top of page
  • Paridhi Gupta

Metaverse: An Unregulated Parallel Digital Universe


The Metaverse is an advanced parallel digital universe, developed on the idea of augmentation of reality by transforming the process through which we interact with the internet by using visual, audio and haptic technology. The Oxford Dictionary defines the Metaverse as ‘a slang term used to describe a virtual representation of reality implemented by means of virtual reality software’. Some of the finest examples of successful metaverses include the game, Second Life, and the global platform, Decentraland. It overlaps our physical and digital lives by amalgamating the present world’s social, financial, economic, and political aspects by employing automation, virtual reality, complete immersion, and calibrating the real-time activity of its users. To flawlessly seam together these independent physical experiences in this next-generation internet, the compliance of countless companies, organizations, and technologies through a single browser is required. This three-dimensional online space germinates unique models of interaction, content creation, decentralization, socialization, and monetization through its use of multiple platforms of technology, such as non-fungible tokens (NFTs), brain-interface technology, cryptocurrencies and many more.

It requires the use of heightened sensors, complicated software, and the collection, administration, and application of extremely sensitive personal information, rendering it susceptible to exploitation and misuse by digital behemoths, firms, and terrorist organizations. The interests exhibited by companies like Google, Microsoft, and Meta in the development of Metaverse have led to heavy investments by ordinary persons in digital assets. Because of this heavy influx of finances, while the platform is still under construction, the involvement of governments across the globe to protect their citizens has become necessary. Another aspect that raises questions on the virtues of the Metaverse is how a few global tech leaders are manipulating it to revamp their own companies. Mark Zuckerberg’s rebranding of Facebook to Meta, after years of being embroiled in data mining and fake news scandals all over the globe is an instance wherein such stratagem has been witnessed.

Although the Metaverse is yet to become a reality, millions of users engage daily on digital media platforms and e-commerce sites for hours. Therefore, besides traditional passwords, facial recognition and biometric protective safeguards, new regulations must be introduced to defend consumers against data breaches and unethical hacks.

Background Of Data Protection Legislations In India 

In developing countries like India, which have pervasive internet use, many overlapping legislations govern data protection and cyberspace. There are five major types of laws supervising the digital world such as the Information Technology Act, 2000 (IT Act), Indian Penal Code, 1860 (IPC), Companies Act, 2013, Cybersecurity Framework (NCFS) and the Information Technology Rules. However, the most significant ones are the Information Technology Rules, 2011 and the Information Technology Rules, 2021, under the Information Technology Act, 2000.

After the adoption of the model law on e-commerce (electronic commerce) by the United Nations Commission on International Trade Law (UNCITRAL) in 1996, many countries such as Singapore and Colombia implemented their own national laws, i.e., Singapore Electronic Transactions Act and eCommerce Law respectively. Thus, the Information Technology Act, 2000 was passed by the Indian Parliament, making India the 12th country to ratify cyber law. The Information Technology Act, 2000, although initially drafted by the Ministry of Commerce as the E-Commerce Act, 1998, was revised and renamed ‘Information Technology Bill, 1999’ and finally passed in May 2000. The primary purpose of this legislation has been to give legal recognition to transactions carried out through the electronic exchange of data and digital communication, i.e., e-commerce transactions, while developing a conducive technological environment.

Inadequacies Of Previous And Present Legislations

Despite its many benefits, the Act has many shortcomings that will only make the general public more vulnerable in the Metaverse. The Act fails to define the terms’ public order’, ‘morality’, ‘incitement’, ‘offensive’ and ‘menacing’, all of which add to ambiguity and obscurity in the implementation of provisions of the legislation. Major concerns such as domain name, patent, copyright, trademark, privacy and content regulation in the advancing internet technologies have also gone unaddressed in this Act. One of the most common unbridled yet overlooked cybercrimes is the transfer of pirated films through various local and global networks. This is a flagrant violation of copyright laws. Consequently, because of the silence of the Information Technology Act of 2000, Copyright Act 1957, or Trade Mark Act 1999 over such instances accompanied by the sheer volume of perpetrators, no practical measures can be taken to restrict it under the present legislations. Besides, section 43 of IT Act, 2000[1], which refers to the penalty for damage to a computer or computer system, and section 72 of IT Act, 2000[2], which refers to the breach of confidentiality or privacy to a limited extent, there exists no mechanism or provision for the protection of online privacy.

