The Information Technology Act, 2000 - India

The Information Technology Act, 2000

The Information Technology (IT) Act, 2000 stands as India's cornerstone legislation for governing the digital world, encompassing cybercrime and electronic commerce. Before its enactment, India lacked a specific legal framework to address offenses committed via digital means, leaving significant gaps that traditional laws like the Indian Penal Code could not fill. The IT Act was introduced to create a comprehensive legal structure for the burgeoning digital ecosystem. It provides the legal framework for e-governance, gives legal sanctity to electronic records and digital signatures, and crucially, defines and penalizes a wide array of cybercrimes. By doing so, it not only facilitates secure digital transactions and e-commerce but also establishes a deterrent against illegal online activities, thereby protecting individuals, businesses, and government entities in the cyberspace.

The main objective of the Act is to provide legal recognition for transactions carried out through electronic data interchange and other electronic means. It aims to promote secure digital transactions, facilitate the handling of cybercrimes, and ensure the safe use of the internet for e-governance and individual purposes.

1996

The United Nations Commission on International Trade Law (UNCITRAL) adopts the Model Law on Electronic Commerce, providing a template for countries to develop their own e-commerce legislation.

1997

The UN General Assembly recommends that all member states consider the UNCITRAL Model Law when enacting or revising their own laws related to electronic commerce.

October 17, 2000

The Information Technology Act, 2000 comes into force in India. India becomes the 12th country to enact specific cyber law legislation, modeling its Act on the UNCITRAL Model.

The IT Act applies to the whole of India and also covers any offense or contravention committed outside India by any person, irrespective of their nationality, if the act involves a computer or network located in India.

  • Legal Recognition of Electronic Records: It provides a legal framework for electronic governance by giving legal recognition to electronic records and digital signatures.
  • Regulation of Cybercrimes: The Act defines and prescribes penalties for various cybercrimes, including hacking, identity theft, cyber terrorism, and publishing obscene material.
  • Establishment of Regulatory Bodies: It authorized the creation of a Controller of Certifying Authorities to regulate the issuance of digital signatures and a Cyber Appellate Tribunal to resolve disputes arising from the law. The Cyber Appellate Tribunal was later merged with the Telecom Dispute Settlement Appellate Tribunal.
  • Data Protection: It includes provisions for compensation for victims of data theft, hacking, or the spread of computer viruses.
  • Regulation of Digital Media: Through the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Act introduced a framework to regulate social media platforms and digital news content.

The original IT Act, 2000 contained 94 sections divided into 13 chapters and 4 schedules. The structure of the Act is as follows:

  • Chapter I: Preliminary (Sections 1-2)
  • Chapter II: Digital Signature and Electronic Signature (Sections 3-3A)
  • Chapter III: Electronic Governance (Sections 4-10A)
  • Chapter IV: Attribution, Acknowledgement, and Despatch of Electronic Records (Sections 11-13)
  • Chapter V: Secure Electronic Records and Secure Electronic Signatures (Sections 14-16)
  • Chapter VI: Regulation of Certifying Authorities (Sections 17-34)
  • Chapter VII: Electronic Signature Certificates (Sections 35-39)
  • Chapter VIII: Duties of Subscribers (Sections 40-42)
  • Chapter IX: Penalties, Compensation and Adjudication (Sections 43-47)
  • Chapter X: The Cyber Appellate Tribunal (Sections 48-64)
  • Chapter XI: Offences (Sections 65-78)
  • Chapter XII: Intermediaries Not to be Liable in Certain Cases (Section 79)
  • Chapter XIII: Miscellaneous (Sections 80-90)

The Act also initially contained four schedules, with the third and fourth being omitted later. These schedules amended other laws like the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the Banker's Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934, to align them with new technologies.

The IT Act has been amended over the years to adapt to technological advancements.

2008

The IT (Amendment) Act, 2008 introduced significant changes, including the controversial Section 66A, and Section 69 (granting interception powers). It also added new offenses like child pornography and cyber terrorism (Sections 66A-66F).

2015

In the landmark case of Shreya Singhal v. Union of India, the Supreme Court struck down Section 66A as unconstitutional. A new amendment bill was proposed to better protect citizens' fundamental rights.

2022-2023

The Parliament passed the Digital Personal Data Protection Act, 2022. New amendment bills were also introduced in 2023 to further refine the Act, proposing new definitions for "content" and "social media" and addressing "false information".

The IT Act establishes several procedures for its enforcement:

  • Adjudication: Victims of cybercrimes like data theft or hacking can apply for compensation to an Adjudicating Officer appointed under Section 46.
  • Appeals: An appeal against the decision of the Adjudicating Officer can be made to the Cyber Appellate Tribunal.
  • Interception and Monitoring: The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, lay down the procedures for government agencies to intercept or monitor data under Section 69 of the Act. Such actions must be authorized by a competent authority.

Chapter 11 of the IT Act details various offenses and their corresponding penalties.

Offence Section Penalty
Tampering with computer source documents 65 Imprisonment up to 3 years, or a fine up to ₹2,00,000, or both.
Hacking with a computer system 66 Imprisonment up to 3 years, or a fine up to ₹5,00,000, or both.
Identity Theft (using another person's password or digital signature) 66C Imprisonment up to 3 years, and/or a fine up to ₹1,00,000.
Cheating by personation using a computer resource 66D Imprisonment up to 3 years, and/or a fine up to ₹1,00,000.
Violation of Privacy (publishing private images of others) 66E Imprisonment up to 3 years, and/or a fine up to ₹2,00,000.
Cyberterrorism 66F Imprisonment up to life.
Publishing or transmitting obscene material in electronic form 67 First conviction: imprisonment up to 3 years and fine up to ₹5,00,000. Subsequent: imprisonment up to 5 years and fine up to ₹10,00,000.
Publishing or transmitting material containing sexually explicit acts 67A Imprisonment up to 7 years, and a fine up to ₹10,00,000.
Failure to comply with orders from authorities 68 Imprisonment up to 2 years, and/or a fine up to ₹1,00,000.
Failure to decrypt data when required by authorities 69 Imprisonment up to 7 years and a possible fine.
Breach of confidentiality and privacy 72 Imprisonment up to 2 years, and/or a fine up to ₹1,00,000.
  • Shreya Singhal v. Union of India (2015): In this landmark case, the Supreme Court of India struck down Section 66A of the IT Act, which penalized sending "offensive" messages. The court declared the section unconstitutional and a violation of the freedom of speech and expression guaranteed by Article 19(1)(a) of the Constitution, as the term "offensive" was deemed too vague and subjective.
  • Maqbool Fida Hussain v. Raj Kumar Pandey (2007): The Delhi High Court clarified that for offenses involving obscene material in electronic form, the provisions of the IT Act would take precedence over similar provisions in the Indian Penal Code (IPC). This established that the IT Act has an overriding effect on other laws concerning electronic records.
  • Avnish Bajaj v. State (N.C.T.) of Delhi (2008): This case, involving the CEO of a popular auction website, dealt with liability for obscene content posted by a third party. It raised important questions regarding the scope of Section 67 (publishing obscene material) and the liability of intermediaries.
  • Amar Singh v. Union of India (2011): This case pertained to the unauthorized tapping of phone calls and raised issues concerning the right to privacy under Article 21 of the Constitution. It is significant in the context of Sections 69, 69A, and 69B of the IT Act, which deal with the government's power to intercept, monitor, and block electronic data.