Day: June 27, 2025

By Anand Bhat, Chairman & Managing Director, BNB Security & Automation Solutions Why the conversation is shifting Until recently the goal of most safety or security projects was clear-cut – install the right sensors & equipment, route alarms to a control room, keep false positives manageable and respond within a written SLA. That formula is no longer enough. Three forces are reshaping expectations: 1. Data saturation Modern campuses already host thousands of points – surveillance cameras, access control systems & readers, fire smoke & heat detectors, intrusion & occupancy sensors, range of ambient & energy measurement sensors – yet nearly 70 percent of that data is never correlated. 2. Business continuity pressures Downtime is now measured in reputation minutes as much as in rupees. Stakeholders want documented proof that small incidents are isolated before they interrupt service. 3. Regulatory tightening India’s Digital Personal Data Protection Act, the revised National Building Code, Public Safety Act and emerging ESG disclosure norms all require real-time evidence, not retrospective logbooks. Sensor orchestration – turning every sense point into a single, contextual feed for the operations centre – moves from ‘nice to have’ to ‘table stakes.’ A simple definition Sensor orchestration is the practice of: ● Collecting data from every relevant safety, security or environment- related sensor, regardless of brand. ● Normalising it into a common, time-aligned stream. ● Fusing multiple streams into a higher-level event (e.g., ‘over-temperature + carbon-monoxide rise + camera flame pattern = verified fire’). ● Responding according to a playbook that blends automation (doors release, HVAC dampers close) with human escalation. ● Auditing the entire chain in a way that regulators and insurers can examine the audit trail. A typical 3-6-9-year outlook (next decade) Timeframe What will change Implications for professionals Next 0-3 years – Integration phase •Most large projects will specify open protocols (MQTT, ONVIF, BACnet/ IP) as mandatory.•Sensor fusion will tackle the everyday irritants first – false fire alarms, redundant guard patrols,energy waste. •Engineers must learn basic data normalisation and security segmentation. •Engineering design spec teams must/ will write ‘deliver raw API data’ into ‘actionable intelligence’ and ‘performance contracts.’ Next 0-3 years – Integration phase •AI models trained on multi-sensor data sets become common in GSOCs. • Routine incidents (80% today) trigger full closed-loop responses without operator intervention. • Insurers start discounting premiums when buildings prove sub-10-second incident containment. •Security & Facility managers’ upskill in AI ‘explainability’ – being able to justify how amodel chose an action.•Legal and data-privacy officers are increasingly involved in sensor placement and data retentionpolicies. Next 6-9 years – Predict-and prevent phase •Digital twins combine BIM, real-time sensors and historical fault data.•Regulations shift from ‘respond within x seconds’ to ‘show that you can predict and avoid.’•Smart-city feeds (weather, crowd density, air quality) mesh with building sensors. •Risk managers prioritise scenario modelling over traditional checklist audits.•Vendors differentiate through ‘micro-services’ (e.g., lithium-battery thermal-runaway predictor) that plug into a common orchestration platform. Key capability gaps to close now 1. Open data skills Most teams still rely on proprietary GUIs now. They need fundamentals in: ● Time-series basics – sampling, latency, synchronisation. ● Lightweight messaging – MQTT topics, REST calls, simple JSON parsing. An operator does not need to code AI models, but must understand how ‘sensor A’ synchronises with ‘sensor B’ and what happens if one timestamp drifts. 2. Cyber-physical discipline Multiple small breaches in the last 24 months began with an unsecured surveillance camera and ended in an HVAC shutdown. OT segregation, encrypted NFC-enabled devices, certificate management and patch cadence must become part of the FM playbook, not an afterthought delegated to IT. Those low-code design inclusion competencies must now be at the edge. 3. Playbook design Automated response is only as good as the playbook behind it. Each event class requires: ● Threshold (when to trigger). ● Dependencies (which other sensors confirm or cancel). ● First automated act. ● Operator escalation path. ● Audit closure. Writing clear, testable playbooks is a new professional skill set somewhere between process engineering and emergency planning. Until recently the goal of most safety or security projects was clear-cut – install the right sensors & equipment, route alarms to a control room, keep false positives manageable and respond within a written SLA. That formula is no longer enough 4. Continuous audit culture The future regulator will ask for a digital traceability, audit trail & explainability, not a binder. Life-safety drills, valve closings, data-retention decisions – all must leave an immutable log. Building teams should practice incident retrospectives the way airlines analyse near misses. Product and solution directions BNB and its OEM partners will plan to collaborate on four solution stacks aligned to the roadmap above. 