#FactCheck - Misleading Video Allegedly Depicting Trampling of Indian Tri-colour in Kerala or Tamil Nadu Circulates on Social Media

The race for global leadership in AI is in full force. As China and the US emerge as the ‘AI Superpowers’ in the world, the world grapples with the questions around AI governance, ethics, regulation, and safety. Some are calling this an ‘AI Arms Race.’ Most of the applications of these AI systems are in large language models for commercial use or military applications. Countries like Germany, Japan, France, Singapore, and India are now participating in this race and are not mere spectators. 

The Government of India’s Ministry of Electronics and Information Technology (MeitY) has launched the IndiaAI Mission, an umbrella program for the use and development of AI technology. This MeitY initiative lays the groundwork for supporting an array of AI goals for the country. The government has allocated INR 10,300 crore for this endeavour. This mission includes pivotal initiatives like the IndiaAI Compute Capacity, IndiaAI Innovation Centre (IAIC), IndiaAI Datasets Platform, IndiaAI Application Development Initiative, IndiaAI FutureSkills, IndiaAI Startup Financing, and Safe & Trusted AI.

There are several challenges and opportunities that India will have to navigate and capitalize on to become a significant player in the global AI race. The various components of India’s ‘AI Stack’ will have to work well in tandem to create a robust ecosystem that yields globally competitive results. The IndiaAI mission focuses on building large language models in vernacular languages and developing compute infrastructure. There must be more focus on developing good datasets and research as well.

Resource Allocation and Infrastructure Development

The government is focusing on building the elementary foundation for AI competitiveness. This includes the procurement of AI chips and compute capacity, about 10,000 graphics processing units (GPUs), to support India’s start-ups, researchers, and academics. These GPUs have been strategically distributed, with 70% being high-end newer models and the remaining 30% comprising lower-end older-generation models. This approach ensures that a robust ecosystem is built, which includes everything from cutting-edge research to more routine applications. A major player in this initiative is Yotta Data Services, which holds the largest share of 9,216 GPUs, including 8,192 Nvidia H100s. Other significant contributors include Amazon AWS's managed service providers, Jio Platforms, and CtrlS Datacenters. 

Policy Implications: Charting a Course for Tech Sovereignty and Self-reliance

With this government initiative, there is a concerted effort to develop indigenous AI models and reduce tech dependence on foreign players. There is a push to develop local Large Language Models and domain-specific foundational models, creating AI solutions that are truly Indian in nature and application. Many advanced chip manufacturing takes place in Taiwan, which has a looming China threat. India’s focus on chip procurement and GPUs speaks to a larger agenda of self-reliance and sovereignty, keeping in mind the geopolitical calculus. This is an important thing to focus on, however, it must not come at the cost of developing the technological ‘know-how’ and research. 

Developing AI capabilities at home also has national security implications. When it comes to defence systems, control over AI infrastructure and data becomes extremely important. The IndiaAI Mission will focus on safe and trusted AI, including developing frameworks that fit the Indian context. It has to be ensured that AI applications align with India's security interests and can be confidently deployed in sensitive defence applications.

The big problem here to solve here is the ‘data problem.’ There must be a focus on developing strategies to mitigate the data problem that disadvantages the Indian AI ecosystem. Some data problems are unique to India, such as generating data in local languages. While other problems are the ones that appear in every AI ecosystem development lifecycle namely generating publicly available data and licensed data. India must strengthen its ‘Digital Public Infrastructure’ and data commons across sectors and domains.

India has proposed setting up the India Data Management Office to serve as India’s data regulator as part of its draft National Data Governance Framework Policy. The MeitY IndiaAI expert working group report also talked about operationalizing the India Datasets Platform and suggested the establishment of data management units within each ministry.

