Post Session Report on Universal Acceptance and Multilingual Internet at BIT University under CyberPeace Center of Excellence (CCoE)

Introduction

With the increasing reliance on digital technologies in the banking industry, cyber threats have become a significant concern. Cyberlaw plays a crucial role in safeguarding the banking sector from cybercrimes and ensuring the security and integrity of financial systems.

The banking industry has witnessed a rapid digital transformation, enabling convenient services and greater access to financial resources. However, this digitalisation also exposes the industry to cyber threats, necessitating the formulation and implementation of effective cyber law frameworks.

Recent Trends in the Banking Industry

Digital Transformation: The banking industry has embraced digital technologies, such as mobile banking, internet banking, and financial apps, to enhance customer experience and operational efficiency.

Open Banking: The concept of open banking has gained prominence, enabling data sharing between banks and third-party service providers, which introduces new cyber risks.

How Cyber Law Helps the Banking Sector

The banking sector and cyber crime share an unspoken synergy due to the mass digitisation of banking services. Thanks to QR codes, UPI and online banking payments, India is now home to 40% of global online banking transactions. Some critical aspects of the cyber law and banking sector are as follows:

Data Protection: Cyberlaw mandates banks to implement robust data protection measures, including encryption, access controls, and regular security audits, to safeguard customer data.

Incident Response and Reporting: Cyberlaw requires banks to establish incident response plans, promptly report cyber incidents to regulatory authorities, and cooperate in investigations.

Customer Protection: Cyberlaw enforces regulations related to online banking fraud, identity theft, and unauthorised transactions, ensuring that customers are protected from cybercrimes.

Legal Framework: Cyberlaw provides a legal foundation for digitalisation in the banking sector, assuring customers that regulations protect their digital transactions and data.

Cybersecurity Training and Awareness: Cyberlaw encourages banks to conduct regular training programs and create awareness among employees and customers about cyber threats, safe digital practices, and reporting procedures.

RBI Guidelines

The RBI, as India’s central banking institution, has issued comprehensive guidelines to enhance cyber resilience in the banking industry. These guidelines address various aspects, including:

Technology Risk Management

Cyber Security Framework

IT Governance

Cyber Crisis Management Plan

Incident Reporting and Response

Recent Trends in Banking Sector Frauds and the Role of Cyber Law

Phishing Attacks: Cyberlaw helps banks combat phishing attacks by imposing penalties on perpetrators and mandating preventive measures like two-factor authentication.

Insider Threats: Cyberlaw regulations emphasise the need for stringent access controls, employee background checks, and legal consequences for insiders involved in fraudulent activities.

Ransomware Attacks: Cyberlaw frameworks assist banks in dealing with ransomware attacks by enabling legal actions against hackers and promoting preventive measures, such as regular software updates and data backups.

Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs)

Draft of Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs) issued by the Reserve Bank of India (RBI). The directions provide guidelines and requirements for PSOs to improve the safety and security of their payment systems, with a focus on cyber resilience. These guidelines for PSOs include mobile payment service providers like Paytm or digital wallet payment platforms.

Here are the highlights-

The Directions aim to improve the safety and security of payment systems operated by PSOs by providing a framework for overall information security preparedness, with an emphasis on cyber resilience.

The Directions apply to all authorised non-bank PSOs.

PSOs must ensure adherence to these Directions by unregulated entities in their digital payments ecosystem, such as payment gateways, third-party service providers, vendors, and merchants.

The PSO’s Board of Directors is responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience. A sub-committee of the Board may be delegated with primary oversight responsibilities.

PSOs must formulate a Board-approved Information Security (IS) policy that covers roles and responsibilities, measures to identify and manage cyber security risks, training and awareness programs, and more.

PSOs should have a distinct Board-approved Cyber Crisis Management Plan (CCMP) to detect, contain, respond, and recover from cyber threats and attacks.

A senior-level executive, such as a Chief Information Security Officer (CISO), should be responsible for implementing the IS policy and the cyber resilience framework and assessing the overall information security posture of the PSO.

PSOs need to define Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to identify potential risk events and assess the effectiveness of security controls. The sub-committee of the Board is responsible for monitoring these indicators.

PSOs should conduct a cyber risk assessment when launching new products, services, technologies, or significant changes to existing infrastructure or processes.

PSOs, including inventory management, identity and access management, network security, application security life cycle, security testing, vendor risk management, data security, patch and change management life cycle, incident response, business continuity planning, API security, employee awareness and training, and other security measures should implement various baseline information security measures and controls.

