https://cleartax.

in/s/it-act-2000 Grokk

Study Notes on IT Act 2000: Objectives, Features, Amendments,

Sections, Offences, and Penalties
Introduction
 Context: Over the past decade, cybercrime in India surged from
3,693 cases in 2012 to 65,893 in 2022, prompting the need for
regulation of electronic mediums and data security.
 Purpose: The Information Technology Act (IT Act) 2000 was
introduced to address cybercrimes, regulate digital transactions,
and protect national security data.

What is the Information Technology Act 2000?

 Definition: A legal framework by the Indian Parliament to govern
cybercrime and electronic commerce.
 Basis: Formulated based on the United Nations Model Law on
Electronic Commerce 1996 (UNCITRAL Model).
 Structure: Comprises 94 sections, 13 chapters, and 2 schedules.

When IT Act 2000 Came Into Effect?

 Passed: Bill passed in the Budget session, signed by the President
on May 9, 2000.
 Effective Date: October 17, 2000.
 Scope: Applies to all individuals regardless of nationality or
geographic location.

Importance of IT Act 2000

 Legal recognition of electronic records, boosting e-commerce and
digital transactions.
 Equates electronic signatures with physical signatures.
 Established the Controller of Certifying Authorities (CCA) to issue
and secure digital signatures/certificates.
 Mandates consumer consent for data collection/use.
 Allows compensation for misuse of personal data.
 Criminalizes cybercrimes (e.g., hacking, spreading viruses).
  Established the Cyber Appellate Tribunal to handle appeals
against Adjudicating Officers’ orders.
 Protects critical information infrastructure (e.g., communication
networks, power grids).

Objectives of IT Act 2000

1. Promote efficient electronic delivery of government services and
digital transactions.
2. Impose penalties on cybercrimes (e.g., data theft, identity theft,
cyberstalking) for a secure cyber landscape.
3. Formulate rules to monitor cyber activity, electronic
communication, and commerce.
4. Foster growth, innovation, and entrepreneurship in the IT/ITES
sector.

Features of IT Act 2000

 Central Government enforces provisions for e-commerce
regulation and cybercrime penalties.
 Defines intermediaries’ roles, responsibilities, and liability
exemptions.
 Linked to CERT-In (Indian Computer Emergency Response Team)
for cybersecurity and incident response.
 Two amendments made to address technological advancements
and implementation issues.

IT Act 2000 and Its Amendments

1. Amendment of 2008
o Modified Section 66A to penalize offensive electronic
messages (e.g., inciting hatred or compromising national
security).
o Issue: Vague definition of "offensive" led to misuse and
eventual striking down of the section.
2. Amendment Bill 2015
o Aimed to revise Section 66A to protect constitutional rights
(Article 19).
o Declared Section 66A unconstitutional for violating free
speech.
Digital Signature Under IT Act 2000
 Legalizes digital signatures for secure online document
submission.
 Mandates companies/LLPs under MCA21 e-Governance program to
use digital signatures for filing.

Electronic Governance Under IT Act 2000

 Definition: Legal framework for managing government processes
electronically.
 Key Sections:
o Section 4: Grants legal recognition to electronic records
(equivalent to paper documents).
o Section 5: Recognizes digital signatures as equal to
handwritten ones (authentication by Central Government).
o Section 6: Promotes e-records and digital signatures in
government agencies (e.g., online filing, e-approvals, digital
payments).
o Section 7: Authorizes retention of electronic records for
legal purposes.

IT Act 2000 Sections

 94 sections regulate electronic exchanges, e-governance, digital
signatures, and electronic records.
Section 43 (Chapter IX)
 Actions Penalized (Without Permission):
o Accessing system data.

o Downloading/copying data.

o Introducing viruses/malicious software.

o Damaging computer networks/databases.

o Denying authorized access.

o Assisting breaches.

o Charging for unused services.

o Altering/removing data to cause harm.

o Stealing/tampering with program code.

Section 66
 Punishes Section 43 actions done with dishonest/fraudulent
intent.
 Penalty: Up to 3 years imprisonment, fine up to Rs. 5 lakh, or
both.
Section 66A
 Penalized offensive electronic messages (e.g., menacing, false
info causing annoyance, hatred).
 Struck down due to vagueness and violation of Article 19.
Section 66B
 Punishes dishonest receipt/retention of stolen computer
resources/devices.
 Penalty: Up to 3 years imprisonment, fine up to Rs. 1 lakh, or
both.
Section 67A
 Punishes publishing/sharing sexually explicit material
electronically.
 Penalty:
o 1st conviction: Up to 5 years imprisonment, fine up to Rs. 10
lakh.
o 2nd/subsequent conviction: Up to 7 years imprisonment,
fine up to Rs. 10 lakh.

Offences and Penalties Under IT Act 2000

Sectio
Offence Penalty
n

Tampering with computer-stored 3 years imprisonment or Rs. 2

65
documents lakh fine or both

Computer-related offences 3 years imprisonment or Rs. 5

66
(Section 43 acts) lakh fine or both

Receiving stolen computer 3 years imprisonment or Rs. 1

66B
resource/device lakh fine or both

3 years imprisonment or Rs. 1

66C Identity theft
lakh fine or both

3 years imprisonment or Rs. 1

66D Cheating by personation
lakh fine or both
Sectio
Offence Penalty
n

3 years imprisonment or Rs. 2

66E Privacy invasion
lakh fine or both

66F Cyber terrorism Life imprisonment

Sending obscene material 5 years imprisonment, Rs. 10

67
electronically lakh fine

Sending sexually explicit 7 years imprisonment, Rs. 10

67A
material lakh fine

Depicting children in explicit 7 years imprisonment, Rs. 10

67B
acts electronically lakh fine

Intermediaries failing to retain

67C 3 years imprisonment and fine
information

Cyber Crime Under IT Act 2000

 Key Laws in India: IT Act 2000, Indian Penal Code 1860, IT Rules,
Companies Act 2013, Cybersecurity Framework (NCFS).
 IT Act Role: First cyber law in India, protecting e-governance, e-
banking, and e-commerce sectors.

Advantages of IT Act 2000

 Legalizes electronic communications as evidence in court.
 Enables e-commerce/e-business via legal infrastructure.
 Legalizes digital signatures for online transactions/identity
verification.
 Provides statutory remedies for unauthorized access/hacking.
 Offers compensation for computer system damages.
 Penalizes cybercrimes (e.g., hacking, identity theft, phishing).
 Allows companies to issue digital certificates as certifying
authorities.
 Supports e-governance by enabling government notices online.

Disadvantages of IT Act 2000

 Does not address domain name issues or rights/liabilities of
domain owners.
  Fails to protect Intellectual Property Rights (e.g., copyrights,
patents) in computer programs/networks.
 Excludes several cybercrimes (e.g., cyberstalking, cyber fraud,
chat room abuse).
 Lacks provisions for privacy and content regulation.

Conclusion
 The IT Act 2000 is a critical step toward securing data and
regulating cyber activities in India.
 Despite its benefits, gaps in addressing privacy, IP rights, and
emerging cybercrimes highlight the need for further updates.

dristi

About Information Technology (IT) Act, 2000:

 What it is:


o The IT Act 2000 is India’s primary law governing cyber activities,

digital transactions, and electronic governance.
o It provides a legal framework for cybersecurity, digital
signatures, data protection, and penalties for cyber
offenses.
 Aim of the act:


o Facilitate secure electronic communication and commerce.

o Ensure penalties for cybercrimes and protection of user data.

o Foster innovation and trust in the Indian IT and digital

ecosystem.
 Key Features:


o Legal recognition of electronic records and digital signatures.

o Defines liabilities and protections for intermediaries.

o Empowers the Central Government and CERT-In for

cybersecurity regulation.
o Amended in 2008 and 2015 to address evolving cyber challenges.
  Key Provisions in News:
o Section 69A of IT Act, 2000:

 Empowers the government to block public access to

online information in interest of sovereignty, security,
public order, or prevention of incitement.
 Requires written orders and procedural safeguards,
upheld in the Shreya Singhal vs Union of India
(2015) verdict.
 Section 79 of IT Act, 2000:


