Towards a Unified Global Cyber Jurisprudence Framework

by

Prabhu Rajasekar

CyJurII Scholar

on 9 November 2025

PDF Available

Abstract

In the digital age, cybercrime has emerged as a transnational menace that transcends geographic borders, legal jurisdictions, and governance systems. This paper examines cybercrime through an integrated lens of law, forensics, and global governance, proposing the development of a Unified Global Cyber Jurisprudence Framework (UGCJF) under the auspices of the United Nations. Using India as a comparative anchor alongside the European Union and the United States, the paper analyses the interplay between data-protection, cybercrime, and evidence laws, particularly the General Data Protection Regulation (GDPR), Information Technology Act 2000, and Computer Fraud and Abuse Act (CFAA). It further investigates three landmark Indian cybercrime cases, the Cosmos Bank Heist (2018), Bulli Bai Gendered Harassment (2021), and AIIMS Ransomware (2022), to demonstrate the evidentiary and procedural challenges of digital forensics. Through analytical synthesis, it argues for harmonizing technical infrastructures such as Security Operations Centers (SOC), Security Information and Event Management (SIEM), and Security Orchestration, Automation and Response (SOAR) systems with blockchain-based chain-of-custody protocols and cross-border judicial collaboration. The proposed UGCJF would link national cyber laws, international conventions, and forensic standards under a neutral Global Court for Digital Justice, enabling equitable adjudication and evidence admissibility across jurisdictions. This study thus bridges legal doctrine, digital forensics, and Cybernetics-driven governance toward a balanced, transparent, and rights-based digital order.

Keywords: Cybercrime, Digital Forensics, Cyber Jurisprudence, Evidence Law, Global Digital Justice, Blockchain, SOC/SIEM/SOAR, Cybernetics, Governance Risk Compliance

Introduction

Cybercrime is now one of the most pervasive threats to global security and socio-economic stability. Its fluid, borderless nature undermines traditional policing and legal systems built on territorial jurisdiction. Unlike conventional crimes, cyber offences exploit digital infrastructures, cloud platforms, IoT devices, and AI algorithms, creating complex evidentiary trails that challenge admissibility and chain-of-custody principles. The global financial system, health networks, and democratic institutions face daily incursions ranging from ransomware to misinformation warfare. India, representing an emerging digital economy with rapid e-governance expansion, offers a fertile comparative ground for studying cybercrime and evidence. Its Information Technology Act (2000) functions as the foundational cyber legislation, amended in 2008 to address identity theft, hacking, and digital signatures. However, the Act’s scope and procedural mechanisms remain limited in transnational contexts. Conversely, the European Union’s GDPR (2018) establishes rigorous data-protection and privacy standards, while the United States’ CFAA (1986) criminalizes unauthorized computer access and data fraud. Together, these frameworks illustrate differing philosophies, privacy-centric in Europe, deterrence-oriented in America, and regulatory-adaptive in India, highlighting the need for harmonization. Beyond legislation, effective cybercrime investigation depends on digital forensics, the scientific extraction and analysis of electronic data. International standards such as ISO/IEC 27037 and 27043 establish best practices, yet disparities persist in implementation, particularly regarding evidence certification (e.g., India’s Section 65B Evidence Act requirements). This paper integrates these legal and forensic perspectives through a Ph.D.-level inquiry into global cyber governance, culminating in the proposition of a Unified Global Cyber Jurisprudence Framework (UGCJF) rooted in Cybernetics, the science of control and communication within systems, to ensure adaptive, accountable, and transparent global digital justice.

Section I – Understanding Cybercrime and Evidence

Cybercrime encompasses any unlawful activity involving computer systems, digital networks, or electronic communications. It includes cyber-dependent crimes such as hacking, ransomware, and DDoS attacks, as well as cyber-enabled crimes like financial fraud, identity theft, and online exploitation. The exponential adoption of AI and cloud computing amplifies both the scale and sophistication of these offences, enabling threat actors to obscure attribution through encryption, anonymization, and the dark web. The forensic dimension of cybercrime is anchored in evidence, defined as any digital artifact that can demonstrate fact or intent in a court of law. Digital evidence may include server logs, IP traces, blockchain transactions, or metadata extracted from devices. Investigative protocols rely on Locard’s Exchange Principle, asserting that every contact leaves a trace, thereby establishing the scientific foundation for linking suspects, tools, and targets. Maintaining evidentiary integrity requires adherence to procedural frameworks such as ISO/IEC 27037 (for identification and collection) and ISO/IEC 27042 (for analysis and interpretation). In India, Section 65B of the Evidence Act mandates certification of electronic records to ensure authenticity, a statutory safeguard unique in common-law jurisdictions. However, global investigations suffer from fragmented legal and technical infrastructures. Evidence collected in one country may be inadmissible in another due to privacy or sovereignty concerns. The absence of a universal chain-of-custody mechanism complicates prosecution, particularly for crimes involving multiple jurisdictions and cloud-based evidence. Thus, the study of cybercrime and evidence must integrate law, forensics, and policy through a unified theoretical and operational framework, which this paper terms Cyber Jurisprudence, encompassing the normative, procedural, and technological rules governing justice in cyberspace.