PSOs should ensure that payment transactions involving debit to accounts conducted electronically are permitted only through multi-factor authentication, except where explicitly permitted/relaxed.

Conclusion

The relationship between cyber law and the banking industry is crucial in ensuring a secure and trusted digital environment. Recent trends indicate that cyber threats are evolving and becoming more sophisticated. Compliance with cyber law provisions and adherence to guidelines such as those provided by the RBI is essential for banks to protect themselves and their customers from cybercrimes. By embracing robust cyber law frameworks, the banking industry can foster a resilient ecosystem that enables innovation while safeguarding the interests of all stakeholders or users.

Introduction

Since February 2020 the government has been taking keen steps to safeguard the Indian markets and the consumer, this could be seen in the forms of policies and exemptions for the market players and the consumers, however, due to the COVID-19 pandemic, the markets places became vulnerable to loss and various forms of new crimes and frauds. The Government recently tabled the Jan Vishwas bill which is an aftermath of the Vivad se Vishwas Bill, 2020 which was tabled in February 2020 for creating a safe and dynamic market, this bill is a clear example of how AtmaNirbhar Bharat plays a crucial role in nations development.

What is Jan Vishwas Bill, 2022

The Jan Vishwas (Amendment of Provisions) Bill, 2022 is a 108-page bill introduced in the Lok Sabha by the Union Minister of Commerce and Industry, Piyush Goyal. The statement of objects and reasons of the Bill states, “To amend certain enactments for decriminalizing and rationalizing minor offenses to further enhance trust-based governance for ease of living and doing business.” The bill aims to promote ease of doing business in India by decriminalizing minor offences and amending 183 provisions in 42 Acts administered by 19 ministries. The bill proposes to replace minor offences with monetary penalties and rationalize existing monetary penalties based on the gravity of the offences. The Acts to be amended by the bill include-

• Drugs and Cosmetics Act, 1940
• Public Debt Act, 1944
• Pharmacy Act, 1948
• Cinematograph Act, 1952
• Copyright Act, 1957
• Patents Act, 1970
• Environment (Protection) Act, 1986
• Motor Vehicles Act, 1988
• Trade Marks Act, 1999l Railways Act, 1989
• Information Technology Act, 2000
• Prevention of Money-laundering Act, 2002
• Food Safety and Standards Act, 2006
• Legal Metrology Act, 2009
• Factoring Regulation Act, 2011

The bill aims to decriminalize a large number of minor offences and replace them with monetary penalties. This step by the government is a clear indication of how important the market regulations are, in recent times Google was imposed with a penalty of 1300 crores and 900 crores for violating competitive market practices, these penalties, and criminalised actions will ensure proper compliance to laws of the land thus creating a blanket of safeguards for the Indian consumer and netizen.‍

What will the Ease of Business be?

The Government has been critical in pinpointing various parameters and factors to improve the ease of business in the country, this bill comes at the right time when we can see numerous start-ups and entrepreneurs emerging in our country. The parameters are as follows-

• Starting a Business of all
• Dealing with Construction Permits
• Getting Electricity
• Registering Property
• Getting Credit
• Protecting
• Minority Investors
• Paying Taxes
• Trading across Borders
• Enforcing Contracts and Resolving Insolvency

These parameters have been created with a sight on the future of the markets and how external factors like the Russia-Ukraine war can influence the markets. According to Minister Piyush Goyal, the fear of imprisonment for minor offences is a major factor hindering the growth of the business ecosystem and individual confidence in India. The Jan Vishwas Bill, 2022 aims to address this issue by replacing minor offences with monetary penalties. The bill also proposes an increase of 10% in the minimum amount of fine and penalty levied after every three years, once the bill becomes a law.

Conclusion

The bill will create a level playing field for the market players and the consumers with the backing of strong legislation and precedents thus maintaining transparency and accountability in the system. The amended provisions will allow various already existing legislation to come in tune with the current times and emerging technologies. The nation is at a critical juncture to fabricate policies and laws to address the issues and threats of the future and hence such a bill will be the strengthening pillar of the Indian markets and cyber-ecosystem. The Jan Vishwas Bill, 2022 has been referred to a 31-member joint parliamentary committee for scrutiny. The committee includes members from the Lok Sabha and the Rajya Sabha and will submit its report to parliament by the second part of the Budget session in 2023, The members from the Lok Sabha include PP Chaudhary, Sanjay Jaiswal, Queen Ojha, Rajendra Agrawal, Gaurav Gogoi, A Raja, Rajendra Agarwal, Poonam Pramod Mahajan, and Sougata Ray.

