Cyber Law: The Information Technology Act and its Application

By | March 18, 2020
The Information Technology Act and its Application

Last Updated :

This article aims at understanding the objectives and features of the Information Technology Act, 2000 and it’s Amendment in 2008. Further, the paper will focus on the application of the provisions enshrined in the Act by gathering data obtained from judicial precedents.

The 21st century that we live in has people spend more time on the virtual front than with other people in real life. Basic communication is now facilitated by the internet and most transactions are now carried out in the cyberspace.

As the world advances and the cyberspace continues to grow, the troubles and crimes that come along with it grow too. To understand how to combat these cybercrimes, it is necessary to understand the legislation enacted to enforce cyber law in India.


Cyber law is fundamentally the branch of law that deals with the legal issues which are related to the use of information technology. The governing mechanisms and legal structures that oversee the growth of electric commerce in India fall within the domain of cyber law.

Cyber law essentially encompasses laws relating to electronic and digital signatures, cyber crimes, intellectual property, data protection and privacy.[1]

Information Technology Act, 2000

The Information Technology Act of 2000 (hereinafter referred to as the “IT Act”) is the primary law that deals with cyber crime and electronic commerce in India. It provides legal recognition for transactions that are carried out by means of electronic data interchange and other means of electronic communication. Further, it defines cyber crimes and prescribes specific penalties for the same.

Additionally, the IT Act mandated for the formation of a Controller of Certifying Authorities who has the power to regulate the issuance of digital signatures. It further established a Cyber Appellate Tribunal which can resolve disputes specifically arising from cyber law.

The Act further proposes to amend the IPC, the Evidence Act, the RBI Act, and the Bankers’ Books Evidence Act so as to make them in tune with the provisions of the IT Act.

  • History

Due to the increase in globalization, computerisation and the growth of e-commerce in the 90s, UNCITRAL adopted its Model Law on e-commerce in 1996. The UN General Assembly then passed a resolution in 1997 recommending the States in the UN to give favourable considerations to the Model Law.

The Government of India, against this background of the UN Model Law, enacted its IT Act in 2000. A major amendment was then made in 2008 where new sections to address offensive messages and cyber terrorism were introduced to the IT Act.

The Information Technology Act, 2000 based on the UN Model Law on Electronic Commerce is enacted and applicable to the whole of India. This law is the prime legislation dealing with cyber offences and electronic commerce in India.

The original Act prior to the 2008 Amendment had 94 sections and was divided into 13 chapters with 4 additional schedules.

  • Core Objectives

With the idea of combating the rise in cyber crime, the IT Act was enacted in India keeping in mind certain core objectives that can help enhance the implementation of cyber law.

Electronic governance is essentially a technology-driven Government that can efficiently adapt the technology so as to deliver information and services. The IT Act successfully provides legal recognition to e-governance.

The most fundamental object of the IT Act is the legal recognition of e-records[2] and digital signatures[3]. Traditional signatures may be forged or tampered with and thus, are not of great value to online contracts. Online transactions now are met with unique protection that is now provided by a digital signature.

Cyber crimes are efficiently targeted by the Act by providing specific punishment for cyber offences as required.[4] While the IPC, 1860 also provides for punishment for cyber crimes, it was deemed to be rather inadequate due to the increasingly fast rate at which cyber crimes evolved with new technology.

The offences essentially were novel and not dealt with before and included the use of high technology. As a result of the same, a new and specific categorization of law was required and is now provided by the IT Act, 2000.

A notable objective of the Act is the provision to establish the Cyber Appellate Tribunal.[5] This brought up the establishment of a separate mechanism to resolve matters as an appealable court, arising from authorities appointed under the IT Act.

Further, it provided the Central Government with the power to appoint a Controller of Certifying Authorities[6] for the purposes of this Act and his functions are elucidated in clear terms within the Act.[7] Additionally, it provides for the constitution of a Cyber Regulations Advisory Committee,[8] which has the power to advise the Central Government and the Controller in framing the regulations of this Act.

  • Amendment of 2008

Increase in cyber offences and cyber terrorism compelled the need for strict penal provisions to be brought in as amendments to the IT Act.

