T.Y.B.B.A.

Legal Aspect of Business Unit:5 The Information Technology Act: 2000

Unit 5:
The Information Technology
Act,2000
 Definitions
 Electronic Signature
 Electronic Governance
 Regulations of certifying authorities
 Penalty
 Compensation and Adjudication

Sabargam College Prepared By: Shailesh P. Pandhi

1
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

1) The Information Technology Act, 2000

1.1) Introduction:

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act
of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law
in India dealing with cybercrime and electronic commerce.

Secondary or subordinate legislation to the IT Act includes the Intermediary Guidelines Rules
2011 and the Information Technology (Intermediary Guidelines and Digital Media Ethics
Code) Rules, 2021.

The bill was passed in the budget session of 2000 and signed by President K. R.
Narayanan on 9 June 2000. The bill was finalised by a group of officials headed by
then Minister of Information Technology Pramod Mahajan.

The original Act contained 94 sections, divided into 13 chapters and 4 schedules. The laws
apply to the whole of India. If a crime involves a computer or network located in India,
persons of other nationalities can also be indicted under the law.

The Act provides a legal framework for electronic governance by giving recognition
to electronic records and digital signatures. It also defines cyber crimes and prescribes
penalties for them.

The Act directed the formation of a Controller of Certifying Authorities to regulate the
issuance of digital signatures. It also established a Cyber Appellate Tribunal to resolve
disputes arising from this new law. The Act also amended various sections of the Indian
Penal Code, 1860, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891,
and the Reserve Bank of India Act, 1934 to make them compliant with new technologies.

Sabargam College Prepared By: Shailesh P. Pandhi

2
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

1.2.) Amendments:

A major amendment was made in 2008. It introduced Section 66A which penalized sending
"offensive messages".

It also introduced Section 69, which gave authorities the power of "interception or monitoring
or decryption of any information through any computer resource". Additionally, it introduced
provisions addressing - pornography, child porn, cyber terrorism and voyeurism.

The amendment was passed on 22 December 2008 without any debate in Lok Sabha. The
next day it was passed by the Rajya Sabha. It was signed into law by President Pratibha Patil,
on 5 February 2009.

2) Electronic Signature:
As we all know, signatures are the identity of an individual. Traditionally, signatures are
handwritten with pen on paper. However, now we can have electronic signatures! So, what
brought this change? Digitization is the answer. Many businesses adopted the digital route for
different business processes. This is the reason for which you can see better efficiency in
marketing and sales.

2.1.: Definition:

Electronic signature, commonly known as ‘e-signature’ and ‘e-sign’ is a legal concept, that is
different from digital signature which is a cryptographic method used to implement electronic
signatures. An electronic signature provides a precise and secure identification method to the
signatory to provide a seamless transaction.

An electronic signature has equal legal value as that of a handwritten signature as long as it
satisfies the requirements of the regulation under which it has been created. It is very simple
to create an electronic signature, and once created, it can be added to any document, even
along with other annotations like freeform text and check marks.
In layman’s terms, an electronic signature, commonly known as e-signature, is an electronic
expression of the agreement of a person to accept the terms mentioned in a particular
document.

Sabargam College Prepared By: Shailesh P. Pandhi

3
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

According to the US Federal ESIGN Act, that was passed in 2000, “Electronic signature can
be defined as an electronic symbol, sound or process that is associated with a record or a
contract logically. An electronic signature is created or adopted by a person in order to
sign the record.”

2.2. Example of Electronic Signature:

With the technological advancement in this digital era, the documents are written and signed
electronically. You may find electronic signature everywhere, even when you may not even
be aware that you are using an electronic signature. Here are a few examples of the electronic
signature:
All of you would be using Facebook. Whenever you click on the “Sign Up” you are agreed
with and accept the Facebook’s privacy policy and terms of use. It means you sign those
terms of use and privacy policy documents electronically with the e-signature. Such a click
on the signup button is just like a keystroke, a process, that is an electronic signature
example. Many other social sites and other web pages use this feature such as Twitter,
MySpace, foursquare etc.
Another electronic signature example is signing the electronic pad. Many of you who have
done online shopping would be familiar with this. When you do online shopping and
purchase something by using your debit card or credit card at Walmart, you will have to put
electronic signature while accepting the order. Many other store chains also use electronic
signature like this such as Best Buy, Game Stop etc.
2.3.: Is Electronic Signature Legal?
The electronic signatures are legalized and acts as a legal binding. In the United States, the
electronic signatures are legal and recognized as the handwritten signatures after the approval
of the following acts:

