This interview has been published by Anshi Mudgal and The SuperLawyer Team
Ma’am, with over two decades of experience, when most people didn’t know about cyber laws, intellectual property laws, let alone media laws, what initially inspired you to pursue a career in this field? And what led you to study at the most prestigious King’s College, London? How did you choose this as your specialization?
Very interesting question at the outset. Well, if I look back at my journey in this field of law, it’s been very fascinating. It’s been evolving just like the dynamic nature of law and technology. Way back when I was studying at Delhi University, I did my law from DU, and at that time, the IT Act 2000 was just enacted, and we were very fascinated to see a new law being enacted in India.
We were looking at what exactly the nuances of this new field would be, what the challenges would be. Everything was so new that this field of law made me very inquisitive about what could be the legal issues that would arise, considering the inherent nature of the internet would be borderless.
You know, questions like, will the conventional laws still apply in this medium? How will it change the way people work? How will it change the way people communicate? What kind of complications could arise? For example, jurisdiction issues: if two parties were interacting and contracting online, and there was a dispute, which court would be the right forum to decide? Because there is no global internet court, and there is no global internet law. So that was very, very interesting to think about, and I wanted to read more in-depth into this field, research it further, and contribute to it.
So, I think it’s basically the fact that it was a completely new and unsaturated area, completely new to explore, and I always like to explore something that is an uncharted avenue of our subject. It makes you brainstorm. And I wanted to do this brainstorming in the field of law.
And that’s what really kept me energized. Even today, I still feel like a student. Every day, there is so much to learn. So I may have been here for 25 years, but I still feel just like a graduate would. There is so much to learn and contribute.
In your early stages, you must have obviously, like us, faced a lot of challenges. There must have been a variety of experiences. As you said, the IT Act had just entered and became a reality. How has all of this understanding helped you make a niche for yourself in technology law? How did you decide where and when to start, what kind of practice you should do, and how you should approach it?
You are also majorly involved in training and developing public policies with the government sector. How have you shaped your practice around this?
Well, as I said, the field was unexplored at that time. It was very new. And I wanted to do anything and everything under the sun because this is, you know, learning. And when you’re learning, you can contribute in multifarious ways. As we say, this was a road less traveled, and I took that.
When I looked at the way in which I could basically learn and gain more experience, I looked at the IT Act. Then I also looked at what was happening across the world. When I studied at King’s, we understood that the approaches to the same issues really varied across various jurisdictions. So we had professors, and we had interactions from different jurisdictions across the world. And with those perspectives and the kind of debates in the classrooms, we discussed issues like criminality. For example, how would criminality apply in the metaverse today? Can we say an avatar is responsible for committing a crime? Is the player liable if it’s an assault in a game that leads to some sort of mental shock to a user? How would one impute criminality in such a scenario?
We also discussed how jurisdiction would apply if a person commits a crime in one location and damages critical infrastructure in another country. If while deciding a court’s jurisdiction for example, if the protective principle applies, then the courts would pass orders. How would one go about enforcing those orders? These kinds of cross-jurisdictional issues were really at the helm of discussions even at that particular point in time.
If you look back, the IT Act, when it was just a basic Act, and the way technology developed, the industry grew, cybersecurity became a huge area in itself because with the rising crime, the industry had to catch up. Cyber safety tools were being floated, right from a basic antivirus to spyware to firewalls, and other kinds of technologies. Nowadays, we have blockchain, VPNs, data loss prevention software, and many network safeguards.
So as the industry developed, they also needed legal compliance, and legal advice. I started advising companies on various issues linked with cyber law, which was also interesting. I helped frame their policies, shape their HR policies, social media policies, and tackled tricky issues like whether companies could scan employee emails in the name of productivity. These policies became very important as e-commerce grew.
So in this way, my role became more advisory. I was also involved in education. I taught cyberlaw at the Indian Law Institute and Amity University. In fact, I was part of the first batch of PG Diploma in cyber law at AmityI completed after LLB from Delhi University, and that was a significant encouragement and motivation for me to learn more about this field. That was just the beginning, I would say. Then I went on to study Masters at King’s and further pursued my Ph.D. in cyber law.