 Provides conditional immunity to intermediaries for

third-party content.
 Under Section 79(3)(b), intermediaries must remove
unlawful content when notified by the government or lose
immunity.
 Does not authorize direct blocking orders; only notifies
intermediaries of liability.
About Sahyog Portal:
 What it is: An online platform developed to automate the issuance of
notices to intermediaries for content removal under the IT Act.
 Ministry Involved: Developed and managed by the Ministry of Home
Affairs (MHA).
 Aim:


o To enable swift and coordinated action against unlawful digital

content.
o Create a clean and secure cyberspace for Indian citizens.

 Functions:


o Brings together authorized government agencies and

intermediaries on one digital platform.
o Facilitates the issuance, tracking, and monitoring of content
removal notices.
 o Enhances compliance, monitoring, and quick responses to
cyber law violations.

GROK

Below are comprehensive study notes based on the provided document from
The Gazette of India Extraordinary, which details the Information Technology
Act, 2000 (IT Act, 2000). These notes cover all sections, chapters, and
amendments as outlined in the document, ensuring no points are missed.

Study Notes: Information Technology Act, 2000

Overview
 Published: The Gazette of India, Extraordinary, Part II, Section 1, by
authority.
 Date: April 10, 2025 (current reference date, though the Act was originally
enacted in 2000).
 Purpose: To provide legal recognition to electronic records and digital
signatures, regulate electronic transactions, define cyber offenses, and
establish authorities for oversight.

Preliminary (Section 1)
1. Short Title and Extent:
o Title: Information Technology Act, 2000.

o Extent: Applies to the whole of India and to offenses/contraventions

committed outside India involving a computer/system/network in
India (Section 75).
2. Commencement:
o Comes into force on dates notified by the Central Government;
different provisions may have different start dates.
3. Non-Applicability (Section 1(4)):
o Does not apply to: a. Negotiable instruments (Negotiable
Instruments Act, 1881, Section 13). b. Power-of-attorney (Powers-of-
Attorney Act, 1882, Section 1A). c. Trusts (Indian Trusts Act, 1882,
Section 3). d. Wills/testamentary dispositions (Indian Succession
Act, 1925, Section 2(h)). e. Contracts for sale/conveyance of
immovable property. f. Any other documents/transactions notified
by the Central Government.
Definitions (Section 2)
1. Key Terms:
o Access: Gaining entry or communicating with computer resources.

o Addressee: Intended recipient of an electronic record, excluding

intermediaries.
o Adjudicating Officer: Appointed under Section 46(1) to handle
contraventions.
o Affixing Digital Signature: Authenticating an electronic record
using a digital signature.
o Appropriate Government: State Government for State matters
(List II/III of Seventh Schedule); otherwise, Central Government.
o Asymmetric Crypto System: Uses private key (to create) and
public key (to verify) for digital signatures.
o Certifying Authority (CA): Licensed entity under Section 24 to
issue Digital Signature Certificates (DSCs).
o Computer: High-speed data processing device performing
logical/arithmetic/memory functions.
o Computer Network: Interconnected computers via communication
media.
o Computer Resource: Includes computers, systems, networks,
data, databases, or software.
o Controller: Appointed under Section 17(1) to oversee Certifying
Authorities.
o Cyber Appellate Tribunal: Established under Section 48(1) for
appeals.
o Data: Representation of information in any form (e.g., printouts,
magnetic/optical media).
o Digital Signature: Authentication method under Section 3.

o Digital Signature Certificate (DSC): Issued under Section 35(4).

o Electronic Record: Data/image/sound stored or sent electronically.

o Intermediary: Entity receiving/storing/transmitting electronic

messages on behalf of others.
o Key Pair: Private and public keys in an asymmetric crypto system.

o Secure System: Hardware/software/procedures secure from

unauthorized access/misuse.
o Subscriber: Person in whose name a DSC is issued.
Chapter II: Digital Signature (Section 3)
1. Authentication of Electronic Records:
o Subscribers authenticate records using digital signatures.

o Uses asymmetric crypto system and hash function to transform

records.
o Hash Function: Algorithm producing a unique hash result, making
it computationally infeasible to: a. Reconstruct the original record
from the hash. b. Produce the same hash from two different
records.
o Verification: Public key verifies the signature; private/public keys
are unique to the subscriber.

