Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Develop indigenous Web browser, grab cash prizes

March 27, 2026 6 min read Science & Technology Polity & Governance GS2 (Government Policies IT Governance) GS3 (Science & Technology Cybersecurity)
On This Page

What Happened

  • The Ministry of Electronics and Information Technology (MeitY) launched the Indian Web Browser Development Challenge (IWBDC), offering a total prize pool of ₹3.4 crore to Indian developers and organisations that build an indigenous web browser
  • The challenge is implemented in collaboration with the Controller of Certifying Authorities (CCA) and the Centre for Development of Advanced Computing (C-DAC), Bengaluru
  • The key technical requirement: the browser must trust India's CCA as its root Certificate Authority — meaning it verifies digital signatures using India's own public key infrastructure (PKI) rather than foreign root stores (such as those controlled by Google, Mozilla, or Microsoft)
  • Prizes: ₹1 crore for the winner, with additional prizes for first and second runners-up, totalling ₹3.4 crore
  • Eligibility is restricted to Indian tech startups, MSMEs, companies, and LLPs registered under the Companies Act 2013, with at least 51% shareholding held by Indian citizens or persons of Indian origin
  • The competition runs in three rounds: an Ideation Round (18 entries selected), a Development Round (8 shortlisted), and a Final Round (3 winners declared)
  • Currently, major browsers (Chrome, Firefox, Edge, Safari) rely on foreign-controlled root certificate stores, meaning foreign entities effectively control which digital certificates are trusted in India

Static Topic Bridges

Controller of Certifying Authorities (CCA) and India's PKI Framework

The Controller of Certifying Authorities (CCA) is established under Section 17 of the Information Technology Act, 2000. It functions as the apex licensing and regulatory authority for all Certifying Authorities (CAs) operating in India. The CCA operates the Root Certifying Authority of India (RCAI), whose root certificate sits at the top of India's public key infrastructure hierarchy. When a web browser performs an HTTPS connection, it verifies the server's digital certificate by tracing it back up the certificate chain to a trusted root CA. Browsers currently ship with built-in root stores controlled by Google, Mozilla, Apple, or Microsoft — none of which include India's CCA root by default. This means even legitimate Indian government websites may face trust issues, and India has limited control over its own digital sovereignty.

  • CCA established under: Section 17, IT Act 2000
  • RCAI: Root Certifying Authority of India — the apex of India's certificate hierarchy
  • IT Act, 2000: Chapter VI (Sections 17–34) governs digital signatures and certifying authorities
  • CCA functions: licensing CAs, maintaining digital certificate repository, auditing CA operations
  • Current browser root stores controlled by: Google (Chrome), Mozilla (Firefox), Apple (Safari), Microsoft (Edge)

Connection to this news: The IWBDC specifically mandates that the new browser trust India's CCA root store — shifting digital certificate sovereignty from foreign tech companies to an Indian regulatory body, a critical step for cybersecurity and data governance.

Digital Sovereignty and Cybersecurity

Digital sovereignty refers to a nation's ability to control its digital infrastructure, data flows, and technology standards within its territory, free from dependence on foreign entities. In the context of web browsers, sovereignty encompasses which certificate authorities are trusted (PKI), which encryption standards are used, how user data is collected/processed, and which regulatory regime governs these choices. The EU has pursued similar goals through initiatives like the European Browser Core and ENISA's digital identity framework. China operates its own browser ecosystem with indigenous root CAs. India's IWBDC is a step toward reducing strategic dependence on a few dominant US-based tech platforms for foundational internet infrastructure.

