Login Start Free Trial
CLAT-2027 Blog

Made-in-India Sovereign Cloud Push: Data Sovereignty After Microsoft-Nayara Block — CLAT 2027 Analysis

Test User Test User
| | 6 min read | 28 views
Data center server racks sovereign cloud
Image credit: sovereign cloud India CLAT 2027 Puttaswamy|Photo: Taylor Vick on Unsplash / Source: unsplash.com

CURRENT AFFAIRS | 28 APRIL 2026

CLAT GK + CONSTITUTIONAL LAW & RELEVANT AREA

The Indian government is preparing a policy push that would require companies in critical sectors — telecom, energy, financial services and banking — to use Made-in-India sovereign cloud infrastructure, the Indian Express reported on 28 April 2026. The trigger is unmistakable: in August 2025 Microsoft, citing the European Union’s 18th sanctions package, abruptly blocked Nayara Energy (49.13 per cent owned by Russian Rosneft) from accessing Outlook, Teams and even its own data files stored on Microsoft cloud.

Nayara sued in the Delhi High Court under Section 9 of the Arbitration and Conciliation Act, 1996 — Microsoft restored services within hours. But the precedent was set: a foreign cloud provider, applying foreign sanctions, could disconnect an Indian company from its own data on Indian soil. The IT Ministry has since sought formal responses on “automated jurisdictional nexus” mechanisms, and senior leadership review is now required for any such action.

Want structured CLAT preparation? Try our free 5-day Bodh Demo Course with live classes and expert guidance. Start Free →

⚖️ Constitutional & Legal Framework

  • Article 14, 19, 21 — Justice K.S. Puttaswamy v Union of India (2017) recognised informational privacy as a fundamental right; data sovereignty is its sovereign-state correlate.
  • Information Technology Act, 2000 (Sections 43A, 69, 70) — empowers the Central Government to designate Critical Information Infrastructure (CII) and prosecute breaches.
  • IT (Reasonable Security Practices) Rules, 2011 + IT Rules, 2021 — intermediary due-diligence for data localisation.
  • Digital Personal Data Protection Act, 2023 (DPDP) — Section 16 lets the Central Government notify countries where personal data may NOT be transferred.
  • RBI 2018 Data Localisation Circular — payment system data must be stored only in India (cited as the template for the new cross-sector rule).
  • CERT-In (Indian Computer Emergency Response Team, under Sec 70B IT Act) — nodal agency for cybersecurity incident response.
  • Sovereign Immunity / Extraterritorial Jurisdiction — the Microsoft-Nayara episode raised classic conflict-of-laws questions: can a US/EU sanction operate extraterritorially against an Indian entity through a private cloud contract?

📚 Why This Matters for CLAT 2027

This is a tier-one CLAT topic because it sits at the intersection of Fundamental Rights, statutory framework, and international law. Expect a Legal Reasoning passage asking whether a US-headquartered cloud provider’s compliance with EU sanctions violates Indian sovereignty under Article 1 (the Union of India) read with Article 21 (right to privacy/data autonomy).

Puttaswamy is the gateway authority — memorise the three-fold test (legality, legitimate aim, proportionality) and the nine-judge bench tag. Pair it with the DPDP Act 2023 timeline: Bill August 2023, Royal Assent August 2023, Rules drafted January 2025 (still being notified in tranches).

📊 Key Facts at a Glance

Feature Detail
Trigger event 5 Aug 2025 — Microsoft blocked Nayara Energy
Reason cited EU 18th sanctions package against Russia
Rosneft stake in Nayara 49.13%
Legal route taken Sec 9, Arbitration & Conciliation Act, 1996 → Delhi HC
Outcome Microsoft restored access within hours
Targeted critical sectors Telecom, Energy, Banking, Financial Services
Constitutional anchor Art 21 (Puttaswamy 2017) + Art 14, 19
Statutory anchors IT Act 2000 (Sec 43A, 69, 70, 70B) + DPDP Act 2023
Localisation precedent RBI Circular, 6 April 2018 (payment data)
Nodal cyber agency CERT-In (under Sec 70B, IT Act)

🧠 Memory Hook

“PUT-IT-CERT-DPDP — INDIA’S DATA STAYS HOME”

P — Puttaswamy 2017 (privacy as FR) · IT — IT Act 2000 (Sec 43A, 69, 70) · CERT — CERT-In (Sec 70B nodal) · DPDP — DPDP Act 2023 (Sec 16 cross-border bar)

The Microsoft-Nayara episode is a textbook illustration of how digital infrastructure becomes the new front of geopolitical leverage. Whether the new sovereign-cloud mandate survives WTO GATS scrutiny (cross-border supply Mode 1) or invites investment-treaty arbitration is the next legal frontier worth tracking.

For CLAT, anchor your answer in Puttaswamy plus DPDP Section 16 — and remember that “data sovereignty” is the contemporary application of the older doctrine of territorial sovereignty from Island of Palmas (1928). The exam loves bridging old public-international-law doctrines to new tech contexts.

Practice Quiz — 10 CLAT-Style Questions

Click an option to reveal the answer and explanation.

Share this article
Test User
Written by Test User

Related Articles

Ready to Crack CLAT?

This article covers just one topic. Our courses cover the entire CLAT syllabus with 500+ hours of live classes, 10,000+ practice questions, and personal mentorship from top faculty.

Try Free Demo View All Courses
500+Hours of Classes
10,000+Practice Questions
50+Mock Tests
Start your CLAT prep with a free 5-day demo course Start Free Trial →

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .