The National People’s Power (NPP) Government has announced an ambitious plan to establish a nationwide artificial intelligence-powered cybersecurity framework as Sri Lanka battles a growing wave of online fraud, cybercrime, and digital identity scams. Yet despite the urgency of the threat, mounting concerns persist over the Government’s sluggish policy implementation and long-standing bureaucratic inefficiencies.
Addressing the “SL Scam Shield” Executive Breakfast Forum held in Colombo, Deputy Minister of Digital Economy Eranga Weeraratne stressed that cybersecurity must now be considered a national security priority. The statement reflects increasing anxiety within both government and private sectors over the rapid evolution of AI-driven financial fraud and cyberattacks.
Sri Lanka’s accelerating digital transformation has significantly increased exposure to cyber risks. Online banking, digital payments, electronic public services, and internet-based commerce are expanding rapidly, but cybersecurity safeguards have struggled to keep pace. Criminal networks are now exploiting artificial intelligence to carry out highly sophisticated scams, including voice impersonation, fake identities, and automated financial fraud schemes that are difficult to detect through traditional methods.
To address these challenges, the Government plans to create a centralized “National Cybersecurity Framework” integrating isolated security systems currently operated by banks, telecom providers, and public institutions. Officials claim the proposed framework will function as a real-time AI surveillance and response mechanism capable of identifying suspicious activity before financial or institutional damage occurs.
Weeraratne argued that Sri Lanka can no longer rely on passive cybersecurity structures designed for older forms of digital threats. Instead, authorities envision an “Autonomic Security” model powered by artificial intelligence to continuously monitor networks and respond instantly to emerging attacks.
Despite the strong policy narrative, observers point to a familiar pattern that has plagued previous digital reform efforts in Sri Lanka ambitious announcements followed by weak implementation. Analysts note that several technology modernization programs introduced by successive governments have stalled due to administrative delays, overlapping institutional responsibilities, lack of funding clarity, and poor coordination among agencies.
The fragmented nature of Sri Lanka’s cybersecurity landscape remains another major obstacle. State institutions, financial entities, and telecommunications companies often operate independently with minimal data-sharing frameworks. Experts warn that unless the Government establishes strong regulatory oversight and clear operational protocols, the proposed unified cybersecurity architecture could remain largely theoretical.
The administration is also relying heavily on collaboration with the private technology sector. Google Cloud and NCINGA have joined the “Scam Shield” initiative to help develop AI-based fraud detection systems tailored for Sri Lanka. Government officials praise the partnership as a critical step toward building local cybersecurity capacity, although critics argue that private-sector involvement alone cannot compensate for weak state-level execution.
As cybercrime continues to rise globally, Sri Lanka faces increasing pressure to modernize its digital defenses before public confidence in online systems deteriorates further. While the NPP Government’s proposal signals recognition of a serious national threat, many remain skeptical whether the administration possesses the institutional urgency and operational discipline necessary to implement a cybersecurity strategy of this scale effectively.
By a Special Correspondent