Chapter III: Electronic Governance (Sections 4-10)

1. Legal Recognition of Electronic Records (Section 4):
o Electronic records satisfy legal requirements for written/printed
forms if accessible for subsequent use.
2. Legal Recognition of Digital Signatures (Section 5):
o Digital signatures satisfy legal signature requirements if affixed as
prescribed.
3. Use in Government (Section 6):
o Filing, issuing licenses, or payments can be done electronically as
prescribed.
4. Retention of Electronic Records (Section 7):
o Electronic retention satisfies legal requirements if: a. Accessible for
future use. b. Retained in original format or accurately reproducible.
c. Contains origin/destination/date/time details.
o Exception: Does not apply to auto-generated dispatch data.

5. Publication in Electronic Gazette (Section 8):

o Rules/regulations/orders published electronically satisfy legal
requirements.
6. No Right to Insist on Electronic Form (Section 9):
o Sections 6-8 do not confer a right to demand electronic acceptance
by government bodies.
7. Rule-Making Power (Section 10):
 o Central Government prescribes rules for digital signature type,
format, and security.

Chapter IV: Attribution, Acknowledgment, and Dispatch (Sections 11-

13)
1. Attribution (Section 11):
o Electronic record attributed to the originator if sent by: a. Originator
themselves. b. Authorized person. c. Automated system
programmed by the originator.
2. Acknowledgment of Receipt (Section 12):
o Form/method of acknowledgment not specified unless agreed.

o If acknowledgment is stipulated and not received, the record is

deemed unsent.
3. Time and Place of Dispatch/Receipt (Section 13):
o Dispatch: When record leaves originator’s control.

o Receipt: a. At designated computer resource: When it enters. b. At

non-designated resource: When retrieved.
o Place: Deemed dispatched/received at originator/addressee’s
principal place of business.

Chapter V: Secure Electronic Records and Signatures (Sections 14-16)

1. Secure Electronic Record (Section 14):
o Deemed secure from application of security procedure until
verification.
2. Secure Digital Signature (Section 15):
o Deemed secure if: a. Unique to subscriber. b. Identifies subscriber.
c. Created under subscriber’s control and linked to the record.
3. Security Procedure (Section 16):
o Prescribed by Central Government considering transaction nature,
sophistication, volume, etc.

Chapter VI: Regulation of Certifying Authorities (Sections 17-34)

1. Controller of Certifying Authorities (Section 17):
o Appointed by Central Government; oversees CAs with
Deputy/Assistant Controllers.
2. Functions of Controller (Section 18):
 o Supervise CAs, certify public keys, set standards, resolve conflicts,
maintain databases.
3. Recognition of Foreign CAs (Section 19):
o Controller may recognize foreign CAs with Central Government
approval.
4. Controller as Repository (Section 20):
o Maintains all DSCs and public keys securely.

5. Licensing of CAs (Sections 21-24):

o Application to Controller with certification practice statement; fees
up to ₹25,000.
o License non-transferable, subject to conditions.

o Renewal: Application with fees up to ₹5,000, 45 days before expiry.

6. Suspension/Revocation of License (Sections 25-26):

o Grounds: False statements, non-compliance, contravention.

o Suspension up to 10 days; revocation after inquiry and notice.

7. Powers of Controller (Sections 27-29):

o Delegate powers, investigate contraventions, access
computers/data.
8. CA Procedures (Sections 30-34):
o Use secure systems, ensure compliance, display license, disclose
key information.

Chapter VII: Digital Signature Certificates (Sections 35-39)

1. Issuance of DSC (Section 35):
o Application with fees up to ₹25,000; issued after verification of key
pair.
2. Representations by CA (Section 36):
o CA certifies compliance, accuracy, and key pair functionality.