It’s been a fascinating journey, but as far as contributions are concerned, there was a need for capacity-building in the country because law was changing. Cybercrime increased phenomenally, so I dealt with those cases, represented clients in various forums, and assisted law enforcement bodies. I also worked on educating and training judicial academies and police academies across India.
And then came writing, which is also a passion I followed and pursued. I wrote my book on computers, the internet, and new technology laws, which was released in 2012. We have a third edition, the latest edition in the market now. I’ve been writing extensively on this subject, and since it’s been changing so fast, we’ve already had 3 editions since 2012. So you can imagine. This is also one way in which technology has positively impacted me and helped me contribute better to society.
How do you see the advent of artificial intelligence shaping the kind of technology law that we have? How is it going to influence not only the legal system but all systems, especially the defense system, as you are with the DRDO right now, advising them in different capacities? How do you see all of this being impacted by international AI acts as well? There are so many of them from which we also take a lot of references, like with the DPDP Act, as it happened. Where do you see we lie with artificial intelligence, and what kind of track are we going to take? Obviously, it can only be speculation.
I’ve been advising the government for more than two decades now, and in my personal experience, it’s been a very enriching journey. The way we have shaped our laws and looked at technology, it’s been a very liberal and progressive approach.
I do believe, and firmly believe rather, that one should allow technology to advance liberally and support R&D in the country because, truly, India, when we say ‘Make in India,’ ‘Viksit Bharat,’ or ‘Digital India,’ we have seen this revolution, and it is ongoing and in process.
We are already working towards India at 2047. Looking at that, we are building our roadmaps, and plans are already being implemented. It’s not just in one department; I’m talking about the Ministry of Law, Ministry of Defense, Ministry of IT and Telecom, Ministry of Home, for example—they’re all trying to bring in coordination. There’s scope for more, but with the adoption of the PPP model we see now in AI, India’s AI projects are truly creating a platform for India to progress in the right way.
There is going to be minimum regulation because if you put too much regulation, it’ll stifle the growth of the industry, and that’s the approach of the government as well. But I do feel that high-risk systems need to be regulated immediately because they can play havoc with people’s lives and bring destruction to countries.
For that reason, I strongly advocate that there should be a regulation. In fact, in my mind, there should be a separate regulation for AI. As a voluntary initiative to support G20 and as country chair of G100 for AI and cybersecurity, I drafted a proposed code, a proposed Act for India on AI.
I would like the government to consider it, and in various roundtables with the Honorable Minister, we’ve had discussions. We know the DPDP Act is already there in the offing and it will have provisions for high-risk systems that need to be prohibited and regulated. There will be some regulation to that extent.
Although I think we’re still far away from having separate AI legislation because there’s no talk on that right now, but you never know. The way technology is progressing, I think this will become indispensable very soon. Let’s see how it goes, but so far so good.
The government is taking a lot of interest and initiative, and we are truly world leaders in the ‘Make in India’ space, and I think the law will support the government’s approach and initiative because it’s in the interest of the industry.
With India being quite active in AI, there has been a lot of conversation surrounding its cultural and diversity impact. Ethical concerns and language considerations are important, but cultural aspects must also play a significant role. Where do you see this intersection of culture, ethics, and AI impacting society, and when will these changes be realized by the common man? Currently, a lot is happening at the policy level, but how do you foresee it affecting society when it becomes a reality, especially given that India is a leader in AI yet culturally diverse? How do you see India impacting the global AI scene with its own AI Act, coupled with cyber and intellectual property laws?
I believe we have already started exploring the key pillars of AI ethics. I’ve been involved in developing ethical frameworks, particularly in national projects and educational institutions, such as my role as a professor at Vivekananda Institute of Professional Studies (VIPS). Here, we’ve introduced an ethical framework for AI, which reflects global principles such as transparency, justice, inclusiveness, sustainable development, and bias elimination. These principles are endorsed globally, though regulations can vary by jurisdiction. In India, while we don’t yet have an AI Act like the EU, we are working on provisions for AI regulation.
