Children’s Safety in the Digital Space: Legal Safeguards and Gaps in Indian Cyber Laws

Abstract

The rapid proliferation of digital platforms has transformed the lives of children, offering unprecedented opportunities for learning and connectivity, but also exposing them to significant risks such as cyberbullying, online sexual exploitation, and data privacy violations. In India, the legal framework governing children’s safety in the digital space primarily revolves around the Information Technology Act, 2000 (IT Act), the Digital Personal Data Protection Act, 2023 (DPDPA), and the Protection of Children from Sexual Offences Act, 2012 (POCSO Act). Despite these safeguards, gaps in enforcement, lack of child-specific provisions, and evolving cyber threats pose challenges to ensuring a safe digital environment. This article examines the legal protections available, evaluates judicial interpretations, identifies challenges through a comparative lens, and highlights recent government initiatives. It proposes actionable recommendations to strengthen India’s cyber laws, emphasizing the need for robust, child-centric legislation to safeguard minors in the digital era.

Introduction

The digital age has ushered in a paradigm shift, with children increasingly engaging with online platforms for education, entertainment, and socialization. India, with over 500 million internet users under the age of 18, faces unique challenges in protecting its young population from cyber threats like online grooming, cyberbullying, and exposure to harmful content. The anonymity of the internet, coupled with the rapid evolution of technology, amplifies these risks, necessitating robust legal frameworks to ensure children’s safety. The importance of safeguarding children in the digital space stems from their vulnerability and the long-term psychological and social impacts of cybercrimes. Existing laws, such as the IT Act and POCSO Act, provide a foundation, but gaps in implementation and specificity remain. This article critically analyzes the legal safeguards for children’s safety in India’s digital space, evaluates judicial interpretations, compares India’s framework with global standards, and proposes reforms to address emerging challenges.

While India has established legal frameworks to protect children in the digital space, significant gaps in enforcement, lack of child-specific provisions, and inadequate adaptation to technological advancements necessitate comprehensive reforms to ensure a safe and secure online environment for minors.

Legal Framework for Children’s Safety in India

India’s legal framework for protecting children in the digital space comprises several statutes, with the IT Act, 2000, serving as the cornerstone. The IT Act addresses cybercrimes such as hacking (Section 66), identity theft (Section 66C), and publishing obscene material (Section 67)[1]. It also mandates intermediaries, including social media platforms, to exercise due diligence under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to prevent harmful content from reaching minors. The DPDPA, 2023, introduces stringent data protection measures, requiring parental consent for processing the personal data of minors (Section 9). Additionally, the POCSO Act criminalizes online sexual abuse and exploitation, covering offenses like child pornography and grooming. These laws collectively aim to create a secure digital ecosystem, but their general applicability often fails to address the unique vulnerabilities of children.

Vulnerabilities of Children in the Digital Space

Children are particularly susceptible to cyber threats due to their limited understanding of online risks and their reliance on digital platforms. Common threats include cyberbullying, which affects mental health and self-esteem, and online sexual exploitation, with the National Crime Records Bureau (NCRB) reporting a 25% rise in cybercrimes against children in 2023[2]. Misinformation and exposure to inappropriate content further exacerbate risks, as platforms often lack robust age-verification mechanisms. The anonymity of perpetrators and the cross-jurisdictional nature of cybercrimes complicate investigations, leaving children exposed. The COVID-19 pandemic intensified these vulnerabilities, with increased internet usage among minors highlighting the inadequacy of existing safeguards.

Gaps in Indian Cyber Laws

Despite the existing legal framework, several gaps undermine its efficacy. First, India lacks dedicated legislation tailored to children’s online safety, unlike the United States’ Children’s Online Privacy Protection Act (COPPA). The DPDPA, while progressive, does not explicitly address misinformation or media intrusion affecting minors. Second, enforcement remains a challenge due to limited training among law enforcement agencies and inadequate cyber forensic infrastructure. Third, the IT Act’s provisions are outdated, failing to cover emerging threats like deepfakes and generative AI misuse. Finally, the absence of mandatory age-verification and content moderation standards for platforms allows harmful content to proliferate, leaving children unprotected.[3]

Role of Intermediaries and Platform Accountability

Social media platforms and intermediaries play a pivotal role in children’s online safety. The IT Rules, 2021, require intermediaries to remove unlawful content within 36 hours of notification and appoint grievance officers to address user complaints. However, compliance is inconsistent, with platforms often prioritizing profits over safety. The DPDPA mandates data fiduciaries to obtain verifiable parental consent for processing minors’ data, but the lack of standardized age-verification mechanisms undermines this provision. Cases like the Blue Whale Challenge, where harmful content spread unchecked, underscore the need for stricter platform accountability. The proposed Digital India Act aims to address these issues by imposing greater responsibilities on intermediaries, but its implementation remains pending.