1. Multi-sensor edge gateways – Devices that accept legacy 4-20 mA loops, modern IP streams and encrypted wireless payloads in one enclosure, forwarding normalised MQTT to the GSOC. 2. AI-ready data lake – A dedicated cloud or on-prem storage that keeps raw and derived sensor data for at least five years for customers, ready for carbon reporting, forensic analysis or model retraining. 3. Low-code playbook engine – Drag-and-drop logic so security supervisors, not programmers, can update responses when floor layouts or customer needs change. 4. Assurance dashboards – Simple widgets: average response time this week; top three sensor faults; compliance score against energy, water, wellness targets. Modern campuses already host thousands of points – surveillance cameras, access control systems & readers, fire smoke & heat detectors, intrusion & occupancy sensors, range of ambient & energy measurement sensors – yet nearly 70 percent of that data is never correlated Preparing the workforce 1. Short, targeted training – Certified 20-hour or similar micro-courses on basic sensor networking, AI alarm correlation and OT cyber hygiene. 2. Cross-functional drills – Quarterly exercises where security, MEP, IT and data-privacy teams walk through one orchestrated event.3. Graduate outreach – Partnering with universities to include sensor-network basics in mechanical and electrical engineering electives. How the industry should cooperate 1. Shared taxonomies & ontologies – Agree on naming conventions for devices and events….

Dr Banusri VelpandianSenior Law Specialist Bhavya JhaLaw Graduate Co-author Though it sounds very personal, the nature of harm caused to one’s reputation and dignity also has public aspect inherent to it. Even the Apex Court of our country gives reasoning that individuals constitute the community and the law relating to defamation protects the reputation of each individual in the perception of the public at large. In this age of all pervasive freedom and preference to privacy, a delicate balance between free speech and expression that is considered to be a fundamental right, and certain reasonable restrictions have to be arrived at. Starting July 1 last year, three criminal laws, of the British-era viz; The Indian Penal Code of 1860, the Code of Criminal Procedure of 1973 and the Indian Evidence Act, 1872 have been replaced by the Bharatiya Nyaya Sanhita (BNS), the Bharatiya Nagarik Suraksha Sanhita (BNSS), and the Bharatiya Sakshya Adhiniyam (BSA) respectively. Not only are these laws a part of the Government’s efforts to decolonising our legal system, but they also seek to create a more accessible and efficient justice delivery mechanism. The laws are more comprehensive and in tune with the needs of the present-day system. For instance, the BNS places greater emphasis on national security and public order, removes colonial terminologies and expands the scope of some definitions in sexual offences. On the other hand, the BNSS has integrated technology into criminal proceedings, is transparent and more citizen-centric. The BSB makes a massive difference by adopting 21st Century evidence standards and greater reliance on electronic data. This article specifically focuses on the basic principles and established norms related to harms caused to any ones’ reputation and associated dignity. It also focuses on the growing role of AI and IT in harming reputation, and to gain a basic understanding on the subject. Harm to Reputation under India’s new Criminal Laws: Legal continuity, Digital threats, and Emerging jurisprudence The right to reputation is fundamental for individual dignity and personal liberty, and is protected under Article 21 of the Indian Constitution. It operates in harmony with the freedom of speech and expression guaranteed under Article 19(1)(a), subject to reasonable restrictions under Article 19(2). The constitutionality of criminal defamation was also upheld by the Supreme Court in Subramanian Swamy v. Union of India, (2016) 7 SCC 221, stating that reputation is intrinsic to Article 21, and that reasonable restrictions under Article 19(2) are justified. The implementation of the new criminal laws set in motion a transformative shift in its criminal justice framework. One key area of continuity and adaptation is the law relating to harm to reputation. Now that the world is perpetually online, and new technologies such as AI are emerging every day, the facets of both harm to and protection of reputation are increasingly evolving. In light of this, the matter of how the legal system deals with these issues becomes even more pertinent. As far as defamation under tort (Civil wrongs) law is concerned, as a general rule, the focus is on libel (i.e., written defamation) and not on slander (i.e., spoken defamation). In order to establish that a statement is libelous, it must be proved that it is (i) false, (ii) written; (iii) defamatory, and (iv) published. Defamation under BNS: Retaining the Legacy of the IPC The Bharatiya Nyaya Sanhita, 2023, which replaces the Indian Penal Code, retains the offence of criminal defamation under Section 354, reproducing nearly verbatim the language of Section 499 of the IPC. It defines defamation as ‘making or publishing any imputation concerning a person with intent or knowledge that it will harm their reputation.’ The punishment is prescribed under Section 354(2) as imprisonment up to two years, or fine, or both. The essential elements in causing harm to reputation involve the following and it depends upon their interpretation: a. Imputation and targeting. b. Means of communication and causal link. c. Harmful intent or knowledge or reason to believe. Further, the principle of noscitur a sociis, a Latin term meaning ‘it is known by its associates,’ is a rule of legal interpretation. It states that the meaning of an unclear or ambiguous word should be determined by considering the other words and phrases surrounding it The ten exceptions listed under the IPC have been retained without any changes. This continuity ensures doctrinal consistency while simultaneously allowing for newer procedural and evidence mechanisms under BNSS and BSA. The exemption will also include certain privileged communications such as the statements made during Parliamentary proceedings. The ten exceptions under Section 354 are: 1. Truth for Public Good: True statements made for the public good are not defamation. 2. Public Servant Conduct: Good faith opinions on a public servant’s official conduct are exempt. 3. Public Questions: Good faith remarks on a person’s conduct in public affairs are allowed.4. Court Proceedings: Accurate reports of judicial proceedings are not defamatory. 5. Merits of a Case: Fair comments on the merits of a case or conduct of involved parties are exempt. 6. Public Performances: Honest reviews of works submitted to public judgment are not defamation. 7. Censure by Authority: Lawful censure by someone in authority made in good faith is protected. 8. Accusation to Authority: Complaints made in good faith to proper authorities are not defamation. 9. Protection of Interests: Imputations made in good faith to protect one’s or another’s interests are exempt. 10. Caution for Good: Warnings given in good faith for someone’s or public benefit are not defamatory. Comparison with the IPC-Era Even as the substantive content of the law on defamation remains the same, the procedural and evidentiary frameworks have changed. The BNSS introduces faster timelines for investigation and trial [BNSS, 2023, Chapter XII], which can expedite defamation cases. Legal explainer: Chapter XII of the Bharatiya Nagarik Suraksha Sanhita, 2023 deals with police procedures for investigation, mirroring CrPC’s Chapter XII but with modern upgrades. Key points for defamation cases: ● Section 173: FIRs must be registered promptly for cognizable offences. ● Section 176: Police can…

REDEFINING THE ROLE OF SECURITY IN THE CORPORATE WORLD ANIL PURICMD, APS Group A first generation serial entrepreneur, thought leader and an action catalyzer rolled into one – Anil Puri is a rare combination of a visionary, an innovator and a strategic thinker. He has used this combination to innovate and implement on-ground many new business ideas. His rich experience in various businesses has enabled him to nurture & mentor innovative ideas and scale them up. “In a world of rising risks, security is the new RoI” Introduction In today’s volatile, unpredictable, complex, and ambiguous (VUCA) world, corporations face a wide range of threats – cyber, physical, reputational, and geopolitical. Security, once considered a passive cost burden, is now being redefined as an active protector of profits, business continuity, and corporate reputation. With rising incidents of cyberattacks, insider threats, industrial sabotage, and disruptions caused by natural disasters and civil unrest, the role of corporate security has expanded from guarding gates to safeguarding value chains. It makes a bold move and great sense to transform the corporate mindset – from viewing security as a cost center to appreciating it as a strategic investment that protects profits, fuels resilience, and builds competitive advantage in the global market. “When security leads, losses retreat” 1.Understanding the Legacy Perception: Security as a Cost Center Security was traditionally viewed as a non-productive overhead. Historically, security was confined to physical guarding, with minimal alignment to strategic business goals. This perception relegated it to a cost on the profit and loss account without tangible contribution to revenue or growth. Security budgeting is often reactive and not outcome-linked. Corporate boards often allocate security budgets after an incident, making it reactive rather than preventive. There’s minimal linkage between security inputs and organizational outcomes or profitability. RoI of security investments is difficult to quantify. Unlike marketing or production where inputs and outputs can be directly measured, the returns from security (e.g., prevention of incidents, reputation protection etc.,) are intangible. This causes reluctance in investing significantly in security measures – poor integration with business strategy. In many organizations, security functions operate in silos without integration with operations, HR, finance, or IT, further weakening their strategic relevance and visibility. 