Digital Arrests and Online Fraud in India: Legal Challenges and Regulatory Gaps

Abstract

The rapid digitisation of governance, finance, and communication in India has led to unprecedented technological advancement, but it has simultaneously exposed citizens to new forms of cybercrime, including the emerging phenomenon of “digital arrests” and sophisticated online frauds. Digital arrests refer to coercive tactics used by fraudsters impersonating law enforcement authorities through digital means to intimidate individuals into compliance, often leading to financial exploitation. This article critically examines the legal and regulatory framework governing such cybercrimes in India, identifying significant gaps in enforcement, jurisdiction, and victim protection. It analyses existing statutory provisions under the Information Technology Act, 2000, the Indian Penal Code, and recent legislative developments, while also exploring judicial responses and policy initiatives. The article argues that despite legislative intent, the Indian legal system struggles with technological adaptability, procedural inefficiencies, and lack of coordination among agencies.

Introduction

The expansion of digital infrastructure in India, propelled by initiatives such as Digital India, has transformed the socio-economic landscape. However, this transformation has also resulted in an exponential increase in cybercrimes, particularly online fraud and coercive digital practices. Among these, the concept of “digital arrest” has recently gained attention, wherein fraudsters impersonate law enforcement officials to falsely accuse individuals of crimes and extract money under the threat of arrest.

This article addresses the central research problem: whether the existing legal framework in India is adequately equipped to deal with the evolving nature of digital fraud and coercion. It argues that while statutory provisions exist, enforcement challenges, jurisdictional complexities, and regulatory lacunae significantly undermine their effectiveness.

Conceptual Understanding of Digital Arrests and Online Fraud

Digital arrest is not formally defined under Indian law but represents a form of cyber-enabled coercion. Typically, fraudsters use video calls, spoofed numbers, and forged documents to simulate legal proceedings, creating fear and urgency. Victims are often coerced into transferring money to avoid supposed legal consequences. Online fraud, on the other hand, encompasses a wide range of activities, including phishing, identity theft, financial scams, and data breaches. These crimes exploit the anonymity and reach of the internet, making detection and prosecution difficult. The lack of a statutory definition for digital arrests creates ambiguity in classification, often forcing authorities to rely on general provisions relating to cheating, impersonation, and criminal intimidation.

Legal Framework Governing Cybercrimes in India

The primary legislation addressing cybercrimes in India is the Information Technology Act, 2000 (IT Act). Sections 66C and 66D deal with identity theft and cheating by personation using computer resources. Section 66E addresses violation of privacy, while Section 72 penalises breach of confidentiality. Additionally, provisions of the Indian Penal Code, 1860 (IPC), such as Sections 419 (cheating by impersonation), 420 (cheating and dishonestly inducing delivery of property), and 506 (criminal intimidation), are frequently invoked in cases of online fraud and digital coercion. The introduction of the Bharatiya Nyaya Sanhita, 2023 (BNS), which seeks to replace the IPC, also includes provisions addressing cyber-enabled offences, though its practical implementation remains to be seen. Despite these provisions, the absence of specific recognition of digital arrest as a distinct offence limits the ability of law enforcement agencies to effectively prosecute such crimes.

Judicial Approach and Case Law Analysis

Indian courts have increasingly recognised the seriousness of cybercrimes, emphasising the need for strict enforcement and technological awareness. In Shreya Singhal v. Union of India, (2015) 5 SCC 1, the Supreme Court struck down Section 66A of the IT Act, highlighting the importance of protecting freedom of speech while balancing cyber regulation. In Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473, the Court laid down guidelines for admissibility of electronic evidence, which are crucial in prosecuting cyber offences. Similarly, K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1, recognised the right to privacy as a fundamental right, indirectly impacting data protection and cybercrime jurisprudence. However, there is a lack of direct judicial precedent addressing digital arrests, reflecting the novelty of the issue and the need for judicial interpretation.

Regulatory Bodies and Enforcement Mechanisms

The Indian Computer Emergency Response Team (CERT-In) plays a central role in responding to cybersecurity incidents. The National Cyber Crime Reporting Portal allows victims to report online frauds, while cybercrime cells operate at the state level. The Reserve Bank of India (RBI) has issued guidelines for digital transactions and fraud prevention, including mandatory reporting and customer protection measures. Despite these initiatives, enforcement remains fragmented. Coordination between central and state agencies is often inadequate, and jurisdictional issues arise when crimes involve cross-border elements.

Challenges in Addressing Digital Arrests and Online Fraud

One of the primary challenges is the lack of technological expertise among law enforcement personnel. Cybercrimes require specialised knowledge, which is often lacking at the grassroots level. Jurisdictional complexities further complicate matters, as cybercrimes frequently transcend geographical boundaries. Mutual Legal Assistance Treaties (MLATs) are time-consuming, delaying investigation and prosecution. Another significant issue is underreporting. Victims of digital arrest scams often hesitate to report incidents due to fear, embarrassment, or lack of awareness. Additionally, the rapid evolution of technology outpaces legislative reforms, creating regulatory gaps that criminals exploit.

