Beyond the Blue Horizon: Modi's Seychelles Visit and the Unfinished Cyber Agenda

A landmark state visit deepens one of India's most trusted Indian Ocean partnerships — but in the digital and cyber domain, the promise outpaces the architecture.

A Return After Eleven Years

When Prime Minister Narendra Modi landed in Victoria on June 27, 2026, it was his first visit to Seychelles in eleven years. The occasion was historic: he attended as Guest of Honour at the Golden Jubilee of Seychelles' National Day, addressed the National Assembly, and was conferred the honorary title of "Guardian of the Blue Horizon" — the first such honour bestowed by the island nation — for his commitment to environmental conservation and advocacy for Small Island Developing States.

The symbolism was deliberate. Fifty years of independence, fifty years of diplomatic ties with India, and a bilateral relationship that has quietly deepened into one of the more substantive partnerships in the Western Indian Ocean. The three-day state visit produced nineteen announced outcomes — spanning an extradition treaty, UPI-based digital payments, an outer space cooperation agreement, a fast patrol vessel handover, defence equipment transfers, healthcare MoUs, agricultural ties, and commitments to expand cybersecurity cooperation.

But it is the cyber and digital dimension of this partnership — newly elevated, urgently needed, and still in formation — that deserves the most careful reading.

The Strategic Context: MAHASAGAR and a Contested Ocean

The visit builds directly on the SESEL (Sustainability, Economic Growth and Security through Enhanced Linkages) Joint Vision adopted during Seychelles President Patrick Herminie's state visit to India in February 2026 — one of the most intensive periods of bilateral engagement the two countries have seen. India announced a USD 175 million Special Economic Package, and both sides signed seven MoUs covering maritime security, digital cooperation, blue economy, education, and capacity building.

Modi's visit in June was the capstone of that momentum — and the first visit by an Indian Prime Minister under the MAHASAGAR (Mutual and Holistic Advancement for Security and Growth Across Regions) doctrine, unveiled by Modi in March 2025. MAHASAGAR expands the older SAGAR framework beyond the Indian Ocean Region to a broader vision of maritime security, development partnerships, technology cooperation, and capacity building with the Global South.

Seychelles is strategically central to this vision. The archipelago sits astride some of the world's busiest shipping lanes, controls a vast Exclusive Economic Zone, and is geographically placed between the African coast and the broader Indo-Pacific. India has historically been Seychelles' foremost security partner — and Modi's visit came as Seychelles also marked 50 years of diplomatic ties with China, a detail that adds quiet competitive weight to every outcome announced in Victoria.

Seychelles' Cyber Maturity: An Honest Assessment

To understand why cybersecurity cooperation between India and Seychelles matters — and where the gaps lie — it is necessary to take stock of where Seychelles stands in its digital and cyber development.

Legislative Progress: A Late but Meaningful Start

For much of its post-independence history, Seychelles relied on the Computer Misuse Act 1998 — a dated instrument built for an era of dial-up modems — as its primary legislative response to digital threats. That framework criminalised unauthorised access, access with criminal intent, and unauthorised modification of computer material. It was better than nothing; it was not adequate for the 21st century.

The turning point came with the Cybercrimes and Other Related Crimes Act 2021 (Act 59 of 2021), which repealed the 1998 law and introduced a substantially upgraded framework. The 2021 Act defines a broader range of cybercrime offences, establishes powers and procedures for cybercrime investigations, provides for the collection of electronic evidence, enables search and seizure, data preservation, and — importantly — contains mutual legal assistance provisions. This last element is particularly relevant given the transnational nature of most digital threats faced by small island states.

Complementing this is the Electronic Transactions Act and a Data Protection Act, which provides partial coverage of personal data rights. The legislative architecture, while not yet at the standard of a Malaysia or Singapore, has moved meaningfully forward.

The Strategy: Ambitious Goals, Ongoing Implementation

Seychelles published a National Cybersecurity Strategy for 2019–2024 under the auspices of its Department of ICT. The strategy set five goals: a robust legal framework; protection of ICT infrastructure; national coordination and governance; workforce capability; and international cooperation. It envisaged the establishment of a National Computer Emergency Response Team (CERT-SC) and a Cybersecurity Unit within the Department of ICT.

CERT-SC has since been launched, operating under the Department of Information Communications Technology (DICT), charged with cyber threat monitoring, incident tracking, and national cybersecurity awareness. The National Cybersecurity Coordination Committee (NCCC), housed under the Ministry of Internal Affairs, provides strategic coordination — overseeing threat assessment, incident response coordination, information sharing, and liaison with the Security Operations Centre (SOC) and National CERT.

These are significant institutional achievements for a country of roughly 100,000 people. The strategy's international cooperation pillar explicitly called for building relationships with foreign CERTs and strengthening law enforcement through partnerships with foreign agencies that can provide forensic and investigative support in complex cybercrime cases.

The Gaps: What the Framework Cannot Yet Do

For all this progress, Seychelles' cybersecurity posture carries structural limitations that honest assessments must acknowledge.

