The Information Technology Act, 2000

The Information Technology Act, 2000 (IT Act, 2000) is the primary legislation in India governing cybercrime, electronic records and digital transactions. It was enacted as Act No. 21 of 2000 by the Parliament of India and was notified on 17 October 2000. With its enactment, India became one of the earliest countries to adopt a dedicated legal framework for information technology and electronic commerce.

The Act provides legal recognition to electronic records and digital signatures, regulates cyber activities, prescribes penalties for cyber offences and facilitates electronic governance. Over the years, it has been amended to address evolving technological developments and emerging forms of cybercrime. The IT Act continues to operate alongside other laws, including the new criminal statutes such as the Bharatiya Nyay Sanhita, Bharatiya Sakshya Adhiniyam and Bharatiya Nagrik Suraksha Sanhita, as well as the Digital Personal Data Protection Act.

Understanding the Information Technology Act, 2000 is essential in the context of increasing digitalisation, growth of e-commerce, online banking, digital governance and social media usage.

Background and Legislative History of The Information Technology Act, 2000

The IT Act was passed during the Budget Session of Parliament in 2000. It was signed by President K. R. Narayanan on 9 May 2000 and came into force on 17 October 2000. The legislation was finalised by a group of officials headed by the then Minister of Information Technology, Pramod Mahajan.

The Act was formulated in line with the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL). The objective was to provide a legal framework to facilitate electronic commerce and to prevent cyber offences.

Originally, the Act contained 94 sections divided into 13 chapters and 4 schedules. The third and fourth schedules were later omitted.

Scope and Applicability of the IT Act, 2000

The IT Act extends to the whole of India. Importantly, it also has extra-territorial application. If an offence involves a computer, computer system or computer network located in India, the Act may apply even if the accused is of a different nationality or is located outside India.

This feature reflects the borderless nature of cyberspace and ensures that offences affecting Indian computer systems can be prosecuted under Indian law.

Objectives of the Information Technology Act, 2000

The main objectives of the Act can be summarised as follows:

Legal Recognition of Electronic Records

The Act grants legal recognition to electronic records, placing them on par with paper-based documents. This enables digital transactions, online contracts and electronic communications to have legal validity.

Legal Recognition of Digital Signatures

Digital signatures are recognised as equivalent to handwritten signatures, subject to authentication in accordance with prescribed procedures. This ensures security and authenticity in electronic transactions.

Facilitation of Electronic Governance

The Act promotes electronic filing of documents, issuance of licences and digital receipt and payment of money by government agencies.

Prevention and Punishment of Cyber Offences

It defines various cyber offences such as hacking, identity theft, cheating by personation, publishing obscene material and cyber terrorism, and prescribes penalties.

Regulation of Intermediaries

The Act lays down the responsibilities of intermediaries and provides conditional safe harbour protection, subject to compliance with due diligence requirements and lawful government directions.

Promotion of Digital Economy

By providing legal certainty to electronic transactions, the Act promotes e-commerce, e-banking and digital business activities.

Key Features of the IT Act, 2000

The Information Technology Act, 2000 contains several significant features:

Recognition of Electronic Records and Signatures

Sections 4 and 5 grant legal recognition to electronic records and electronic signatures, equating them with traditional documents and handwritten signatures.

Establishment of Controller of Certifying Authorities (CCA)

The Act provides for the appointment of a Controller of Certifying Authorities to regulate the issuance of digital signature certificates and ensure their security.

Cyber Appellate Tribunal

The Act established a Cyber Appellate Tribunal for resolving disputes arising under the Act. Subsequently, the Cyber Appellate Tribunal was merged with the Telecom Dispute Settlement Appellate Tribunal.

Association with CERT-In

The Act is associated with the Indian Computer Emergency Response Team (CERT-In), which functions as a nodal agency for cybersecurity and cyber incident response.

Amendment of Other Laws

The IT Act amended various provisions of the Bharatiya Nyaya Sanhita (BNS), 2023, Bharatiya Sakshya Adhiniyam (BSA), 2023, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 to align them with digital developments. These areas are now governed by the newly enacted criminal laws.

Electronic Governance under the The Information Technology Act, 2000

Electronic governance is one of the central pillars of the IT Act.

Section 4 – Legal Recognition of Electronic Records

This section declares that where any law requires information to be in writing or printed form, such requirement shall be satisfied if it is available in electronic form.

Section 5 – Legal Recognition of Electronic Signatures

Electronic signatures are granted legal validity equivalent to handwritten signatures, subject to prescribed authentication methods.

Section 6 – Use of Electronic Records by Government

Government agencies may accept, issue and process documents electronically. This includes online filing, electronic licences and digital payments.

Section 7 – Retention of Electronic Records

Electronic records may be retained in compliance with legal requirements, provided certain conditions are satisfied.

These provisions collectively reduce administrative delays and promote transparency in governance.

Important Sections of the IT Act, 2000

Section 43

Section 43 imposes civil liability for unauthorised access or damage to a computer system. Actions include accessing data without permission, introducing viruses, damaging systems, denying access to authorised users and altering information dishonestly.

Section 66

If acts mentioned under Section 43 are committed dishonestly or fraudulently, criminal punishment may be imposed. The punishment includes imprisonment up to three years, or fine up to five lakh rupees, or both.

Section 66B

This section penalises dishonestly receiving stolen computer resources or communication devices, with imprisonment up to three years or fine up to one lakh rupees, or both.