3. Suspension/Revocation of DSC (Sections 37-39):

o Suspension (up to 15 days) or revocation on request, false info, or
public interest; notice published.

Chapter VIII: Duties of Subscribers (Sections 40-42)

1. Generating Key Pair (Section 40):
 o Subscriber generates key pair using security procedures.

2. Acceptance of DSC (Section 41):

o Acceptance by publication or approval; certifies truth of info.

3. Control of Private Key (Section 42):

o Subscriber must prevent disclosure; liable until compromise
reported.

Chapter IX: Penalties and Adjudication (Sections 43-47)

1. Penalty for Damage (Section 43):
o Up to ₹1 crore for unauthorized access, viruses, disruption, etc.

2. Penalty for Non-Compliance (Section 44):

o Up to ₹1.5 lakh for failing to furnish info; ₹5,000/day for delays.

3. Residuary Penalty (Section 45):

o Up to ₹25,000 for unspecified contraventions.

4. Adjudication (Section 46):

o Adjudicating Officer (Director rank) holds inquiries, imposes
penalties.

Chapter X: Cyber Appellate Tribunal (Sections 48-64)

1. Establishment (Section 48):
o Central Government establishes the Tribunal.

2. Composition (Sections 49-56):

o Presiding Officer with judicial/IT experience; staff appointed.

3. Appeals (Section 57):

o Appeals within 45 days; disposed within 6 months.

4. Powers (Section 58):

o Civil court powers (summoning, evidence, etc.).

5. Appeal to High Court (Section 62):

o Within 60 days from Tribunal’s order.

Chapter XI: Offences (Sections 65-78)

1. Tampering with Source Code (Section 65):
 o Up to 3 years imprisonment or ₹2 lakh fine.

2. Hacking (Section 66):

o Up to 3 years or ₹2 lakh fine.

3. Obscene Material (Section 67):

o First offense: Up to 5 years, ₹1 lakh fine; subsequent: 10 years, ₹2
lakh.
4. Controller’s Directions (Section 68):
o Non-compliance: Up to 3 years or ₹2 lakh.

5. Decryption Assistance (Section 69):

o Failure: Up to 7 years.

6. Protected Systems (Section 70):

o Unauthorized access: Up to 10 years.

7. Misrepresentation (Section 71):

o Up to 2 years or ₹1 lakh.

8. Breach of Privacy (Section 72):

o Up to 2 years or ₹1 lakh.

9. False DSC (Section 73):

o Up to 2 years or ₹1 lakh.

10.Fraudulent DSC (Section 74):

o Up to 2 years or ₹1 lakh.

Chapter XII: Network Service Providers (Section 79)

 Liability Exemption:
o Not liable for third-party info if unaware or exercised due diligence.

Chapter XIII: Miscellaneous (Sections 80-94)

1. Police Powers (Section 80):
o DSP or above can search/arrest without warrant in public places.

2. Overriding Effect (Section 81):

o Overrides inconsistent laws.

3. Public Servants (Section 82):

o Controller and Tribunal staff deemed public servants.
 4. Protection (Section 84):
o No legal action for good-faith acts.

5. Offences by Companies (Section 85):

o Persons in charge liable unless unaware/exercised diligence.

6. Rule-Making (Sections 87-90):

o Central/State Governments and Controller can make
rules/regulations.
7. Amendments:
o Indian Penal Code, Evidence Act, Bankers’ Books Evidence Act, and
Reserve Bank of India Act amended (Schedules I-IV).

Schedules
1. First Schedule: Amendments to Indian Penal Code (e.g., Sections 29A,
167, 464).
2. Second Schedule: Amendments to Indian Evidence Act (e.g., Sections 3,
65B, 85A).
3. Third Schedule: Amendments to Bankers’ Books Evidence Act (e.g.,
Section 2).
4. Fourth Schedule: Amendment to Reserve Bank of India Act (e.g., Section
58(2)(pp)).

These notes encapsulate the entire IT Act, 2000, as presented in the document,
covering its provisions, definitions, authorities, penalties, and amendments
comprehensively.