2.Evolving Threat Landscape: A Paradigm Shift in Risk Perception “Every breach avoided is revenue protected – security is silent profitability“ Rise of hybrid and complex threats Modern threats are no longer isolated – cyber and physical threats now converge. For instance, a disgruntled insider can physically access a server room and launch a ransomware attack. This hybrid nature makes security far more strategic. Globalization and expanded risk perimeters Global supply chains, remote operations, and digital platforms mean that organizations now face risks from multiple geographies, jurisdictions, and threat actors – ranging from state-sponsored espionage to transnational crime networks. Political, economic, and environmental risks Geopolitical tensions, trade wars, climate-induced disasters, and pandemics like COVID-19 have demonstrated how non-traditional threats can cripple operations and cause massive financial losses. Regulatory tightening and compliance pressures From GDPR in Europe to India’s Digital Personal Data Protection Act, and evolving ESG norms – security and privacy compliance have become core to business licensing, investor trust, and global market access. Increased accountability of C-suite and Boards Security breaches now result in reputational damage, legal scrutiny, and even removal of CXOs. Leadership is increasingly accountable for lapses in data protection, crisis management, and employee safety. “Security transforms from expense to asset the moment a threat is blocked” 3.Security as a Profit Protector: Strategic Reframing Loss prevention equals profit protection Security measures reduce theft, fraud, and operational disruptions – translating directly to cost savings and enhanced margins. Retail chains globally invest heavily in surveillance and analytics to prevent inventory loss (shrinkage). Security sustains business continuity and investor confidence A well-secured environment ensures minimal operational downtime during crises, assuring investors and clients of organizational resilience. For example, firms with robust Business Continuity Plans (BCP) performed better during the COVID-19 lockdown. Brand trust is rooted in security and compliance Customers, regulators, and stakeholders are more loyal to companies that protect their data, ensure safe workplaces, and comply with laws. A breach in security can wipe out years of brand building – as seen in high-profile data leaks. Security mitigates legal and regulatory penalties Failure to implement adequate security can lead to lawsuits, sanctions, and insurance claim denials. Proactive compliance with security standards (e.g., ISO 27001, ISO 18788) reduces liabilities. Cybersecurity is a competitive differentiator In sectors like BFSI, IT, and e-commerce, robust cyber defense systems enhance customer confidence, driving sales and global competitiveness. “No margin is safe without protection – security defends the bottom line” “In today’s volatile, unpredictable, complex, and ambiguous (VUCA) world, corporations face a wide range of threats – cyber, physical, reputational, and geopolitical. Security, once considered a passive cost burden, is now being redefined as an active protector of profits, business continuity, and corporate reputation. With rising incidents of cyberattacks, insider threats, industrial sabotage, and disruptions caused by natural disasters and civil unrest, the role of corporate security has expanded from guarding gates to safeguarding value chains” 4.Case Studies: Global and Indian Examples Target Corporation, USA. A 2013 data breach led to 40 million customer credit card details being stolen. The company faced $200 million in losses and lost customer trust. Since then, they have invested heavily in cybersecurity, positioning themselves as an industry leader in retail security. Tata Consultancy Services (TCS), India TCS integrates information security within its project lifecycle, ensuring client data protection and compliance with global norms like GDPR. This has made it a preferred vendor for Fortune 500 clients. Taj Mumbai 26/ 11 Attack Response During the 2008 Mumbai attacks, security and hotel staff protected guests and facilitated emergency evacuation. Their preparedness became a global case study in disaster response and resilience. Amazon’s Security Architecture Amazon deploys AI-driven surveillance, warehouse robotics, and encrypted data architecture to ensure smooth operations even under peak demand. This contributes directly to customer satisfaction and profitability. “In today’s corporate battlefield, security…