Taxmann's Information Technology Act 2000 with Rules

1. Short title, extent, commencement and application 2

2. De nitions 3 CHAPTER II

DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE

3. Authentication of electronic records 8

3A. Electronic signature 10 CHAPTER III ELECTRONIC GOVERNANCE

4. Legal recognition of electronic records 11

5. Legal recognition of electronic signatures 12

6. Use of electronic records and electronic signatures in Government and its agencies 12

6A. Delivery of services by service provider 13

7. Retention of electronic records 14

7A. Audit of documents, etc., maintained in electronic form 16

8. Publication of rule, regulation, etc., in Electronic Gazette 16

9. Sections 6, 7 and 8 not to confer right to insist document should be accepted in electronic form 17

10. Power to make rules by Central Government in respect of electronic signature 17

10A. Validity of contracts formed through electronic means 18

CHAPTER IV

ATTRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS

11. Attribution of electronic records 18

12. Acknowledgement of receipt 18

13. Time and place of despatch and receipt of electronic record 19

CHAPTER V

SECURE ELECTRONIC RECORDS AND SECURE ELECTRONIC SIGNATURES

14. Secure electronic record

15. Secure electronic signature

16. Security procedures and practices

CHAPTER VI

17. Appointment of Controller and other of cers

18. Functions of Controller

19. Recognition of foreign Certifying Authorities

20. [Omitted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009]

21. Licence to issue Electronic Signature Certi cates

22. Application for licence

23. Renewal of licence

24. Procedure for grant or rejection of licence

25. Suspension of licence

26. Notice of suspension or revocation of licence

27. Power to delegate

28. Power to investigate contraventions

29. Access to computers and data

30. Certifying authority to follow certain procedures

31. Certifying Authority to ensure compliance of the Act, etc.

32. Display of licence

33.

35. Certifying authority to issue Electronic Signature Certi cate

36. Representations upon issuance of Digital Signature Certi cate

37. Suspension of Digital Signature Certi cate

38. Revocation of Digital Signature

39. Notice of suspension or revocation

40. Generating

43. Penalty and compensation for damage to computer, computer system, etc.

43A. [Omitted by the Digital Personal data Protection Act, 2023, with effect from a date yet to be noti ed]

44.

48. Establishment of Appellate

49. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017

50. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

51. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

52. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

52A. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

52B. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

52C. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017] 45

52D. Decision by majority 45

53. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

54. [Omitted by the Finance Act, 2017, w.e.f. 26-5-2017]

55. Orders constituting Appellate Tribunal to be nal and not to invalidate its proceedings

56. [Omitted by the nance Act, 2017, w.e.f. 26-5-2017]

57. Appeal to Appellate Tribunal

58. Procedure and powers of the Appellate Tribunal

59. Right to legal representation

60. Limitation

61. Civil court not to have jurisdiction

62. Appeal to High Court

63. Compounding of contraventions

64. Recovery of penalty or

CHAPTER XI

OFFENCES

65. Tampering with computer source documents

66. Computer related offences

66A. [Omitted by the Jan Vishwas (Amendment of Provision) Act, 2023, w.e.f. 30-11-2023]

66B. Punishment for dishonestly receiving stolen computer resource or communication device

66C. Punishment for identity theft

66D. Punishment for cheating by personation by using computer resource

66E. Punishment for violation of privacy

66F. Punishment for cyber terrorism

67. Punishment for publishing or transmitting obscene material in electronic form

67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form

67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form

CONTENTS

67C. Preservation and retention of information by intermediaries 61

68. Power of Controller to give directions

69. Power to issue directions for interception or monitoring or decryption of any information through any computer resource

69A. Power to issue directions for blocking for public access of any information through any computer resource

69B. Power to authorize to monitor and collect traf c data or information through any computer resource for cyber security

70. Protected system

70A. National nodal agency

70B. Indian Computer Emergency Response Team to serve as national agency for incident response