Introduction

As our experiments with Generative Artificial Intelligence (AI) continue, companies and individuals look for new ways to incorporate and capitalise on it. This also includes big tech companies betting on their potential through investments. This process also sheds light on how such innovations are being carried out, used, and affect other stakeholders. Google’s AI overview feature has raised concerns from various website publishers and regulators. Recently, Chegg, a US-based tech education company that provides online resources for high school and college students, has filed a lawsuit against Google alleging abuse of monopoly over the searching mechanism.

Legal Background

Google’s AI Overview/Search Generative Experience (SGE) is a feature that incorporates AI into its standard search tool and helps summarise search results. This is then presented at the top, over the other published websites, when one looks for the search result. Although the sources of the information present are linked, they are half-covered, and it is ambiguous to tell which claims made by the AI come from which link. This creates an additional step for the searcher as, to find out the latter, their user interface requires the searcher to click on a drop-down box. Individual publishers and companies like Chegg have argued that such summaries deter their potential traffic and lead to losses as they continue to bid higher for advertisement services that Google offers, only to have their target audience discouraged from visiting their websites. What is unique about the lawsuit that has been filed by Chegg, is that it is based on anti-trust law rather than copyright law, which it has dealt with previously. In August 2024, a US Federal Judge had ruled that Google had an illegal monopoly over internet search and search text advertising markets, and by November, the US Department of Justice (DOJ) filed its proposed remedy. Some of them were giving advertisers and publishers more control of their data flowing through Google’s products, opening Google’s search index to the rest of the market, and imposing public oversight over Google’s AI investments. Currently, the DOJ has emphasised its stand on dismantling the search monopoly through structural separations, i.e., divesting Google of Chrome. The company is slated to defend itself before the DC District Court Judge Amit Mehta starting April 20, 2025.

CyberPeace Insights

As per a report by Statista (Global market share of leading search engines 2015-2025), Google, as the market leader, held a search traffic share of around 89.62 per cent. It is also stated that its advertising services account for the majority of its revenue, which amounted to a total of 305.63 billion U.S. dollars in 2023. The inclusion of the AI feature is undoubtedly changing how we search for things online. Benefits for users include an immediate, convenient scan of general information pertaining to the looked-up subject, but it may also raise concerns on the part of the website publishers and their loss of ad revenue owing to fewer impressions/clicks. Even though links (sources) are mentioned, they are usually buried. Such a searching mechanism questions the incentive on both ends- the user to explore various viewpoints, as people are now satisfied with the first few results that pop up, and the incentive for a creator/publisher to create new content as well as generate an income out of it. There might be a shift to more passive consumption rather than an active one, where one looks up/or is genuinely searching for information.

Conclusion

AI might make life more convenient, but in this case, it might also take away from small businesses, their finances, and the results of their hard work. It is also necessary for regulators, publishers, and users to continue asking such critical questions to keep the accountability of big tech giants in check, whilst not compromising their creations and publications.

References

• https://www.washingtonpost.com/technology/2024/05/13/google-ai-search-io-sge/
• https://www.theverge.com/news/619051/chegg-google-ai-overviews-monopoly
• https://economictimes.indiatimes.com/tech/technology/google-leans-further-into-ai-generated-overviews-for-its-search-engine/articleshow/118742139.cms?from=mdr
• https://www.nytimes.com/2024/12/03/technology/google-search-antitrust-judge.html
• https://www.odinhalvorson.com/monopoly-and-misuse-googles-strategic-ai-narrative/
• https://cio.economictimes.indiatimes.com/news/artificial-intelligence/google-leans-further-into-ai-generated-overviews-for-its-search-engine/118748621
• https://www.techpolicy.press/the-elephant-in-the-room-in-the-google-search-case-generative-ai/
• https://www.karooya.com/blog/proposed-remedies-break-googles-monopoly-antitrust/
• https://getellipsis.com/blog/googles-monopoly-and-the-hidden-brake-on-ai-innovation/
• https://www.statista.com/statistics/266249/advertising-revenue-of-google/#:~:text=Google:%20annual%20advertising%20revenue%202001,local%20products%20are%20more%20preferred.
• https://www.statista.com/statistics/1381664/worldwide-all-devices-market-share-of-search-engines/
• https://www.techpolicy.press/doj-sets-record-straight-of-whats-needed-to-dismantle-googles-search-monopoly/

‍