Someone Else Owns India's Off Switch

A sovereign cloud, India's own DNS root and Root CA, a defence-led research base built for keeps, and a national cybersecurity strategy that outlives election cycles are not vanity projects. They are the difference between a nation that can be remotely switched off and one that cannot. AI is merely the newest switch in a long, often invisible chain — and far from the most dangerous.

The cloud our banks run on, the certificates securing government portals, the platform hosting 21.9 million Indian developers, the navigation guiding our defense systems — each sits on an off switch held abroad. We aren't outraged about these because we can't see them. That doesn't make them less real. "Why reinvent the wheel," critics ask of every indigenisation effort. Here's the answer, in seven words: a wheel you do not own can be taken away.

We learned this once, at Kargil in 1999. Indian forces sought GPS data for the high Himalayan ridges from the United States — and were refused. That denial, by India's own space establishment's account, became the unforgettable lesson that built NavIC, approved in 2006 and operational by 2016. Yet even NavIC wasn't fully sovereign: its first-generation satellites ran on imported Swiss atomic clocks, several of which later failed. Sovereignty isn't a press release — it runs down to the clock, the chip, the silicon.

In July 2025, Nayara Energy faced a stark reminder of the risks tied to foreign-controlled digital infrastructure when Microsoft suspended services to the refinery in compliance with European Union sanctions linked to its Russian shareholding. The refinery accounts for nearly 8% of India's refining capacity, yet the action was taken without any directive from an Indian court or requirement under Indian law. More than a technical disruption, the incident exposed how external entities can influence critical national operations—effectively revealing a digital "kill switch" over infrastructure with no domestic override.

GitHub locked developers in Iran, Syria, and Crimea out of their own code overnight when sanctions hit. In 2025, China quietly withdrew over 300 Foxconn engineers from India's iPhone lines. The switch doesn't always say "off" — sometimes it says "we are leaving."

What remains invisible is more troubling still: roughly 70% of India's cloud runs on three American hyperscalers under the US CLOUD Act; India operates no DNS root server; and since a 2014 breach, no trusted sovereign Root Certificate Authority exists.

The suspension of AI services is not a new risk—it is simply the latest manifestation of a long-standing dependency problem. From cloud platforms and digital certificates to DNS infrastructure, navigation systems, and semiconductor supply chains, much of the digital stack remains externally controlled. India's experience during Kargil underscored the dangers of such reliance.

Finally, building sovereign capabilities—whether in cloud infrastructure, DNS roots, Root CAs, cybersecurity, or defence-led R&D—is not about nationalism or nostalgia. It is about ensuring strategic autonomy. True digital sovereignty means having control over the switch, rather than being vulnerable to someone else's.