Scale constraints are real. A country with a small professional population simply cannot develop deep bench strength in specialised cybersecurity disciplines — threat intelligence analysis, digital forensics, offensive cyber awareness, critical infrastructure protection — purely through domestic capacity. The workforce challenge is acute.

Critical infrastructure protection remains nascent. Seychelles' economic dependence on tourism (which Foreign Minister Barry Faure noted contributes around 30% of GDP), financial services, and fisheries means its critical digital infrastructure — booking systems, banking platforms, maritime logistics — are high-value targets for financially motivated cybercriminals. The sophistication of protection for these assets has not always matched their economic centrality.

The military cyber dimension is limited. Seychelles does not have an established cyber command or dedicated military cyber operations unit. While the National Cyber Security Index (NCSI) notes some progress in basic indicators — cybercrime legislation, a government entity for combating cybercrime, digital forensics capability, and an international 24/7 contact point — the indicators for military cyber capacity, crisis reserves, and national strategic threat analysis remain thinner.

The 2019–2024 strategy needs a successor. The five-year framework has expired without a publicly announced replacement, though the SESEL Joint Vision and India engagement may help shape the next iteration. The absence of a current published strategy leaves an institutional gap.

India-Seychelles Cyber Diplomacy: What Has Been Built

The bilateral cyber and digital relationship has developed along several distinct tracks.

Digital Public Infrastructure

The most concrete and ambitious strand of digital cooperation is India's offer to support Digital Public Infrastructure (DPI) in Seychelles. This is not merely a technology transfer — it reflects India's broader DPI diplomacy, where the India Stack (Aadhaar for identity, UPI for payments, DigiLocker for documents) has become an export product for the Global South.

A key outcome of Modi's June 2026 visit was the agreement between the National Payments Corporation of India (NPCI) International Payments Limited and the Central Bank of Seychelles to advance UPI-based digital payments in Seychelles. This is the entry point of the DPI relationship: once payment infrastructure is shared, questions of data governance, fraud management, cybersecurity standards for financial systems, and incident response protocols necessarily follow.

In his address to the Seychelles National Assembly, Modi explicitly connected DPI to governance: India's digital public infrastructure, he said, has demonstrated "how technology can expand opportunity and improve governance, boost financial inclusion and deliver services for hundreds of millions of people" — and India would be happy to share those experiences as Seychelles pursues its own digital transformation.

Cybersecurity in the SESEL and ITEC Frameworks

Cybersecurity cooperation is named explicitly in both the SESEL Joint Vision and the Indian Technical and Economic Cooperation (ITEC) programme. Both sides agreed to strengthen collaboration in cybersecurity, alongside finance, policing, climate change, marine sciences, and MSME promotion. Training for Seychellois civil servants and professionals through the National Centre for Good Governance in India has been committed.

Ahead of Modi's visit, India's High Commissioner Rohit Rathish described the two countries as "looking to introduce new areas of cooperation like Artificial Intelligence, cyberspace, cybersecurity, marine sciences and conservation and blue economy." Seychelles Foreign Minister Barry Faure confirmed that agreements expected to be signed would cover, among other areas, cybersecurity.

This signals a qualitative shift — from cybersecurity as a line item in capacity building to cybersecurity as a distinct cooperation track. Whether that commitment produces operational depth will depend on what follows in implementation.

Maritime Domain Awareness: The Physical-Digital Bridge

One of the most developed and operationally significant aspects of India-Seychelles cooperation sits at the intersection of maritime security and digital infrastructure. India established a Coastal Surveillance Radar System (CSRS) across Seychelles' outer islands, supplied two Dornier maritime surveillance aircraft, and during the June 2026 visit, handed over the fast patrol vessel PS LESPWAR, utility vehicles, and laser radial boats.

What is less discussed — but strategically important — is that maritime domain awareness is fundamentally a data and information management challenge. The CSRS produces intelligence. The Dornier surveillance aircraft generates signals and imagery. The coordination of this information, its communication and analysis in real time, and its protection from adversarial interference are inherently cyber problems. India has, in effect, delivered a physical digital-sensing infrastructure to Seychelles without yet fully addressing the cyber resilience of that infrastructure itself.

The 11th edition of Exercise Lamitye (meaning "friendship" in Creole), elevated to tri-service level in March 2026, represents deepening military cooperation. Seychelles has also conveyed intent to join the Colombo Security Conclave as a full member and participates in multilateral exercises MILAN and PRAGATI. None of these frameworks yet have a formal cyber component — a gap that becomes more significant as the physical systems they protect become more digitally interconnected.

The Gaps: Where the Cyber Partnership Falls Short

Identifying the strengths of the India-Seychelles relationship is relatively straightforward. The harder analytical task is naming where the partnership, despite its ambition, has not yet built the structures that the threats require.