The protection of privacy through data protection is the fundamental provision brought in by the Amendment Act in 2008. It imposes liability on body corporates that possess, deal with and handle personal sensitive data.[9]

It holds that it is the responsibility of the corporate to implement and maintain all reasonable security standards, procedures and practices. It further states that they may be held liable for damages caused in cases of negligence and the punishment for breach of confidentiality and privacy without consent is prescribed.

Another prominent amendment made is the introduction of an electronic signature.[10] The electronic signature stands for authentication of any electronic record by a subscriber by means of an electronic technique and this includes digital signature as well.

Due to this amendment, the Government now prescribes new methods of authentication of e-record that isn’t strictly restricted to digital signatures only. The 2008 amendment also validates contracts that formed through electronic means and makes them legal and enforceable.[11]

An Indian Computer Emergency Response Team is now established to serve as a national organization to perform functions in the area of cyber security.[12] Additionally, the Government is now empowered to also appoint an Examiner of Electronic Evidence to provide his expert opinion in court.[13] The Government is further empowered to block public access to information through computer resources.[14]

Moreover, the Central Government is also authorized to intercept, monitor, decrypt any information generated, received, transmitted in electronic form in the interest of sovereignty and the integrity of the nation, defence of the country or for the purpose of public order.[15]

Thus, while the Act of 2000 was implemented to promote the IT industry, regulate e-commerce, prevent cyber crime and facilitate e-governance, the Amendment Act of 2008 was enacted with other specific objectives in mind.

The Act of 2008 sought to foster security practices within India and aimed at addressing the issues that the original bill failed to cover. It further proposed to cover and accommodate further development of information technology in India and address other related security concerns.


The IT Act provides that none of its provisions may apply to any documents or transactions specified in the First Schedule. The documents that fall within this ambit include negotiable instruments, a power of attorney, a trust, a will, any contract for the sale of immovable property and any such class of documents or transactions which may be notified by the Central Government by way of notification in the Official Gazette.

Therefore, all other documents and e-transactions that fall within the ambit of cyberlaw are governed by the IT Act, 2000. The scope and application of the IT Act thus are expansive since it makes the electronic format legal and provides that all electronic contracts with an offer are binding. Since it is the only cyber law legislation in force, most of the cybercrimes that have been addressed to date are covered within the Act as well.

According to §1(2), the Act extends to the whole of the entire country and includes Jammu and Kashmir with the usage of Art. 253 of the Constitution. This section along with §75 specifies that the Act is applicable to any offence or contravention committed outside India as well.

If the conduct of the person constituting the offence involves the use of a computer/computerized system/network located in India, then the person is punishable under the IT Act, 2000 irrespective of his nationality.

Judicial Precedents

The application and wise implementation of the IT Act, 2000 and its all-important Amendment of 2008 are visible in certain notable judgments produced at various Courts.

  • Shreya Singhal v. UOI[16]

This judgment by the Supreme Court in 2015 struck down §66A of the IT Act which relates to restrictions on online speech. In the verdict, the Court states that the Section was unconstitutional on grounds of violating the freedom of speech that is guaranteed under Art. 19(1)(a) of the Constitution.

The Supreme Court further held that the Section was not to be saved by virtue of being a reasonable restriction. This case is considered to be a defining moment for online free speech in India.

  • Avnish Bajaj v. State (NCT) of Delhi[17]

The users of an e-commerce portal referred to as were greeted with an obscene recording that was uploaded to the portal upon logging in. The accused was held to be the CEO of the website according to the Court.

The CEO was then given bail under §67 of the IT Act on account of the video being uploaded for sale. He did prove due diligence, however, the IT Act did not have provisions related to intermediaries being held responsible back in 2005.

  • N. Firos v. State of Kerala[18]

The appellant, in this case, developed a project called FRIENDS for the Kerala Government. The software for FRIENDS was created under a contract for Microsoft and there was a copyright suit pending with the Government. Simultaneously, the Kerala Government issued a notification under §70 of the IT Act stating that the FRIENDS project along with the software must be considered as a ‘protected system’. The Supreme Court eventually held that the Government has the power to declare any ‘Government work’ to be a ‘protected system’ under the IT Act.