Therefore, to overcome these shortcomings, The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011The Information Technology (Guidelines for Cyber Cafe) Rules, 2011,  The Information Technology (Electronic Service Delivery) Rules, 2011Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (the CERT-In Rules), and  The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 were passed. The primary objectives of these legislations have been to protect and regulate the actions of consumers against hazardous content and to ensure the compliance of firms and digital behemoths with the set standards of security, data accuracy, disclosure, and consent. 

Despite multiple protective legislations being in place, an Economic Times analysis of cybercrime has exposed the loss suffered by the Indian government every year due to cyber-attacks and firewall breaches, amounting to approximately Rs. 1.25 lakh crore without the inclusion of problems associated with the Metaverse. Hence, the Metaverse requires multiple new legislations, particularly due to the paucity of standing precedents and standards to deal with its novel issues. 

Potential Issues Of The Metaverse And Suggestions To Resolve Them

With new companies stepping into the Metaverse, from Samsung, Hyundai to Coca-Cola, the Metaverse expedites the facilitation of and criminal activities such as ransomware, online child sexual exploitation, phishing and synthetic drug trafficking, as highlighted by Interpol at the 90th General Assembly in New Delhi. This is coherent with the novel dimensions of digital freedom, it unfolds, accompanied by the dearth of legal frameworks. Issues relating to the Metaverse have already trapped the governments of several developed and developing nations of the world in its web while it is at its infancy stage. 

Although physical risks in this digital world are finite, users are, in reality, much more susceptible to mental and psychological traumas. The pseudonymity of identity in the Metaverse is both a boon and a curse to its users. While it gives people a chance to start afresh and escape from their mundane lives in the physical world, it allows them to commit offences in the absence of apprehension of being unmasked in their real-world identity, even if their virtual identity is revealed. Hence, delinquents wander with impunity because of the dearth of adequate verification mechanisms and the incoherency clouding the application of real-world laws in the Metaverse.

Innumerable users, exceeding the members of the present Web 2.0, are expected to be a part of Metaverse or Web 3.0, leading to an explosion in the collection, management and application of immense magnitudes of sensitive personal information. It will no longer restrict itself to biological, physical, real-time, and historical information but will also extend to biometric data, which falls under “sensitive personal data” as per Section 3 of the IT Rules, 2021

Since the very beginning of the Metaverse, the virtual market has witnessed proliferation, necessitating the establishment of trademark protection and licensing boundaries. People’s obsession with their virtual avatars and digital existence is making them more viable to spend their assets on digital fashion, inviting various forms For example, Nike has sued StockX for trademark infringement for its NFTs depicting Nike sneakers, claiming that the NFTs are unauthorised use of the company’s trademarks. Similarly, Hermes sued Mason Rothschild, who released a collection of NFTs under the “MetaBirkins” brand alleging trademark infringement, arguing the extension of existing registrations in the Metaverse. The new data formats regarding sensitivity, sharing, ownership and control over the content will evolve and gain a new definition rendering the traditional physical approaches impractical.

Consequently, the government needs to incorporate blockchain technology as a solution to provide relief to companies concerned about their real-world product trademarks to their virtual counterparts. Blockchain technology is an ineradicable data record that can incorporate all the relevant details, descriptions, history and scope of rights attached to a company’s virtual goods and services. Thus, establishing an impeachable data source protecting its intellectual property in the virtual world. It also ensures that the data of the governments and citizens engaging with this technology are indefinitely protected since the data is immutable and immotile unless accessed by a specific key.