Economic Impact: Growth and Innovation

The government’s focus on technology and industry has far-reaching economic implications. There is a push to develop the AI startup ecosystem in the country. The IndiaAI mission heavily focuses on inviting ideas and projects under its ambit. The investments will strengthen the IndiaAI startup financing system, making it easier for nascent AI businesses to obtain capital and accelerate their development from product to market. Funding provisions for industry-led AI initiatives that promote social impact and stimulate innovation and entrepreneurship are also included in the plan. The government press release states, "The overarching aim of this financial outlay is to ensure a structured implementation of the IndiaAI Mission through a public-private partnership model aimed at nurturing India’s AI innovation ecosystem.”

The government also wants to establish India as a hub for sustainable AI innovation and attract top AI talent from across the globe. One crucial aspect that needs to be worked on here is fostering talent and skill development. India has a unique advantage, that is, top-tier talent in STEM fields. Yet we suffer from a severe talent gap that needs to be addressed on a priority basis. Even though India is making strides in nurturing AI talents, out-migration of tech talent is still a reality. Once the hardware manufacturing “goods-side” of economics transitions to service delivery in the field of AI globally, India will need to be ready to deploy its talent. Several structural and policy interfaces, like the New Education Policy and industry-academic partnership frameworks, allow India to capitalize on this opportunity. 

India’s talent strategy must be robust and long-term, focusing heavily on multi-stakeholder engagement. The government has a pivotal role here by creating industry-academia interfaces and enabling tech hubs and innovation parks.

India's Position in the Global AI Race

India’s foreign policy and geopolitical standpoint have been one of global cooperation. This must not change when it comes to AI. Even though this has been dubbed as the “AI Arms Race,” India should encourage worldwide collaboration on AI R&D through collaboration with other countries in order to strengthen its own capabilities. India must prioritise more significant open-source AI development, work with the US, Europe, Australia, Japan, and other friendly countries to prevent the unethical use of AI and contribute to the formation of a global consensus on the boundaries for AI development. 

The IndiaAI Mission will have far-reaching implications for India’s diplomatic and economic relations. The unique proposition that India comes with is its ethos of inclusivity, ethics, regulation, and safety from the get-go. We should keep up the efforts to create a powerful voice for the Global South in AI. The IndiaAI Mission marks a pivotal moment in India's technological journey. Its success could not only elevate India's status as a tech leader but also serve as a model for other nations looking to harness the power of AI for national development and global competitiveness. In conclusion, the IndiaAI Mission seeks to strengthen India's position as a global leader in AI, promote technological independence, guarantee the ethical and responsible application of AI, and democratise the advantages of AI at all societal levels.