Section II – Comparative Legal Frameworks: GDPR, IT Act, and CFAA

A comparative examination of the GDPR (EU), IT Act (India), and CFAA (USA) reveals divergent yet complementary approaches to cyber governance.

• The GDPR (European Union)

Enforced in 2018, the GDPR establishes a rights-based regulatory architecture prioritizing data protection, consent, and accountability. It governs both private and public entities processing personal data of EU citizens, with extraterritorial reach. Violations attract penalties up to €20 million or 4 percent of global turnover. From a forensic perspective, the GDPR emphasizes lawful and proportionate data processing under Articles 5 and 6, requiring investigators to balance privacy with evidentiary necessity. Its intersection with digital forensics emerges in lawful data acquisition, retention limits, and cross-border data transfer governed by Articles 44–49.

• The Information Technology Act, 2000 (India)

India’s IT Act serves as the legal backbone for electronic transactions and cybercrime prosecution. Sections 43 and 66 penalize unauthorized access and hacking, Section 69 authorizes lawful interception, and Section 79 provides intermediary liability exemptions. Crucially, Section 65B of the Evidence Act (read with the IT Act) ensures admissibility of electronic records via certification, reinforcing integrity and non-repudiation. This provision, upheld in Anvar P.V. v. P.K. Basheer (2014), remains central to Indian digital evidence jurisprudence. The Act’s 2008 amendment expanded coverage to identity theft (Section 66C), cyber terrorism (66F), and child pornography (67B), aligning India partially with international norms.

• The CFAA (United States)

Originally enacted in 1986 and amended multiple times, the CFAA criminalizes unauthorized access to protected computers to obtain information or cause damage. It has broad federal jurisdiction but has faced judicial scrutiny for vagueness, notably in Van Buren v. United States (2021), which clarified that violations of corporate policy alone do not constitute criminal access. The CFAA is often invoked alongside the Electronic Communications Privacy Act (ECPA) to prosecute hacking, fraud, and espionage. Forensic protocols in the U.S. follow the Federal Rules of Evidence (Rule 901), mandating authentication through metadata, hashing, and chain-of-custody documentation.

Synthesis

While the GDPR prioritizes privacy, the CFAA focuses on deterrence, and the IT Act bridges regulation and enforcement. Their convergence reveals the contours of a future Global Cyber Jurisprudence Framework where privacy, prosecution, and procedural justice co-exist. Harmonization requires UN-led legal instruments, interoperable forensic standards, and mutual recognition of digital evidence, principles embodied in the Budapest Convention on Cybercrime (2001) and extended through UNODC’s Global Programme on Cybercrime.

Section III – Case Analyses: Cosmos Bank, Bulli Bai, and AIIMS Ransomware

Case 1: Cosmos Bank Cyber Heist (2018)

The Cosmos Bank incident exemplified a sophisticated multi-jurisdictional financial attack. Hackers used malware to breach the bank’s ATM switch and SWIFT systems, transferring ₹94 crore (≈ US $13 million) to accounts in 28 countries within hours. Investigations by Maharashtra Cyber Police and INTERPOL revealed a global syndicate linked to the Lazarus Group. Forensic artifacts, SWIFT logs, network packets, and server images were collected under Section 65B certification. The case triggered policy reforms in India’s banking cybersecurity framework and highlighted the need for real-time global SIEM–SOAR integration and blockchain-based transaction validation.

Case 2: Bulli Bai and Sulli Deals (2021–22)

These cases illustrated cyber-enabled gendered violence where women were “auctioned” online using morphed images on GitHub and Twitter. The Mumbai and Delhi Cyber Cells employed OSINT, linguistic profiling, and WHOIS/IP tracing to identify the suspects. Charges were filed under Sections 66E, 67, and 67A of the IT Act and Sections 153A and 509 of the IPC. Forensically, this case demonstrated the use of metadata correlation and AI-assisted image analysis for evidence linkage. It provoked national debate on digital ethics and the necessity of stricter platform accountability under the Digital India Bill (2024).

