Internet and Data Governance

Trade Talks at a Crossroads: An Assessment of India–US Positions on Services and Digital Markets

Description: This report is based on collaborative research by four leading Indian policy and research institutions, and builds on discussions from a multistakeholder workshop in June 2025, which included diverse stakeholders from relevant sectors and professional backgrounds. It aims to contribute to a more informed and constructive understanding of how India and the US can approach digital and services trade in a manner that is both commercially meaningful and mutually respectful of each other’s policy imperatives

Attribution: Dhruv Shekhar, Srishti Joshi, Meghna Bal, Sanjay Notani, Shishir Priyadarshi. Trade Talks at a Crossroads: An Assessment of India–US Positions on Services and Digital Markets, August 2024, Esya Centre, Koan Advisory Group, Economic Laws Practice and Chintan Research Foundation


Sideloading: A National Security Threat

Description: Competition authorities, in India and across the globe, are increasingly proscribing sideloading. Sideloading entails downloading an application from outside the perimeter of a first-party app store, such as, the Apple AppStore or the Google Play Store.

In India, the Ministry of Corporate Affairs introduced the Draft Digital Competition Bill (DDCB) 2024. The DDCB introduces ex-ante obligations for large digital entities classified as “Systemically Significant Digital Enterprises” in the name of enhancing fairness and contestability. Section 13(a) of the Bill prohibits these entities from restricting or impeding the ability of users to download third-party applications or software. This means that even the warning shown to Android users about the risks of sideloading would not be permitted under this provision.

This report evaluates the security implications of enabling sideloading in the interest of promoting digital competition.

Attribution: Karnal Singh, Meghna Bal and Mohit Chawdhry. Sideloading: A National Security Threat. Issue No. 52, 2025, Esya Centre.


Dark Patterns in Indian Retail: An Empirical Examination

Description: This report explores the increasing use of dark patterns in India’s retail sector. India’s retail sector is a cornerstone of its economic growth, contributing Rs 20.18 lakh crore in Goods and Services Tax (GST) collections in FY 2024 and ranking among the top five start-up segments in the country. However, this sector is facing rising scrutiny for employing manipulative design tactics that undermine user autonomy.

This report finds that dark patterns are prevalent across both online and offline retail environments, though they are more readily identifiable in digital contexts. It critiques the disproportionate regulatory focus on e-commerce, noting that many of the flagged practices resemble long-standing marketing strategies. In this context, an ex-ante regulatory framework may not be appropriate for dark pattern regulation. 

The report recommends a reliance on a principles-based approach that emphasizes transparency and willful consent to safeguard consumer interest while mitigating the risk of harming innovation.

Attribution: Meghna Bal, Dr Vikash Gautam, and Tamanna Sharma. Dark Patterns in Indian Retail: An Empirical Examination, Issue No. 51, 2025, Esya Centre.


Response to the Draft Digital Personal Data Protection Rules 2025

Description: On January 3, 2025, the Ministry of Electronics and IT (MeitY) issued the Draft Digital Personal Data Protection Rules, 2025 (“DPDP Rules”). The DPDP Rules will play a key role in operationalising the framework under the Digital Personal Data Protection Act, 2023 (“DPDPA”), since they make up the substance of the Act. The Esya Centre is pleased to be afforded an opportunity to provide its inputs on these rules .

Our response is divided into two parts: Part A offers an introduction and summary, while Part B provides a detailed analysis of specific rules.

Attribution: Mohit Chawdhry and Shweta Venkatesan. "Response to the Draft Digital Personal Data Protection Rules 2025". Issue No. 117, March 2025, Esya Centre.

Response to the Public Consultation on the Draft Indian Standard on E- Commerce Principles and Guidelines for Self- Governance

Description: The Bureau of Indian Standards (“BIS”) published Draft Indian Standard SSD/11/26940 (“Draft Standard”) for public consultation in January 2025. The Esya Centre is pleased to be afforded an opportunity to respond to the draft regulations. Our response is divided into two parts.

Part I provides a preliminary overview of our response, with Part II delving deeper into specific aspects of the standards.

Attribution: Mohit Chawdhry. Response to the Public Consultation on the Draft Indian Standard on E-Commerce Principles and Guidelines for Self-Governance . Issue No. 115, February 2025, Esya Centre.

Platform Accountability and the Diffusion of Harm Online

Description: Countries around the world are grappling with ways to move forward on platform accountability, as threats to online safety increase. Platform accountability is a longstanding refrain in internet governance. It emerged as a response to the safe harbours afforded to digital platforms. Over the last decade or so, the focus of efforts directed towards ushering in greater platform accountability has seemingly honed in on larger platforms. This paper unbundles the diffusion of online harm, and its many forms, and argues that we must widen our gaze beyond large technology platforms and deploy strategies for a more holistic reduction of online harm.

Attribution: Meghna Bal and Shweta Venkatesan. Platform Accountability and the Diffusion of Harm Online. Working Paper November 2024, Issue No. 213, Esya Centre.

