The Information Technology Act 2000 (IT Act) is India's primary legislation governing cyber crime, electronic commerce, digital signatures, and data protection. It was significantly amended by the Information Technology (Amendment) Act 2008 to address emerging cyber threats and technologies.
Key Objectives of IT Act 2000
- Legal recognition of electronic documents and digital signatures
- Prevention and punishment of cyber crimes
- Regulation of Certifying Authorities for digital signatures
- Establishment of adjudicatory mechanism for cyber law violations
- Data protection obligations on intermediaries
Key Provisions
| Section | Offence | Punishment |
|---|---|---|
| Section 43 | Unauthorized access to computer; damage/download without permission | Civil liability — compensation up to Rs.1 crore |
| Section 66 | Computer related offences (hacking, data theft) | Imprisonment up to 3 years + fine up to Rs.5 lakh |
| Section 66B | Dishonestly receiving stolen computer resource | Imprisonment up to 3 years and/or fine up to Rs.1 lakh |
| Section 66C | Identity theft (fraudulent use of electronic signature/password) | Imprisonment up to 3 years + fine up to Rs.1 lakh |
| Section 66D | Cheating by personation using computer | Imprisonment up to 3 years + fine up to Rs.1 lakh |
| Section 66E | Violation of privacy (publishing private images) | Imprisonment up to 3 years + fine up to Rs.2 lakh |
| Section 66F | Cyber terrorism | Imprisonment for life |
| Section 67 | Publishing obscene material in electronic form | First offence: 3 years + Rs.5 lakh; Second: 5 years + Rs.10 lakh |
| Section 67A | Publishing sexually explicit material electronically | First: 5 years + Rs.10 lakh; Second: 7 years + Rs.10 lakh |
| Section 67B | Child pornography online | First: 5 years + Rs.10 lakh; Second: 7 years + Rs.10 lakh |
| Section 72 | Breach of confidentiality and privacy by service providers | Imprisonment up to 2 years + fine up to Rs.1 lakh |
Section 66A: Struck Down
Section 66A (punishment for sending offensive messages through communication services) was struck down as unconstitutional by the Supreme Court in Shreya Singhal v. Union of India (2015) for violating freedom of speech under Article 19(1)(a). It was found vague and overbroad.
Adjudication Under IT Act
For civil violations under Section 43:
- Complaint to Adjudicating Officer (AO) appointed by Central/State Government
- AO can award compensation up to Rs.5 crore (revised by Amendment Act)
- Appeal from AO order lies to Cyber Appellate Tribunal (CAT)
- Appeal from CAT lies to High Court
CERT-In (Computer Emergency Response Team)
CERT-In is India's national cybersecurity agency under the Ministry of Electronics and IT. Responsibilities:
- Coordinate response to cyber security incidents
- Issue guidelines and vulnerability notes
- Mandating cyber incident reporting (organizations must report incidents within 6 hours)
- Share threat intelligence
CERT-In's 2022 Directions mandate extensive logging, maintaining VPN logs, and mandatory 6-hour reporting of cybersecurity incidents by specified organizations.
Intermediary Liability (Section 79)
Online platforms (social media, e-commerce, cloud providers) have safe harbor protection from liability for third-party content if they:
- Do not initiate the transmission or select the recipient
- Do not modify the information
- Observe due diligence as prescribed in IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021
- Remove/disable access to content on actual knowledge or government/court order