 Uniform Electronic Transactions Act (UETA) in 1999

 Electronic Signatures in Global and National Commerce Act (ESIGN) in 2000

Combined together, these two acts – UETA and ESIGN ACT allow the usage of electronic
signatures to replace the handwritten signatures. It is required that an electronic signature
meets the four legal hallmarks of the e-signature. In simple terms, here are four requirements
for an electronic signature to be recognized and validated by the US law, these are:
Sabargam College Prepared By: Shailesh P. Pandhi

4
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

1. The signer is who he/she claims to be. An electronic signature is the identity of the
signer. If required, the identity of the signer could be authenticated or verified using a
number of digital markers such as an IP address.
2. The intention of the signer to sign is clear. The terms of the document/ contract/
transaction should have been communicated well with the signer. The signer should
be intentionally agreed to undergo the e-signing procedure.
3. It could be verified that the signature is associated with the signed
document. This parameter basically involves the signing process such as how the
document was signed, which process the signer completed, and which documentation
supports the electronic transaction involving e-signature.
4. The record should be retained by the creator or sender. The electronic signature
records and documents should be created to retain and reproduce accurately for
further reference by all the parties and individuals who are responsible to retain the
record or contract.

2.4.: Types of Electronic Signature:

If you are new to the term electronic signature, you may be confused about what forms the
electronic signature and what’s the difference between different types of electronic signatures
on the basis of legality and evidential power. Before getting into the different types of
electronic signatures, it is important to understand the basics about the electronic signature.
E-signature is a mark that can be used on an electronic document to show the intention of the
signer to submit his/her approval on the contents of the document. It is not important how the
eSign is created but important is the person with whom the sign belongs to and the document
that shouldn’t be changed subsequently.
As per eIDAS regulation, e-signatures can be categorised into different types on the basis of
the level of security they provide. There are four types of electronic signatures:

A. Click-to-Sign Signatures
B. Basic Electronic Signatures
C. Advanced Electronic Signatures
D. Qualified Electronic Signatures

Sabargam College Prepared By: Shailesh P. Pandhi

5
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

A. Click-to-Sign Signatures
Click-to-Sign category includes signatures in the form of scanned images, tick boxed, typed
names, and e-squiggles. In this type, the document is not provided with any cryptographic
protection. Due to which, this type of signatures neither verify the signatory nor protect the
document to be changed. It is possible to cut and paste this type of signatures from one
document to another easily. Using this type of signatures by own is not at all recommended.
B. Basic Electronic Signatures
Basic electronic signatures involve the process of applying a handwritten signature mark on
the document by the signer which is then protected with a cryptographic digital signature. So,
the basic electronic signatures allow the signer to create a crypto digital signature by using a
server-held signing key so-referred to as a witness digital signature.

Whenever the user applies e-signature on any document, this witness digital signature is
applied every time which binds the e-signature to the document cryptographically from any
subsequent changes, thus ensures data integrity. Whenever the user apply e-signature on any
document, this witness digital signature is applied every time which binds the e-signature to
the document cryptographically.

C. Advanced Electronic Signatures

As the name suggests, being the advanced ones, advanced electronic signatures have a higher
level of security. An electronic signature that meets the requirements mentioned under the EU
regulation No 910/2014 (eIDAS-regulation) regarding electronic identification and electronic
transactions in the internet market, is known as the advanced electronic signature.
eIDAS has created some standards regarding the use of electronic signatures with the intent
to use them in a secure manner while conducting online business or official business over the
globe.
An electronic signature must meet the following requirements to become an advanced
electronic signature:

 The signatory could be identified uniquely and linked to the signature

 The signatory must have all the control of the data that was used to create the
electronic signature
 In the event that the accompanying data has been damaged or tampered after the
document was signed, the signature must be identified
Sabargam College Prepared By: Shailesh P. Pandhi

6
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

 In the event that the accompanying data has been modified or changed after the
document was signed, the signature must be invalidated

D. Qualified Electronic Signatures

A qualified electronic signature is actually an advanced electronic signature with some
additional features. The qualified signatures are created with the help of a qualified signature
creation device. Also, these signatures are based on a qualified certificate for electronic
signatures.
2.5.: Electronic Signature Used for

Here are various kind of documents that can be signed with an electronic signature such as,

 Invoices, sales contracts, and NDAs

 Employee paperwork, timesheets, and approve proposals
 School forms, permission slips, and release forms
 Leases, property, and other housing and rental agreements
 Bank forms, tax documents, and insurance forms

