The Information Technology Act, 2000 - An Introductory Overview of India’s Foundational Cyber Law Framework - Advocates & Insolvency Professionals | Corporate laws practitioner in Kochi, Corporate restructuring lawyer in Kochi Corporate insolvency expert in Kochi, Business startup legal guidance in Kochi, Legal compliance services in Kochi, Corporate law firm in Kochi, Banking and finance lawyer in Kochi, Trademark registration lawyer in Kochi, Copyright law expert in Kochi, Business valuations expert in Kochi, Legal dispute resolution in Kochi, Corporate legal representation in Kochi, Corporate insolvency lawyer in Kochi, Trademark and copyright lawyer in Kochi, Business dispute resolution lawyer in Kochi, Legal services for corporate insolvency in Kochi, Kochi corporate law consultancy, Banking law practitioner in Kochi, Legal counsel for corporate matters in Kochi, Corporate legal advice in Kochi, Trademark registration in Kochi, Kochi trademark law expert, Trademark protection lawyer in Kochi, Trademark application services in Kochi, Trademark and intellectual property lawyer in Kochi, Legal services for trademark registration in Kochi, Copyright and trademark expert in Kochi, Trademark litigation lawyer in Kochi, Kochi trademark lawyer for businesses, Trademark registration legal advice in Kochi Corporate laws practitioner in Ernakulam, Corporate restructuring lawyer in Ernakulam Corporate insolvency expert in Ernakulam, Business startup legal guidance in Ernakulam, Legal compliance services in Ernakulam, Corporate law firm in Ernakulam, Banking and finance lawyer in Ernakulam, Trademark registration lawyer in Ernakulam, Copyright law expert in Ernakulam, Business valuations expert in Ernakulam, Legal dispute resolution in Ernakulam, Corporate legal representation in Ernakulam, Corporate insolvency lawyer in Ernakulam, Trademark and copyright lawyer in Ernakulam, Business dispute resolution lawyer in Ernakulam, Legal services for corporate insolvency in Ernakulam, Ernakulam corporate law consultancy, Banking law practitioner in Ernakulam, Legal counsel for corporate matters in Ernakulam, Corporate legal advice in Ernakulam, Trademark registration in Ernakulam, Ernakulam trademark law expert, Trademark protection lawyer in Ernakulam, Trademark application services in Ernakulam, Trademark and intellectual property lawyer in Ernakulam, Legal services for trademark registration in Ernakulam, Copyright and trademark expert in Ernakulam, Trademark litigation lawyer in Ernakulam, Ernakulam trademark lawyer for businesses, Trademark registration legal advice in Ernakulam

Table of Contents

1. Legislative Background and Purpose

The preamble to the Act says: “ An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”

Thus , the Information Technology Act, 2000 (“IT Act”) was enacted to provide legal recognition to electronic records and digital signatures, and to facilitate electronic commerce and electronic governance in India.

India became one of the early adopters of cyber legislation, aligning its legal framework with the UNCITRAL Model Law on Electronic Commerce (1996). The Act came into force on 17 October 2000 and was substantially amended in 2008 to address emerging cyber offences and intermediary liability.

2.The primary objectives of the Act are:

To grant legal recognition to electronic records
To recognise digital and electronic signatures
To facilitate e-governance
To define cyber offences and prescribe penalties
To regulate certifying authorities issuing digital signature certificates

In essence, the Act enables legally enforceable transactions in a digital environment.

3.Documents Excluded from the Purview of the Act

While the IT Act recognises electronic records, certain documents are expressly excluded under the First Schedule.

The Act does not apply to electronic records relating to:

Negotiable instruments (other than cheques)
Powers of attorney
Trust deeds
Wills and testamentary dispositions

Contracts for the sale or conveyance of immovable property are no longer excluded from the Information Technology Act, 2000, following a 2022 amendment. The government omitted Serial No. 5 of the First Schedule, which previously excluded these transactions, effectively allowing electronic execution and digital signatures for property documents, including sales and mortgages, to facilitate online, paperless real estate transactions.

4. Authentication of Electronic Records

Section 4 of the IT Act grants legal recognition to electronic records. An electronic record shall not be denied legal effect merely because it is in electronic form.

Authentication is addressed primarily under Section 3.

An electronic record may be authenticated by affixing a digital signature, which uses:

Asymmetric cryptography
Hash function

This ensures:

Integrity (no alteration after signing)
Authenticity (verification of signer’s identity)
Non-repudiation

Authentication under the Act provides evidentiary reliability in legal proceedings.

5. Electronic Signatures

The 2008 amendment expanded recognition beyond traditional digital signatures.

Under Section 3A, the Act recognises electronic signatures, provided they are:

Reliable
Appropriate
Notified by the Central Government

Digital signatures are a subset of electronic signatures.

Examples include:

Class 3 Digital Signature Certificates (DSC)
Aadhaar-based e-sign systems

Electronic signatures must satisfy prescribed security procedures to be legally valid.

For businesses, compliance with recognised authentication standards is essential to avoid disputes regarding execution.

6. Offences under the IT Act

The Act provides both civil contraventions and criminal offences.

Key Civil Contraventions (Section 43)

Unauthorised access to computer systems
Data theft
Introduction of virus or malicious code
Disruption of computer networks

Compensation may be awarded to affected parties.

Criminal Offences

Notable provisions include:

Section 65 – Tampering with computer source documents
Section 66 – Computer-related offences
Section 66B- Dishonestly receiving stolen computer resource or communication device.
Section 66C – Identity theft
Section 66D – Cheating by personation using computer resources
Section 66E – Violation of privacy
Section 66F – Cyber Terrorism
Section 67 – Publishing or transmitting obscene material
Section 67A- Publishing or transmitting of material containing sexually explicit act, etc., in electronic form.
Section 67B- Publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form.

The 2008 amendment significantly strengthened cybercrime enforcement.

7.Regulatory and Controlling Authorities

The Act establishes a structured regulatory framework.

(i) Controller of Certifying Authorities (CCA)

The Controller regulates and supervises Certifying Authorities issuing Digital Signature Certificates.

Functions include:

Licensing certifying authorities
Laying down technical standards
Maintaining public key infrastructure

(ii) Certifying Authorities (CAs)

These entities issue Digital Signature Certificates to individuals and organisations.

They function under license from the CCA.

(iii) Adjudicating Officers

Appointed under Section 46 to adjudicate civil contraventions under Section 43.

(iv) Cyber Appellate Mechanism

Originally, appeals lay before the Cyber Appellate Tribunal. Subsequent reforms have transferred appellate jurisdiction to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).

(v) CERT-In

The Indian Computer Emergency Response Team acts as the national nodal agency for cybersecurity incident response and coordination.

Conclusion

The Information Technology Act, 2000 forms the backbone of India’s cyber legal infrastructure. It provides legal recognition to digital transactions, establishes authentication mechanisms, defines cyber offences, and creates regulatory oversight for digital signature infrastructure.

While the Act was pioneering at the time of enactment, its interpretation continues to evolve alongside technological advancement. For corporate entities, compliance under the IT Act is no longer optional—it is integral to digital risk management and governance.