On February 9th, 2026, the Central Board of Secondary Education (“CBSE”) notified the deployment of an On-Screen Marking (“OSM”) digital evaluation system for Class 12 answer scripts, hosted at https://cbse.onmark.co.in/cbseevalweb/. The platform runs on the “OnMark” application of M/s Coempt EduTeck Pvt. Ltd., a private entity engaged by CBSE. The portal was used by several thousand evaluators nationwide to mark the scanned answer scripts of millions of Class 12 students in the 2025-26 academic cycle.
The OSM system was introduced as a measure to reduce human error and to bring greater transparency to the evaluation process. However, the portal was placed in live, production-scale use without adequate pre-deployment security testing, in apparent breach of applicable government cybersecurity standards and guidelines. This failure directly affects the examination results, academic futures, and personal data of 17.8 lakh Class 12 students and their examiners.
SFLC.in has sent representation to the Department of School Education and Literacy, CERT-In, CBSE, and the Ministry of Electronics and Information Technology, under Section 70B of the Information Technology Act, 2000 read with Rule 12 of the CERT-In Rules, 2013 and the CERT-In Cyber Security Directions dated 28 April 2022, seeking:
- Investigation into the conduct of the CBSE in respect of critical security vulnerabilities in its OSM Portal (cbse.onmark.co.in);
- Immediate remedial measures and forensic audit
- Mandatory incident report compliance
- Notification to affected data principals
- Transparent public accountability
Read the full letter here:
