Frequently Asked Questions
In India, legal and technical services are traditionally siloed. A company hires a law firm for DPDPA compliance and a separate IT firm for VAPT. This creates a “Compliance Gap”: the IT firm finds technical bugs but doesn’t understand their “admissibility” in court, while the law firm drafts policies without knowing if the server architecture actually supports them.
SIRI’s Depth: Our Unified Practice merges these into a single workflow. We don’t just tell you that you need “reasonable security” under Section 43A; our engineers build the technical controls that define that reasonableness.
Yes. In the modern world, even a property dispute has a digital footprint (emails, GPS logs, WhatsApp records).
The Standard: Our Case Routing Logic mandates a “Digital Risk Check” for every case. We verify the authenticity of every digital document before it is used in a filing, protecting our clients from the embarrassment and legal risk of submitting forged or altered electronic records.
We don’t view ISO 27001 or GDPR as “check-the-box” exercises. We treat them as Exculpatory Evidence.
Technical Implementation: Our cyber team tests controls to meet the standard.
Legal Mapping: Our attorneys map those controls to specific statutes.
The Outcome: We prepare a “Court-Ready” package. If your company is ever scrutinized, we have documented evidence of “Good Faith” and “Due Diligence,” which can significantly lower or even eliminate statutory penalties.ntrols that define that reasonableness.
Can I hire SIRI Law for “Cybersecurity Only” services?
Yes, but with a critical distinction. While you may only require a VAPT or Cloud Audit (Type A), the project is still legally governed.
The Difference: A traditional IT firm might give you a PDF of bugs. SIRI Law provides a Validated Technical Report overseen by a Partner. We ensure the evidence-handling rules are defined before the first scan, so the results are defensible if you ever need to prove your “Due Diligence” to a regulator.
Under our Unified Governance model, we never treat a penetration test as a standalone IT project.
The Process: Every engagement begins with a Legal Authorization Letter. This defines the cybersecurity team not as independent contractors, but as consultants acting under counsel’s direction.
The Result: This activation of the “Legal Spine” ensures that technical findings are classified as privileged communications. If a vulnerability is found, it is reported to the Partner first, allowing the firm to provide legal advice on remediation before the information is “discoverable” by outside parties.
AI is not a legal person and cannot be held accountable. Responsibility rests with the “Human-in-the-Loop.” For legal professionals, the duty of competence and candor requires that every AI output be verified by a human advocate before being submitted to a court or client.
The Supreme Court, in landmark rulings like Arjun Panditrao Khotkar (2020) and Kailash v. State of Maharashtra (2025), has affirmed that a Section 65B(4) certificate is mandatory for the admissibility of any electronic record as secondary evidence. Oral testimony cannot replace this certificate. Once a valid certificate is produced, the record (such as a video or CD) is treated as a document that the court can directly see and hear to draw inferences.
Yes. We test AI systems for “Algorithmic Bias,” “Prompt Injection,” and “Data Leakage”. Our goal is to ensure that AI-driven outcomes comply with the DPDPA’s fairness and transparency requirements, preventing discriminatory results that could lead to legal liability.
Collaborative law is a legal approach where both parties in a dispute work together – with the help of their lawyers – to reach a mutually acceptable settlement without going to court. It is commonly used in family law, business disputes, and civil matters where preserving relationships and confidentiality is important. The process focuses on open communication, negotiation, and problem-solving rather than litigation, making it less adversarial and often more cost-effective and efficient.
Under the Indian Evidence Act, communications between a client and their advocate are privileged. If a standard IT firm performs an audit and finds a massive data leak, that audit report is a “discoverable” document that can be used against you in court.
SIRI’s Depth: When SIRI Law LLP conducts a Privileged Audit, the technical findings are generated as part of legal advice. This wraps the technical “vulnerabilities” in a layer of legal protection, ensuring your own security report doesn’t become the “smoking gun” for a ₹250 Cr penalty.s.
While the IT Act mentions “Reasonable Security Practices and Procedures” (RSPP), it is famously vague. Historically, it pointed to ISO/IEC 27001, but the DPDPA 2023 has shifted the goalposts toward “duty of care” and “prevention of misuse.”
Technical Reality: “Reasonableness” is now a moving target. It includes MFA (Multi-Factor Authentication), encryption-at-rest, and documented access logs.
SIRI’s Depth: We define your RSPP through a Technical-Legal Baseline. We map your specific tech stack against the SPDI Rules and the new DPDPA mandates to create a defensible “Security Standard” that can stand up to a Regulatory Audit.
Red Teaming involves simulating a real-world attack, including “Social Engineering” (phishing employees).
The Technical Task: Attempting to bypass the “Human Firewall.”
The Legal mandate: Regulators like RBI (for Banks) and SEBI (for Stock Brokers) mandate periodic “Security Awareness Training.”
SIRI Law’s Approach: We don’t just send fake emails; we document the “Resilience Score” of your organization. This documentation serves as a legal defense to show that the company fulfilled its regulatory obligation to train staff and mitigate “Insider Threats.”
Who owns the copyright of an NFT-linked work in India?
Generally, yes. If a smart contract meets the requirements of the Indian Contract Act, 1872-such as offer, acceptance, and lawful consideration-it is enforceable. However, because they are self-executing code, we recommend “Hybrid Contracts” where a physical text version memorializes terms that code cannot address, such as dispute resolution and liability caps.
Every matter follows a strict pipeline to ensure quality and BCI compliance:
Intake: Formal logging of inquiry.
Classification: Assigning Type A, B, C, D, or E.
Drafting: Creating the SOW/Proposal.
Activation: Deploying the specific layer of experts.
Execution: Regulated technical work under counsel’s oversight.
Partner Sign-off: Final review of all deliverables.
Even in an M&A deal or an employment dispute (Type D), our tech resources work quietly in the background.
Example: In a “Source Code Theft” case, our lawyers don’t just read the contract; our technical analysts verify metadata and digital trails to prove the theft occurred.
Client Value: The client pays for legal representation, but gets a “High-Tech Defense” that ensures digital evidence is never overlooked or mishandled.
In a breach response, time is the enemy. Our model uses Joint Leadership between a Senior Attorney and a Senior Cybersecurity Expert.
The “Breach Coach”: The attorney manages the clock (CERT-In’s 6-hour window and DPDPA’s 72-hour window) and preserves privilege.
The Forensic Lead: The technical expert maintains the Chain-of-Custody.
The Synergy: Technical findings are filtered through the legal strategy. Instead of releasing raw data that could be misinterpreted as an admission of guilt, the technical analysis is used to build the client’s case plan.
At SIRI Law, work does not start with a verbal request; it starts with a Statement of Work (SOW) that acts as the “Law of the Engagement.”
Clarity of Scope: The proposal explicitly classifies the matter into one of our five entry types (A–E).
Liability & Limits: It sets clear boundaries on what the technical team can and cannot touch, ensuring that no “free-roaming” technical activity creates unforeseen legal liability for the client.
No. The Supreme Court clarified in 2025 that if a video is accompanied by a valid 65B certificate, a mandatory transcript is not required by law. The visual evidence has its own inherent value, and while explanatory statements may be used to assist the court, the lack of a transcript does not make the evidence inadmissible.
As mandated by the DPDPA, organizations must embed privacy safeguards directly into their software development lifecycle (SDLC). Our engineers work with developers to ensure that data minimization and encryption are “default” settings, fulfilling the legal duty of care from the moment a product is conceived.
Our technical team performs authorized, simulated attacks on a client’s infrastructure to identify weaknesses like SQL injections or cloud misconfigurations. This serves a critical legal purpose: it establishes “Reasonable Security Practices” under Section 43A of the IT Act. If a breach occurs, these audit logs serve as evidence in court that the company was not “negligent”.
Unlike an IT company that sells software, SIRI Law performs technical work as an Ancillary Legal Service. Every “scan” or “test” is framed as a step toward fulfilling a statutory mandate.
Technical Implementation: The firm uses cybersecurity engineers to conduct Vulnerability Assessments and Penetration Testing (VAPT). They identify SQL injections, broken authentication, and network misconfigurations.
The Legal Nuance: This work is documented as “Evidence of Diligence.” Under Section 43A of the IT Act and the new DPDPA, a company is liable for “negligence” if it fails to maintain reasonable security. By having a law firm conduct the test, the resulting audit report becomes a legal document that proves the company took proactive steps to meet the “Duty of Care.”
How can a Law Firm employ Cybersecurity Engineers legally?
The Advocates Act, 1961 and BCI rules prohibit lawyers from entering into profit-sharing partnerships with non-lawyers. SIRI Law navigates this through a Consultant/Expert Model.
The Structure: The LLP is owned and managed by qualified Advocates. The cybersecurity engineers are hired as Subject Matter Experts (SMEs) (SIRI Security LLC)
The Legal Basis: This is supported by Section 45 of the Indian Evidence Act, which allows the court to accept opinions from persons “specially skilled” in science or art. In a cybercrime case, the lawyer presents the strategy, and the staff engineer provides the technical “Expert Testimony” needed to explain complex logs to a judge.
If you hire a third-party IT company to find a bug and they find a massive breach, their report is a “Discoverable Document”—meaning a court or regulator can force you to hand it over as evidence of your own failure.
The SIRI Law Advantage: When the audit is performed by a law firm for the purpose of providing legal advice, it falls under Professional Communication (Section 126 of the Indian Evidence Act).
The Strategy: This creates a “Safe Harbor.” You can find your vulnerabilities, fix them under the protection of privilege, and ensure your own security report isn’t used as a “confession” in a future lawsuit.
Rule 36 of the BCI strictly prohibits advocates from soliciting work or advertising.
The Compliance Strategy: The website and all outreach are strictly Educational Knowledge Bases.
The Focus: The firm provides information on “Regulatory Compliance” (a legal service) rather than “Security Software” (a commercial product). By focusing on interpreting the law and providing the technical means to follow it, the firm remains within the bounds of professional ethics.
The primary legal advantage is Attorney-Client Privilege. Under Section 126 of the Indian Evidence Act, communications between a client and their lawyer are protected from disclosure in court. If a standard IT firm finds a massive data breach during an audit, they can be compelled to testify against you. If a law firm discovers the same breach during a “Privileged Audit,” that report is generally protected, allowing the client to fix the issue and prepare a legal defense without the audit being used as a “confession” of negligence.
Qualified Legal Attorneys
At SIRI Law LLP, our team comprises highly qualified attorneys with extensive expertise across diverse legal domains. We combine deep legal knowledge with strategic insight to deliver precise, effective solutions tailored to your unique needs. When you choose us, you gain trusted advisors dedicated to protecting your interests and driving successful outcomes.
Our Awards And Certificates
Our commitment to excellence has been recognized through numerous prestigious awards and certifications, reflecting our unwavering dedication to quality and professionalism. These accolades underscore our ability to consistently deliver superior legal services and innovative solutions that set us apart in the industry.
Over 20 Years Of Experience
With more than two decades of proven experience, SIRI Law LLP has built a reputation for reliability, integrity, and results-driven advocacy. Our seasoned team brings invaluable practical wisdom to every case, navigating complex legal landscapes with confidence and precision to secure the best possible outcomes for our clients.
Call Us 24/7
+91 7981912046
OR