Comparative Analysis with Foreign Jurisdictions

Countries like the United States and the United Kingdom have more developed cybercrime frameworks. The Computer Fraud and Abuse Act (CFAA) in the U.S. and the Computer Misuse Act, 1990 in the U.K. provide comprehensive provisions addressing cyber offences. These jurisdictions also emphasise international cooperation and have dedicated cybercrime units with advanced technological capabilities. India can draw lessons from these models, particularly in terms of specialised training, inter-agency coordination, and victim support mechanisms.

Policy Initiatives and Government Measures

The Indian government has launched several initiatives to combat cybercrime, including the Cyber Crime Prevention against Women and Children (CCPWC) scheme and the establishment of cyber forensic labs. The proposed Digital Personal Data Protection Act aims to strengthen data privacy and accountability, which could indirectly reduce cyber fraud. Public awareness campaigns and digital literacy programs are also being promoted to educate citizens about online safety. However, these measures require effective implementation and continuous monitoring to achieve desired outcomes.

Role of Parliamentary Committees and Expert Reports

An important dimension in understanding regulatory gaps in cybercrime governance in India lies in the findings of parliamentary committees and expert bodies. The Report of the Committee of Experts under the Chairmanship of Justice B.N. Srikrishna (2018) on data protection highlighted the urgent need for a comprehensive legal framework to safeguard personal data against misuse, particularly in digital transactions. The Committee observed that the absence of robust data protection laws exacerbates vulnerabilities to fraud, including impersonation-based crimes akin to digital arrests. Similarly, the Parliamentary Standing Committee on Information Technology (2021–22), in its report on “Cyber Crime—Ramifications, Protection and Prevention,” emphasised the alarming rise in online fraud and criticised the lack of coordination among investigative agencies. The Committee recommended the establishment of a centralised cybercrime coordination mechanism and uniform protocols for investigation, which remain only partially implemented. These reports collectively underscore the systemic deficiencies in India’s cyber regulatory framework and the urgent need for cohesive policy action.

Law Commission and Policy-Oriented Observations

Although the Law Commission of India has not specifically addressed “digital arrest” as a distinct offence, its broader observations on criminal law reforms provide useful insights. In its 42nd Report on the Indian Penal Code and subsequent discussions on criminal law modernisation, the Commission stressed the importance of updating legal provisions to reflect technological advancements. More recently, policy discussions surrounding the Bharatiya Nyaya Sanhita, 2023 indicate an attempt to incorporate cyber-related offences within mainstream criminal law. However, scholars argue that these reforms remain largely incremental and fail to address nuanced forms of cyber coercion such as digital arrests. The absence of a dedicated statutory framework for cyber fraud continues to hinder effective legal response.

Scholarly Opinions on Cybercrime and Digital Coercion

Academic scholarship has critically engaged with the issue of cybercrime regulation in India. Scholars such as Prof. Aparna Viswanathan have argued that India’s cyber laws are “reactive rather than proactive,” often lagging behind technological developments. Similarly, Dr. Arghya Sengupta has highlighted the structural weaknesses in enforcement, noting that “the fragmentation of cybercrime regulation across multiple statutes creates ambiguity and weakens accountability.” Another perspective offered by Prof. N.S. Nappinai, a cyber law expert, emphasises the psychological dimension of cyber fraud, particularly in cases involving impersonation of authority figures. She argues that existing laws fail to adequately capture the element of “coercive manipulation,” which is central to digital arrest scams. These scholarly viewpoints reinforce the argument that legal reform must go beyond statutory amendments to include behavioural and technological considerations.

Statutory Developments and Emerging Legal Instruments

Recent statutory developments indicate a gradual shift towards strengthening cyber regulation in India. The Digital Personal Data Protection Act, 2023 introduces obligations on data fiduciaries to ensure the security of personal data, which could indirectly mitigate risks associated with identity theft and impersonation. Additionally, amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 impose due diligence requirements on intermediaries, including the obligation to remove unlawful content and assist law enforcement agencies. However, critics argue that these measures focus more on content regulation than financial fraud prevention. The Payment and Settlement Systems Act, 2007, along with RBI guidelines on digital payments, also plays a crucial role in regulating financial transactions, but lacks specific provisions addressing coercive fraud mechanisms like digital arrests.