  • Christian Louboutin v. Nakul Bajaj[19]

The complainant in this matter is a manufacturer of luxury shoes who filed an injunction against an e-commerce portal referred to as for indulging in trademark violation, along with the seller of spurious goods.

This case brought out great guidelines laid down for intermediary companies and their involvement with the sale of online products. An analysis of §79 of the IT Act was conducted and the Court laid down circumstances in which the intermediary will be assumed to be abetting the sale of online products or services.

CONCLUSION – Challenges, Criticisms and Suggestions

With the adoption of the IT Act, India is now one of the few countries in the world that have a separate law to deal with IT issues and crimes. This has now paved the way for incredible growth in the fields of e-commerce and internet transactions which has, in turn, resulted in advanced economic growth.[20]

The Amendment Act of 2008 was criticized initially for decreasing the penalties for some cyber offences. Additionally, jurists claimed it lacked sufficient safeguards to protect the civil rights of individuals.

An example of the same is with reference to §69, which authorizes the Indian Government to intercept, monitor, decrypt and block data at its own discretion. Some advocates of the Supreme Court believe that these new amendments “tend to give the Government a texture and colour of being a surveillance State.”

Regardless, the implementation of the Act along with its counterpart, the IT Rules, has been successful in tackling cyber crimes so far. With the ever-growing world of new technology and expanding cyberspace, we aren’t yet aware of what kind of cyber crimes may arise.

One can only hope that the enactment and implementation of the Act are strong enough to be able to deal with any novel and future cyber offences that originates from the ever-expansive World Wide Web.


  • Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India
  • Cyber Laws in India, “IT Security of IIBF”, TaxMann Publishers
  • Cherian Samuel and Munish Sharma, “India’s Strategic Options in a Changing Cyberspace”, Institute for Defence Studies and Analysis (2019)
  • Arindrajit Basu and Elonnai Hickok, “Cyberspace and External Affairs: A Memorandum for India”, The Centre for Internet & Society (2018)
  • Animesh Sharma, Roshmi Sharma, Amlan Jyoti Baruah, “A brief study on Cyber Crime and Cyber Laws of India”, International Research Journal of Engineering and Technology (2017)
  • IDSA Task Force Report, “India’s Cyber Security Challenge”, Institute for Defence Studies and Analysis (2012)
  • Ahmed Alnagrat, “An Overview of Contemporary Cyberspace Activities and the Challenging Cyberspace Crimes/Threats” (2014)
  • Shrikant Ardhapurkar, Tanu Srivastava, Swati Sharma, Vijay Chaurasiya, Abhishek Vaish, “Privacy and Data Protection in Cyberspace in Indian Environment”, International Journal of Engineering Science and Technology (2010)
  • Mangala Aiswarya and Aswathy Rajan, “IPR and Cyberspace – Indian Perspective with Special Reference to Software Piracy”, International Journal of Pure and Applied Mathematics (2018)

[1] IT Security of IIBF, “Cyber Laws in India”, TaxMann Publishers.

[2] §4, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[3] §5, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[4] Chapter XI, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[5] §48, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[6] §17, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[7] §18, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[8] §88, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[9] §66E, §43A, §72 & §72A, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[10] §2(ta), Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[11] §10A, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[12] §70B (1), Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[13] §79A, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[14] §69A, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[15] §69, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.

[16] Shreya Singhal v. Union of India, (2015) 5 SCC 1

[17] Avnish Bajaj v. State (NCT) of Delhi, 2004 SCC OnLine Del 1160

[18] B.N. Firos v. the State of Kerala, (2018) 9 SCC 220

[19] Christian Louboutin v. Nakul Bajaj 2014 SCC OnLine Del 4932

[20] Government of India, “Paper on E-Governance”, accessed at

  1. Cyber Law as a Career after Law School(Opens in a new browser tab)
  2. Comprehending the Concept of Foreign Judgment under the CPC, 1908(Opens in a new browser tab)
  • Swasti Salecha says:

    The beginning of the article is sort of what was already there in previous one but the part where you have laid down the various judicial precedents like online freedom of speech and e-commerce rights and others are like a brownie point in the article.