Cybersecurity and Confidentiality in Tech-Driven Arbitration Processes

India stands at the cusp of becoming a global leader in digital dispute resolution. The transformation of arbitration through technology, once a slow evolution, has now become a dynamic force, offering faster, more cost-effective, and increasingly accessible pathways to justice. Virtual hearings, secure e-filing systems, and AI-powered case management are no longer the future; they are the present. This digital shift, accelerated by the pandemic, has streamlined arbitration and empowered stakeholders across borders.

But with progress comes responsibility. As arbitration embraces the digital realm, it must address the inherent cybersecurity risks that accompany online systems. In India, these challenges are real. The Cyber Crime Coordination Centre (I4C) has projected cyber fraud losses could exceed ₹1.2  lakh crore this year, about 0.7 per cent of the GDP. Similarly, CloudSEK estimates losses of ₹20,000 crore from cyber incidents impacting Indian organizations. These figures underscore a critical point: trust in digital arbitration cannot be built on convenience alone, it must be backed by strong security.

Arbitration thrives on confidentiality. Parties choose it precisely because it allows disputes to be resolved privately and efficiently. But as everything from filings and hearings to awards moves online, maintaining confidentiality demands robust technological safeguards. 

Recent high-profile incidents have made the risks clear. From the Permanent Court of Arbitration’s 2015 malware attack to the cyber breach at India’s National Company Law Tribunal in 2024 - even well-established institutions are not immune. But these challenges are not deterrents; they are catalysts for building a stronger, safer digital infrastructure. 

India is well-positioned to lead. Our success with Digital Public Infrastructure (DPI), recognized globally and praised by the World Bank, is a testament to the nation’s capability to deploy secure, scalable systems at population scale. Landmark programs like the Pradhan Mantri Jan Dhan Yojana have brought financial inclusion to hundreds of millions through tech-driven governance. 

Importantly, the enactment of the Digital Personal Data Protection (DPDP) Act, 2023, marks a watershed moment. This legislation lays the foundation for a rights-based, compliance-oriented  data ecosystem. By enforcing strict obligations on data fiduciaries and empowering individuals  with greater control over their personal information, the Act reinforces the importance of data security and privacy, core principles in arbitration. The DPDP Act’s framework aligns closely with international standards and positions India as a trusted jurisdiction for secure dispute resolution in the digital age. 

Safeguarding the integrity of arbitration in a digital environment requires a proactive and structured approach. Operational security must be embedded into every stage of the process. This includes conducting mandatory platform security checks and dry runs before hearings, utilizing features such as waiting rooms, host controls, and disabled private chats to manage access and communication, and employing 360° room scans during sensitive testimonies to ensure confidentiality. Regular infrastructure reviews and independent cybersecurity audits should also be institutionalized to identify vulnerabilities and strengthen overall system resilience.

The role of cyber hygiene is also vital. A recent report revealed that 94 per cent of over 19 billion leaked passwords were reused or duplicated, an alarming indicator of lax digital habits. Practicing simple but powerful habits, like using strong, unique passwords, enabling multi-factor authentication, and updating software regularly, can make all the difference.

But technology alone isn’t enough. A holistic cybersecurity framework must be anchored in international best practices. The 2022 ICCA–NYC Bar–CPR Cybersecurity Protocol provides a strong blueprint, emphasizing the “Identify–Protect–Detect–Respond–Recover” paradigm. It calls for encrypted communications, risk-based safeguards, and breach protocols tailored to case sensitivity.

Leading arbitration institutions across the globe, including the Indian Council of Arbitration (ICA), have already integrated many of these cybersecurity best practices. It is imperative that all Indian arbitration platforms follow suit by adopting a comprehensive security posture. This includes implementing robust access controls and multi-factor authentication, maintaining continuous threat monitoring, and aligning internal protocols with national cybersecurity standards issued by CERT-In and I4C. Achieving ISO 27001 certification can further formalize information security governance and demonstrate institutional commitment to resilience. Additionally, meaningful collaboration with national initiatives, such as Cyber Swachhta Pakhwada led by CERT-In can help raise awareness and strengthen the cybersecurity ecosystem through public education and proactive threat mitigation.

Technology and arbitration are not at odds, they are natural allies. When harnessed responsibly, digital tools can elevate arbitration to unprecedented levels of trust, transparency, and efficiency. This synergy enables India to not only resolve disputes quickly and securely but also to emerge as a preferred destination for global arbitration.

With the right blend of legislative backing (like the DPDP Act), operational excellence, and a commitment to digital trust, we can ensure that confidentiality and cybersecurity are not vulnerabilities, but strengths. The future of arbitration in India is not just digital; it is secure, resilient, and ready for the world.

About the author: Arun Chawla is the Director General of Indian Council of Arbitration.

Disclaimer: The opinions expressed in this article are those of the author(s). The opinions presented do not necessarily reflect the views of Bar & Bench.

If you would like your Deals, Columns, Press Releases to be published on Bar & Bench, please fill in the form available here.