The Information Technology Act, 2000 (ITA-2000) is the primary legislation in India which deals with cybercrime and electronic commerce.


It applies to the whole of India. Persons of other nationalities can also be charged if the crime involves a computer or network located in India.

If an online resource (servers, computers, networks) is based in India, i.e. is physically within the territorial limits of India, it would fall under the purview of the Information Technology Act, and any individual accessing this resource would, regardless of their own geographical location or nationality, be subject to India's cyber laws. This primarily reflects India's prescriptive jurisdiction, but may not address the limits which international law places on its jurisdiction. The laws could only be meaningful if backed with provisions recognizing orders and warrants for information issued by competent authorities outside the jurisdiction as well as measures for cooperation between law enforcement agencies.


Major amendments were made to the ITA-2000 in 2008, which are summarized below. The amendments were passed by both House of Parliament in December 2008 and signed by the President in February 2009.

  1. Definitions Added: Two important definitions were added ("communication device" and "intermediary"). Any prior ambiguity regarding "communication device" is removed and includes any device used to communicate, send or transmit any text, video, audio or image. "Intermediary" similarly clarifies the categories of service providers that come within its definition, including telecom service providers, network service providers, internet service provider, webhosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.
  2. Electronic signatures introduced: India has adopted electronic signatures as a legally valid mode of executing signatures. This includes digital signatures. The ambit of electronic signatures is broad and covers biometrics and other new forms of creating electronic signatures.
  3. Legal validity of electronic documents re-emphasized: New sections reinforce the equivalence of paper based documents to electronic documents. In the amended Act an audit of electronic documents is also necessary wherever paper based documents are required to be audited by law. It also confers legal validity and enforceability on contracts formed through electronic means.
  4. New offences: For example, sending of offensive or false messages, receiving stolen computer resources, identity theft, cheating by personation and violation of privacy. A new offence of Cyber terrorism has been added which covers any act committed with intent to threaten unity, integrity, security or sovereignty of India or cause terror.
  5. Corporate responsibility introduced: Responsibility for data protection is incorporated in the amended act, whereby corporate bodies handling sensitive personal information or data in a computer resource are under an obligation to ensure adoption of 'reasonable security practices‟ to maintain its secrecy, failing which they may be liable to pay damages.
  6. Power of the controller to intercept: The power now vests with the Central Government or State Government that empowers it to appoint for reasons in writing, any agency to intercept, monitor or decrypt any information in any computer resource. This power is to be exercised with great caution and only when it is satisfied that it is necessary or expedient to do so.
  7. Power to block unlawful websites: Power has been given to the Central government or any authorized officer to direct any agency or intermediary to block websites in special circumstances. The grounds on which such blocking is possible are quite wide and include websites promoting hate, slander, defamation, gambling, racism, violence, terrorism, pornography, etc.
  8. Power to collect and monitor traffic data: The Central Government has the power to appoint any agency to monitor and collect traffic data or information in any computer resource in order to enhance its cyber security and for identification, analysis, and prevention of intrusion or spread of computer contaminants in the country.
  9. Liability of Intermediary: The intermediary shall now not be liable for any third party information if it is only providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted and if the intermediary does not initiate the transmission, select the receiver and select or modify the information contained in transmission.

Dispute Resolution Mechanism

The Act provides for the establishment of quasi-judicial bodies, namely adjudicating officers to hear disputes (offences of a civil nature as well as criminal offences). The adjudicating officer has the power to both award compensation as damages in a civil remedy, as well as impose penalties for the contravention of the Act, and therefore has powers of both civil and criminal courts. The first appellate body is the Cyber Appellate Tribunal, consisting of a Chairperson and any other members so prescribed by the Central Government. A second appeal may be filed before a High Court having jurisdiction, within 60 days from the date of communication of the order of the Cyber Appellate Tribunal.

Case study

In November 2012, a Delhi-based law student, Shreya Singhal, filed a Public Interest Litigation (PIL) in the Supreme Court of India. She argued that the Section 66A (Punishment for sending offensive messages through communication service, etc.) was vaguely phrased, as a result it violated Article 14 (Equality before law), 19 (1)(a) (Right to freedom of speech and expression) and Article 21 (Protection of life and personal liberty) of the Constitution. She also questioned the validity of Sections 69A and 79 of the Act. The PIL was accepted on 29 November 2012. On 24 March 2015, the Supreme Court of India, held that Section 66A is unconstitutional because it "arbitrarily, excessively and disproportionately invades right of free speech and upsets balance between such right and reasonable restrictions that may be imposed on such right" and the Supreme Court therefore struck down Section 66A. It however rejected the plea to strike down Sections 69A and 79.

Originally published August 2016

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.