India’s Digital Sovereignty Is Being Privatised — In the Name of Swadeshi
The Government of India has moved 1.2 million (12 lakh) central government email accounts from NIC infrastructure to Zoho (Zoho Corporation). Even though email addresses still carry @gov.in or @nic.in, the servers, control, and access are now with a private firm.
Key Data amplifies the problem: Estimates suggest the central government workforce may reach 3.5 million (35 lakh) in 2024. At a cost of ₹300 per email account annually, even for a fraction of this population, the fiscal burden is large. If all 3.5 million employees were migrated, that alone costs ₹1,050 crore every year just for email maintenance — and full “cloud suite” services would be even more expensive.
Compared to this, investing in government infrastructure like NIC is a one-time capital expenditure with long-term public benefit, not a perpetual rent payment to private entities. It is being framed as a move toward “Swadeshi,” but the truth is the nation’s digital backbone is being outsourced.
Previously, these communications were handled by NIC (National Informatics Centre) — a government institution under public oversight and accountability.
Now, when state communications, classified memos, inter-ministerial debates rest on private servers, the real question is: who has the ultimate control?
Is it the state, or the vendor?
Who audits access, holds keys, manages backdoors?
What safeguards ensure data sovereignty?
Even more alarming: Zoho was vetted through 20 security audits before selection. But audits are static snapshots; control, jurisdiction, accountability are ongoing concerns.
And consider the deeper irony: the founder of Zoho, Sridhar Vembu, sits on the National Security Advisory Board — the same body that shapes India’s defense and security policies. This proximity of private data control and state security authority is a convergence of power that demands public scrutiny.
If those shaping our digital infrastructure do not trust their own nation enough to host sensitive operations within public institutions, can we trust them with our future, our data, and our sovereignty?