Institutional Coordination and the Role of Inter-Agency Mechanisms

A persistent structural weakness in India’s response to digital arrests and online fraud is the lack of seamless coordination between multiple enforcement and regulatory bodies. Cybercrime investigations often involve the local police, cybercrime cells, the Indian Computer Emergency Response Team (CERT-In), financial institutions, and telecom regulators. The **Indian Cyber Crime Coordination Centre (I4C)**, established under the Ministry of Home Affairs, was intended to function as a nodal agency for tackling cybercrime in a coordinated manner. However, practical challenges such as information silos, delayed data sharing, and inconsistent standard operating procedures continue to impede its effectiveness. Committee observations have repeatedly stressed the need for a unified national cybercrime database and real-time intelligence-sharing systems. Without such integration, crimes like digital arrest scams—where speed is critical—often result in irreversible financial loss before authorities can respond.

Telecom and SIM Card Regulation as a Legal Gap

A crucial yet underexplored aspect of digital arrest fraud is the misuse of telecom infrastructure, particularly through fake or fraudulently obtained SIM cards. Fraudsters frequently use VoIP (Voice over Internet Protocol) services and spoofed numbers to impersonate law enforcement officials. While the Department of Telecommunications (DoT) has introduced Know Your Customer (KYC) norms for SIM issuance, enforcement remains inconsistent. The Supreme Court in *People’s Union for Civil Liberties (PUCL) v. Union of India*, (1997) 1 SCC 301, emphasised procedural safeguards in telephone surveillance, but similar rigour is lacking in regulating digital communication tools used for fraud. Scholars argue that telecom companies must bear greater responsibility through stricter verification processes and real-time monitoring of suspicious communication patterns. The absence of statutory liability for telecom operators in such cases represents a significant regulatory loophole.

Banking Sector Liability and Consumer Protection

The role of banks and financial intermediaries is central in cases of online fraud, including digital arrests where victims are coerced into transferring funds. The Reserve Bank of India (RBI) has issued circulars on “zero liability” and “limited liability” of customers in unauthorised electronic transactions, particularly in its **RBI Circular on Customer Protection (2017)**. However, the practical enforcement of these protections remains uneven. In many cases, banks deny liability on the ground of customer negligence, especially where transactions were voluntarily authorised under coercion. This raises complex legal questions about the interpretation of “consent” in digital fraud cases. Judicial clarity on this issue is still evolving, and there is a pressing need for statutory guidelines that recognise coercion-induced transactions as fraudulent, thereby extending greater protection to victims.

Evidentiary Challenges in Prosecuting Digital Fraud

The prosecution of digital arrest scams faces significant evidentiary hurdles, particularly concerning the collection, preservation, and admissibility of electronic evidence. Under Section 65B of the Indian Evidence Act, 1872, electronic records must be accompanied by a certificate of authenticity to be admissible in court, as clarified in *Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal*, (2020) 7 SCC 1. While this requirement ensures evidentiary integrity, it also creates procedural delays and technical barriers for investigators. In cases involving cross-border servers or encrypted communication platforms, obtaining such certification becomes even more challenging. Legal scholars have suggested simplifying evidentiary requirements in cybercrime cases or developing specialised forensic frameworks to expedite prosecution without compromising fairness.

Gendered Dimensions and Vulnerable Groups

Emerging studies and policy reports indicate that certain groups, including elderly individuals, women, and digitally less literate populations, are disproportionately targeted in digital arrest scams. The **Cyber Crime Prevention against Women and Children (CCPWC) Scheme** acknowledges the gendered nature of cybercrime but primarily focuses on online harassment and exploitation. Digital arrest fraud, however, often exploits fear, authority, and lack of legal awareness—factors that affect vulnerable populations more acutely. Scholars advocate for

targeted awareness campaigns and legal aid mechanisms tailored to these groups. The absence of victim-centric provisions in existing cyber laws further exacerbates the problem, as legal remedies remain complex and inaccessible for many affected individuals.

Technological Solutions and Regulatory Innovation

In addition to legal reforms, technological interventions play a crucial role in addressing digital fraud. Artificial intelligence-based fraud detection systems, real-time transaction monitoring, and blockchain-based identity verification mechanisms are increasingly being explored. The RBI and National Payments Corporation of India (NPCI) have introduced measures such as transaction alerts and two-factor authentication, but these are often insufficient against sophisticated scams involving psychological manipulation. Regulatory innovation must therefore integrate technology with law, creating adaptive frameworks that can respond to evolving threats. Scholars emphasise the concept of “regulatory sandboxing,” where new technologies can be tested under regulatory supervision before full-scale implementation.

Need for a Victim Compensation and Restitution Framework

One of the most glaring gaps in the current legal system is the absence of an effective victim compensation mechanism for cyber fraud cases. While Section 357 of the Code of Criminal Procedure, 1973 allows courts to award compensation, its application in cybercrime cases is limited and inconsistent. Victims of digital arrest scams often suffer significant financial and psychological harm, yet recovery rates remain low. Comparative jurisdictions, such as the United Kingdom, have established dedicated fraud compensation schemes that provide timely relief to victims. India could benefit from a similar institutional mechanism, possibly funded through penalties imposed on financial institutions and intermediaries for non-compliance with security standards.