References

• ​​Ashwini Vaishnaw to launch IndiaAI portal, 10 firms to provide 14,000 GPUs. (2025, February 17). https://www.business-standard.com/. Retrieved February 25, 2025, from https://www.business-standard.com/industry/news/indiaai-compute-portal-ashwini-vaishnaw-gpu-artificial-intelligence-jio-125021700245_1.html
• Global IndiaAI Summit 2024 being organized with a commitment to advance responsible development, deployment and adoption of AI in the country. (n.d.). https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2029841
• India to Launch AI Compute Portal, 10 Firms to Supply 14,000 GPUs. (2025, February 17). apacnewsnetwork.com. https://apacnewsnetwork.com/2025/02/india-to-launch-ai-compute-portal-10-firms-to-supply-14000-gpus/
• INDIAai | Pillars. (n.d.). IndiaAI. https://indiaai.gov.in/
• IndiaAI Innovation Challenge 2024 | Software Technology Park of India | Ministry of Electronics & Information Technology Government of India. (n.d.). http://stpi.in/en/events/indiaai-innovation-challenge-2024
• IndiaAI Mission To Deploy 14,000 GPUs For Compute Capacity, Starts Subsidy Plan. (2025, February 17). www.businessworld.in. Retrieved February 25, 2025, from https://www.businessworld.in/article/indiaai-mission-to-deploy-14000-gpus-for-compute-capacity-starts-subsidy-plan-548253
• India’s interesting AI initiatives in 2024: AI landscape in India. (n.d.). IndiaAI. https://indiaai.gov.in/article/india-s-interesting-ai-initiatives-in-2024-ai-landscape-in-india
• Mehra, P. (2025, February 17). Yotta joins India AI Mission to provide advanced GPU, AI cloud services. Techcircle. https://www.techcircle.in/2025/02/17/yotta-joins-india-ai-mission-to-provide-advanced-gpu-ai-cloud-services/
• IndiaAI 2023: Expert Group Report – First Edition. (n.d.). IndiaAI. https://indiaai.gov.in/news/indiaai-2023-expert-group-report-first-edition
• Satish, R., Mahindru, T., World Economic Forum, Microsoft, Butterfield, K. F., Sarkar, A., Roy, A., Kumar, R., Sethi, A., Ravindran, B., Marchant, G., Google, Havens, J., Srichandra (IEEE), Vatsa, M., Goenka, S., Anandan, P., Panicker, R., Srivatsa, R., . . . Kumar, R. (2021). Approach Document for India. In World Economic Forum Centre for the Fourth Industrial Revolution, Approach Document for India [Report]. https://www.niti.gov.in/sites/default/files/2021-02/Responsible-AI-22022021.pdf
• Stratton, J. (2023, August 10). Those who solve the data dilemma will win the A.I. revolution. Fortune. https://fortune.com/2023/08/10/workday-data-ai-revolution/
• Suri, A. (n.d.). The missing pieces in India’s AI puzzle: talent, data, and R&D. Carnegie Endowment for International Peace. https://carnegieendowment.org/research/2025/02/the-missing-pieces-in-indias-ai-puzzle-talent-data-and-randd?lang=en
• The AI arms race. (2024, February 13). Financial Times. https://www.ft.com/content/21eb5996-89a3-11e8-bf9e-8771d5404543

‍

Introduction

India's National Commission for Protection of Child Rights (NCPCR) is set to approach the Ministry of Electronics and Information Technology (MeitY) to recommend mandating a KYC-based system for verifying children's age under the Digital Personal Data Protection (DPDP) Act. The decision to approach or send recommendations to MeitY was taken by NCPCR in a closed-door meeting held on August 13 with social media entities. In the meeting, NCPCR emphasised proposing a KYC-based age verification mechanism. In this background, Section 9 of the Digital Personal Data Protection Act, 2023 defines a child as someone below the age of 18, and Section 9 mandates that such children have to be verified and parental consent will be required before processing their personal data.

Requirement of Verifiable Consent Under Section 9 of DPDP Act

Regarding the processing of children's personal data, Section 9 of the DPDP Act, 2023, provides that for children below 18 years of age, consent from parents/legal guardians is required. The Data Fiduciary shall, before processing any personal data of a child or a person with a disability who has a lawful guardian, obtain verifiable consent from the parent or lawful guardian. Additionally, behavioural monitoring or targeted advertising directed at children is prohibited. 

Ongoing debate on Method to obtain Verifiable Consent

Section 9 of the DPDP Act gives parents or lawful guardians more control over their children's data and privacy, and it empowers them to make decisions about how to manage their children's online activities/permissions. However, obtaining such verifiable consent from the parent or legal guardian presents a quandary. It was expected that the upcoming 'DPDP rules,' which have yet to be notified by the Central Government, would shed light on the procedure of obtaining such verifiable consent from a parent or lawful guardian.

However, In the meeting held on 18th July 2024, between MeitY and social media companies to discuss the upcoming Digital Personal Data Protection Rules (DPDP Rules), MeitY stated that it may not intend to prescribe a ‘specific mechanism’ for Data Fiduciaries to verify parental consent for minors using digital services. MeitY instead emphasised obligations put forth on the data fiduciary under section 8(4) of the DPDP Act to implement “appropriate technical and organisational measures” to ensure effective observance of the provisions contained under this act. 

