Criminal Penalties Stifle Digital Innovation

This provision imposes criminal imprisonment of up to 7 years for regulatory violations like hosting data without accreditation and up to 5 years for negligent cybersecurity breaches—penalties that far exceed international norms where such violations typically incur administrative fines. The immediate suspension of ICT operations for obstruction (97.7) bypasses the procedural fairness requirements in 93, allowing businesses to be shut down without notice or hearing. Combined with catastrophic financial penalties (10% of turnover or 10,000 penalty units, whichever is higher) and permanent license revocation for undefined "repeated violations," this creates a chilling effect on digital innovation by making regulatory experimentation and rapid iteration—essential to tech startups—legally perilous.