71. Penalty for misrepresentation

72. Penalty for breach of con dentiality and privacy

72A. Penalty for disclosure of information in breach of lawful contract

73. Penalty for publishing Electronic Signature Certi cate false in certain particulars

74. Publication for fraudulent purpose

75. Act to apply for offence or contravention committed outside India 69

76. Con scation

77. Compensation, penalties or con scation not to interfere with other punishment

77A. Compounding of offences

77B. Offences with three years imprisonment to be bailable

78. Power to investigate offences

CHAPTER XII

INTERMEDIARIES NOT TO BE LIABLE IN CERTAIN CASES

79. Exemption from liability of intermediary in certain cases 73

CHAPTER XIIA

EXAMINER OF ELECTRONIC EVIDENCE

79A. Central Government to notify Examiner of Electronic Evidence 75

CHAPTER XIII MISCELLANEOUS

80. Power of police of cer and other of cers to enter, search, etc. 76

81. Act to have overriding effect 76

81A. Application of the Act to electronic cheque and truncated cheque 77

82. Controller, Deputy Controller and Assistant Controller to be public servants 78

83. Power to give directions 78

84. Protection of action taken in good faith 79

84A. Modes or methods for encryption 79

84B. Punishment for abetment of offences

84C. Punishment for attempt to commit offences

85. Offences by companies 79

86. Removal of dif culties

87. Power of Central Government to make rules 80

88. Constitution of Advisory Committee 83

89. Power of Controller to make regulations 84

90. Power of State Government to make rules 85

91 to 94. [Omitted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009] 85

FIRST SCHEDULE : Documents or Transactions to which the Act shall not Apply 85

SECOND SCHEDULE : Electronic Signature or Electronic Authentication Technique and Procedure

THIRD SCHEDULE : [Omitted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009]

FOURTH SCHEDULE : [Omitted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009] 89

INFORMATION TECHNOLOGY (CERTIFYING AUTHORITIES) RULES, 2000

1. Short title and commencement

2. De nitions

3. The manner in which information be authenticated by means of Digital Signature

4. Creation of Digital Signature

5.

5A.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

23.

24.

25.

26.

27.

28.

29.

30.

32.

SCHEDULE IV : Digital Signature Certi cate 144

SCHEDULE V : Glossary 147

CYBER REGULATIONS APPELLATE

TRIBUNAL (PROCEDURE) RULES, 2000

1. Short title and commencement 160

2. De nitions 160

3. Procedure for ling applications 161

4. Presentation and scrutiny of applications 161

5. Place of ling application 161

6. Application fee 161

7. Contents of application 162

8. Paper book, etc., to accompany the application 162

9. Plural remedies 162

10. Service of notice of application on the respondents 162

11. Filing of reply and other documents by the respondent 163

12. Date and place of hearing to be noti ed 163

13. Sittings of the Tribunal 163

14. Decision on applications 164

15. Action on application for applicant’s default 164

16. Hearing on application ex parte 164

17. Adjournment of application 164

18. Order to be signed and dated 164

19. Publication of orders 165

20. Communication of orders to parties 165

21. No fee for inspection of records 165

22. Orders and directions in certain cases 165

23. Registration of legal practitioners clerks 165

24. Working hours of the Tribunal 165

25. Sitting hours of the Tribunal 165

26. Powers and functions of the Registrar 166

27. Additional powers and duties of Registrar 166

28. Seal and emblem 166

FORM 1: Application Under section 57 of the Information Technology Act, 2000

FORM 2: Application for the Registration of a Clerk

INFORMATION TECHNOLOGY (OTHER POWERS OF CIVIL COURT VESTED IN CYBER

APPELLATE TRIBUNAL) RULES, 2003

1. Short title and commencement

2. De nitions

3. Powers of Cyber Appellate Tribunal

INFORMATION TECHNOLOGY (OTHER STANDARDS) RULES, 2003

1. Short title and commencement

2. De nitions

3. Standards to be observed by the Controller

INFORMATION TECHNOLOGY (QUALIFICATION AND EXPERIENCE OF ADJUDICATING OFFICERS AND MANNER OF HOLDING ENQUIRY) RULES, 2003

1. Short title and commencement

2. De nitions

3. Eligibility for Adjudicating Of cer

4. Scope and manner of holding inquiry

5. Order of the Adjudicating Of cer

6. Copy of the order

7. Service of notices and orders

8. Fee

9. Duplicity avoided

10. Frivolous complaints

11. Compounding of contraventions

12. Certifying Authorities and other Governmental agencies to assist

APPENDIX : Proforma for Complaint to Adjudicating Of cer Under Information Technology Act, 2000