International Cooperation and Jurisdictional Challenges

Cybercrimes against children often transcend national boundaries, necessitating international cooperation. India participates in global initiatives like the Global Partnership on Artificial Intelligence (GPAI) and bilateral cyber dialogues, but jurisdictional challenges persist. Differing legal standards across countries complicate investigations, as seen in cases involving servers located abroad. The Budapest Convention on Cybercrime, which India has not ratified, provides a framework for cross-border cooperation, but its absence limits India’s ability to address transnational cybercrimes effectively. Harmonizing domestic laws with international standards is critical to protecting children in a globalized digital landscape.

Judicial Interpretation: Critical Evaluation and Case Laws

Indian courts have played a significant role in interpreting cyber laws to protect children, often adopting a progressive stance to bridge legislative gaps. In Sneha Kalita v. Union of India (2017)[4], the Delhi High Court ordered the immediate removal of links to the Blue Whale Challenge, a game inciting self-harm among minors, under Section 69A of the IT Act. The court emphasized the state’s duty to protect vulnerable populations, highlighting the need for proactive content moderation. Similarly, in K.S. Putta swamy v. Union of India (2017)[5], the Supreme Court recognized the right to privacy as a fundamental right under Article 21, extending its applicability to children’s digital data. This ruling laid the groundwork for the DPDPA’s privacy safeguards.

However, judicial interpretations are inconsistent due to the lack of child-specific provisions. In R. Rajagopal v. State of Tamil Nadu (1994)[6], the Supreme Court balanced privacy and free speech but failed to address minors explicitly, leading to ambiguity in cases involving children. The National Insurance Company Ltd. v. IFFCO Tokio General Insurance Co. Ltd. (2016)[7] case underscored corporate liability for data breaches, but its applicability to children’s data remains limited. Courts often adopt a case-by-case approach, resulting in fragmented protections. The absence of fast-track courts for cybercrimes against minors further delays justice, undermining deterrence.

While courts have attempted to adapt existing laws to protect children, the lack of clear legislative guidance limits their efficacy. Judicial activism cannot substitute for comprehensive legislation, and the reliance on general statutes like the IT Act often fails to address the nuanced needs of minors in the digital space.

Critical Analysis: Challenges and Comparison

Challenges in India’s Digital Child Protection Framework

India faces multiple challenges in ensuring the safety of children in the digital ecosystem. One of the most pressing issues is the rapid pace of technological advancement, which often leaves existing legal frameworks outdated. For instance, the Information Technology Act, 2000, while pioneering for its time, was not designed to combat sophisticated threats such as AI-generated deepfakes, cyber grooming, dark web exploitation, or encrypted communication on social media platforms. The law’s provisions have not kept pace with the evolving nature of cybercrimes targeting children.

Secondly, the lack of institutional capacity and specialized training within law enforcement agencies is a major hurdle. Most police personnel, especially in rural and semi-urban areas, are ill-equipped to investigate complex cybercrimes. Only a few metropolitan cities have dedicated cybercrime cells, and even these often lack trained personnel or technological infrastructure to trace, analyze, and prosecute offenders. This creates a significant implementation gap, where even when offences are reported, justice is delayed or denied due to poor follow-up.

Another challenge is low digital literacy among parents, guardians, and children. Many families remain unaware of the digital risks their children face, including cyberbullying, online grooming, and exposure to explicit content. This ignorance not only increases the vulnerability of children but also makes them less likely to report abuse or seek help.

Jurisdictional issues further compound the problem. Many offenders operate from foreign jurisdictions, exploiting legal loopholes and the absence of cross-border cybercrime treaties. Investigations often stall due to the lack of mutual legal assistance treaties (MLATs) or slow responses from global tech platforms, making the prosecution of international offenders difficult.

Lastly, the absence of a mandatory reporting mechanism for online Child Sexual Abuse Material (CSAM)[8] in India allows digital platforms and service providers to evade accountability. Unlike countries that impose a statutory duty on intermediaries to report such content, Indian law currently lacks strict timelines or penalties for non-compliance, weakening deterrence and enforcement.

Comparison with Global Standards

Internationally, several jurisdictions have developed comprehensive legal frameworks to safeguard children online. The Children’s Online Privacy Protection Act (COPPA)[9] in the United States, for instance, mandates explicit parental consent, strict data collection rules, and age-verification mechanisms for children under 13. Platforms violating these norms face significant penalties, making it a powerful deterrent.