  • India's National Cybersecurity Policy: last updated 2013; revised framework under development
  • CERT-In (Indian Computer Emergency Response Team): nodal agency for cybersecurity, under MeitY; established under IT Act 2000
  • MeitY's Digital India programme: launched 2015, targets digitally empowered society
  • Data Protection: Digital Personal Data Protection Act, 2023 — India's comprehensive data law
  • Browser market share globally (2025): Chrome ~65%, Safari ~18%, Firefox ~3%, Edge ~5%

Connection to this news: An indigenous browser with its own trust store addresses a core digital sovereignty gap — India currently has no control over which certificates its citizens' browsers trust, making the country structurally dependent on foreign software gatekeepers for a foundational internet security layer.

Public Key Infrastructure (PKI) and Digital Signatures in India

Public Key Infrastructure (PKI) is the technical framework of standards, policies, and technologies that enables secure digital communications through asymmetric cryptography. Digital signatures in India are legally recognised under Section 5 of the IT Act, 2000, and carry the same legal validity as handwritten signatures for most purposes. The IT Act defines two types of electronic signatures: digital signatures (using PKI) and electronic signatures (broader category including OTP-based). India's PKI hierarchy flows from RCAI (operated by CCA) → Licensed Certifying Authorities (e.g., eMudhra, Sify, NSDL) → End users. Digital certificates are critical for e-governance (income tax, MCA), e-procurement, banking, and document signing.

  • IT Act Section 5: legal recognition of digital signatures
  • IT Act Section 17: establishment of CCA
  • Licensed CAs in India: eMudhra, Sify Technologies, NSDL e-Governance, NIC (for government)
  • PKI usage: income tax e-filing, MCA21 company filings, GeM procurement, Aadhaar e-sign
  • IT (Amendment) Act 2008: expanded scope to include electronic signatures beyond PKI

Connection to this news: The IWBDC's core requirement — that the browser use India's CCA root — directly integrates India's legal PKI framework into the browser's trust model, meaning Indian digital signatures would be natively trusted without requiring third-party validation from foreign root stores.

India's Self-Reliance in Technology (Atmanirbhar Bharat in IT)

Atmanirbhar Bharat (Self-Reliant India), announced in May 2020, encompasses the digital technology sector through initiatives aimed at reducing strategic import dependence. In IT, this includes indigenisation of semiconductors (Semicon India programme, ₹76,000 crore), operating systems (BOSS Linux by C-DAC), productivity suites, and now web browsers. C-DAC (Centre for Development of Advanced Computing), established in 1988, has been the primary vehicle for state-led IT indigenisation — developing PARAM supercomputers, BOSS OS, GIST script technologies, and now co-leading the IWBDC. The Production Linked Incentive (PLI) scheme has been extended to IT hardware and semiconductors to build domestic manufacturing capability.

  • C-DAC established: 1988, Pune (HQ); Bengaluru centre is key for security research
  • Semicon India programme: ₹76,000 crore approved in 2021 for semiconductor fab ecosystem
  • BOSS Linux: Bharat Operating System Solutions — C-DAC's indigenous OS
  • Companies Act 2013: eligibility framework for IWBDC participation
  • PLI for IT Hardware: ₹7,350 crore, targets laptops, tablets, servers

Connection to this news: The IWBDC fits within this broader Atmanirbhar Bharat technology strategy — moving beyond hardware and semiconductors to establish indigenous control over software infrastructure, specifically the browser layer through which most digital interactions occur.

Key Facts & Data

  • Total prize pool: ₹3.4 crore
  • Winner's prize: ₹1 crore
  • Challenge name: Indian Web Browser Development Challenge (IWBDC)
  • Implementing agencies: MeitY + CCA + C-DAC Bengaluru
  • Eligibility: Indian-registered companies/startups/MSMEs/LLPs with ≥51% Indian ownership
  • Competition structure: 3 rounds (18 → 8 → 3 winners)
  • Technical mandate: Browser must use India's CCA root certificate store
  • CCA established under: Section 17, IT Act 2000
  • RCAI: Root Certifying Authority of India (apex of India's PKI)
  • IT Act 2000: Chapter VI (Sections 17–34) governs digital signatures
  • Digital Personal Data Protection Act: 2023