A wake up call for India's digital governance: Pulwama attackers used E-commerce platform to to buy explosives
FATF's latest report is a wake-up call: terrorists involved in the 2019 Pulwama attack bought explosives via a global ecommerce platform, masking their identity with a VPN. This isn't just a security breach - it exposes deep flaws in India's digital governance. If we want to be a $10 tn digital economy, intermediary liability can't stay stuck in the past.
The legal principle of ' safe harbour', enshrined in Sec 79 of IT Act, was designed to nurture a nascent startup ecosystem by shielding platforms from liability for user-generated content and transactions. Today, these intermediaries are mature, often globally dominant corporations. The blanket immunity they enjoy has created negative externalities, the costs of which - from terror financing to rampant counterfeit trade - are borne by society.
The current framework encourages regulatory arbitrage. Platforms that invest heavily in robust governance, content moderation and KYC protocols are at a competitive disadvantage to those that prioritise frictionless growth. This race to the bottom creates a dangerous environment where illicit activities can flourish with minimal friction. The FATF revelation is a case in point: the ease of procurement for a terrorist attack highlights a critical failure in risk assessment and supply chain integrity on the part of the ecommerce platform.
The standard defence from the tech sector is that diluting safe harbour provisions will stifle innovation, hike compliance costs, lead to over-censorship, and harm the free and open nature of the internet. While these are valid, they represent a static view of the issue. The economic calculus has changed. The cost of inaction - measured in national security threats, erosion of consumer trust, and potential damage to India's international standing as a safe investment destination - now outweighs projected costs of compliance.
A safer digital ecosystem is not a barrier to business. It is a prerequisite for its sustainable growth. In an era of increasing focus on ESG metrics, responsible corporate behaviour is a key determinant of long-term value. Investors are growing wary of platforms with weak governance structures that expose them to reputational and operational risks. Consumer trust, once lost, is difficult to regain. Therefore, a proactive, risk-based regulatory framework should be viewed not as a burden but as a mechanism to build a more resilient and trustworthy digital market that benefits all participants.
This calls for a strategic recalibration of Sec 79, not its wholesale dismantling. A nuanced, forward-looking approach is required. We must move from a one-size-fits-all model of immunity to a tiered framework that differentiates intermediaries based on size, nature and the level of risk associated with their services.
For large ecommerce marketplaces, this could mean mandating a more stringent, risk-based KYC for sellers of sensitive goods. It requires platforms to assume greater responsibility for the integrity of supply chains and proactively use tech to flag and investigate suspicious transactions, rather than waiting for a takedown notice from law enforcement. The use of a VPN in the Pulwama case also necessitates a conversation on data-sharing protocols for lawful investigations, balancing user privacy with national security imperatives.
Furthermore, regulatory clarity can itself be a catalyst for innovation. A well-defined liability framework would spur the growth of the 'RegTech' sector, creating new solutions for digital identity verification, transaction monitoring and content analysis. It would also foster public-private partnerships, enabling seamless intelligence sharing between tech platforms and security agencies to preempt threats.
The FATF report is a critical data point that signals an inflection point. Continuing with the status quo is no longer a viable option. For India's digital economy to thrive, it must be built on a foundation of trust and security. Reforming our intermediary liability laws is not an anti-tech measure, it is a pro-growth imperative to ensure that our digital future is both prosperous and secure. The question is not whether we can afford to implement stronger governance, but whether we can afford not to.
The writer is former secretary, consumer affairs, GoI
(Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com)
The legal principle of ' safe harbour', enshrined in Sec 79 of IT Act, was designed to nurture a nascent startup ecosystem by shielding platforms from liability for user-generated content and transactions. Today, these intermediaries are mature, often globally dominant corporations. The blanket immunity they enjoy has created negative externalities, the costs of which - from terror financing to rampant counterfeit trade - are borne by society.
The current framework encourages regulatory arbitrage. Platforms that invest heavily in robust governance, content moderation and KYC protocols are at a competitive disadvantage to those that prioritise frictionless growth. This race to the bottom creates a dangerous environment where illicit activities can flourish with minimal friction. The FATF revelation is a case in point: the ease of procurement for a terrorist attack highlights a critical failure in risk assessment and supply chain integrity on the part of the ecommerce platform.
The standard defence from the tech sector is that diluting safe harbour provisions will stifle innovation, hike compliance costs, lead to over-censorship, and harm the free and open nature of the internet. While these are valid, they represent a static view of the issue. The economic calculus has changed. The cost of inaction - measured in national security threats, erosion of consumer trust, and potential damage to India's international standing as a safe investment destination - now outweighs projected costs of compliance.
A safer digital ecosystem is not a barrier to business. It is a prerequisite for its sustainable growth. In an era of increasing focus on ESG metrics, responsible corporate behaviour is a key determinant of long-term value. Investors are growing wary of platforms with weak governance structures that expose them to reputational and operational risks. Consumer trust, once lost, is difficult to regain. Therefore, a proactive, risk-based regulatory framework should be viewed not as a burden but as a mechanism to build a more resilient and trustworthy digital market that benefits all participants.
This calls for a strategic recalibration of Sec 79, not its wholesale dismantling. A nuanced, forward-looking approach is required. We must move from a one-size-fits-all model of immunity to a tiered framework that differentiates intermediaries based on size, nature and the level of risk associated with their services.
For large ecommerce marketplaces, this could mean mandating a more stringent, risk-based KYC for sellers of sensitive goods. It requires platforms to assume greater responsibility for the integrity of supply chains and proactively use tech to flag and investigate suspicious transactions, rather than waiting for a takedown notice from law enforcement. The use of a VPN in the Pulwama case also necessitates a conversation on data-sharing protocols for lawful investigations, balancing user privacy with national security imperatives.
Furthermore, regulatory clarity can itself be a catalyst for innovation. A well-defined liability framework would spur the growth of the 'RegTech' sector, creating new solutions for digital identity verification, transaction monitoring and content analysis. It would also foster public-private partnerships, enabling seamless intelligence sharing between tech platforms and security agencies to preempt threats.
The FATF report is a critical data point that signals an inflection point. Continuing with the status quo is no longer a viable option. For India's digital economy to thrive, it must be built on a foundation of trust and security. Reforming our intermediary liability laws is not an anti-tech measure, it is a pro-growth imperative to ensure that our digital future is both prosperous and secure. The question is not whether we can afford to implement stronger governance, but whether we can afford not to.
The writer is former secretary, consumer affairs, GoI
(Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com)
Next Story