India’s rapid digital growth has transformed how people live, work, and communicate. From online banking to social media, digital platforms have made life easier and more connected. But this digital expansion has also opened the door to cybercrime—fraud, identity theft, hacking, and online harassment.
While India has a strong legal framework to deal with such crimes, the real challenge lies not in the law itself but in how effectively it is enforced on the ground.
At the heart of India’s cybercrime regulation is the Information Technology Act, 2000, amended in 2008. This law covers a wide range of offences, including unauthorised access, identity theft, privacy violations, and even cyber terrorism. On paper, the law is comprehensive and forward-looking.
However, this study highlights a major gap between what the law promises and what actually happens in practice, especially at the state level.
The Kerala Paradox
To understand this gap, the study focuses on Kerala, a state known for its high literacy rate and strong digital adoption. Kerala is often celebrated as one of India’s most advanced states in terms of human development and technological access.
Yet, when it comes to cybercrime enforcement, the state presents a surprising contradiction. Despite its advantages, Kerala has a very low conviction rate of just 5.4 percent in cybercrime cases, far below the national average of 27.1 percent.
This contradiction, often called the “Kerala paradox,” shows that higher literacy and digital exposure do not automatically lead to better awareness or control of cybercrime. In fact, cybercrime complaints in the state have steadily increased over the years, indicating both growing digital use and rising vulnerability.
Financial frauds, online scams, job frauds, and cases of harassment such as revenge pornography are among the most common offenses.
One of the biggest reasons behind poor enforcement is lack of awareness among the public. The study found that an overwhelming 92 percent of internet users in Kerala were unaware of the legal framework governing cybercrime.
Even among educated users, many could not identify basic cybersecurity practices or legal protections. This means that while people are actively using digital platforms, they are largely unaware of the risks and the remedies available to them.
Limited Capacity
Another major issue is the limited capacity of law enforcement agencies. Cybercrime investigation requires specialized skills, advanced tools, and constant training. However, the study reveals that most police personnel lack adequate technical knowledge.
About 94 percent of officers admitted that their understanding of digital forensics is limited, and many described cyber investigation methods as still being in their early stages. This lack of expertise makes it difficult to collect evidence, track criminals, and build strong cases in court.
Institutional challenges further complicate the situation. In India, cyber laws are made at the national level, but their enforcement is the responsibility of state police. This creates a mismatch between policy design and implementation.
Different states have varying levels of resources, training, and infrastructure, leading to uneven enforcement across the country. In Kerala, despite initiatives like Cyber Police Stations and the CyberDome project, systemic issues such as poor coordination and limited resources continue to hinder effective action.
Jurisdictional Problems
Jurisdictional problems also play a significant role. Cybercrimes often cross state and national borders, making it difficult for local police to investigate and prosecute offenders. For example, many cybercriminals operate from foreign countries, and accessing data from international service providers can be slow and complicated. The study found that the success rate in tracking such cross-border criminals is less than 20 percent.
Legal ambiguities add another layer of difficulty. Some provisions of the IT Act are vague or outdated, making interpretation and enforcement challenging. Additionally, all offenses under the Act are bailable, which weakens deterrence. Overlaps between the IT Act and the Indian Penal Code also create confusion about jurisdiction, sometimes leading to cases being dismissed or delayed.
Resources and Training
The study also highlights how everyday practices of police officers influence outcomes. Due to lack of resources and training, officials often resort to informal advice rather than formal action. Victims are sometimes told to change their passwords or stop using the internet instead of pursuing legal remedies.
This reflects a deeper issue where policy is shaped not just by laws but by how they are implemented at the ground level.
Experts and stakeholders agree that technology must play a bigger role in addressing cybercrime. There is a strong demand for advanced tools such as artificial intelligence for threat detection, blockchain for secure evidence handling, and better data-sharing systems between agencies.
However, technology alone cannot solve the problem unless it is supported by strong institutions and trained personnel.
Weak Implementation
The findings make it clear that India’s cybercrime problem is not due to weak laws but due to weak implementation. The gap between policy and practice is driven by three key factors: low public awareness, limited institutional capacity, and poor coordination between agencies. These issues are interconnected and require a comprehensive approach to address them effectively.
To improve the situation, the study suggests several measures. First, there is a need to strengthen state capacity by investing in training and infrastructure for cybercrime investigation. Second, better coordination between central and state agencies is essential, especially for handling cross-border cases.
Third, public awareness campaigns must be launched to educate citizens about cyber risks and legal protections. Finally, legal reforms are needed to remove ambiguities and make the framework more responsive to evolving technologies.
Thus, India’s journey toward effective cyber governance depends not just on strong laws but on strong institutions and informed citizens. The Kerala case serves as a powerful example of how even advanced states can struggle when systems do not work in harmony. Bridging the gap between law and enforcement is crucial if India is to ensure justice in the digital age. Until then, the promise of a secure cyberspace will remain only partially fulfilled.
(The author is a 1991-batch IAS officer of the Kerala Cadre presently posted as Additional Chief Secretary. This is an abridged version of Mr Swamy’s article originally published in the National Law School’s Journal headlined titled “Mind the Gap : An Empirical Analysis of India’s National Cybercrime Framework and Its State-Level Implementation in Kerala”.)
