Sri Lanka cybersecurity plans using AI raise hopes against online fraud, but critics warn weak execution could derail the national effort.
Sri Lanka cybersecurity efforts are entering a critical phase after the National People’s Power Government announced an ambitious plan to build a nationwide artificial intelligence-powered framework to fight online fraud, cybercrime, and digital identity scams.
Yet despite the seriousness of the threat, concerns are growing over whether the Government can move beyond strong announcements and overcome its familiar weaknesses of slow policy execution and bureaucratic inefficiency.
Speaking at the “SL Scam Shield” Executive Breakfast Forum in Colombo, Deputy Minister of Digital Economy Eranga Weeraratne said cybersecurity must now be treated as a national security priority.
His remarks reflect rising concern across both government and private sectors over the rapid growth of AI-driven financial fraud and cyberattacks.
Sri Lanka’s fast-moving digital transformation has sharply increased exposure to cyber risks. Online banking, digital payments, electronic public services, and internet-based commerce are expanding, but cybersecurity protections have struggled to keep pace.
Criminal networks are now using artificial intelligence to launch more sophisticated scams, including voice impersonation, fake identities, and automated financial fraud schemes that are difficult to detect through traditional systems.
To confront these threats, the Government plans to establish a centralized “National Cybersecurity Framework” by integrating isolated security systems currently operated by banks, telecom providers, and public institutions.
Officials say the proposed system will work as a real-time AI surveillance and response mechanism capable of identifying suspicious activity before serious financial or institutional damage occurs.
Weeraratne argued that Sri Lanka can no longer depend on passive cybersecurity structures built for older digital threats.
Instead, authorities are proposing an “Autonomic Security” model powered by artificial intelligence, designed to continuously monitor networks and respond instantly to emerging attacks.
However, despite the strong policy language, observers point to a pattern that has repeatedly weakened Sri Lanka’s digital reform agenda: ambitious announcements followed by poor implementation.
Analysts note that several technology modernization programs introduced by successive governments have stalled because of administrative delays, overlapping institutional responsibilities, unclear funding, and weak coordination among agencies.
The fragmented nature of Sri Lanka’s cybersecurity environment remains another serious barrier.
State institutions, financial organizations, and telecommunications companies often function independently, with limited data-sharing structures between them.
Experts warn that unless the Government creates strong regulatory oversight and clear operational protocols, the proposed unified cybersecurity architecture could remain more theoretical than practical.
The administration is also placing significant reliance on private technology sector collaboration.
Google Cloud and NCINGA have joined the “Scam Shield” initiative to help develop AI-based fraud detection systems designed for Sri Lanka’s local threat environment.
Government officials describe the partnership as an important step toward building domestic cybersecurity capacity.
Critics, however, argue that private-sector involvement alone cannot compensate for weak state-level execution or unclear institutional responsibility.
As cybercrime continues to rise globally, Sri Lanka faces mounting pressure to modernize its digital defenses before public confidence in online systems erodes further.
While the NPP Government’s proposal shows recognition of a serious national threat, many remain doubtful that the administration has the urgency, coordination, and operational discipline needed to deliver a cybersecurity strategy of this scale effectively.