INFORMATION TECHNOLOGY (USE OF ELECTRONIC RECORDS AND DIGITAL SIGNATURES) RULES, 2004

1. Short title and commencement 179

2. De nitions 179

3. Filing of form, application or any other document 179

4. Issue or grant of any licence, permit, sanction or approval 180

5. Payment and receipt of fee or charges 180

INFORMATION TECHNOLOGY (SECURITY PROCEDURE) RULES, 2004

1. Short title and commencement

2. De nitions

3. Secure electronic record

4. Secure digital signature

CYBER APPELLATE TRIBUNAL (SALARY, ALLOWANCES AND OTHER TERMS AND CONDITIONS OF SERVICE OF CHAIRPERSON AND MEMBERS) RULES, 2009

1. Short title and commencement 183

2. De nitions

3. Salary and allowances

4. Leave

5. Leave Sanctioning Authority

6. Pension or Provident Fund

7. Travelling and daily allowances

8. Leave Travel Concession

9. Facility of Conveyance

10. House Rent Allowance 185

11. Facilities for medical treatment 185

12. Oath of of ce and secrecy 186

13. Declaration of nancial or other interest 186

14. Residuary Provision 186

FORM I : Form of oath of of ce for the Chairperson/Members of the Cyber Appellate Tribunal 186

FORM II : Form of oath of Secrecy for the Chairperson/Members of the Cyber Appellate Tribunal 186

FORM III : Declaration against acquisition of any adverse nancial or other interest 187

CYBER APPELLATE TRIBUNAL

(PROCEDURE FOR INVESTIGATION OF MISBEHAVIOUR OR INCAPACITY OF CHAIRPERSON AND MEMBERS) RULES, 2009

1. Short title and commencement 188

2. De nitions 188

3. Committee for investigation of complaints 189

4. Judge to conduct inquiry 189

5. Application of the Departmental Inquiries (Enforcement of Witness and Production of Documents) Act, 1972 to inquiries under these rules 190

6. Powers of Judge 190

7. Suspension of Chairperson or Member 191

8. Subsistence allowance 191

9. Inquiry Report 191

INFORMATION

TECHNOLOGY

(PROCEDURE

AND SAFEGUARDS FOR INTERCEPTION, MONITORING AND DECRYPTION OF INFORMATION) RULES, 2009

1. Short title and commencement 192

2. De nitions 192

CONTENTS

3. Directions for interception or monitoring or decryption of any information. 194

4. Authorisation of agency of Government 195

5. Issue of decryption direction by competent authority 195

6. Interception or monitoring or decryption of information by a State beyond its jurisdiction 195

7. Contents of direction 195

8. Competent authority to consider alternative means in acquiring information 195

9. Direction of interception or monitoring or decryption of any speci c information 195

10. Direction to specify the name and designation of the of cer to whom information to be disclosed 195

11. Period within which direction shall remain in force 196

12. Authorised agency to designate nodal of cer 196

13. Intermediary to provide facilities, etc. 196

14. Intermediary to designate of cers to receive and handle requisition 196

15. Acknowledgement of instruction 196

16. Maintenance of records by designated of cer 196

17. Decryption key holder to disclose decryption key or provide decryption assistance 197

18. Submission of list of interception or monitoring or decryption of information 197

19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information 197

20. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information 198

21. Responsibility of intermediary 198

22. Review of directions of competent authority 198

23. Destruction of records of interception or monitoring or decryption of information 198

24. Prohibition of interception or monitoring or decryption of information without authorisation 199

25. Prohibition of disclosure of intercepted or monitored or decrypted information 200

INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARDS FOR BLOCKING FOR ACCESS OF INFORMATION BY PUBLIC) RULES, 2009

1. Short title and commencement 201

2. De nitions 201

3. Designated Of cer. 202

4. Nodal Of cer of organisation 202

5. Direction by Designated Of cer 202

6. Forwarding of request by organisation 202

7. Committee for examination of request 203

8. Examination of request 203

9. Blocking of information in cases of emergency 204

10. Process of order of court for blocking of information 205

11. Expeditious disposal of request 205

12. Action for non-compliance of direction by intermediary 205

13. Intermediary to designate one person to receive and handle directions 205

14. Meeting of Review Committee 205

15. Maintenance of records by Designated Of cer 205

16. Requests and complaints to be con dential 205 FORM 206

INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARD FOR MONITORING AND COLLECTING TRAFFIC DATA OR INFORMATION) RULES, 2009