US Presidential Election 2024: Potential Implications for Technology Policy

Description: Technology policy is a hot issue in the 2024 US Presidential election. Indeed, both Donald Trump, the Republican candidate, and Kamala Harris, the Democratic contender, have taken positions, either directly or indirectly on different issues such as crypto-governance and social media regulation. . This paper unpacks the positions of the two presidential candidates on crypto-governance, social media regulation, governance of foreign-owned applications, and digital antitrust. Additionally, it also explores how the potential electoral outcomes in the US may intersect with technology policy in India.

Attribution: Akanksha Dutta and Chhavi Pathak. US Presidential Election 2024: Potential Implications for Technology Policy. November 2024, Esya Centre.

Comments on the “Draft Omnibus Framework for Recognizing Self-Regulatory Organisations (SROs) for Regulated Entities (REs) of the Reserve Bank of India”

The Reserve Bank of India (RBI) released the Draft Omnibus Framework for recognizing Self- Regulatory Organisations for Regulated Entities of the Reserve Bank of India (Draft Framework) for public comments on December 21, 2023. The Esya Centre is pleased to be afforded an opportunity to respond to the Draft Regulations. Our response is divided into two parts. Part I provides a preliminary overview of our response and Part II delves deeper into specific aspects of the regulations, such as the need for precise definitions of regulated entity categories, clarity on the number of self-regulatory organisations per category, necessity of defined timelines for RBI decisions, and the inclusion of civil society organisations in the framework's functioning.

Attribution: Comments on the “Draft Omnibus Framework for Recognizing Self-Regulatory Organisations (SROs) for Regulated Entities (REs) of the Reserve Bank of India”. Issue No. 114, January 2024, Esya Centre.

Response to the Draft Broadcasting Services (Regulation) Bill 2023

Description: The Ministry of Information and Broadcasting (MIB) initiated public consultations for the Draft Broadcasting Services (Regulation) Bill, 2023 on November 10, 2023. The Esya Centre is pleased to be afforded an opportunity to respond to the Draft Bill. Our analysis, which examines each clause in detail, aims to unravel the complexities in the Bill. In doing so, we provide in-depth insights, particularly focused on the proposed inclusion of OTT services and news and current affairs publishers under the same regulatory framework as traditional broadcasters such as cable TV and radio. 

Attribution: Response to the Draft Broadcasting Services (Regulation) Bill 2023; Issue No. 112, January 2024, Esya Centre.

An Empirical Evaluation of the Implementation Challenges of the Digital Personal Data Protection Act, 2023

Description: This report examines the challenges to implementing India’s Digital Personal Data Protection Act, 2023 (DPDPA). Seeking to understand the operational and technical hurdles faced by organisations to the Act’s enforcement, the report delves into aspects related to the implementation of consent mechanisms, provisions for children and persons with disabilities, and the intricacies of appointing data protection officers. Specifically, it explores the internal processes required for compliance and establishes the timelines necessary for meeting the DPDPA’s obligations.

Attribution: Meghna Bal and Gopal Jain. An Empirical Evaluation of the Implementation Challenges of the Digital Personal Data Protection Act, 2023: Insights and Recommendations for the Way Forward. January 2024, Esya Centre.

Mobile Security - An Assessment of CyberSecurity Threats in the Indian Ecosystem

Mobile device ecosystem is susceptible to operating system (OS) security concerns, untrusted third-party application (app) stores, and unchecked API sharing. These vulnerabilities can be mitigated to make it more difficult for attackers to exploit mobile systems. Therefore, the domestic regulatory frameworks and discourses must prioritise system security and preventing device vulnerabilities.

The Pitfalls of Regulating M2M Communication Services under Telecom Law

Description: This primer questions the effect of regulating machine-to-machine (M2M) communication services by using telecom law in India. It responds to the Draft Indian Telecommunication Bill 2022, on which comments have been sought by the Department of Telecommunications (DoT), which defines a ‘telecommunication service’ to include ‘machine-to-machine communication services’ – suggesting that telecom style regulation may be applied to M2M communications as well. It outlines the technology that underpins M2M services, the regulatory issues that may arise as they gain use, asks whether telecom law is suited to redressing these concerns, and concludes with recommendations.

Attribution: Mohit Chawdhry, The Pitfalls of Regulating M2M Communication Services under Telecom Law, October 2023, Esya Centre.

Unbundling the demand for a Network Usage Fee

Description: Major telecom service providers (telecom operators or telcos) in India are arguing for the introduction of a network usage fee for over-the-top (OTT) applications. They contend that there is currently a structural imbalance as OTT platforms allegedly benefit from telecom operator funded networks but do not invest in creating, operating, maintaining or expanding them. Relying on secondary research, this report evaluates the merits of their assertions. Broadly, the literature available indicates that contentions in favour of network usage fees may be incorrect.

Attribution: Noyanika Batta & Meghna Bal. Unbundling the demand for a Network Usage Fee. July 2023, Esya Centre.

