Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Parliamentary panel flags digital infrastructure, cyber capacity gaps in MeitY spending review

March 16, 2026 4 min read Polity & Governance Science & Technology GS2 GS3
On This Page

What Happened

  • A parliamentary standing committee reviewing MeitY's (Ministry of Electronics and Information Technology) budget and expenditure flagged critical shortfalls in cybersecurity funding, digital infrastructure investment, and AI capacity.
  • The panel warned that existing budget allocations are insufficient to support India's digital governance ambitions and AI initiatives.
  • The report highlighted that CERT-In — the national cybersecurity agency — faces acute staff vacancies, with sanctioned positions remaining unfilled, undermining its ability to respond to rising cyber threats.
  • The committee called for significantly enhanced funding for the Data Protection Board (established under the Digital Personal Data Protection Act 2023), whose operationalisation has faced delays.
  • Budget 2026-27 showed increased allocations for semiconductors (₹8,000 crore under the Modified Programme for Development of Semiconductors) and the IndiaAI Mission (₹1,000 crore), but the panel noted cybersecurity received insufficient dedicated funding.

Static Topic Bridges

CERT-In — India's National Cyber Incident Response Agency

CERT-In (Indian Computer Emergency Response Team) is the national nodal agency for responding to cybersecurity incidents. It was established under Section 70B of the Information Technology Act, 2000.

  • Established under: Section 70B, IT Act 2000; operates under MeitY.
  • Mandate: Collection, analysis, and dissemination of information on cyber incidents; issuing alerts and advisories; emergency response coordination; issuing guidelines on information security practices.
  • In April 2022, CERT-In issued mandatory Directions under Section 70B(6) requiring organisations to report cyber incidents within 6 hours, mandating synchronisation of ICT system clocks, and requiring VPN service providers to maintain user logs for 5 years.
  • CERT-In oversees the protection of Critical Information Infrastructure (CII) in coordination with NCIIPC (National Critical Information Infrastructure Protection Centre).

Connection to this news: The parliamentary panel's report brings to light that CERT-In's operational effectiveness is compromised by unfilled technical posts. With 192 scientific and technical posts sanctioned but recruitment incomplete, the agency cannot discharge its statutory mandate at full capacity.

Parliamentary Standing Committees — Role in Financial Oversight

Standing Committees of Parliament are permanent committees that scrutinise the working of ministries. The Standing Committee on Communications and Information Technology reviews the budget demands and working of MeitY and the Department of Telecommunications.

  • 24 Departmentally Related Standing Committees (DRSCs) exist in Parliament, covering all Union Ministries.
  • Each committee has 21 members from Lok Sabha and 10 from Rajya Sabha.
  • Committees examine Demands for Grants before they are voted upon in Parliament — this is the primary fiscal oversight mechanism.
  • Committee reports are tabled in both Houses; government must submit an Action Taken Report (ATR) within 6 months.
  • These committees cannot vote on or amend budgets but their reports carry significant persuasive authority.

Connection to this news: The MeitY spending review is the committee exercising its constitutional role under Rule 331G (Lok Sabha Rules) to examine expenditure against stated objectives — specifically whether cybersecurity and digital infrastructure allocations are aligned with India's digital ambitions.

Digital Personal Data Protection Act 2023 and the Data Protection Board

The Digital Personal Data Protection (DPDP) Act 2023 is India's first comprehensive data protection legislation, passed in August 2023. It creates a Data Protection Board of India as an adjudicatory body for data principal complaints and penalties.

  • The Act replaced earlier draft versions (2018, 2019, 2022) and was long-awaited — India had no dedicated data protection law until this point.
  • Data Principal = the individual whose data is being processed; Data Fiduciary = entity that determines purpose and means of processing.
  • The Data Protection Board is yet to be formally constituted; its rules are still under formulation as of early 2026.
  • Penalties under the Act can go up to ₹250 crore per instance.
  • Significant Data Fiduciaries face additional obligations around data localisation, consent managers, and algorithmic transparency.

Connection to this news: The parliamentary panel's concern about the DPDP Act's delayed operationalisation feeds into the broader theme of India's digital governance architecture being under-resourced relative to its ambitions.

Key Facts & Data

  • CERT-In has 192 scientific and technical posts and 22 non-technical posts sanctioned; recruitment remains incomplete.
  • MeitY's semiconductor allocation in Budget 2026-27: ₹8,000 crore (up from ₹4,300 crore RE 2025-26).
  • IndiaAI Mission allocation: ₹1,000 crore in BE 2026-27 (up from ₹800 crore RE 2025-26).
  • Section 70B of the IT Act 2000 provides the statutory basis for CERT-In's existence and powers.
  • India's cyber incidents are rising sharply — the 2022 CERT-In Directions mandate 6-hour incident reporting for service providers.
  • The Digital Personal Data Protection Act 2023 requires a Data Protection Board that is yet to be operationalised.