1. Short title and commencement 208

2. De nitions 208

3. Directions for monitoring 209

4. Authorised agency of Government for monitoring and collection of traf c data or information 210

5. Intermediary to ensure effective check in handling monitoring or collection of traf c data or information 211

6. Responsibility of intermediary 211

7. Review of directions of competent authority

8. Destruction of records

9. Prohibition of monitoring or collection of traf c data or information without authorisation

10. Prohibition of disclosure of traf c data or information by authorised agency 213

11. Maintenance of con dentiality 213

INFORMATION TECHNOLOGY

(REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011

1. Short title and commencement

2. De nitions

3. Sensitive personal data or information

4. Body corporate to provide policy for privacy and disclosure of information

5. Collection of information

6. Disclosure of information

7. Transfer of information

8. Reasonable Security Practices and Procedures 218

INFORMATION TECHNOLOGY (GUIDELINES FOR CYBER CAFE) RULES, 2011

1. Short title and commencement 219

2. De nitions 219

3. Agency for registration of cyber cafe 220

4. Identi cation of user 220

5. Log Register 221

6. Management of Physical Layout and computer resource 222

7. Inspection of cyber cafe 222

INFORMATION

TECHNOLOGY (ELECTRONIC SERVICE DELIVERY) RULES, 2011

1. Short title and commencement

2. De nitions

3. System of electronic service delivery

4. Noti cation of electronic service delivery

5. Creation of repository of electronically signed electronic records by Government Authorities

6. Procedure for making changes in a repository of electronically signed electronic records

7. Responsibility of service provider and authorised agents for nancial management and accounting

8. Audit of the Information System and Accounts of service provider and authorised agents

9. Use of special stationery in electronic service delivery

INFORMATION TECHNOLOGY (NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE AND MANNER OF PERFORMING FUNCTIONS AND DUTIES) RULES, 2013

1. Short title and commencement

4. Functions and duties of the National Critical Information Infrastructure Protection Centre.

5. Manner of performing

6. Advisory

7.

INFORMATION TECHNOLOGY (THE INDIAN COMPUTER EMERGENCY RESPONSE TEAM AND MANNER OF PERFORMING FUNCTIONS

AND DUTIES) RULES, 2013

1. Short title and commencement

2. De nitions

3. Location

4. Authority

5. Functioning on 24-hour basis

6. Advisory Committee

7. Constituency

8. Functions and responsibilities of CERT-In

9. Services

10. Stake holders

11. Policies and procedures

12. CERT-In operations

13. Disclosure of information

14. Seeking information, carrying out functions and for compliance in terms of sub-section (6) of section 70(B) of the Act

15. Directions for compliance

16. Report of non-compliance

17. Point of Contact

18. Dealing with non-compliance

19. Review Committee

20. Action for non-compliance of direction

DIGITAL SIGNATURE (END ENTITY) RULES, 2015

1. Short title and commencement

2. De nitions

3. Manner of authentication of information by means of digital signature

4. Creation of digital signature

5. Veri cation of digital signature

6. Veri cation of Digital Signature Certi cate

7. Digital signature standards

8. Manner of authentication of information by means of xml digital signature

9. Creation of xml digital signature

10. Veri cation of xml digital signature

11. The xml digital signature standards

12.

13. Digital Signature functions Standard

CYBER APPELLATE TRIBUNAL (POWERS AND FUNCTIONS OF THE CHAIRPERSON) RULES, 2016

1. Short title and commencement 252

2. De nitions 252

3. Powers and functions of the Chairperson of the Cyber Appellate Tribunal 252

INFORMATION TECHNOLOGY (PRESERVATION AND RETENTION OF INFORMATION BY INTERMEDIARIES PROVIDING DIGITAL LOCKER FACILITIES) RULES, 2016

