem.

‍

Technical Specifications and Security

‍

The following principles of the DPDP Act must be followed to remain compliant with the DPDP Act.

‍

• End-to-End Encryption: All exchanges of data with users must be encrypted using a minimum of TSL 1.3 and also encrypting within that standard.
• API-First Approach: API’s will be utilized to validate, withdraw and update consent in a secured manner using external sources.
• Interoperability/Accessibility: The CMS needs to allow for users to utilize several different languages (e.g. Hindi, Tamil, etc.) and be appropriate for use with various types of mobile devices and different abilities.
• Data Retention Policy: The CMS should also include automatic deletion of consent data (when the consent has expired or has been withdrawn) in order to maintain compliance with data retention limits.

‍

Legal Relevance and Timelines

‍

While the BRD itself is not enforceable, it is directly aligned with the upcoming enforcement of the DPDP Act, 2023. The Act was passed in August 2023 but is expected to come into effect in stages, once officially notified by the central government. Draft implementation rules, including those defining the role of Consent Managers, were released for public consultation in early 2025.

For businesses, the BRD serves as an early compliance tool—offering both a conceptual roadmap and technical framework to prepare before the law is enforced. Legal experts have described it as a critical resource for aligning data governance systems with emerging regulatory expectations.

‍

Implications for Businesses

‍

Organizations that collect and process user data will be required to overhaul their consent workflows:

1. No blanket consents: Every data processing activity must have explicit, separate consent.
2. Granular audit logs: Companies must maintain tamper-proof logs for every consent action.
3. Integration readiness: Enterprises need to integrate their platforms with third-party or in-house CMS platforms via the specified APIs.
4. Grievance redress and user support: Systems must be in place to handle complaints and withdrawal requests in a timely, verifiable manner.

Failing to comply once the DPDP Act is in force may expose companies to penalties, reputational damage, and potential regulatory action.

‍

Conclusion

‍
The BRD on Consent Management of India is a forward-looking initiative laying a technological framework that is an essential component of the DPDP Act concerning user consent; Although not yet a legal document, it provides an extent of going into all the necessary discipline for companies to prepare. As data protection grows in importance, developing consent mechanisms based on security, transparency, and the needs of the user is no longer just a regulatory requirement, but rather a requirement for the development of trust. This is the time for businesses to establish or implement CMS solutions that support this objective to be better equipped for the future of data governance in India.

‍

References

1. https://d38ibwa0xdgwxx.cloudfront.net/whatsnew-docs/8d5409f5-d26c-4697-b10e-5f6fb2d583ef.pdf
2. https://ssrana.in/articles/ministry-releases-business-requirement-document-for-consent-management-under-the-dpdp-act-2023/ 
3. https://dpo-india.com/Blogs/consent-dpdpa/ 
4. https://corporate.cyrilamarchandblogs.com/2025/06/the-ghost-in-the-machine-the-recent-business-requirement-document-on-consent/ 
5. https://www.mondaq.com/india/privacy-protection/1660964/analysis-of-the-business-requirement-document-for-consent-management-system 

‍

Executive Summary:

‍

A viral video circulating on social media shows a man attempting to fly using a helicopter like fan attached to his body, followed by a crash onto a parked car. The clip was widely shared with humorous captions, suggesting it depicts a real life incident. Given the unusual nature of the visuals, the video was subjected to technical verification using AI content detection tools. Analysis using the AI detection platform indicates that the video is AI generated, and not a genuine real world event.

‍

Claim:

‍

A viral video (archive link) claims to show a person attempting to fly using a self made helicopter fan mechanism, briefly lifting off before crashing onto a car in a public setting. The video shows a man attempting to fly by strapping a helicopter like rotating fan to himself, essentially trying to imitate a human helicopter using a DIY mechanism. For a brief moment, it appears as if the device might work, but the attempt quickly fails due to lack of control, engineering support, and safety measures. Within seconds, the man loses balance and crashes down, landing on top of a parked car. The scene highlights a mix of overconfidence, unregulated experimentation, and risk taking carried out in a public space, with bystanders watching rather than intervening. The clip is shared humorously with the caption “India is not for beginners”.

‍

‍

‍

Fact Check:

‍

To verify the authenticity of the video, it was analyzed using the Hive Moderation AI detection tool, a widely used platform for identifying synthetic and AI generated media. The tool flagged the video with a high probability of AI generation, indicating that the visuals are not captured from a real physical event. Additional indicators such as unrealistic motion physics, inconsistent human object interaction further support the conclusion that the clip was artificially generated or heavily manipulated using generative AI techniques. No credible news reports or independent eyewitness sources corroborate the occurrence of such an incident.

‍

‍

‍

‍

Conclusion:

‍

The claim that the video shows an individual attempting and failing to fly using a helicopter like device is false. Technical analysis confirms that the video is AI generated, and it should be treated as synthetic or fictional content rather than a real life incident. This case highlights how AI generated videos, when shared without context, can mislead audiences and be mistaken for real events, reinforcing the need for verification tools and critical evaluation of viral content.

‍

• Claim: A viral video claims to show a person attempting to fly using a self made helicopter fan mechanism, briefly lifting off before crashing onto a car in a public setting
• Claimed On: X (Formally Twitter)
• Fact Check: False and Misleading

‍

‍