Click here to download the full paper (PDF)
Authored By: Aditi Choudhary (B.A.LL.B) & Co-Authored By: Garima Singh (B.A.LL.B), Law College Dehradun,
Click here for Copyright Policy.
I. INTRODUCTION:
Our world is getting digitalized every day, so fast that governments are struggling to balance new innovations with security, speech and, most importantly, privacy. India and the US have been tackling these challenges very differently, influenced by their culture, legal traditions and as well as with their nation’s priorities.
II. LEGAL FOUNDATIONS:
In India, primary source of cyber legislation is The Information Technology Act, 2000 (IT Act), which was amended in the year 2008. This Act on cyber law defines key cyber offences and sets out intermediary liability in section 79, this exempts intermediaries from any liability for third party content, as long as they stay as mere intermediaries and don’t make any modification to the content and follow all the procedures given by the government.
Meanwhile the U.S. doesn’t have a single consolidated statute. Its cyber-regime includes:
- The Computer Fraud and Abuse Act (CFAA, 1986) criminalising unauthorized access.
- The Electronic Communications Privacy Act (ECPA, 1986) governing wiretaps.
- Sector‑specific laws like GLBA and HIPAA protecting financial and health data.
- And constitutional safeguards (especially the Fourth Amendment), supported by case law.
III. PRIVACY AND DATA PROTECTION:
In India privacy became a constitutional right in Puttaswamy[1] (2017). The Digital Personal Data Protection Act 2023 is now taking shape, but the concerns are persisting around executive overreach and oversight failure. In the United States, laws on privacy are categorical and are in fragments. Landmark legislation includes the California Constitution Privacy Act (CCPA), and the federal Trade Commission often as a privacy watchdog in practice. National security tools like the USA PATRIOT Act have further complicated any disclosure obligations.
IV. INTERMEDIARY LIABILITY:
In our country, “Safe harbour” under the section 79 of IT Act, 2000, has allowed intermediaries conditional immunity, but this is only possible if they are compliant and follow the rules prescribed and act swiftly on court government takedown orders. The Shreya Singhal[2] (2015), case clarified intermediaries must remove content only on receipt of a formal notice or order. Meanwhile in the United States, the Communications decency Act’s section 230, has given a very broad immunity, no platform is treated as an owner of any content that is created by the user can moderate content in “good faith” without losing protection. This immunity stays even if the content is removed by the platform[3]. Recent court challenges like Gonzalez vs. Google[4] & Twitter vs. Taamneh[5], may narrow this scope.
V. CYBERCRIME ENFORCEMENT:
In India state’s cyber police and the national Cyber Crime Division prosecutes any online fraud, defamation and hacking. A lack of resources and inconsistent technical know-how make enforcement difficult. In the United States, cyber prosecutions are done by the FBI and DOJ, these agencies often leverage international conventions, extraditions, and cross-border investigations to dismantle hacking networks and dark web activities.
VI. POLICY AND STRATEGY:
In our country, India, The National Cyber Security Policy (2013), is the foundation for cybersecurity, with CERT-IN reacting to incidents. The IT Rules of 2021. places liability on intermediaries for traceability and grievance redressal. India greatly emphasizes data sovereignty and localization but has not ratified the Budapest Convention. Now when we talk about the United State, we see that cybersecurity is treated as national security. The National Cyber Strategy (2023), and the Cybersecurity & Infrastructure Security Agency (CISA) drive collaboration. The U.S. plays an active role in international cyber diplomacy and military cyber operations.
VII. CHALLENGES AHEAD:
India must safeguard privacy while empowering the state, enhance digital literacy, strengthen judicial oversight, and take a leading role in international cyber norms. United States faces debates over amending Section 230, expanding data privacy protections, and countering cyber-espionage threats, alongside ensuring social media platforms respect both free speech and public safety.
VIII. CONCLUSION:
India’s cyber-regulatory landscape is moving toward a centralized, top-down structure grounded in state sovereignty and control. In contrast, the United States follows a more decentralized, market-led model, where courts and private companies play a key role in shaping norms. Despite their differing approaches, both countries face common challenges, rapidly evolving technologies, cross-border cyber threats, and growing concerns around data privacy. This shared reality underscores the need for legal frameworks that strike a balance between global interoperability and local adaptability.
Cite this article as:
Aditi Choudhary & Garima Singh, “Cyber Law In India And The United States: A Comparative Legal And Policy Perspective” Vol.6 & Issue 1, Law Audience Journal (e-ISSN: 2581-6705), Pages 383 to 385 (17th July 2025), available at https://www.lawaudience.com/cyber-law-in-india-and-the-united-states-a-comparative-legal-and-policy-perspective/.
Footnotes and References:
[1] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1.
[2] Shreya Singhal v. Union of India, (2015) 5 SCC 1.
[3] Ash Johnson & Daniel Castro, Overview of Section 230: What It Is, Why It Was Created, and What It Has Achieved, Info. Tech. & Innovation Found. (Feb. 22, 2021), https://itif.org/publications/2021/02/22/overview-section-230-what-it-why-it-was-created-and-what-it-has-achieved/.
[4] Gonzalez v. Google LLC, 598 U.S. (2023).
[5] Twitter, Inc. v. Taamneh, 598 U.S. (2023).