1. Short title and commencement 254

2. De nitions

3. Appointment of Digital Locker Authority

4. Digital Locker System

5. Operation of Digital Locker System

6. Location of the Facilities

7. The manner in which Digital Locker system be used by Subscriber 257

8. The manner in which Digital Locker system be used by requester 257

9. The manner in which Digital Locker system be used by issuer 258

9A. Issuing certi cates or documents in Digital Locker System and accepting certi cates or documents shared from Digital Locker Account at par with Physical Documents 258

10. Role of Digital Locker service providers

11. Digital Locker service provider to ensure compliance of the Act, etc. 259

12. Appointment of grievance of cer by the Digital Locker service provider for dispute resolution

13. Suspension and revocation of Digital Locker account

14. Control of Digital Locker account credentials

15. Fees for opening Digital Locker account

16. Portability of Digital Locker account of subscriber

17. Audit 261

18. Auditor’s relationship with Digital Locker service provider

19. Con dential Information

20. Access to con dential information

21. Maintenance of reasonable security practices

INFORMATION TECHNOLOGY (INFORMATION SECURITY PRACTICES

AND PROCEDURES FOR PROTECTED SYSTEM)

1. Short title and commencement

2. De nitions

RULES, 2018

3. Information Security Practices and Procedures for “Protected System”

4. Roles and Responsibilities of “Protected System(s)” towards National Critical Information Infrastructure Protection Centre

INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021

1. Short title and commencement

2. De nitions

BY INTERMEDIARIES AND GRIEVANCE

3. Due diligence by an intermediary

3A. Appeal to Grievance Appellate Committee(s) 277

CONTENTS

4. Additional due diligence to be observed by signi cant social media intermediary and online gaming intermediary

4A. Veri cation of online real money game

4B. Applicability of certain obligations after an initial period

4C. Obligations in relation to online game other than online real money game

5. Additional due diligence to be observed by an intermediary in relation to news and current affairs content

6. Noti cation of other intermediary

7. Non-observance of Rules

PART III

CODE OF ETHICS AND PROCEDURE AND SAFEGUARDS IN RELATION TO DIGITAL MEDIA

8. Application of this Part

9. Observance and adherence to the Code

CHAPTER I

GRIEVANCE REDRESSAL MECHANISM

10. Furnishing and processing of grievance

CHAPTER II

SELF REGULATING MECHANISM - LEVEL I

11. Self-Regulating mechanism at Level I

CHAPTER III

SELF REGULATING MECHANISM – LEVEL II

12. Self-regulating body

CHAPTER IV

OVERSIGHT MECHANISM — LEVEL III

13. Oversight mechanism

14. Inter-Departmental Committee

15. Procedure for issuing of direction

16. Blocking of information in case of emergency

17. Review of directions issued

18. Furnishing of information

19. Disclosure of Information

: Code of Ethics

INFORMATION TECHNOLOGY (CERTIFYING AUTHORITY) REGULATIONS, 2001

1. Short title and commencement

2. De nitions

3. Terms and conditions of licence to issue Digital Signature Certicate

4. The standards followed by the Certifying Authority for carrying out its functions

5. Every Certifying Authority shall disclose.

6. Communication of compromise of Private Key

NATIONAL POLICY ON SOFTWARE PRODUCTS, 2019

National Policy on Software Products, 2019

AAROGYA SETU DATA ACCESS AND KNOWLEDGE SHARING PROTOCOL, 2020

Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 326

Information Technology Act, 2000

[21 OF 2000]

An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

WHEREAS the General Assembly of the United Nations by resolution A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law ;

AND WHEREAS the said resolution recommends inter alia that all States give favourable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper based methods of communication and storage of information;

AND WHEREAS it is considered necessary to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records;

BE it enacted by Parliament in the Fifty-first Year of the Republic of India as follows :—

CHAPTER I PRELIMINARY

Short title, extent, commencement and application.

1. (1) This Act may be called the Information Technology Act, 20001

(2) It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.

(3) It shall come into force on such date2 as the Central Government may, by notification, appoint and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the commencement of that provision.

3[(4) Nothing in this Act shall apply to documents or transactions specified in the First Schedule:

Provided that the Central Government may, by notification in the Official Gazette, amend the First Schedule by way of addition or deletion of entries thereto.

(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.]

COMMENTS

SECTION NOTES

1.1 Extent of Applicability:

The Act applies to the entire territory of India, including all states and union territories. Its jurisdiction is also extraterritorial, meaning it applies to offenses or contraventions under the Act committed outside India by any individual. [See Section 75]

The Act’s application to offenses outside India underscores its focus on combating cross-border cybercrime.

