New Delhi: US multinational tech company Meta’s reply to a government notice over child sexual abuse material (CSAM) advertisements on Instagram has been received by the Ministry of Electronics and Information Technology of India (MeitY) and is being examined, with appropriate action to follow, IT Secretary S. Krishnan said on Monday.
Speaking on the sidelines of the launch of the Digital Threat Report 2025-26, Krishnan said the company’s response had come in on Saturday — the last day of the deadline— and that a decision on further steps would be taken after the reply is examined.
On a separate front, senior officials at MeitY indicated the Centre is weighing a common set of rules to govern username-based identities across messaging platforms. He said responses had been received from some platforms—WhatsApp, Telegram and Signal—on how their username features work and what safeguards they have in place against impersonation and misuse. Those responses were still being examined, they said, and the government would make its stance public in due course. The platforms had been given about a week to reply.
‘Access to frontier models a priority’
Asked how the government was assessing developments around frontier AI models, including Mythos and Fable 5, and their bearing on India’s approach to AI regulation, Krishnan said securing access to advanced AI models and high-end hardware was “very high on the priority of the government”.
The matter, he said, had been taken up with counterparts in the United States and the companies concerned, given that products of this nature are subject to US export controls. “It’s a process, and we are negotiating that process,” he said.
In the interim, Krishnan said, India is working with sandbox models operating at an estimated 60 to 70 per cent of the frontier model’s capability to probe code, identify vulnerabilities and fix them — effectively a “dry run” for when fuller access is available. He added that the most sensitive elements of code would have to be handled on-premises rather than through Cloud-based tools, a balance the government was still working through.
No separate cyber law yet
On whether India needs a standalone cybersecurity law, Krishnan said it was “an aspect we are looking at”, echoing remarks the minister had made earlier, but cautioned that framing the right regulation in a fast-moving environment was difficult — what one seeks to regulate today, he noted, may not be relevant tomorrow. Newer applications under the data-protection framework are also being examined as an ongoing process, he said.
Krishnan said India was not moving toward a single national point of contact for all cybersecurity matters, arguing that one window would quickly be overwhelmed. Instead, the structure is deliberately broken up sector-wise — with regulators such as the RBI and SEBI, and CERT-In providing the overall response — and state-wise, with many states empowered to set up their own agencies. The government’s own systems, he noted, are primarily secured by the National Informatics Centre, which runs most government websites, through detailed audit instructions and a “security by design” approach from inception. Vigilance, he said, is a constant exercise, with vulnerabilities surfacing wherever guidance has not been followed.
On the reported cybersecurity breach involving Tata Electronics, Krishnan said the matter had been reported to the Indian Computer Emergency Response Team (CERT-In) and was being studied, but from a commercial standpoint the companies involved appeared satisfied and the government was “not really concerned” at this stage.
(Edited by Naredeep Singh Dahiya)
Also read: Govt to summon Meta over Instagram ads promoting child sexual abuse; 2nd regulatory action in a week

