Child protection in the digital age: A policy analysis of Sri Lanka's cybersecurity measures and legal frameworks

Abstract

Background: The rapid digitalization of Sri Lankan society has resulted in excessive access to online platforms by children for education, socialization, and recreation. While this connectivity brings numerous benefits, it simultaneously exposes children to a wide spectrum of cyber threats including cyberbullying, online grooming, sextortion, exposure to inappropriate content, and privacy violations. These risks underscore the urgent need for robust cybersecurity policies specifically designed to safeguard children's rights and well-being in the digital environment. Method: This study provides a comprehensive policy analysis of Sri Lanka's cybersecurity and legal frameworks aimed at child protection. It examines key legislative instruments such as the Computer Crimes Act No. 24 of 2007, amendments to the Penal Code relating to cyber offenses, and the Personal Data Protection Act No. 9 of 2022. The study also reviews policy initiatives including the National Cyber Security Strategy 2020-2025 to assess their adequacy in addressing child-specific online safety challenges. The research integrates qualitative document analysis with semi-structured interviews of key stakeholders from institutions such as the National Child Protection Authority (NCPA), Sri Lanka Computer Emergency Readiness Team Coordination Centre (CERT CC), and the Police Cyber Crime Unit. These engagements reveal practical enforcement challenges, institutional capacity constraints, and the current state of inter-agency coordination. Results: Findings highlight critical gaps such as the limited inclusion of child-specific protections within existing cyber laws, fragmented institutional responses, and a lack of comprehensive digital literacy and awareness programs tailored for children, parents, and educators. The study further benchmarks Sri Lanka's legal and policy frameworks against international conventions including the United Nations Convention on the Rights of the Child (UNCRC) and the Council of Europe's Budapest Convention on Cybercrime, identifying areas for legislative harmonization and policy strengthening. Conclusion: This analysis concludes in strategic recommendations to enhance integrating child-specific protections into cyber laws, strengthening institutional collaboration, improving digital literacy at school and community levels, and building enforcement capacity. As digital risks continue to evolve, ensuring child safety online must become a core part of Sri Lanka's national security and public policy agenda.