You can not use e-signatures while dealing with:

 Marriage registration
 Family law, and
 Inheritance rights

2.6.: Benefits of Using Electronic Signature:

A. Get documents signed fast – With an electronic signature, the document is signed
very fast i.e. within few minutes. Signing a document with a handwritten signature
would not also take time, but it takes time when the signatory is at distance. By using
an electronic signature software, you can create and send any document to be signed
over the boundaries in less than minute. The document is then received by the
signatory and signed in no time.
B. Sign documents from anywhere – For the handwritten signature, the sender had to
wait for days to weeks depending on the location of the signatory. Sometimes, it
might not be possible to send confidential documents via post. Or when sent through
Sabargam College Prepared By: Shailesh P. Pandhi

7
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

email, the signatory would have to get the hard copy to sign, and again shared the
scanned copy after signature. It might also take a few hours. But e-signature and e-
signature software has made the signing process very simple. Now, wherever be the
signatory, the documents are sent in email via e-signature software, and get signed
within minutes.
C. Save money with e-signature software packages – There is no doubt that e-
signature software has made the signing process simpler. Now, you don’t need to
spend on getting hard copy of the documents and sending them via post to the
signatory. Also, one can make big savings on the monthly and yearly packages
offered by the electronic signature vendors. So, it brings business benefits of
electronic signature in terms of investment.
D. Collect secure and legally binding signatures – As mentioned earlier, sharing
confidential and signed documents via post or over internet might not be much secure.
But e-signature software are secure enough to be used in order to share the
confidential information and signatures. Besides, electronic signatures are secure and
legally approved signatures, so you can create once and use them whenever and
wherever required.
E. Effort and time saving to handle technical hassles – When you decide to use
electronic signature for your business, organization or individual usage, you opt to use
an electronic signature software. By using an e-signature software, businesses save
their time as this software are not only easy to use, but comes with a support team of
technical experts that is always ready to resolve all your queries.
F. Increased service and efficiency – Now, with the electronic signature, business and
legal departments need not to cut down the business expenses by avoiding the
services. But they should opt to use e-signatures like modern technologies to reduce
their costs. An e-signature vendor helps the businesses to digitize all the important
and confidential legal documents. Also, it helps to share and sign the documents in an
easy, fast, and secure manner, independent of the number of parties involved.

3.E-Governance

Sabargam College Prepared By: Shailesh P. Pandhi

8
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

3.1.: Meaning

E-governance, expands to Electronic Governance, is the integration

of Information and Communication Technology (ICT) in all the processes, with
the aim of enhancing government ability to address the needs of the general public.
The basic purpose of e-governance is to simplify processes for all, i.e. government,
citizens, businesses, etc. at National, State and local levels.

In short, it is the use of electronic means, to promote good governance. It

connotes the implementation of information technology in the government
processes and functions so as to cause simple, moral, accountable and
transparent governance. It entails the access and delivery of government
services, dissemination of information, communication in a quick and efficient
manner.

3.2. Types of Interactions in E-Governance:

A. G2G (Government to Government): When the exchange of information and

services is within the periphery of the government, is termed as G2G interaction. This
can be both horizontal, i.e. among various government entities and vertical, i.e.
between national, state and local government entities and within different levels of the
entity.

B. G2C (Government to Citizen): The interaction amidst the government and general
public is G2C interaction. Here an interface is set up between government and
citizens, which enables citizens to get access to wide variety of public services. The
citizens has the freedom to share their views and grievances on government policies
anytime, anywhere.

C. G2B (Government to Business): In this case, the e-governance helps the business
class to interact with the government seamlessly. It aims at eliminating red-tapism,
saving time, cost and establish transparency in the business environment, while
interacting with government.

Sabargam College Prepared By: Shailesh P. Pandhi

9
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

D. G2E (Government to Employees): The government of any country is the biggest

employer and so it also deals with employees on a regular basis, as other employers
do. ICT helps in making the interaction between government and employees fast and
efficient, along with raising their level of satisfaction by providing perquisites and
add-on benefits.

4.Regulations of Certifying authorities for Cyber Crime:

4.1. Introduction

Sections 17 to 34 of Chapter VI of the Act provide for the Controller of Certifying

Authorities (CCA) to licence and regulate the working of Certifying Authorities (CAs). CCA
also ensures that none of the provisions of the Act are violated. The regulation of certifying
authorities or electronic signature infrastructure in India consists of :

 Controller of Certifying Authority (CCA). The IT Act, 2000 provides for an

appointment, functions, powers, duties of CCA (the apex regulatory body for
certifying authorities in India) and other officers.
 Certifying Authorities (CAs). A certifying authority is a trusted third party or entity
that will get licence from the controller and will issue electronic signature certificate
to the users of e-commerce. These authorities will function under the supervision and
control of the controller of certifying authorities.

