flowchart TB
IT[IT Act 2000] --> S[Signatures<br/>§3 Digital · §3A Electronic]
IT --> EG[E-Governance<br/>§§4-10A]
IT --> P[Penalties<br/>§§43-47 · §43A SPDI]
IT --> O[Offences<br/>§§65-78 · §66F cyber-terror · §70 CII]
IT --> I[Intermediary §79<br/>Safe harbour · IT Rules 2021]
classDef default fill:#003366,color:#ffffff,stroke:#ffcc00,stroke-width:3px,rx:10px,ry:10px;
86 The Information Technology Act, 2000: Objectives and main provisions; Cyber crimes and penalties
86.1 Background and Purpose
The Information Technology Act, 2000 is India’s primary law on cyber affairs — electronic commerce, digital signatures, intermediary liability, and cybercrime. It is based on the UNCITRAL Model Law on Electronic Commerce (1996) and received Presidential assent on 9 June 2000; came into force 17 October 2000. The Act was substantially amended in 2008 (effective 27 Oct 2009) — adding new offences (§§ 66, 67, 67A-C), data-protection (§§ 43A, 72A), and intermediary liability (§ 79). Companion law: Digital Personal Data Protection Act 2023 for privacy.
86.2 Objectives (Preamble)
- Give legal recognition to e-records and digital signatures.
- Facilitate e-filing and e-storage of records.
- Recognise electronic contracts.
- Prevent cybercrime.
- Promote e-governance and e-commerce.
- Amend related laws (IPC, IEA, NIA, RBI Act) to incorporate cyber dimensions.
86.3 Structure of the Act
| Chapter | Subject |
|---|---|
| II | Digital/Electronic Signature (§§ 3, 3A) |
| III | Electronic Governance (§§ 4-10A) |
| IV | Attribution, Acknowledgement & Despatch (§§ 11-13) |
| V | Secure electronic records & signatures (§§ 14-16) |
| VI | Regulation of Certifying Authorities (§§ 17-34) |
| VII | Electronic Signature Certificate (§§ 35-39) |
| VIII | Duties of Subscribers (§§ 40-42) |
| IX | Penalties, Compensation & Adjudication (§§ 43-47) |
| X | Appellate Tribunal — TDSAT (now) |
| XI | Offences (§§ 65-78) |
| XII | Intermediaries — Safe harbour (§ 79) |
| XII-A | Cyber Appellate Tribunal — now merged with TDSAT |
86.4 Key Definitions
- § 2(p) — Digital signature — authentication of electronic record by an asymmetric crypto-system.
- § 3A — Electronic signature — wider concept including biometric; added by 2008 amendment.
- § 2(t) — Electronic record.
- § 2(w) — Intermediary — anyone who stores or transmits electronic records on behalf of another.
- § 2(za) — Cyber café.
86.5 Digital & Electronic Signatures
PKI-based digital signatures issued by Licensed Certifying Authorities (CAs) under the Controller of Certifying Authorities (CCA, § 17). CCA acts as repository (§ 20). India also recognises Aadhaar-based e-Sign (since 2015).
86.6 E-Governance (§§ 4-10A)
- § 4 — Legal recognition of electronic records.
- § 5 — Legal recognition of digital signatures.
- § 6 — Use of e-records and digital signatures in govt.
- § 7 — Retention of e-records.
- § 8 — Publication of rules in Electronic Gazette.
- § 10A — Validity of contracts formed through electronic means.
86.7 Penalties & Compensation (§§ 43-47)
- Damage to computer / computer system without permission — unlimited compensation to affected person (adjudicating officer for claims up to ₹5 crore; above ₹5 cr → civil court).
- § 43A — body corporate failing to maintain reasonable security practices and causing wrongful loss/gain → compensation; SPDI Rules 2011.
86.8 Cybercrimes — Offences (§§ 65-78)
| Section | Offence | Punishment |
|---|---|---|
| § 65 | Tampering with source code | Up to 3 yrs / ₹2 lakh |
| § 66 | Hacking, dishonest / fraudulent acts in §43 | Up to 3 yrs / ₹5 lakh |
| § 66B | Receiving stolen computer/data | Up to 3 yrs / ₹1 lakh |
| § 66C | Identity theft | Up to 3 yrs / ₹1 lakh |
| § 66D | Cheating by personation (phishing) | Up to 3 yrs / ₹1 lakh |
| § 66E | Violation of privacy (capture/publish private body image) | Up to 3 yrs / ₹2 lakh |
| § 66F | Cyber-terrorism | Life imprisonment |
| § 67 | Publishing obscene material electronically | 1st: 3 yrs/₹5 L; Repeat: 5 yrs/₹10 L |
| § 67A | Sexually explicit material | 5/7 yrs + fine |
| § 67B | Child porn (CSAM) | 5/7 yrs + fine |
| § 67C | Failure to preserve records (intermediary) | 3 yrs + fine |
| § 70 | Critical Information Infrastructure (CII) attack | Up to 10 yrs + fine |
| § 72 | Breach of confidentiality | Up to 2 yrs / ₹1 lakh |
| § 72A | Disclosure in breach of contract | 3 yrs / ₹5 lakh |
86.8.1 § 66A — Struck Down
Held unconstitutional in Shreya Singhal v Union of India (2015) — violated Article 19(1)(a) (free speech).