The European Union’s General Data Protection Regulation (GDPR)[10] incorporates child-specific privacy safeguards, including the ‘right to be forgotten’, minimization of data collection, and requiring age-appropriate interface design. Moreover, the UK’s Online Safety Act has gone a step further by imposing a legal duty of care on tech platforms to proactively remove harmful content and provide safety features tailored for child users.

In comparison, India’s Digital Personal Data Protection Act (DPDPA), 2023, while progressive in recognizing data privacy as a right, lacks detailed provisions for age-appropriate design, online behavioral advertising restrictions, or platform accountability specific to minors. It also doesn’t impose a specific duty of care or proactive moderation obligations on intermediaries regarding children’s content.

Key Takeaways

India’s legal framework for online child safety remains fragmented and reactive, lacking the proactiveness and precision of Western counterparts. To bridge this gap, India must adopt global best practices, such as mandatory age-verification, platform liability for harmful content, and specialized enforcement mechanisms. A dedicated Child Online Protection Law, with clear definitions, obligations, and penalties, is essential for ensuring a safer digital space for the nation’s young users.

Recent Developments by the Government

To strengthen children’s safety in the digital ecosystem, the Indian government has introduced several significant policy and legislative measures. One of the most notable is the Digital Personal Data Protection Act (DPDPA), 2023, which came into effect in August 2023. This Act lays down comprehensive data protection norms, especially for minors. It mandates verifiable parental consent before processing personal data of children and prescribes stringent penalties for non-compliance.

Additionally, the Ministry of Electronics and Information Technology (MeitY) issued advisories in 2024 to all intermediaries, instructing them to actively monitor and restrict AI-generated content, including deepfakes, misinformation, and harmful media targeting children. These advisories aim to enhance the enforcement of the existing Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, thereby improving platform accountability.

In response to emerging threats, the government also proposed the Digital India Act (DIA) in 2023, which aims to replace the outdated IT Act, 2000, with a modern and dynamic legal framework. The DIA is expected to address advanced issues like child grooming, data localization, algorithmic transparency, and age-appropriate design codes.

Furthermore, the National Cyber Security Strategy, 2020, currently under review, aims to strengthen cybersecurity infrastructure, promote regular audits, and facilitate cross-sector collaboration to protect vulnerable users like children.

The government has also launched platforms like the Cyber Crime Prevention against Women and Children (CCPWC) and mandated CERT-In to ensure that all data breaches are reported within six hours. However, despite these efforts, delayed implementation, bureaucratic challenges, and low digital literacy continue to hinder the effective protection of children online.  

Suggestions to Strengthen Child Safety in the Digital Age

1. Enact Child-Specific Digital Protection Legislation

India urgently needs a comprehensive law exclusively focused on protecting children in the digital environment. Drawing inspiration from the U.S. Children’s Online Privacy Protection Act (COPPA), such a law should mandate verifiable age checks, require explicit parental consent for data collection and usage, and impose strict content moderation guidelines for websites and applications catering to minors. This would offer a structured, enforceable framework distinct from the general provisions in the IT Act.

2. Strengthen Enforcement Infrastructure

Effective implementation requires robust enforcement mechanisms. The government should establish dedicated cybercrime units across states, specifically trained to handle cases involving children. These units should be equipped with advanced forensic tools, technical training, and psychological support resources to address sensitive issues like grooming, cyberbullying, and online sexual abuse. Further, fast-track courts for cybercrimes against minors should be created to deliver speedy justice.

3. Mandate Platform Accountability and Transparency

Digital intermediaries such as social media companies and streaming platforms must be held accountable for the safety of minors. Laws should mandate proactive measures like AI-driven content filtering, age-appropriate content tagging, and compulsory reporting of child sexual abuse material (CSAM). The EU’s Digital Services Act provides a strong reference for implementing strict compliance mechanisms and imposing hefty penalties for violations.

4. Introduce Digital Literacy in Schools

Digital safety must be embedded into school curricula from an early stage. Comprehensive modules on privacy, online etiquette, cyberbullying, and safe social media usage should be developed. Empowering children through education is a long-term safeguard against digital exploitation. Equally, workshops and parent-teacher engagement programs should raise awareness among guardians.

5. Ratify the Budapest Convention

To combat international cybercrimes involving children, India should consider ratifying the Budapest Convention on Cybercrime[11]. This would facilitate greater cross-border cooperation in investigation and prosecution, allowing India to align its domestic framework with international best practices and close jurisdictional loopholes that delay justice.

6. Update the Information Technology Act, 2000

The IT Act, which forms the cornerstone of Indian cyber law, is outdated in dealing with modern digital threats. It must be revised to include AI-generated content, deepfakes, and immersive technologies like virtual reality, which are increasingly being used to exploit children. A forward-looking, dynamic legal structure is essential to combat future challenges.