4.2. Appointment of Controller and Other Officers

Section 17 provides that the Central Government may, by notification in the Official Gazette,
appoint a Controller of Certifying Authorities for the purposes of this Act. It may also be the same
or subsequent notification appoint such number of Deputy Controllers, Assistant Controllers, other
officers and employees as it deems fit.

The controller has to functionunder the general control and directions of the Central Government
and the Deputy Controllers and Assistant Controllers have to function under general
superintendence and control of the controller. The controller shall have its head office at a place
prescribed by the Central Government. There shall be a seal of the office of the controller.
Sabargam College Prepared By: Shailesh P. Pandhi

10
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

4.3. Functions of CCA (Secs. 18-25)

A. To act as regulator of certifying authorities (Sec. 18). The main functions of the controller are
to regulate the working of certifying authorities. He performs the following functions in this
regard:

 To exercise supervision over the activities of CAs;

 To certify public keys of CAs;
 To lay down the standards to be maintained by CAs;
 To specify the qualifications and experience for employee of CAs;
 To specify the conditions for conducting business by CAs;
 To specify the terms and manner for maintenance of accounts by CAs;
 To specify the terms and conditions for appointment of auditors and their remuneration;
 To facilitate the establishment of any electronic system as well as regulation of such system;
 To specify the manner of conducting dealings by CAs with the subscribers;
 To resolve any conflict of interest between CAs and the subscribers;
 To lay down the duties of CAs;
 To maintain database for every CA containing their disclosure record as well as such particulars as
may be specified by regulations, which shall be accessible to public.

B. To recognise the foreign certifying authority (Sec. 19). The controller, with the prior permission
of the Central Government and by notification in the Official Gazette, may recognise any foreign
certifying authority for the purpose of this Act [Sec. 19(1)].The controller may revoke such
recognition by notification in the Official Gazette for reasons to be recorded in writing [Sec.
19(3)].
C. To grant licence to CAs to issue electronic signature certificate (Sec. 21). The controller can
grant a licence to any person to issue electronic signature certificate provided he applies and fulfils
such requirements with respect to qualification, expertise, manpower, financial resources and
other infrastructure facilities which are necessary for the issue of Electronic Signature Certificate
[Sec. 21(1) and (2)].The controller may after considering the documents and such other factors, as
he deems fit, grant the licence or reject the application. He may reject only after the applicant has
been given a reasonable opportunity of presenting his case (Sec. 24).
D. To suspend licence (Sec. 25). The controller may suspend licence if he is satisfied after making
an enquiry that CA has:
 Made a statement which is incorrect or false in material particulars in or relation to the application
for the issue or renewal of licence.
 Failed to comply with terms and conditions necessary for granting of licence.

Sabargam College Prepared By: Shailesh P. Pandhi

11
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

 Failed to maintain standards specified in sec. 30.

 Contravened any provisions of the act, rule, regulation or order made thereunder.

 The notice of suspension or revocation may be published in the database maintained by the
controller (sec. 26).

5. PENALTIES, COMPENSATION AND ADJUDICATION

5.1.: Penalty and compensation for damage to computer, computer system,

etc. 
If any person without permission of the owner or any other person who is incharge of a
computer, computer system or computer network,-
 accesses or secures access to such computer, computer system or computer
network [or computer resource];
 downloads, copies or extracts any data, computer database or information from such
computer, computer system or computer network including information or data held
or stored in any removable storage medium;
 introduces or causes to be introduced any computer contaminant or computer virus
into any computer, computer system or computer network;
 damages or causes to be damaged any computer, computer system or computer
network, data, computer database or any other programmes residing in such computer,
computer system or computer network;
 disrupts or causes disruption of any computer, computer system or computer network;
 denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means;
 provides any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this Act, rules or
regulations made thereunder;
 charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network;

Explanation. - For the purposes of this section,-

(i) "computer contaminant “means any set of computer instructions that are designed-
Sabargam College Prepared By: Shailesh P. Pandhi

12
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

(a) to modify, destroy, record, transmit data or programme residing within a

computer, computer system or computer network; or

(b) by any means to usurp the normal operation of the computer, computer system,
or computer network;

(ii) "computer database “means a representation of information, knowledge, facts,

concepts or instructions in text, image, audio, video that are being prepared or have
been prepared in a formalized manner or have been produced by a computer, computer
system or computer network and are intended for use in a computer, computer system
or computer network;

(iii) "computer virus “means any computer instruction, information, data or programme
that destroys, damages, degrades or adversely affects the performance of a computer
resource or attaches itself to another computer resource and operates when a
programme, data or instruction is executed or some other event takes place in that
computer resource;

(iv) "damage “means to destroy, alter, delete, add, modify or rearrange any computer
resource by any means;

5.2.: Compensation for failure to protect data. 