86.9 Intermediary Liability — § 79
Provides safe harbour to intermediaries (ISPs, social media, search engines, etc.) if they: - Don’t initiate transmission. - Don’t select receiver / modify info. - Observe due diligence and Govt-prescribed rules.
IT (Intermediary Guidelines & Digital Media Ethics Code) Rules 2021 + 2022 amendments introduced grievance officer, takedown timelines, traceability for significant social media intermediaries, online gaming additions (2023).
86.10 Adjudication & Appeals
- Adjudicating Officer (§ 46) — Secretary level officer; powers of civil court.
- Appeal → Telecom Disputes Settlement & Appellate Tribunal (TDSAT) (since 2017, replacing Cyber Appellate Tribunal).
- Further appeal → High Court → Supreme Court.
86.11 Privacy and Data Protection Architecture
- § 43A + SPDI Rules 2011 — protection of sensitive personal data.
- § 72A — disclosure of personal information in breach of contract.
- Aadhaar Act 2016 — biometric ID law.
- Puttaswamy v Union of India 2017 — privacy is a fundamental right.
- Digital Personal Data Protection Act 2023 — sectoral privacy law; consent-based; introduces Data Protection Board.
- RBI / SEBI / IRDAI / TRAI — sector-specific cyber and privacy guidelines.
86.12 Major Indian Cyber-security Institutions
- CERT-In (2004) — national cyber-security incident response team.
- NCIIPC (National Critical Information Infrastructure Protection Centre) — under NTRO.
- I4C — Indian Cyber Crime Coordination Centre (2018).
- NCRB cybercrime portal — cybercrime.gov.in.
- CCA, MeitY.
- Ministry of Electronics and Information Technology (MeitY) — administers Act.
PYQ trap: IT Act 2000 — based on UNCITRAL Model Law 1996; effective 17 Oct 2000; 2008 amendment added §66 series + §43A SPDI. §66A struck down — Shreya Singhal 2015. Appeals → TDSAT since 2017.
86.13 Practice Questions
IT Act 2000 is based on:
View solution
IT Act came into force on:
View solution
Section 66A was struck down in:
View solution
Cyber-terrorism is punishable under:
View solution
Identity theft offence:
View solution
Phishing — cheating by personation — is in:
View solution
Violation of privacy (private body image) — § 66E — punishment:
View solution
CCA in IT Act stands for:
View solution
Safe harbour for intermediaries is in:
View solution
CERT-In was set up in:
View solution
2008 Amendment to IT Act came into force on:
View solution
Adjudicating Officer's pecuniary jurisdiction (after 2009 amendment):
View solution
IT-Act appeals lie with:
View solution
SPDI Rules 2011 were notified under:
View solution
India's privacy law passed in:
View solution
Attack on Critical Information Infrastructure is punishable under:
View solution
Tampering with computer source documents:
View solution
Electronic contracts are recognised under:
View solution
IT (Intermediary & Digital Media Code) Rules came in:
View solution
Match section with offence:
| Section | Offence | ||
| (i) | § 65 | (a) | Phishing |
| (ii) | § 66C | (b) | Source-code tampering |
| (iii) | § 66D | (c) | Identity theft |
| (iv) | § 66F | (d) | Cyber-terrorism |
View solution
86.14 Quick Recall
- IT Act 2000 — based on UNCITRAL 1996; in force 17 Oct 2000; major 2008 amendment (effective 27 Oct 2009).
- Signatures: §3 digital, §3A electronic; CCA under § 17.
- E-gov: §4 records, §5 signature, §10A e-contracts.
- Penalties §43; §43A SPDI Rules 2011 — body-corporate data security.
- Offences: §65 source code, §66 hacking, §66A struck down (Shreya Singhal 2015), 66B receiving, 66C ID theft, 66D phishing, 66E privacy, 66F cyber-terror (life), §67/A/B obscene/explicit/child, §70 CII attack (10 yrs), §72 breach of confidentiality, §72A disclosure.
- §79 safe-harbour + IT Rules 2021/22/23.
- Appeals — TDSAT since 2017.
- Related: CERT-In 2004, NCIIPC, I4C 2018, DPDP Act 2023.