India’s school safety guidelines were designed to manage natural disasters, but the recent wave of hoax bomb-threat emails targeting schools shows this framework is far less prepared for intentional, digital-age disruptions
In a familiar pattern, several schools across Delhi-NCR, Punjab, Gujarat, Karnataka, Rajasthan, and other states have received a series of bomb-threat emails in recent weeks. In most cases, explosives were not found; however, the threats triggered evacuations, emergency searches, exam disruptions, and widespread anxiety among students and parents. Police and emergency services were repeatedly mobilised at short notice, only for many of these incidents to turn out to be hoaxes.
These threats represent a low-cost, high-impact mode of disruption, leveraging digital anonymity to target institutions such as schools and hospitals, where emotional sensitivity is high. In this context, the key question is not whether India has school safety rules, but whether its existing safety and disaster-response systems are equipped to handle modern, information-based threats.
India’s school safety architecture is relatively comprehensive. It primarily includes the National Disaster Management Guidelines: School Safety Policy (2016), which adopts an explicit all-hazards approach covering both natural and man-made risks, and the Guidelines on School Safety and Security (2021) issued by the Department of School Education and Literacy (DoSEL), which advances a “whole school safety” framework and assigns clear responsibility to school management. Both emphasise preparedness and aim to protect students not only from physical harm but also from mental and psychosocial distress as part of a broader understanding of school safety.
As a result, schools are often left to improvise responses to bomb-threat emails, frequently defaulting to full evacuations because they appear to be the safest and least contestable option.
Taken together, these frameworks allow bomb threats to be reasonably interpreted as falling within the scope of school safety—man-made hazards capable of inducing panic, stampedes, trauma, and sustained disruption to learning. The guidelines also emphasise coordination with district administrations, police, and disaster management authorities, and require schools to prepare all-hazards safety or disaster management plans
However, these provisions represent only a starting point. The limitations become evident when moving from conceptual coverage to operational readiness, which reveals four critical gaps.
First, despite the all-hazards framing, the operational emphasis of India’s school safety and disaster management ecosystem remains heavily skewed towards natural and accidental emergencies such as earthquakes, floods, cyclones, fires, and infrastructure failures. Model plans, annexures, drills, and training modules overwhelmingly reflect these scenarios. By contrast, intentional, threat-based incidents, particularly those communicated digitally, receive little explicit operational attention. As a result, schools are often left to improvise responses to bomb-threat emails, frequently defaulting to full evacuations because they appear to be the safest and least contestable option. While understandable, this is not always optimal. Evacuations themselves carry risks, especially on densely populated school campuses, and repeated evacuations can normalise disruption.
Second, the 2021 School Safety and Security Guidelines acknowledge cyber safety and reference the IT Rules within the broader legal framework applicable to schools. However, digital threat communications are not operationalised as evidence-sensitive or cybercrime-linked incidents within school safety procedures. The guidelines do not provide operational instructions on preserving threatening emails, securing metadata, preventing evidence degradation through forwarding or deletion, or coordinating systematically with cybercrime units. In practice, a threat email is treated primarily as an alarm trigger rather than as a digital artefact that could help identify patterns, perpetrators, or cross-border linkages. In an environment where a single anonymous email often routed through anonymisation tools or overseas servers can disrupt dozens of schools in a day, this omission represents a significant governance blind spot.
Third, neither the disaster management guidelines nor the school safety guidelines provides a structured method for assessing the credibility of threats. There is no framework to distinguish between generic hoaxes and specific, actionable threats, nor guidance on when evacuation is necessary, as opposed to when schools can shelter in place or continue operations under monitoring. This absence creates two symmetrical risks: either an immediate panic-driven reaction that makes disruption easy and repeatable, or underreaction due to a cry-wolf effect, which can delay decisive action in genuinely dangerous situations. In effect, the lack of decision-support mechanisms places the entire burden of judgment on individual principals and district officials.
In practice, a threat email is treated primarily as an alarm trigger rather than as a digital artefact that could help identify patterns, perpetrators, or cross-border linkages.
Fourth, the guidelines are largely silent on real-time communication with parents and the public during security incidents. In practice, information circulates rapidly through informal digital channels such as parent groups, social media, and messaging platforms, often outpacing official communication and amplifying fear. In such situations, poor communication can itself become a safety risk.
The Delhi Directorate of Education (DoE) issued a notification on standard operating procedures (SOPs) in 2025 following a High Court direction. While the SOP outlines preventive, preparatory, response, and recovery measures, and specifies roles and responsibilities for school heads, teachers, parents, police, fire services, and district authorities, its focus remains centred on evacuation plans, CCTV coverage, drills, and coordination with emergency services. Its state-specific scope does not address the need for a national SOP, which is essential for ensuring uniform standards, enabling cross-state pattern detection, and supporting scalable responses to rising interstate hoaxes. Moreover, if such reforms draw on international best practices and lessons from other sectors, such as aviation, the playbook can shift from panic to preparedness, helping ensure that India’s schools are resilient to digitally driven disruptions.
Several countries in North America, Europe, and the Baltic states have, in the past, faced coordinated bomb threat emails or social media posts targeting schools and other public institutions. These incidents have shown similar patterns, often involving hoaxes, copycat behaviour, or cross-border digital intimidation. In response, many countries have issued national guidance—for example, from the National Counter Terrorism Security Office in the United Kingdom (UK) and the Cybersecurity and Infrastructure Security Agency in the United States (US)—outlining how educational institutions should respond to bomb threats.
While institutional contexts differ, three broad design principles recur in international guidance: (i) an emphasis on evidence preservation alongside immediate safety; (ii) structured threat assessment to avoid secondary risks rather than defaulting to immediate evacuation; and (iii) the use of standardised communication protocols to limit panic and discourage imitation.
While no comparable estimate exists for India, available evidence suggests that swatting—hoax emergency reports such as bomb threats, active shooters, or hostage situations—can cost between US$ 125 and US$ 150 per responder per hour. Lost instructional time, student absenteeism, mental health effects, and poor threat communication can further multiply the overall costs of such incidents.
Targeted grants for rural CCTV coverage, cyber training, and police capacity, along with performance incentives, could help ease the operational burden on principals and teachers.
Drawing on these lessons, the Ministry of Education, in coordination with the Ministry of Home Affairs and the National Disaster Management Authority, should issue a national Standard Operating Procedure (SOP) specifically addressing bomb threats and similar intimidation incidents affecting schools. These guidelines should:
While SOPs can incorporate these measures, it is equally important to address likely barriers to their implementation. Funding should therefore be tied to state education budgets to mitigate uneven adoption across states. For instance, a 2025 audit by the Comptroller and Auditor General of India (CAG) noted that only 22 percent of sampled schools had prepared school safety plans, many of which were not compliant with existing guidelines. Targeted grants for rural CCTV coverage, cyber training, and police capacity, along with performance incentives, could help ease the operational burden on principals and teachers.
As long as disruption can be generated cheaply and anonymously, hoax bomb-threat tactics are likely to persist. India’s task is to move away from panic-driven responses towards structured threat management, while reducing the payoff of disruption. This requires updating frameworks designed for yesterday’s disasters and adapting them to the governance challenges of the digital age.
Arpan Tulsyan is a Senior Fellow with the Centre for New Economic Diplomacy at the Observer Research Foundation.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Arpan Tulsyan is a Senior Fellow at ORF’s Centre for New Economic Diplomacy (CNED). With 16 years of experience in development research and policy advocacy, Arpan ...
Read More +
PREV