Assigning Spectrum for Satellite Services in India

Description: The release of the Telecom Regulatory Authority of India’s consultation paper on “Assignment of Spectrum for Space-based Communication Services” in April 2023, triggered a debate on whether or not spectrum should be assigned across satcom services via auctions. It has also sparked concerns regarding access to sufficient satellite spectrum amongst global satellite operators such as Amazon (Project Kuiper) and OneWeb who want to enter the Indian market. The paper comes at a time when TRAI is consulting with stakeholders on spectrum assignment for space-based communication services. It presents a comprehensive analysis of technical, regulatory, and economic arguments on this issue and echoes the view of majority stakeholders.

Attribution: Tamanna Sharma and Niharika. Assigning Spectrum for Satellite Services in India. June 2023,Esya Centre.

Response to TRAI’s Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services

The Esya Centre is pleased to respond to the TRAI's Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services. We commend TRAI for providing an open platform for stakeholders to share their feedback on this critical issue.

Our response is divided into two parts. Part I presents our brief reactions to the consultation paper, while Part II provides a comprehensive analysis of our response. Our response is structured into five sections, each addressing a specific issue raised in the consultation. In each section, we examine TRAI's observations and propose counterarguments where necessary. Our aim is to engage with TRAI’s recommendations from first principles and bring attention to areas that may benefit from greater conceptual clarity.

Attribution: Response to TRAI’s Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services. Issue No. 107, April 2023, Esya Centre.

Information Warfare Through Social Media Platforms

Description: This paper focuses on information warfare operations conducted by foreign adversaries through social media platforms. Specifically, it considers challenges related to social media and information warfare in the Indian context and makes suggestions on how India may mitigate such threats, in particular by leveraging and partnering with domestic social media platforms. The recommendations in the paper emanate from global best practices in responding to these threats.

Attribution: Vaishnavi Prasad, Meghna Bal, Shweta Venkatesan, and Dr. Ajai Garg. Information Warfare Through Social Media Platforms. March 2023, Esya Centre.

Addressing Regulatory Fragmentation in Cross-Border Data Flows

Description: The rules governing cross-border data flows are becoming increasingly fragmented, at the domestic and international level. In April 2020, some 128 of 194 countries had data protection rules in place. While these laws manifest different approaches to cross-border data transfers, trends suggest that restrictions are growing on free data flows. This paper examines the competing approaches to cross-border data flows and identifies some challenges. It also explores India’s new approach to cross-border data flows, and the opportunity the country can seize to champion a more harmonised regulatory approach.

Attribution: Vaishnavi Prasad. Addressing Regulatory Fragmentation in Cross-Border Data Flows. February 2023, Esya Centre.

Regulation of OTT Communications Services: Justified Concern or Exaggerated Fear?

Description: Telecom service providers (TSPs) have been pushing for the regulation of over-the-top (OTT) service providers in India since 2015. Meanwhile, OTT firms maintain that their services are not comparable with telecom. The debate centres on two issues in particular: same service, same rules and infrastructure cost sharing. The merits of the TSPs’ demands and counterarguments are explored in this paper.

Part 1 of this paper outlines the demands raised by TSPs and the merits of these from a historical and legal perspective. 

Part 2 of the paper compares OTT regulation trends across some jurisdictions. The aim is to trace the changes made to telecom regulations internationally in response to emerging technologies and ask whether OTTs have been brought under the regulatory regime for TSPs. 

Finally, in Part 3 of the paper, through insights from historical and legal analysis and from a comparative standpoint, we recommend the approach the government should adopt.

Attribution: Noyanika Batta. Regulation of OTT Communications Services: Justified Concern or Exaggerated Fear? January 2023, Esya Centre.

Offshore Online Betting and Gambling in India: A Risk Assessment

Synopsis: This paper describes how offshore betting and gambling websites are violating Indian law with impunity. By operating from foreign jurisdictions, they are able to evade enforcement actions by Indian authorities. Blocking access to these websites and preventing offshore betting and gambling firms from operating in India is crucial to the welfare of Indian citizens. While mechanisms exist to effect such remedies, they are difficult to enforce for reasons we attempt to identify. We map the offshore betting and gambling ecosystem to understand its scope of operations and the nature of its harms, in order to suggest remedies in India.

Attribution: Priyesh Mishra. Offshore Online Betting and Gambling in India: A Risk Assessment. July 2022, Esya Centre.

Securing ICT Supply Chains: An Evidence Based Approach

Description: This report highlights the increasing complexity and security concerns associated with global ICT supply chains. It discusses the impact of repeated cyber-attacks on supply chain vulnerabilities and outlines national security measures adopted by governments, such as the exclusion of Chinese vendors and app bans. The report emphasizes the need for a balanced approach, citing the evidence-based executive order issued by US President Joe Biden as a model for securing ICT supply chains without hindering innovation or trade. The brief concludes with an analysis of how the Indian cybersecurity framework aligns with these principles.

Attribution: Chawdhry, Mohit. Securing ICT Supply Chains: An Evidence Based Approach. Issue No. 011, August 2021, Esya Centre.