Cyber Law is looming large while all stakeholders including Government, Non-Government, Organisations, Individuals are riding on the length and breadth of the Cyber Space, Internet Highway and Digital DNA i.e. data.

The Current Union Budget 2025-26 has a barrage of new announcements from a techno-legal point of view while this article intends to analyse and explore the same.

Data Protection Board of India (DPBI)

Ministry of electronics and information technology (MeitY) has increased its budgetary allocation for Data Protection Board of India (DPBI) by 2.5 times to ₹5 crore for FY26.

The 5 crores amount has been split between capital and revenue expenditure in the following manner:

• 4.5 crores - revenue expenditure
• 50 lakhs - capital expenditure

This is indicative of a step towards implementation of DPDA and may be considered as a light in the darkness of data breaches spawning all way around.

Internet Connectivity- Government Secondary Schools and PHCs

The Government Secondary Schools and Primary Health Centres in rural areas shall be provided with internet connectivity through broadband as part of Bharatnet project.

In such a scenario, the Government Secondary Schools and Primary Health Centres will become intermediaries under the IT Act which is the Indian Cyber Law. Further, the Government Secondary Schools and Primary Health Centres will have to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

While cyber security breaches becoming the new normal in this worldwide jungle of internet, the Government Secondary Schools and Primary Health Centres will be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

Further, the Government Secondary Schools and Primary Health Centres using the internet will be creating electronic data or digital documents including audio, video, image, which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

In addition to the above, the Government Secondary Schools and Primary Health Centres using the internet may also process digital personal data of students, faculty, staff for various purposes. In view of the Digital Personal Data Protection Act (DPDA), the Government Secondary Schools and Primary Health Centres using the internet shall be considered as Data Fiduciaries and shall be required to ensure compliance with DPDA and rules, regulations made thereunder.

Bharatiya Bhasha Pustak Scheme

Bharatiya Bhasha Pustak Scheme intends to provide Indian language books for school and higher education in digital format for better understanding.

These books in digital format are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Centre of Excellence in AI for Education

While three Centres of Excellence in Artificial Intelligence for agriculture, health, and sustainable cities had been announced in 2023, currently a Centre of Excellence in Artificial Intelligence for education has been announced with a total outlay of 500 crores.

Artificial Intelligence primarily is centered around the use of data, data sets and their analysis. However, such data, data sets and analysis contain data or information in digital or electronic format, which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Further, such Centres of Excellence in Artificial Intelligence are intermediaries under the IT Act which is the Indian Cyber Law. In furtherance, such Centres of Excellence in Artificial Intelligence have to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

The Centres of Excellence in Artificial Intelligence may also process digital personal data and shall be considered as Data Fiduciaries and shall be required to ensure compliance with DPDA and rules, regulations made thereunder.

Centres of Excellence in Artificial Intelligence will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

Social Security Scheme for Welfare of Online Platform Workers

The Gig workers of online platforms shall be provided identity cards and registration on the e-Shram portal for providing healthcare under PM Jan Arogya Yojana.

The identity cards, registration on the e-Shram portal are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Further, such identity cards, registration contain Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules.

Apart from the above, such identity cards, registration contain digital personal data as defined under DPDA.

The e-Shram portal shall be considered as intermediary under the IT Act which is the Indian Cyber Law and has to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

Further, e-Shram portal shall be considered as Data Fiduciary and shall be required to ensure compliance with DPDA and rules, regulations made thereunder.

E-sharm portal will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

PM Gati Shakti Data for Private Sector

In order to enable PPPs as also facilitate assistance to the private sector in project planning, the access to relevant data and maps pertaining to and from PM Gati Shakti portal shall be provided thereof.

All such data and maps from PM Gati Shakti portal are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Further, compliance to IT Act, IT Rules, DPDA and the Rules made thereof shall be of paramount importance hereof.

Relevant policies, Data Sharing & Protection, Processing Agreements from a Cyber Legal angle are to be incorporated hereunder.

Tourism for Employment-led Growth

E-visa facilities may be introduced for certain tourist groups.

These e-visas are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

E-visas consist of Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules.

Such e-visas also consist of digital personal data as defined under DPDA.

Gyan Bharatam Mission

A National Digital Repository of Indian knowledge systems shall be set up for knowledge sharing relating to survey, documentation and conservation of our manuscript heritage with academic institutions, museums, libraries, private collectors.

The National Digital Repository of Indian knowledge systems shall consist of digital data, information which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

The National Digital Repository of Indian knowledge systems shall be considered as intermediary under the IT Act which is the Indian Cyber Law and has to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

The National Digital Repository of Indian knowledge systems may also consist of Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules.

Further, National Digital Repository of Indian knowledge systems may in addition also contain digital personal data as defined under DPDA.

National Digital Repository of Indian knowledge systems will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

National Digital Repository of Indian knowledge systems shall be considered as Data Fiduciary and shall be required to ensure compliance with DPDA and rules, regulations made thereunder.

BharatTradeNet

BharatTradeNet (BTN) for international trade, a digital public infrastructure platform shall be set up for trade documentation and financing solutions in alignment with logistics and international practices.

BharatTradeNet shall be considered as intermediary under the IT Act which is the Indian Cyber Law and has to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

BharatTradeNet will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

National Geospatial Mission

A National Geospatial Mission shall be started to develop foundational geospatial infrastructure and data by using PM Gati Shakti. This Mission shall facilitate modernization of land records, urban planning, and design of infrastructure projects.

Such geospatial infrastructure and data may consist of Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules, as also contain digital personal data as defined under DPDA.

India Post as a Catalyst for Rural Economy

The expanded range of services shall also include: assisted digital services.

Further, such digital services contain data or information in digital or electronic form, which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

While providing such assisted digital services, India Post shall be considered as intermediary under the IT Act which is the Indian Cyber Law and has to exercise due diligence and ensure compliance under the IT Act, rules, regulations made thereunder.

India Post will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

Amendments relating to Direct Taxes

It shall be an obligation to furnish information with respect to a crypto-asset and its transactions in a statement specified in alignment with the definition of virtual digital assets.

Further, such amendment shall prescribe a reporting entity thereof.

The crypto assets contain data or information in digital or electronic form, which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Additionally, such crypto assets may consist of Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules, as also contain digital personal data as defined under DPDA.

Any cyber security breach with respect to crypto asset will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

Amendments proposed in provisions of Block assessment for search and requisition cases under Chapter XIV-B

There is a proposal to add the term “virtual digital asset” to the definition of undisclosed income of the block period.

Virtual digital asset contain data or information in digital or electronic form, which are electronic records and are given legal recognition under the IT Act which is the Indian Cyber Law.

Such virtual digital assets may consist of Sensitive Personal Data or Information (SPDI), Personal Information under IT Act, IT Rules, as also contain digital personal data as defined under DPDA.

Any cyber security breach with respect to virtual digital asset will also be mandated to report such cyber breaches within 6 hours from the time of becoming aware under the CERT-in Guidelines 2022.

The issues with respect to law and technology seem like a soldier firing on a moving object.

While this Union Budget 2025-26 opens up new cyber vistas, cyber law and cyber security assuming the position of a sky rocket in the era of cyber realities while chopping across the boundaryless cyber world.