On the industry side, AI development is progressing rapidly, with models being developed for multilingual AI systems that consider India’s diverse languages and cultural contexts. This is already ingrained in the AI models being developed in India, and as a result, the laws need to reflect these cultural nuances as well. However, these laws must also be globally synchronized, given that AI models or data may eventually travel outside India for processing or storage, requiring compliance not only with Indian laws but also global standards.
Take, for example, the GDPR and its standard contractual clauses (SCC) for data transfers. Similarly, India’s DPDP law also addresses these concerns. While we have cultural diversity, the core principles, like data protection, remain universal. Therefore, I believe we need a harmonized framework that works both for India’s unique needs and the broader global landscape.
Moreover, there are also concerns about data ownership and intellectual property when training AI models. A current case before the Delhi High Court involving ANI and OpenAI raises these issues, questioning whether permission is required for using copyrighted material in AI training. Such cases highlight the need for clear regulations to determine how intellectual property laws apply to AI and data usage for training.
AI regulation is already becoming a pressing matter, and I believe it will require global cooperation to set clear principles and enforce them. The lack of a universal convention on cybercrime and AI further complicates enforcement, even when jurisdiction is assumed.
You’ve managed so much despite being an author, professor, advisor, and now a law firm founder. What motivated you to start your own law firm, especially considering your already extensive involvement in cyberspace and AI law?
The main driving factor behind starting my law firm was the desire for flexibility. I wanted to contribute to the legal field in multiple ways, integrating the knowledge I gained in various roles—whether it was teaching, advising, policy-making, or litigation. Each experience enriched my understanding of the law, and I believed it was essential to bridge the gap between legal theory and practice.
Through teaching and advising, I gained deep insights into the law’s practical challenges. When engaging with Public policy, I was able to identify gaps that needed to be filled. For instance, there were complications in the law around intermediary content removal, and after handling cases such as the one involving HubPages and a spiritual guru, I realized how critical it was for the law to evolve with changing technology.
This interdisciplinary approach—combining litigation, advisory work, policy-making, and teaching—allowed me to contribute meaningfully to law reforms in India, especially in areas like data protection and AI regulation. By establishing my law firm, I could consolidate these experiences and provide a platform for further contributions to legal practice and public policy.
You’re also well known for your work in women and children’s empowerment, especially in the context of cyber safety. Can you elaborate on your work with organizations like UNESCO and ICMEC, and how these global initiatives are being adapted or modified to protect Indian women and children online?
Child protection and women’s empowerment have always been at the core of my work, particularly in the realm of cyber law. Online harassment and digital abuse were rising concerns, especially as many women and children lacked awareness of the risks and legal protections. The existing laws were inadequate, and that’s what prompted me to focus on researching and advocating for stronger protections.
In 2015, I wrote the first book in India on child protection on the internet, which later became the subject of my PhD thesis. In this, I proposed various reforms to strengthen laws such as the Juvenile Justice (JJ) Act and the Protection of Children from Sexual Offences (POCSO) Act. Additionally, I’ve written extensively about women’s rights against cybercrimes, including a book on cyber safety for women.
Through my work with organizations like UNESCO and ICMEC, I was able to contribute to global policy discussions on child protection and cyber safety. In India, I’ve helped tailor these global frameworks to suit our local context. For instance, I established a not-for-profit organization that focuses on awareness-building in schools and colleges, empowering women and children with cyber safety skills and best practices.
During the COVID-19 pandemic, we conducted over 50 webinars to raise awareness about online scams, fake emails, and malicious content targeting vulnerable populations. We were able to educate women, children, and educators on how to protect themselves from online threats, and the response was overwhelmingly positive.
These efforts were particularly rewarding because we saw tangible changes, with many women and children reaching out for guidance, and schools actively engaging in cyber safety education. Through these initiatives, I believe we were able to mitigate harm and empower individuals to navigate the digital world more safely.
