1. Source of Tribunal Powers in Cybersecurity Management

Tribunals derive cybersecurity-related powers from three main sources:

(A) Statutory Powers (India – Arbitration Act, 1996)

• Section 17: Tribunal can order interim measures such as preservation, inspection, security, injunctions.
• Section 19: Tribunal is not bound by CPC or strict Evidence Act rules → procedural flexibility.
• Section 18: Equal treatment + due process (critical in cyber breach disputes).
• Section 24: Conduct of hearings (including virtual hearings).

(B) Inherent Powers

Tribunals have implied powers to:

• Preserve integrity of proceedings
• Protect digital evidence
• Order forensic audits
• Control access to electronic data rooms
• Sanction parties for cyber misconduct

(C) Institutional Rules / Cyber Protocols

Modern arbitral institutions allow tribunals to:

• Impose cybersecurity protocols
• Allocate costs for breaches
• Require encrypted document systems
• Restrict access to confidential data

2. Core Tribunal Powers in Cybersecurity Breaches

(1) Power to Preserve Digital Evidence

Tribunals can order:

• Data freezing (email, servers, logs)
• Preservation of metadata
• Backup creation of electronic records

📌 This is crucial in ransomware attacks, hacking, or data deletion cases.

Case Law

Arcelor Mittal Nippon Steel India Ltd. v. Essar Bulk Terminal Ltd.

• Tribunal can issue interim measures under Section 17 to preserve subject matter.
• Court confirmed preservation is central to arbitral justice. 

(2) Power to Order Cybersecurity Audits / Forensic Inspection

Tribunals can appoint:

• Independent IT auditors
• Cyber forensic experts
• Local commissioners for digital inspection

Case Law

CPP Assistance Services Pvt. Ltd. v. Teleperformance Business Services (2026)

• Tribunal ordered audit and inspection of systems due to data theft allegations
• Directed preservation of logs, servers, databases and electronic repositories 

➡️ This shows tribunals can directly intervene in corporate IT infrastructure.

(3) Power to Grant Interim Protective Measures (Security + Injunctions)

Tribunals can:

• Restrict deletion/modification of digital records
• Order security deposits or bank guarantees
• Prevent data transfer outside jurisdiction

Case Law

M/S Tata Advanced Systems Ltd. v. Telexcell Information Systems

• Tribunal ordered bank guarantee as interim protection
• Recognised broad discretion under Section 17 for securing subject matter 

(4) Power to Issue Data Protection & Confidentiality Orders

Tribunals can:

• Enforce confidentiality protocols
• Restrict sharing of sensitive cyber data
• Impose sanctions for leaks

International Authority (Persuasive)

Cybersecurity protocols in arbitration recognise that tribunals may:

• allocate costs for breaches
• impose sanctions for security violations 

(5) Power to Sanction Parties for Cyber Misconduct

Sanctions may include:

• Adverse inference
• Cost penalties
• Striking pleadings
• Procedural disadvantage

This is especially relevant in:

• hacking of hearing platforms
• tampering with electronic disclosure
• deletion of logs

(6) Power to Conduct Virtual Hearings and Secure Platforms

Tribunals can:

• Choose secure video-conferencing tools
• Suspend proceedings after cyber intrusion
• Reset hearings after breach incidents

Case Law (Judicial recognition of procedural flexibility)

Shiningkart Ecommerce Pvt. Ltd. v. Jiayun Data Ltd.

• Tribunal has discretion in procedural matters including interim protection and digital evidence handling under Section 17 

(7) Power to Balance Due Process with Cybersecurity Control

Tribunals must ensure:

• fairness (equal access to data)
• confidentiality
• integrity of electronic evidence

Case Law

Arcelor Mittal Nippon Steel India Ltd. v. Essar Bulk Terminal Ltd.

• Tribunal discretion must be exercised reasonably, not arbitrarily
• Courts will not interfere unless procedure is perverse or unfair 

3. Key Principles Emerging from Case Law

From the combined jurisprudence, 5 key principles emerge:

(1) Preservation Principle

Tribunal must ensure cyber breach does not destroy arbitration subject matter.

(2) Minimal Intervention Principle

Tribunal should intervene only to the extent necessary for security.

(3) Procedural Flexibility Principle

Tribunal is not bound by strict procedural codes → allows cyber-specific solutions.

(4) Proportionality Principle

Cybersecurity orders must be proportionate to risk (not overbroad surveillance or intrusion).

(5) Enforceability Principle

Tribunal orders on cybersecurity are enforceable as court orders (post-2015 amendment).

4. Practical Examples of Tribunal Cybersecurity Powers

Tribunals commonly order:

• Encryption of all document exchanges
• Restricted access data rooms
• Two-factor authentication for evidence portals
• Forensic imaging of servers
• Suspension of cloud access after breach
• Appointment of neutral cyber experts
• Cost shifting for security failures

5. Conclusion

Tribunals today function as “cyber-aware procedural managers”, not just dispute resolvers. Their powers in managing cybersecurity breaches are:

• Broad (Section 17 + inherent authority)
• Flexible (procedural autonomy)
• Enforceable (deemed court orders)
• Controlled by fairness (due process limits)

The case law confirms that tribunals can actively intervene in digital infrastructure, cybersecurity breaches, and electronic evidence preservation, provided they act proportionately and within procedural fairness boundaries.