In a recent update, MeitY held a review meeting on DPDP rules, where they focused on a method for determining children's ages. It was reported that the ministry is making a few more revisions before releasing the guidelines for public input.

CyberPeace Policy Outlook

CyberPeace in its policy recommendations paper published last month, (available here) also advised obtaining verifiable parental consent through methods such as Government Issued ID, integration of parental consent at ‘entry points’ like app stores,  obtaining consent through consent forms, or drawing attention from foreign laws such as California Privacy Law, COPPA, and developing child-friendly SIMs for enhanced child privacy.

CyberPeace in its policy paper also emphasised that when deciding the method to obtain verifiable consent, the respective platforms need to be aligned with the fact that verifiable age verification must be done without compromising user privacy. Balancing user privacy is a question of both technological capabilities and ethical considerations. 

DPDP Act is a brand new framework for protecting digital personal data and also puts forth certain obligations on Data Fiduciaries and provides certain rights to Data Principal. With upcoming ‘DPDP Rules’ which are expected to be notified soon, will define the detailed procedure for the implementation of the provisions of the Act. MeitY is refining the DPDP rules before they come out for public consultation. The approach of NCPCR is aimed at ensuring child safety in this digital era. We hope that MeitY comes up with a sound mechanism for obtaining verifiable consent from parents/lawful guardians after taking due consideration to recommendations put forth by various stakeholders, expert organisations and concerned authorities such as NCPCR. 

References

1. https://www.moneycontrol.com/technology/dpdp-rules-ncpcr-to-recommend-meity-to-bring-in-kyc-based-age-verification-for-children-article-12801563.html
2. https://pune.news/government/ncpcr-pushes-for-kyc-based-age-verification-in-digital-data-protection-a-new-era-for-child-safety-215989/#:~:text=During%20this%20meeting%2C%20NCPCR%20issued,consent%20before%20processing%20their%20data
3. https://www.hindustantimes.com/india-news/ncpcr-likely-to-seek-clause-for-parents-consent-under-data-protection-rules-101724180521788.html
4. https://www.drishtiias.com/daily-updates/daily-news-analysis/dpdp-act-2023-and-the-isssue-of-parental-consent

‍

On 6 June 2025, the EU Council officially adopted the revised Cybersecurity Blueprint, marking a significant evolution from the 2017 guidance. This framework, formalised through Council Recommendation COM(2025) 66 final, responds to a transformed threat environment and reflects new legal milestones like the NIS2 Directive (Network and Information Security Directive) and the Cyber Solidarity Act.

From Fragmented Response to Cohesive Strategy

‍

Between 2017 and now, EU member states have built various systems to manage cyber incidents. Still, real-world events and exercises highlighted critical gaps - uncoordinated escalation procedures, inconsistent terminology, and siloed information flows. The updated Blueprint addresses these issues by focusing on a harmonised operational architecture for the EU. It defines a clear crisis lifecycle with five stages: Detection, Analysis, Escalation, Response, and Recovery. Each stage is supported by common communication protocols, decision-making processes, and defined roles. Consistency is key; standardised terminology along with a broad scope of application that eases cross-border collaboration and empowers coherent response efforts.

Legal Foundations: NIS2, ENISA & EU‑CyCLONe

‍

Several core pillars of EU cybersecurity directly underpin the Blueprint:

• ENISA – The European Union Agency for Cybersecurity continues to play a central role. It supports CSIRTs' Network operations, leads EU‑CyCLONe ( European cyber crisis liaison organisation network) coordination, conducts simulation exercises, and gives training on incident management
• NIS2 Directive, particularly Article 16, is a follow-up of NIS. NIS2 mandates operators of critical infrastructure and essential services to implement appropriate security measures and report incidents to the relevant authorities. Compared to NIS, NIS2 expands its EU-wide security requirements and scope of covered organisations and sectors to improve the security of supply chains, simplify reporting obligations, and enforce more stringent measures and sanctions throughout Europe. It also formally legitimises the EU‑CyCLONe network, which is the crisis liaison mechanism bridging technical teams from member states.

‍

These modern tools, integrated with legal backing, ensure the Blueprint isn’t just theoretical; it’s operationally enforceable.

‍

What’s Inside the Blueprint?

‍

The 2025 Blueprint enhances several critical areas:

‍

1. Clear Escalation Triggers - It spells out when a national cyber incident merits EU-level attention, especially those affecting critical infrastructure across borders. Civilian Military Exchange. The Blueprint encourages structured information sharing with defence institutions and NATO, recognising that cyber incidents often have geopolitical implications 
2. Recovery & Lessons Learned – A dedicated chapter ensures systematic post-incident reviews and shared learning among member states.

‍

Adaptive & Resilient by Design

‍

Rather than a static document, the Blueprint is engineered to evolve:

• Regular Exercises: Built into the framework are simulation drills that are known as Blueprint Operational Level Exercises—to test leadership response and cross-border coordination via EU‑CyCLONe
• Dynamic Reviews: The system promotes continuous iteration- this includes revising protocols, learning from real incidents, and refining role definitions.
  
  

This iterative, learning-oriented architecture aims to ensure the Blueprint remains robust amid rapidly evolving threats, including AI-boosted hacks and hybrid cyber campaigns.

Global Implications & Lessons for Others

‍

The EU’s Cybersecurity Blueprint sets a global benchmark in cyber resilience and crisis governance:

• Blueprint for Global Coordination: The EU’s method of defined crisis stages, empowered liaison bodies (like EU‑CyCLONe), and continuous exercise can inspire other regional blocs or national governments to build their own crisis mechanisms.
• Public–Private Synergy: The Blueprint’s insistence on cooperation between governments and private-sector operators of essential services (e.g., energy, telecom, health) provides a model for forging robust ecosystems.
• Learning & Sharing at Scale: Its requirement for post-crisis lessons and peer exchange can fuel a worldwide knowledge network, cultivating resilience across jurisdictions.

Conclusion

‍

The 2025 EU Cybersecurity Blueprint is more than an upgrade; it’s a strategic shift toward operational readiness, legal coherence, and collaborative resilience. Anchored in NIS2 and ENISA, and supported by EU‑CyCLONe, it replaces fragmented guidance with a well-defined, adaptive model. Its adoption signals a transformative moment in global cyber governance as for nations building crisis frameworks, the Blueprint offers a tested, comprehensive template: define clear stages, equip liaison networks, mandate drills, integrate lessons, and legislate coordination. In an era where cyber threats transcend borders, this proves to be an important development that can offer guidance and set a precedent.

‍

For India, the EU Cybersecurity Blueprint offers a valuable reference point as we strengthen our own frameworks through initiatives like the DPDP Act, the upcoming Digital India Act and CERT-In’s evolving mandates. It reinforces the importance of coordinated response systems, cross-sector drills, and legal clarity. As cyber threats grow more complex, such global models can complement our national efforts and enhance regional cooperation.

‍

References

• https://industrialcyber.co/expert/the-eus-cybersecurity-blueprint-and-the-future-of-cyber-crisis-management/
• https://www.consilium.europa.eu/en/press/press-releases/2025/06/06/eu-adopts-blueprint-to-better-manage-european-cyber-crises-and-incidents/ 
• https://www.enisa.europa.eu/topics/eu-incident-response-and-cyber-crisis-management 
• https://www.enisa.europa.eu/news/new-cyber-blueprint-to-scale-up-the-eu-cybersecurity-crisis-management 
• https://www.isc2.org/Insights/2025/01/EU-Cyber-Solidarity-Act 
• https://www.enisa.europa.eu/topics/eu-incident-response-and-cyber-crisis-management/eu-cyclone 
• https://nis2directive.eu/what-is-nis2/ 

‍