Where a body corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to
pay damages by way of compensation to the person so affected.
Explanation. - For the purposes of this section, -
(i) "body corporate"means any company and includes a firm, sole proprietorship or other
association of individuals engaged in commercial or professional activities;

(ii) "reasonable security practices and procedures"means security practices and

procedures designed to protect such information from unauthorized access, damage,
use, modification, disclosure or impairment, as may be specified in an agreement
between the parties or as may be specified in any law for the time being in force and in
the absence of such agreement or any law, such reasonable security practices and

Sabargam College Prepared By: Shailesh P. Pandhi

13
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

procedures, as may be prescribed by the Central Government in consultation with such

professional bodies or associations as it may deem fit;

(iii) "sensitive personal data or information"means such personal information as may be

prescribed by the Central Government in consultation with such professional bodies or
associations as it may deem fit.]

5.3. Penalty for failure to furnish information, return, etc. 

If any person who is required under this Act or any rules or regulations made thereunder to-
(a) furnish any document, return or report to the Controller or the Certifying Authority
fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty
thousand rupees for each such failure;

(b) file any return or furnish any information, books or other documents within the time
specified therefor in the regulations fails to file return or furnish the same within the
time specified therefor in the regulations, he shall be liable to a penalty not exceeding
five thousand rupees for every day during which such failure continues;

(c) maintain books of account or records fails to maintain the same, he shall be liable to a
penalty not exceeding ten thousand rupees for every day during which the failure
continues.

5.4. Residuary penalty. –

Whoever contravenes any rules or regulations made under this Act, for the contravention of
which no penalty has been separately provided, shall be liable to pay a compensation not
exceeding twenty-five thousand rupees to the person affected by such contravention or a
penalty not exceeding twenty-five thousand rupees.

5.5. Power to aAjudicate. –

(1) For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any of the provisions of this Act or of any rule, regulation, [direction or
order made thereunder which renders him liable to pay penalty or compensation,] the Central
Government shall, subject to the provisions of sub-section (3), appoint any officer not below
the rank of a Director to the Government of India or an equivalent officer of a State
Government to be an adjudicating officer for holding an inquiry in the manner prescribed by
the Central Government.
Sabargam College Prepared By: Shailesh P. Pandhi

14
T.Y.B.B.A. Legal Aspect of Business Unit:5 The Information Technology Act: 2000

(2) The adjudicating officer shall, after giving the person referred to in sub-section (1) a
reasonable opportunity for making representation in the matter and if, on such inquiry, he is
satisfied that the person has committed the contravention, he may impose such penalty or
award such compensation as he thinks fit in accordance with the provisions of that section.
(3) No person shall be appointed as an adjudicating officer unless he possesses such
experience in the field of Information Technology and legal or judicial experience as may be
prescribed by the Central Government.
(4) Where more than one adjudicating officers are appointed, the Central Government shall
specify by order the matters and places with respect to which such officers shall exercise their
jurisdiction.
(5) Every adjudicating officer shall have the powers of a Civil Court which are conferred on
the Cyber Appellate Tribunal under sub-section (2) of section 58, and-
(a) all proceedings before it shall be deemed to be judicial proceedings within the
meaning of sections 193 and 228 of the Indian Penal Code (45 of 1860);

(b) shall be deemed to be a Civil Court for the purposes of sections 345 and 346 of the
Code of Criminal Procedure, 1973 (2 of 1974);

[(c) shall be deemed to be a Civil Court for purposes of Order XXI of the Civil Procedure
Code, 1908 (5 of 1908).]

5.6.: Factors to be taken into account by the adjudicating officer. 

While adjudging the quantum of compensation under this Chapter, the adjudicating officer shall
have due regard to the following factors, namely: -
(a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the
default;

(b) the amount of loss caused to any person as a result of the default;

(c) the repetitive nature of the default.

Sabargam College Prepared By: Shailesh P. Pandhi

15