History is evidence that whenever the Indian government has attempted to curb copyright and trademarks infringements by blocking citizen’s access to such corrupted websites, the public has viewed it as a draconian step in violation of their freedom to speech and expression as guaranteed under Article 19(1)(a) of the Indian Constitution. Therefore, this time, with the changing dynamics of privacy-centric and age-centric media and experiences available in the Metaverse, the government should attempt to set guidelines for the developers instead of the citizens wherein noncompliance, and vagrant flaunting of the rules will lead to the penalization of the company. Hence, the government will have to strike a balance between public policy and development through the forthcoming laws.

Incorporated under the Competition Act, 2002, India’s anti-trust and competition laws prohibit

  1. Undue restraints,

  2. Hindrance,

  3. Monopolization, and

  4. Conspiracy or attempt to monopolize.

However, due to the lack of specified jurisdiction for nation-specific legislations and the probable extension of Metaverse through companies like Microsoft and Facebook, there is a possibility it could lead to monopolization of market and administration. It would allow such large companies to exert their control and dominance as per their power and capability with impunity, all the while hiding behind a mask of decentralized configuration. Since, one of the appealing aspects of the Metaverse to users globally has been the decentralization of power and control in the form of one’s ability to control the rules of their interaction and the data they choose to share in the Metaverse, akin to that in real life, such a farce of people’s lives would be more brutal to regulate by the government.

Through the present legislations, authorities can examine the facilities of physical and Web 2.0 businesses to ensure that they are not involved in anti-competitive practices under the Competition Act, 2002 and the Monopolies and Restrictive Trade Practices Act, 1969. However, in the Metaverse, such firms can use private blockchains to transfer sensitive information that will be inaccessible to the authorities, allowing them to function without concern unless the government establishes relevant statutes. The Indian Government, therefore, needs to re-evaluate its present legislations to clear the existing ambiguity. They have to shift their focus on preventing the monopolization of its people’s data at the hands of tech-giants in the Metaverse.

With further development in technology, legal firms like that of Grunge Colarulo have also established their offices in the Metaverse sector to expand their clientele. As a consequence, the degrees, credentials and skills of the avatars of such legal personnel must be collaborated and established uniformly in the Metaverse. The deliberation finds its grounds on the belief that those attempting to represent ordinary people and provide digital justice need to be held accountable suitably. Due to a lack of adequate jurisdiction and a dearth of laws, anyone and everyone can provide any service they deem fit to with minimal chances of reconfirming their credentials. Therefore, to protect the vulnerability and privacy of the individuals in the Metaverse, a uniform database storing the credentials of all the professionals should be created using blockchain technology. However, the credentials and qualifications should be standardised and consistent with a single set of norms internationally recognised and not unique to nations as witnessed today.

Thus, the rules and regulations that are being formulated pertaining to the Metaverse, must be focused on establishing a collaboration between various countries and their respective authorities.


Technology has always one of the greatest and most unique inventions of humankind, however, it has not been devoid of its lacunas and failures. Similarly, the Metaverse is also a unique and less travelled road with numerous positive and negative opportunities and possibilities. Therefore, a transnational shift in the mindset is required regarding the traditional methods of solving legal issues and conflicts, keeping in mind the needs of society. Indian judiciary and legislations must keep themselves abreast with these ever-evolving dynamics so that the people’s rights and liberties are not trampled in the garb of globalisation and development. Furthermore, the role of arbitration as a legal recourse should be highlighted since the Metaverse lacks territorial and jurisdictional demarcation.

Furthermore, a collaboration between internet providers, lawmakers, e-commerce facilitators, global tech giants, financial institutions and educational institutions can help smoothen this transition and make it more unassailable for the people. Legislators need to take additional precautions to nip the problem at its bud. They need to stay ahead of the swindlers lurking in the shadows of the Metaverse, ready to strike at vulnerable users at the first sign of weakness. Above all, the most important stakeholders in the Metaverse, the users, need to be participative and considerate in the fight against cybercrime.


[1] S. 43, The Information Technology Act, 2000

[2] S. 72, The Information Technology Act, 2000

This article has been authored by Paridhi Gupta, a student of law at Symbiosis Law School, Noida. This blog is a part of RSRR’s Blog Series on “Emerging Technologies: Addressing Issues of Law and Policy”, in collaboration with Ikigai Law.


bottom of page