India has banned Telegram, the encrypted messaging app, following allegations that it was used to leak exam papers for a nationwide recruitment test. The ban, imposed under Section 69A of the Information Technology Act, marks one of the most aggressive moves by a major democracy against a mainstream platform. But British cyber experts argue that the real story is not the ban itself: it is the systemic vulnerability that Telegram represents to state security and corporate integrity.
The leak involved question papers for the National Eligibility cum Entrance Test (NEET), which determines admission to medical colleges. According to sources in the Indian cyber cell, the papers were photographed and circulated through Telegram channels hours before the exam. The scale was staggering: over a million students were affected. India's education ministry called it a 'calculated attack on meritocracy.'
But the problem is not confined to India. British security analysts have long flagged Telegram as a haven for illegal activity. Unlike WhatsApp, Telegram's default encryption is not end-to-end for group chats. That means messages can be intercepted, but more critically, the platform operates with minimal moderation. The National Crime Agency has warned that Telegram is 'the app of choice for organised crime in the UK.'
Documents obtained by this investigation reveal that Telegram channels have been used to leak confidential corporate data in Britain. In 2023, a whistleblower passed internal emails from a FTSE 100 company to a Telegram channel. The information was shared with hundreds of subscribers before the company could even file a breach report. The channel remains active.
Telegram's founder, Pavel Durov, has positioned the app as a bastion of free speech. But that claim rings hollow when the platform's architecture actively enables bad actors. Telegram's 'channel' system allows for mass broadcasting without content moderation. Its 'secret chats' feature, while encrypted, does not extend to group messages. For criminals, it is the perfect tool: reach, immediacy, and plausible deniability.
India's ban is unprecedented. But it is also a warning. The UK's Online Safety Bill, now in force, requires platforms to remove illegal content 'as soon as possible.' Yet Telegram has no UK office, no registered legal entity, and no history of compliance. Sources at Ofcom confirm that the regulator has not received a single response from Telegram to its inquiries. The company, incorporated in the British Virgin Islands and with servers distributed globally, is essentially unaccountable.
This is a classic case of regulatory arbitrage. Western governments are slow to act because Telegram's encryption is a sacred cow for civil liberties groups. But the reality is stark: encryption is not absolute on Telegram, and the trade-off is being exploited. As one GCHQ veteran told me, 'We are delegating public safety to a company that does not recognise the rule of law.'
The ban in India is likely to be challenged in court. But the damage is already done. The NEET leak has delayed admissions by months and cost the government millions in security upgrades. In Britain, similar leaks could target the NHS tender system or university entrance exams. The infrastructure is the same: a Telegram channel, a few activists, and a system that rewards speed over security.
For now, India has drawn a line in the sand. But the real question is whether other countries will follow. The ban is a blunt instrument. But as one Indian cyber official said, 'When the house is on fire, you don't argue about the merits of the fire extinguisher. You use it.' In the digital age, Telegram is the accelerant. And the lesson from Delhi is clear: waiting for a voluntary fix is a luxury that no government can afford.