Section 66C

Identity theft involving fraudulent use of electronic signatures, passwords or unique identification features is punishable with imprisonment up to three years and fine.

Section 66D

Cheating by personation using computer resources attracts imprisonment up to three years and fine.

Section 66E

Violation of privacy by capturing, publishing or transmitting private images without consent is punishable with imprisonment up to three years or fine up to two lakh rupees, or both.

Section 66F

Cyber terrorism is punishable with imprisonment which may extend to life.

Section 67 and 67A

Section 67 penalises publishing obscene material in electronic form. Section 67A deals with publishing or transmitting material containing sexually explicit acts. These provisions impose severe punishments including imprisonment and fines.

Section 67B

Depicting children in sexually explicit acts in electronic form attracts stringent punishment.

Section 67C

Intermediaries are required to preserve and retain information. Failure to do so attracts punishment.

Section 69 and 69A

Section 69 empowers authorities to intercept, monitor or decrypt information in the interest of national security or public order. Section 69A empowers the government to block public access to information.

Section 70

Unauthorised access to protected systems is punishable with imprisonment up to ten years.

Section 71 to 74

These sections deal with misrepresentation, breach of confidentiality, disclosure of information in breach of lawful contract and fraudulent publication of electronic signature certificates.

Major Amendments to the IT Act

Amendment of 2008

The 2008 amendment introduced significant changes. It inserted Section 66A, which penalised sending offensive messages through communication services. It also introduced provisions related to cyber terrorism, voyeurism, pornography and child pornography. Section 69 was strengthened to provide interception powers.

The amendment also provided for electronic signatures and recognised electronic contracts. It introduced liability for companies handling sensitive personal data negligently, resulting in wrongful loss.

Section 66A and Judicial Review

Section 66A became controversial due to its broad wording.

Several arrests were made under Section 66A:

• In 2012, freelance cartoonist Aseem Trivedi was arrested for cartoons allegedly considered offensive.
• Ambikesh Mahapatra, a professor from Jadavpur University, was arrested for sharing a cartoon.
• Ravi Srinivasan was arrested for posting a tweet alleging corruption.
• Two young women from Palghar were arrested for a Facebook post and for “liking” the post.
• A teenager from Bareilly was arrested for a Facebook post allegedly insulting a political leader.

These instances led to concerns regarding freedom of speech.

In Shreya Singhal v. Union of India, decided on 24 March 2015, the Supreme Court struck down Section 66A as unconstitutional, holding that it violated Article 19 of the Constitution of India relating to freedom of speech and expression.

Later, the Jan Vishwas (Amendment of Provisions) Act, 2023 formally omitted Section 66A from the statute.

Notable Cases under Section 66

In February 2001, Delhi Police arrested two individuals running a web-hosting company after they shut down a website due to non-payment of dues. They were charged under Section 66 for hacking and under Section 408 of the Indian Penal Code. They spent six days in Tihar Jail before obtaining bail.

In February 2017, a Delhi-based e-commerce portal filed a complaint alleging hacking and digital shoplifting. Four hackers were arrested by South Delhi Police under provisions of the IT Act and other laws.

Section 69A and App Bans

On 29 June 2020, the Government of India banned 59 Chinese mobile applications, including TikTok, under Section 69A citing national security concerns. Subsequently, 43 more applications were banned in November 2020, and 54 additional applications were banned in February 2022. These actions demonstrate the executive power under Section 69A to restrict digital platforms in public interest.

Intermediary Liability and Section 79

Section 79 provides conditional safe harbour protection to intermediaries. Intermediaries are not liable for third-party information hosted by them, provided they observe due diligence and comply with lawful government directions. Subordinate legislation such as the Intermediary Guidelines Rules, 2011 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 further regulate intermediary responsibilities.

The case of Asian News International v. Wikimedia Foundation reflects ongoing judicial examination of intermediary liability and responsibilities under Section 79.

Cyber Crime under the IT Act

The IT Act forms the foundation of India’s cyber law framework. It operates alongside other statutes such as the Indian Penal Code (now replaced by the Bharatiya Nyay Sanhita), the Companies Act, 2013 and related IT Rules.

The Act criminalises hacking, identity theft, cheating by personation, publication of obscene material, cyber terrorism and breach of confidentiality. It also provides civil remedies and compensation for damage to computer systems.

Advantages and Limitations of The Information Technology Act, 2000

Advantages

• Legal recognition of electronic records and emails as evidence.
• Facilitation of e-commerce and digital transactions.
• Legal validity of digital signatures.
• Availability of compensation for unauthorised access and damage.
• Establishment of regulatory authorities and tribunals.
• Promotion of electronic governance.

Limitations

• Certain cyber offences may not be comprehensively covered.
• Domain name disputes are not specifically addressed.
• Earlier privacy protections were limited prior to data protection legislation.
• Implementation challenges due to rapid technological evolution.

Conclusion

The Information Technology Act, 2000 represents a foundational step in India’s digital legal framework. It provides legal recognition to electronic records and digital signatures, facilitates e-governance and defines cyber offences with prescribed penalties. Through amendments and judicial interpretation, particularly in relation to Section 66A, the Act has evolved in response to constitutional principles and technological change.

In an era marked by rapid digital transformation, increasing cyber threats and expansion of online services, the IT Act continues to play a central role in regulating cyber activities in India. It remains a critical instrument in safeguarding digital transactions, ensuring cybersecurity and maintaining legal order in the virtual environment.