7. Create a Central Regulatory Authority

A centralized digital safety authority should be established to oversee the implementation of child protection regulations. This body could monitor compliance, coordinate between law enforcement and platforms, and issue regular guidelines based on technological advancements and emerging threats.

8. Introduce Child-Friendly Complaint Mechanisms

Simplified, confidential reporting mechanisms—such as mobile apps, toll-free helplines, or chat-based tools—should be developed to encourage children to report cyber incidents without fear. These systems should ensure anonymity, psychological support, and quick redressal.

9. Encourage Ethical Tech Innovation

Tech companies should be incentivized to develop ethical tools like child-safe search engines, time-limit apps, and privacy-enhanced social media platforms. Government funding or public-private partnerships can help drive innovation that prioritizes children’s safety.

10. Ensure Periodic Legal Audits and Reviews

Laws and policies on child digital safety must be periodically reviewed to stay in sync with evolving technology. A review committee comprising cyber law experts, child psychologists, law enforcement officials, and civil society representatives should evaluate the efficacy of existing frameworks and suggest reforms regularly.

Conclusion

Protecting children in India’s digital space is both a legal and moral imperative, given their vulnerability to cyber threats. While the IT Act, DPDPA, and POCSO Act provide a foundation, gaps in enforcement, lack of child-specific provisions, and outdated laws limit their efficacy. Judicial interpretations have attempted to bridge these gaps, but inconsistent rulings underscore the need for legislative reform. Comparative analysis reveals that India lags behind global standards set by COPPA and GDPR, necessitating a comprehensive, child-centric approach. Recent government initiatives, including the DPDPA and the proposed Digital India Act, signal progress, but their success depends on effective implementation and public awareness. By enacting dedicated legislation, strengthening enforcement, and fostering international cooperation, India can create a safer digital environment for its children, ensuring their rights and dignity are upheld in the digital age.

Reference(S):

1. Information Technology Act, 2000.
2. Digital Personal Data Protection Act, 2023.
3. Protection of Children from Sexual Offences Act, 2012.
4. National Crime Records Bureau (NCRB), Crime in India Report, 2023.
5. K.S. Putta swamy v. Union of India, (2017) 10 SCC 1.
6. Sneha Kalita v. Union of India, Writ Petition (Civil) No. 000748/2017.
7. R. Rajagopal v. State of Tamil Nadu, (1994) 6 SCC 632.
8. National Insurance Company Ltd. v. IFFCO Tokio General Insurance Co. Ltd., (2016).
9. Ministry of Electronics and Information Technology, IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
10. UpGuard, Top Cybersecurity Regulations in India [Updated 2025], www.upguard.com, 2025.
11. ScienceDirect, Behind the Screens: Understanding the Gaps in India’s Fight Against Online Child Sexual Abuse and Exploitation, www.sciencedirect.com, 2023.
12. PMF IAS, Children’s Privacy in the Digital Age, www.pmfias.com, 2025.

[1] Information Technology Act, 2000, Section 66, 66C, 67.

[2] National Crime Records Bureau, Crime in India Report, 2023 (highlighting a 25% rise in cybercrimes against children). (https://cosmoslearning.in/child-rights-in-india-a-quest-for-protection-and-justice/)

[3] Digital Personal Data Protection Act, 2023, Section 9. (https://www.dlapiperdataprotection.com/?t=law&c=IN)

[4] . Sneha Kalita v. Union of India, Writ Petition (Civil) No. 000748/2017. (https://www.livelaw.in/lawschool/articles/cyber-law-data-privacy-digital-data-protection-act-right-to-be-forgotten-silenced-voices-information-technology-act-261014)

[5] K.S. Putta swamy v. Union of India, (2017) 10 SCC 1. (https://www.pmfias.com/childrens-privacy-in-digital-age/)

[6] R. Rajagopal v. State of Tamil Nadu, (1994) 6 SCC 632. (https://www.pmfias.com/childrens-privacy-in-digital-age/)

[7] National Insurance Company Ltd. v. IFFCO Tokio General Insurance Co. Ltd., (2016). (https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/india)

[8] ScienceDirect, Behind the Screens: Understanding the Gaps in India’s Fight Against Online Child Sexual Abuse and Exploitation, www.sciencedirect.com, 2023. (https://www.sciencedirect.com/science/article/pii/S2950193824000883)

[9] Children’s Online Privacy Protection Act (COPPA), 1998, United States. (https://www.pmfias.com/childrens-privacy-in-digital-age/)

[10] General Data Protection Regulation (GDPR), European Union. (https://hallboothsmith.com/childrens-privacy-updates/)

[11]  Budapest Convention on Cybercrime, Council of Europe. (https://law.asia/india-cybersecurity-legislation-reform/)