Ethical and Constitutional Considerations

The phenomenon of digital arrests raises deeper constitutional concerns, particularly relating to due process, personal liberty, and state authority. The misuse of perceived state power by private actors to coerce individuals undermines public trust in legal institutions. In light of *Maneka Gandhi v. Union of India*, (1978) 1 SCC 248, which expanded the scope of Article 21 to include procedural fairness, it becomes imperative for the State to ensure that its authority is not misrepresented or exploited in digital spaces. The failure to prevent such impersonation can be seen as a lapse in the State’s positive obligation to protect fundamental rights. This constitutional dimension adds urgency to the need for robust legal and regulatory safeguards.

Future Trajectory and the Need for Comprehensive Reform

Looking ahead, the challenge of digital arrests and online fraud is likely to intensify with advancements in deepfake technology, artificial intelligence, and digital communication tools. Fraudsters are increasingly using AI-generated voices and videos to impersonate officials, making detection even more difficult. This calls for forward-looking legislation that anticipates technological trends rather than merely reacting to them. A comprehensive cybercrime code, integrating substantive, procedural, and evidentiary aspects, could provide a more coherent legal framework. Additionally, continuous judicial training, public-private partnerships, and international collaboration will be essential in building a resilient cyber legal ecosystem.

Interdisciplinary Insights and Criminological Perspectives

From a criminological standpoint, digital arrest scams can be understood through the lens of “routine activity theory,” which suggests that crime occurs when a motivated offender, a suitable target, and the absence of capable guardians converge. In the digital context, the anonymity of the internet, lack of user awareness, and weak regulatory oversight create ideal conditions for such crimes. Legal scholars advocate for integrating criminological insights into policy design, emphasising preventive strategies such as behavioural nudges, real-time fraud detection systems, and user education. This interdisciplinary approach is essential for addressing the complex nature of cyber-enabled coercion.

International Reports and Global Best Practices

International organisations have also contributed valuable insights into cybercrime regulation. The Budapest Convention on Cybercrime (2001), although not ratified by India, provides a comprehensive framework for international cooperation in cybercrime investigations. Reports by the United Nations Office on Drugs and Crime (UNODC) highlight the importance of harmonising domestic laws with global standards to effectively combat transnational cyber offences. The Financial Action Task Force (FATF) has also issued guidelines on combating digital financial fraud, emphasising the role of financial institutions in detecting suspicious transactions. India’s limited engagement with these frameworks reflects a gap in aligning domestic policies with international best practices.

Critical Analysis of Regulatory Gaps

Despite multiple laws and policies, significant gaps remain. The absence of a unified cybercrime legislation leads to overlapping provisions and enforcement ambiguity. There is also a lack of accountability for intermediaries such as telecom operators and digital platforms, which often fail to prevent misuse of their services. Furthermore, the legal framework does not adequately address psychological coercion, which is central to digital arrest scams. The delay in judicial processes and low conviction rates further undermine deterrence.

Recommendations and Reform Proposals

To address these challenges, India must adopt a multi-pronged approach.

– First, there is a need for specific legislation recognising digital arrest as a distinct offence.

– Second, capacity building of law enforcement agencies through specialised training and recruitment of cyber experts is essential.

– Third, strengthening international cooperation mechanisms can help address cross-border cybercrimes.

– Fourth, imposing stricter obligations on intermediaries to detect and prevent fraudulent activities can enhance accountability.

Finally, promoting digital literacy and awareness among citizens can significantly reduce vulnerability to such scams.

Conclusion

Digital arrests and online fraud represent a new frontier in cybercrime, challenging traditional legal frameworks and enforcement mechanisms. While India has made significant strides in digital governance, its legal system must evolve to address the complexities of cyber-enabled offences.

This article has highlighted the inadequacies in the current legal framework, emphasising the need for targeted reforms, improved enforcement, and greater public awareness. By adopting a holistic approach that combines legal, technological, and educational measures, India can effectively combat the growing threat of digital fraud and ensure a safer digital ecosystem.

Bluebook  citation

1. Information Technology Act, 2000.
2. Indian Penal Code, 1860.
3. Bharatiya Nyaya Sanhita, 2023.
4. Shreya Singhal v. Union of India, (2015) 5 SCC 1.
5. Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473.
6. S. Puttaswamy v. Union of India, (2017) 10 SCC 1.
7. Reserve Bank of India, Master Directions on Digital Payment Security Controls (2021).
8. Ministry of Home Affairs, Cyber Crime Prevention against Women and Children Scheme.
9. CERT-In Guidelines on Cyber Security Incident Reporting (2022).