For more updates follow Grant Thornton Bharat on WhatsApp
The idea is simple but profound: a nation must retain control over how data is stored, processed, and transmitted; how digital infrastructure operates; and how citizens interact with the global internet. Without it, a country risks becoming dependent on external powers for the functioning of its economy, governance, and security.
India, the world’s largest democracy and a digital powerhouse in terms of user base, has made significant strides in building a robust digital ecosystem. Yet, beneath this progress lies a network of vulnerabilities—many of them stemming from dependence on foreign technology, fragmented governance, and a still-maturing legal framework. In contrast, countries like China have pursued a far more centralised and state-controlled digital sovereignty model—one that comes with its own benefits and costs.
India’s recognition of the importance of digital sovereignty has been growing. The 2017 Puttaswamy judgment was a landmark moment, declaring the right to privacy as a fundamental right—a crucial foundation for data protection. Since then, several important laws and regulations have been introduced.
The Digital Personal Data Protection Act (2023) establishes the rights of data principals, duties of data fiduciaries, and requirements for data localisation. The Intermediary Guidelines & Digital Media Ethics Code (2021) increases accountability for social media platforms and online publishers.
The Information Technology Act (amendments) expands the government’s ability to regulate digital intermediaries. These frameworks signal India’s intent to establish sovereignty over its digital space. However, enforcement remains inconsistent, and jurisdictional challenges persist when dealing with global tech giants.
India’s most notable achievement is the creation of India Stack—a suite of digital public goods including Aadhaar, UPI, DigiLocker, UMANG, and Common Service Centres. These systems have transformed service delivery, financial inclusion, and citizen engagement. Few countries have managed to build such large-scale, interoperable public infrastructure at low cost. Yet, while these platforms strengthen India’s domestic control, their reliance on underlying hardware, chipsets, and even some software from foreign suppliers exposes a strategic weakness.
This is perhaps the most critical vulnerability. India imports over 95 per cent of its semiconductors and relies heavily on foreign operating systems such as Windows, Android, and iOS. A stark reminder of this dependence came when Microsoft temporarily blocked services to Nayara Energy—showing how a single corporate decision abroad can disrupt operations at a major Indian company. Similarly, over 75 per cent of SSL/TLS security certificates in BRICS countries come from US-based certificate authorities. In a geopolitical crisis, these dependencies could become leverage points.
India leads the world in internet shutdowns—over 770 instances between 2016 and 2023. While officials justify these as security measures, they often cause massive economic and social disruption. In 2020 alone, shutdowns cost India an estimated US$2.8 billion in lost economic activity.
Paradoxically, while the state can exercise control through shutdowns, it still struggles to exert effective jurisdiction over global tech platforms in matters like data storage, algorithmic transparency, or content moderation. India has banned over 250 Chinese apps citing sovereignty concerns, but domestic surveillance capabilities have also expanded. Government takedown orders to platforms like X (formerly Twitter) have increased sharply. Critics warn that without transparent oversight, such powers could be misused, eroding trust in digital governance.
The National Skill Development Corporation estimates that India’s demand for digital talent will hit 103 million by 2030, but supply is projected at only 74 million. Without skilled cybersecurity professionals, AI engineers, and semiconductor specialists, legal frameworks alone cannot secure digital sovereignty.
If India’s digital sovereignty journey is about balancing openness with control, China’s approach is about total control first, openness later—if at all. China’s Cybersecurity Law (2017) requires companies to store data locally and submit to government inspections.
The Data Security Law (2021) categorises data into sensitivity levels, mandating strict localisation and allowing the state to intervene in its use. This creates a legal environment where the state’s authority over digital infrastructure is unquestionable.
The Great Firewall of China is perhaps the most famous symbol of digital sovereignty. It filters incoming internet traffic, blocks foreign platforms like Google, Facebook, and X, and ensures that the domestic internet is dominated by local companies like Baidu, Alibaba, and Tencent.
The Cyberspace Administration of China (CAC) enforces these rules, regulates online speech, and now oversees generative AI content to ensure alignment with state ideology. In 2025, China introduced a state-run Digital ID system linking every citizen’s online activity to their real identity. Proponents argue it improves security and reduces fraud; critics see it as a tool for unprecedented surveillance and potential “digital exile” of dissenters.
China is exporting its model through the Digital Silk Road, offering infrastructure, 5G networks, and surveillance systems to partner countries. It is also pushing for new global internet protocols (like “New IP”) that embed state control into the very architecture of the internet.
India’s approach—though imperfect—is rooted in democratic values, judicial oversight, and public participation. China’s is rooted in centralised, top-down state control. India’s digital public infrastructure promotes innovation and inclusion; China’s ensures tight security and self-reliance. India’s dependence on foreign tech creates geopolitical risk; China’s suppression of digital freedoms limits innovation and erodes trust. India has the potential to offer a “third way” in global digital governance—a model that preserves sovereignty without sacrificing openness. China is shaping a state-centric alternative to the open internet.
The way forward for India is to build domestic tech capability. For that we have to
India stands at a crossroads. The country has the population, the digital innovation track record, and the democratic credentials to define a new model of digital sovereignty—one that neither mirrors China’s authoritarianism nor remains vulnerable to foreign control.
But that will require more than legal reforms and public infrastructure. It will demand strategic investments, diplomatic engagement, technological self-reliance, and above all, the political will to protect both sovereignty and freedoms. The question is not whether India can achieve digital sovereignty. The question is whether it can do so while staying true to the values that make it the world’s largest democracy.
This article first appeared in the ET Government on 2nd September 2025.
