Comparative Study of Cybersecurity Legislation in India and the European Union: Challenges and Opportunities
Abstract
Cybersecurity has emerged as the defining frontier of legal and strategic policy in the
twenty-first century. As digital economies expand and data becomes the most valuable
global resource, the capacity to secure digital infrastructure and regulate cyber conduct
determines a nation’s sovereignty, economic stability, and democratic resilience. This study
presents a comprehensive comparative analysis of cybersecurity legislation in India and
the European Union (EU), exploring both the convergences and divergences in their legal
frameworks, institutional mechanisms, and policy philosophies. While the EU represents
a mature, rights-centric regulatory model rooted in the General Data Protection
Regulation (GDPR) and NIS Directive (Network and Information Systems Security
Directive), India is in the process of developing a hybrid system balancing national security
imperatives with emerging data protection norms through instruments such as the
Information Technology Act 2000, the CERT-In Rules, and the Digital Personal Data
Protection Act 2023 (DPDP).
The study seeks to evaluate how these two jurisdictions conceptualize cybersecurity:
whether as a human-rights issue, an economic necessity, or a national-security objective.
It interrogates the degree of harmonization between them and the feasibility of crossborder
cooperation in digital security governance. Employing a mixed-method approach
that integrates doctrinal, comparative, and empirical techniques, this paper analyses legal
texts, regulatory reports, and datasets from CERT-In, ENISA (European Union Agency
for Cybersecurity), and the World Economic Forum’s Global Cybersecurity Index.
twenty-first century. As digital economies expand and data becomes the most valuable
global resource, the capacity to secure digital infrastructure and regulate cyber conduct
determines a nation’s sovereignty, economic stability, and democratic resilience. This study
presents a comprehensive comparative analysis of cybersecurity legislation in India and
the European Union (EU), exploring both the convergences and divergences in their legal
frameworks, institutional mechanisms, and policy philosophies. While the EU represents
a mature, rights-centric regulatory model rooted in the General Data Protection
Regulation (GDPR) and NIS Directive (Network and Information Systems Security
Directive), India is in the process of developing a hybrid system balancing national security
imperatives with emerging data protection norms through instruments such as the
Information Technology Act 2000, the CERT-In Rules, and the Digital Personal Data
Protection Act 2023 (DPDP).
The study seeks to evaluate how these two jurisdictions conceptualize cybersecurity:
whether as a human-rights issue, an economic necessity, or a national-security objective.
It interrogates the degree of harmonization between them and the feasibility of crossborder
cooperation in digital security governance. Employing a mixed-method approach
that integrates doctrinal, comparative, and empirical techniques, this paper analyses legal
texts, regulatory reports, and datasets from CERT-In, ENISA (European Union Agency
for Cybersecurity), and the World Economic Forum’s Global Cybersecurity Index.
Keywords: Digital Rupee, Central Bank Digital Currency, Indian Trade, Financial Inclusion, Digital Transformation, Monetary Policy, Cashless Economy