You have also worked extensively in intellectual property protection, particularly in the digital space. Could you share some of the primary challenges you’ve faced in this area and how industries have reached out to you for solutions? Given the rising importance of digital platforms, how can businesses better protect their intellectual property?
Intellectual property (IP) has grown tremendously over the years, and new laws were needed to address these changes. In the early days, it wasn’t clear whether domain names could be protected like trademarks. But over time, legal clarity emerged, affirming that domain names could indeed be protected as trademarks. I’ve had the privilege of serving as an arbitrator for the National Internet Exchange of India, where I resolved many cross-border disputes involving “.in” domains.
The expansion of cyber litigation, especially in areas like music piracy, video piracy, and film piracy, has been notable. I also advised Prasar Bharati in overhauling their royalty contracts, ensuring they accounted for the rise of the internet. Many of their contracts, at that time, did not even mention the internet. More recently, we’ve worked on updating these contracts to align with today’s technological landscape.
Governments and industries are now paying more attention to policies that govern emerging technologies, including AI. In this context, governance and audits have become essential. We must ensure that businesses are not collecting unnecessary data, that the data being used is unbiased, and that proper security measures—such as encryption and data redaction tools—are implemented.
The protection of trade secrets, copyrights, and trademarks through registration is fundamental. However, in the case of trade secrets, businesses must ensure confidentiality through other means. The development of new technologies, including AI-generated images, music, and art, raises questions of ownership. Who owns AI-generated art—the person who provided the prompt or the AI system itself? These are some of the challenges businesses face, and it’s crucial for them to adopt encryption, anonymization, and pseudonymization to protect sensitive data.
Moreover, sectors like the social sector, which deal with sensitive data such as donor and beneficiary information, must ensure that data is encrypted and stays within the country. I’ve been advising these sectors on policies, ensuring they comply with legal frameworks. Protecting confidential information is not just the responsibility of the government; the industry must also play its part by adhering to these laws.
The PPP model is vital. It allows for a collaboration between government resources and industry expertise. The government brings its authority and resources, while the industry contributes its technical know-how and capabilities. When both sectors work together, it results in a win-win situation that benefits the nation’s progress.
How would you guide aspiring lawyers looking to specialize in fields like media law, cyber law, or IT law, which are expanding rapidly? What skills should they focus on, and are there any particular books, journals, or individuals they should follow?
To make a meaningful contribution to this field, aspiring lawyers must have the right mindset. You should always consider yourself a student, as there is always more to learn. If you think you know everything, that’s the end of real learning. Passionate research is also key. You cannot delve into the depths of these fields without thorough research and understanding different perspectives. It’s essential to look at how different jurisdictions address similar challenges and tailor those solutions to India’s context.
Perseverance is another crucial trait. The journey in this field isn’t always easy, and you may face challenges along the way. But consistency and hard work will bring results. The legal profession is full of ups and downs, and while your views might differ from others, time often proves the validity of your perspectives. The world changes, and sometimes the policies you advocate for today become essential in the future. Being open to criticism is important, as it helps you grow.
Cyber law and IP law are highly specialized fields. Today, we have DPDP laws, AI laws, and entire branches dedicated to IPR, all of which often intersect. A lawyer working in this space needs to have a broad understanding of various legal issues. These fields cannot be treated in isolation, as cases often involve multiple areas of law.
There are wonderful resources available today that were not accessible when we started law practice. The proliferation of e-learning platforms, educational apps, and online courses is a game-changer. I have personally taken courses such as the Cybersecurity CS50 from Harvard University, which was a fantastic experience. These online platforms provide a wealth of knowledge, allowing students to access information from anywhere.
Additionally, portals like Manu Patra, SCC Online, and government-backed platforms like Swayam and E Pathshala offer free courses that cover a wide array of subjects. There are also incubation centers at institutions like DSCI and NASSCOM that promote startup culture, which is an excellent opportunity for students to learn hands-on and learn about new technologies.
Get in touch with (Dr.) Karnnika A Seth –