Case 3: AIIMS Ransomware Attack (2022)

The AIIMS attack crippled India’s premier healthcare institute, encrypting 40 million patient records. CERT-In and NIA attributed the breach to foreign state-sponsored actors. Forensic investigation traced the entry to compromised VPN credentials and unpatched servers. Evidence was secured through log analysis, disk imaging, and event correlation in SIEM platforms. No ransom was paid, but the incident sparked national discussion on critical-infrastructure cyber resilience and data protection. It underscored the importance of blockchain-enabled chain-of-evidence systems for hospital networks and integration of SOAR for automated incident response.

Section IV – Cyber Forensics and Admissibility

Digital forensics is the scientific backbone of modern cybercrime investigation, transforming intangible data into legally admissible evidence. It operates on a structured methodology encompassing identification, preservation, analysis, and presentation. The Locard’s Exchange Principle, that every contact leaves a trace, remains foundational, but in cyberspace, the “trace” is often metadata, hash values, and log entries scattered across decentralized storage systems. The legal admissibility of such evidence requires demonstrating authenticity, integrity, and reliability, principles codified in most national laws and international standards. In India, the Information Technology Act (2000) and the Indian Evidence Act (Section 65B) collectively form the statutory framework for electronic evidence. Section 65B(4) mandates a certificate authenticating the source and process of producing the electronic record, ensuring its admissibility. In practice, the Cosmos Bank case established procedural benchmarks for digital certifications, while Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) reaffirmed that certification is a prerequisite for admissibility. Similar standards exist globally: the Federal Rules of Evidence (Rule 901) in the United States require proof of authenticity, while in the EU, the GDPR and e-Evidence Regulation (2022) govern proportionality and lawful processing during forensic acquisition. From a technical perspective, forensic admissibility increasingly depends on traceability and immutability, domains where blockchain technology is transformative. Blockchain-based Chain of Custody (CoC) systems log each interaction with digital evidence, from seizure to courtroom presentation, using cryptographic timestamping. This innovation addresses a fundamental weakness in traditional CoC: its vulnerability to tampering or loss during transnational transfer. Integrating blockchain into SOC, SIEM, and SOAR ecosystems allows investigators to track every forensic action while enabling judicial transparency through verifiable logs. The combination of AI-driven analytics and blockchain immutability thus redefines forensic credibility, merging science, technology, and jurisprudence into one evidentiary continuum. Furthermore, international standards such as ISO/IEC 27037, 27042, and 27043 provide procedural guidelines for digital evidence management. However, enforcement disparities persist across regions. A UN-led accreditation system for forensic laboratories, harmonized under the UNODC’s Global Programme on Cybercrime, could establish cross-border evidentiary equivalence, allowing courts to recognize digital evidence from foreign jurisdictions under uniform criteria. Such global forensic cooperation aligns with the ethos of Cybernetics, where feedback and control create equilibrium among technical, legal, and ethical systems. It also supports a proactive legal philosophy: prevention through traceability, accountability through transparency, and justice through verifiable truth.

Section V – Towards a Unified Global Cyber Jurisprudence Framework

The fragmentation of global cyber governance has led to jurisdictional conflicts, procedural delays, and evidentiary inconsistencies. To remedy this, a Unified Global Cyber Jurisprudence Framework (UGCJF) is proposed, an integrative model combining legal harmonization, technological interoperability, and ethical oversight. This framework envisions three structural pillars:

1. Technical Integration: Interconnect national and regional Security Operations Centers (SOC) via a global SIEM–SOAR network, supervised by a neutral UN Digital Security Secretariat. Each node would employ blockchain-based CoC ledgers for evidence traceability and real-time alert sharing. The INTERPOL Global Complex for Innovation (IGCI) and UNODC could co-manage this network to ensure secure, standardized, and lawful intelligence exchange.

2. Legal Synchronization: Harmonize evidence and privacy laws by adopting shared definitions of cyber offences, evidence admissibility, and proportionality. The GDPR, CFAA, and IT Act should serve as reference models for a codified international instrument, an updated “Budapest Plus Convention” under the UN. The convention would unify cross-border evidence requests, MLAT procedures, and compliance with human rights principles under the International Covenant on Civil and Political Rights (ICCPR).

3. Judicial Collaboration and Oversight: Establish a Global Court for Digital Justice (GCDJ), a specialized judicial organ under the United Nations parallel to the International Court of Justice (ICJ). The GCDJ would adjudicate state-level cyber disputes, facilitate intergovernmental evidence exchange, and oversee compliance with international cyber norms. It would be supported by a Cyber Peacekeeping Unit, comprising technical experts, legal analysts, and forensic scientists, to mediate during cyber conflicts or large-scale ransomware crises.

