Current Affairs Topics Quiz Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Kerala brings out Cyber Safety Protocol in public schools amid AI surge

March 09, 2026 4 min read Science & Technology Polity & Governance GS Paper 2 (Governance Social Justice) and GS Paper 3 (Internal Security Science & Technology)
On This Page

What Happened

  • Kerala released the Cyber Safety Protocol 2026, a comprehensive framework developed by the Kerala Infrastructure and Technology for Education (KITE) — the tech arm of the state's General Education Department — to protect students in public schools from AI-driven cyber threats.
  • The protocol was developed after a detailed study of new AI-driven challenges and cybercrimes, including deepfakes, generative AI misuse, and online predatory behaviour.
  • The framework contains 13 core objectives, provides 25 essential safety measures for students, and 16 actionable guidelines for parents.
  • Key provisions include Privacy by Design principles, a ban on real-time CCTV surveillance via private servers in classrooms, and a directive against assigning homework requiring home internet access (to bridge the digital divide).
  • KITE also introduced specialised Cyber Security and AI Literacy programmes for families under this initiative.

Static Topic Bridges

Digital Personal Data Protection Act, 2023 and Children's Data

India enacted the Digital Personal Data Protection (DPDP) Act, 2023 (No. 22 of 2023) — the country's first comprehensive data protection legislation. The Act establishes strong protections specifically for children's personal data, with a definition of "child" as any person under 18 years of age — stricter than global standards (GDPR's 13–16 years; US COPPA's 13 years).

  • Section 9 of the DPDP Act mandates that Data Fiduciaries must obtain verifiable parental consent before processing any personal data of a child.
  • The Act prohibits tracking, behavioural monitoring, and targeted advertising directed at children — with no exemptions for these prohibitions under Section 9(3).
  • Violations related to children's data protection attract penalties up to ₹200 crore.
  • The Act establishes a Data Protection Board of India as the adjudicatory body for grievance redressal.
  • India's earlier approach to data governance relied on the IT Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011 — both insufficient for the AI era.

Connection to this news: Kerala's Protocol operationalises at the state-school level the intent of the DPDP Act — restricting data collection, preventing surveillance, and demanding privacy-by-design — filling the gap while national DPDP Rules are still being finalised.

Cybersecurity in Schools: Governance and Policy Frameworks

India's approach to cybersecurity is coordinated through the National Cyber Security Policy, 2013 (under review for revision) and the Computer Emergency Response Team India (CERT-In), established under Section 70B of the IT Act, 2000. The National Cybersecurity Coordinator (under the NSC Secretariat) oversees strategic cyber policy. For schools, the Ministry of Education has issued guidelines through PM e-VIDYA and DIKSHA platforms, but a child-specific cyber safety framework at scale remains nascent.

  • KITE (Kerala Infrastructure and Technology for Education) manages IT infrastructure across Kerala's ~13,000+ government schools; it operates the Hi-Tech School Programme and KITE-VICTERS (educational TV channel).
  • Kerala's "Privacy by Design" approach aligns with the principle embedded in the DPDP Act and internationally in the GDPR (Article 25) — that privacy must be built into systems architecturally, not added as an afterthought.
  • The protocol advises against private CCTV server surveillance in classrooms — addressing data sovereignty (who controls student data) and consent.
  • Teachers are directed not to assign homework requiring internet access at home — a digital divide mitigation measure, recognising unequal home internet access across socioeconomic groups.

Connection to this news: Kerala's state-level framework demonstrates how subnational governments can fill national policy gaps, creating model frameworks for child-specific cybersecurity that other states and the Union government can emulate.

Artificial Intelligence Governance and Ethics

The rapid proliferation of generative AI tools (ChatGPT, image generators, deepfake tools) poses specific risks for minors: academic dishonesty, exposure to harmful content, data privacy violations through AI prompts, and psychological manipulation. India lacks a dedicated AI Regulation Act (as of 2026); governance has relied on the MeitY's advisory frameworks and sector-specific guidance.

  • The IndiaAI Mission (approved February 2024, ₹10,372 crore outlay) aims to build India's AI computing infrastructure, datasets, and governance ecosystem — but does not specifically address child safety in AI interactions.
  • The EU's AI Act (2024) — the world's first comprehensive AI regulation — classifies AI systems targeting minors as high-risk, requiring transparency, human oversight, and safety testing. India's Protocol implicitly aligns with this risk classification.
  • Kerala's 13 core objectives include creating awareness about risks of sharing personal information with generative AI platforms — a direct response to the vulnerability of minors to inadvertently feeding private data into AI systems.

Connection to this news: Kerala's protocol is among the first state-level frameworks globally to directly address generative AI risks in school environments — a policy template relevant as India develops its AI governance architecture.

Key Facts & Data

  • Developer: KITE (Kerala Infrastructure and Technology for Education), tech arm of Kerala's General Education Department
  • Coverage: Public schools across Kerala (~13,000+ government schools)
  • Core objectives: 13
  • Student safety measures: 25 essential guidelines
  • Parent guidelines: 16 actionable measures
  • Key provision: Privacy by Design; ban on private-server CCTV in classrooms
  • Digital equity measure: No homework requiring home internet access
  • India's DPDP Act, 2023: Children defined as under 18 years; parental consent mandatory (Section 9); penalties for child data violations up to ₹200 crore
  • CERT-In: Established under Section 70B, IT Act, 2000 — India's national cybersecurity response agency
  • IndiaAI Mission: ₹10,372 crore (approved February 2024)
  • Kerala's Hi-Tech School programme covers all government high schools in the state