No Bilateral Cyber Incident Response Mechanism

There is no publicly confirmed bilateral agreement between India and Seychelles on cybersecurity incident response — no hotline between CERT-SC and CERT-In (India's national CERT), no memorandum of understanding on real-time threat intelligence sharing, and no framework for joint response to cyber incidents affecting shared infrastructure. The SESEL Joint Vision mentions cybersecurity cooperation, but commitments at the Joint Vision level need operational translation into institutional architecture.

India has signed cyber cooperation MoUs with a number of countries. Seychelles — despite being described as a "key partner" in MAHASAGAR and a trusted ally in maritime security — does not appear to have such a bilateral instrument. The June 2026 outcomes list does not include one.

Digital Payments Without Cyber Assurance

The UPI agreement is a welcome development for financial inclusion and economic integration. But UPI-based payment systems are also attractive targets for fraud, phishing, and social engineering attacks — as India's own experience with UPI fraud demonstrates. Deploying digital payment infrastructure in a country where cybersecurity capacity is still developing requires parallel investment in fraud detection, consumer awareness, incident response, and regulatory oversight.

The Seychellois Central Bank and the financial sector will need guidance on cybersecurity standards for UPI implementation. Whether India's deployment model includes cybersecurity handholding — rather than simply technology transfer — will determine whether this becomes a genuine capacity builder or a vulnerability exporter.

The Military-Cyber Dimension Is Absent

India's defence cooperation with Seychelles is mature in the physical domain: vessels, aircraft, radar systems, joint exercises, training. It has not yet extended explicitly into the cyber domain. There is no reported joint cyber exercise, no cyber defence training programme under the defence cooperation framework, and no mention of information security protocols for the communications systems India has helped Seychelles build and operate.

As India's own defence doctrine increasingly incorporates cyber and electronic warfare dimensions — and as maritime surveillance systems become software-defined — this gap becomes tactically significant. A coastal radar network that can be spoofed or disrupted; surveillance aircraft communications that can be intercepted; a maritime operations centre whose data can be corrupted — these are not hypothetical concerns. They are precisely the vulnerabilities that adversaries with Indian Ocean interests would prioritise.

No Successor Cybersecurity Strategy for Seychelles

With Seychelles' National Cybersecurity Strategy 2019–2024 having elapsed, there is a strategic planning vacuum at the national level. India's engagement — through ITEC training, DPI deployment, and capacity building commitments — lacks a Seychellois strategic document to align with. Effective cyber diplomacy requires a partner state with a clear national roadmap; without one, India's contributions risk being piecemeal rather than architecturally coherent.

This is an area where India could be most useful: supporting Seychelles in developing its next national cybersecurity strategy, drawing on the experience of CERT-In, the National Cyber Security Policy, and India's own evolving regulatory framework.

What a Complete Cyber Partnership Would Look Like

The India-Seychelles relationship has the warmth, the institutional history, and now the political momentum to develop a genuinely comprehensive cyber partnership. The building blocks exist. What is missing is the explicit architecture. A fuller bilateral cyber framework would include:

A formal bilateral CERT-to-CERT cooperation agreement between CERT-SC and CERT-In, with defined protocols for threat intelligence sharing, incident notification, and joint response to attacks on shared or interconnected infrastructure.

Cybersecurity technical assistance for UPI deployment, ensuring that the rollout of digital payment systems in Seychelles is accompanied by fraud monitoring, consumer protection standards, and incident response capacity adequate to the platform's risk profile.

A cyber component within Exercise Lamitye, introducing joint cyber scenario exercises — tabletop drills, incident response simulations, and information sharing protocols — to the existing defence exercise framework.

Indian support for Seychelles' next national cybersecurity strategy, using the ITEC framework to provide advisory support for strategy development, drawing on expertise from CERT-In, the National Cyber Security Coordinator's office, and the Digital India ecosystem.

A dedicated cyber track in the SESEL implementation framework, with defined deliverables, timelines, and institutional owners on both sides, rather than cybersecurity appearing as a general cooperation aspiration.

Conclusion: Partnership at the Threshold of a New Domain

PM Modi's visit to Seychelles was a reminder of how much two countries can build through consistent, patient partnership — maritime surveillance radars, naval vessels, hospital infrastructure, trade linkages, a diaspora that bridges cultures. The fifty-year relationship is real, warm, and strategically significant.

The cybersecurity chapter of that story is just beginning to be written. Seychelles has enacted a modern cybercrime law, published a national strategy, and established the institutional foundations — a CERT, a coordination committee, a legislative base — that a more mature cyber posture will require. India has the capacity, the credibility, and the demonstrated commitment to Global South digital empowerment to be the partner of choice for the next phase of that journey.

What the visit in June 2026 achieved was to name cybersecurity as a domain of cooperation and to commit resources, in general terms, to building it. What the next chapter requires is specificity: a CERT agreement, a cyber exercise, a strategy partnership, and a cybersecurity assurance wrapper around every piece of digital infrastructure that India helps Seychelles deploy.

The ocean they share is vast. The threats traversing it are not only maritime. In the decade ahead, the India-Seychelles partnership will be tested as much in cyberspace as on the water — and the groundwork for that contest is being laid now.