This structure reflects the Cybernetics governance model, where dynamic feedback loops between technical systems, laws, and ethics maintain global balance. The framework also integrates AI-driven forensic validation, ensuring predictive threat analysis without infringing on privacy. Ultimately, UGCJF promotes a world where digital sovereignty coexists with collective security, replacing unilateralism with cooperative cyber justice.

Conclusion and Policy Recommendations

The global rise of cybercrime has outpaced existing legal and forensic mechanisms, creating asymmetries between national capabilities and transnational threats. Cases like the Cosmos Bank Heist, Bulli Bai cyber harassment, and AIIMS ransomware attack illustrate the urgent need for international synchronization between technological controls, legal frameworks, and judicial systems. Each case underscores systemic vulnerabilities: insufficient forensic coordination, jurisdictional fragmentation, and lack of real-time data governance. The proposed Unified Global Cyber Jurisprudence Framework (UGCJF) offers a pragmatic pathway forward. By integrating SOC–SIEM–SOAR infrastructures, blockchain-based CoC systems, and harmonized legal procedures, it establishes a cyber ecosystem grounded in traceability, transparency, and trust. Policymakers should prioritize:

1. Ratification of a UN Cybercrime Convention ensuring digital evidence interoperability.

2. Development of a Global Digital Justice Charter, aligning forensic standards (ISO/IEC 27000 series) with human rights instruments (ICCPR, UDHR).

3. Institutionalization of a Global Court for Digital Justice (GCDJ) for neutral adjudication of cross-border cyber offences.

4. Creation of an AI-Forensic Ethics Council to oversee algorithmic fairness and data accountability.

5. Strengthening academic–law enforcement partnerships to advance Cybernetics-based training in forensic governance.

In essence, cybercrime is not merely a technological challenge, it is a legal, ethical, and philosophical one. Bridging the gap between machine intelligence and human justice requires a jurisprudential rethinking of sovereignty, responsibility, and rights in the digital domain. As cyber ecosystems grow increasingly autonomous, the rule of law must evolve from territorial enforcement to global digital stewardship. The establishment of a Unified Global Cyber Jurisprudence Framework under the aegis of the United Nations would thus represent not only an institutional innovation but a moral imperative, ensuring that justice, security, and liberty remain indivisible in the age of intelligent machines.

References 

1. Council of Europe. (2001). Budapest Convention on Cybercrime. Retrieved from https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185

2. European Union. (2018). General Data Protection Regulation (GDPR). Retrieved from https://gdpr-info.eu

3. Government of India. (2000). Information Technology Act, 2000 (as amended in 2008). Ministry of Electronics and Information Technology. Retrieved from https://www.meity.gov.in/

4. Indian Evidence Act, 1872 (India). Section 65B – Admissibility of electronic records. Retrieved from https://indiankanoon.org/doc/1981852/

5. International Court of Justice (ICJ). (2024). Mandate and Role in International Dispute Resolution. Retrieved from https://www.icj-cij.org/

6. INTERPOL. (2023). Cybercrime Directorate and Digital Forensics Framework. Retrieved from https://www.interpol.int/en/Crimes/Cybercrime

7. ISO/IEC. (2012). 27037: Guidelines for identification, collection, acquisition, and preservation of digital evidence. Geneva: International Organization for Standardization.

8. National Investigation Agency (India). (2023). Cyber Forensics Division Reports. Retrieved from https://www.nia.gov.in/

9. UNESCO. (2021). Recommendation on the Ethics of Artificial Intelligence. Paris: United Nations Educational, Scientific, and Cultural Organization. Retrieved from https://unesdoc.unesco.org/ark:/48223/pf0000379920

10. United Nations Office on Drugs and Crime (UNODC). (2024). Global Programme on Cybercrime. Vienna: UNODC. Retrieved from https://www.unodc.org/unodc/en/cybercrime/

11. U.S. Department of Justice. (1986). Computer Fraud and Abuse Act (CFAA). Retrieved from https://www.justice.gov/criminal-ccips/computer-fraud-and-abuse-act

12. European Union Agency for Cybersecurity (ENISA). (2023). Digital Forensics and Evidence Frameworks. Retrieved from https://www.enisa.europa.eu/

13. Reserve Bank of India. (2019). Cyber Security Framework for Urban Cooperative Banks. Mumbai: RBI. Retrieved from https://rbi.org.in/

14. Van Buren v. United States, 593 U.S. (2021). United States Supreme Court.

15. Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473 (India).

16. Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, (2020) 7 SCC 1 (India).