1. Dated 9-6-2000.

2. With effect from 17-10-2000.

3. Substituted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009. Prior to its substitution, sub-section (4) as amended by the Negotiable Instruments (Amendment and Miscellaneous Provisions) Act, 2002, w.e.f. 6-2-2003, read as under :

“(4) Nothing in this Act shall apply to,-

(a) a negotiable instrument (other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881 (26 of 1881);

(b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882 (7 of 1882);

(

(

c) a trust as defined in section 3 of the Indian Trusts Act, 1882 (2 of 1882);

d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 (39 of 1925), including any other testamentary disposition by whatever name called;

(

e) any contract for the sale or conveyance of immovable property or any interest in such property;

(

f) any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.”

1.2 Exemptions and Schedules:

Sub-section (4) excludes certain documents and transactions specified in the First Schedule from the Act’s applicability.

The Central Government is empowered to amend the First Schedule by notification. Definitions.

2. (1) In this Act, unless the context otherwise requires,-

(a) “access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;

(b) “addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary;

(c) “adjudicating officer” means an adjudicating officer appointed under sub-section (1) of section 46;

(d) “affixing 4[electronic signature]”, with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of 4[electronic signature];

5[(da) “Appellate Tribunal” means the Appellate Tribunal referred to in subsection (1) of section 48;]

(e) “appropriate Government” means as respects any matter,—

(i) enumerated in List II of the Seventh Schedule to the Constitution; (ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government;

(f) “asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;

(g) “Certifying Authority” means a person who has been granted a licence to issue a 6[Electronic Signature] Certificate under section 24;

(h) “certification practice statement” means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing 6[Electronic Signature] Certificates;

7[(ha) “communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image;]

4. Substituted for “digital Signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.

5. Inserted by the Finance Act, 2017, w.e.f. 26-5-2017.

6. Substituted for “Digital Signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.

7. Inserted, ibid.

(i) “computer” means any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;

8[(j) “computer network” means the inter-connection of one or more computers or computer systems or communication device through—

(i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and

(ii) terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the inter-connection is continuously maintained;]

(k) “computer resource” means computer, computer system, computer network, data, computer database or software;

(l) “computer system” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

(

m) “Controller” means the Controller of Certifying Authorities appointed under sub-section (1) of section 17;

(n) 9[***]

10[(na) “cyber cafe” means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public;

(nb) “cyber security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction;]

(o) “data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed

8. Substituted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009. Prior to its substitution, clause (j) read as under :

‘(j) “computer network” means the inter-connection of one or more computers through—

(i) the use of satellite, microwave, terrestrial line or other communication media; and (ii) terminals or a complex consisting of two or more inter-connected computers whether or not the inter-connection is continuously maintained;’

9. Omitted by the Finance Act, 2017, w.e.f. 26-5-2017. Prior to its omission, clause (n) as amended by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009 read as under :

‘(n) “Cyber Appellate Tribunal” means the Cyber Appellate Tribunal established under sub-section (1) of section 48;’

10. Inserted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.

or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

(p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;

(q) “Digital Signature Certificate” means a Digital Signature Certificate issued under sub-section (4) of section 35;

(r) “electronic form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similar device;

(s) “electronic Gazette” means the Official Gazette published in the electronic form;

(t) “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated micro fiche;

11[(ta) “electronic signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature;

(tb) “Electronic Signature Certificate” means an Electronic Signature Certificate issued under section 35 and includes Digital Signature Certificate;]

(u) “function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;

12[(ua) “Indian Computer Emergency Response Team” means an agency established under sub-section (1) of section 70B;]

(v) “information” includes 13[data, message, text], images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated micro fiche;

14[(w) “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes;]

11. Inserted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.

12. Inserted, ibid.

13. Substituted for “data, text”, ibid

14. Substituted, ibid. Prior to its substitution, clause (w) read as under:

‘(w) “intermediary” with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;’

(x) “key pair”, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;

(y) “law” includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case may be, Regulations made by the President under article 240, Bills enacted as President’s Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, bye-laws and orders issued or made thereunder;

(z) “licence” means a licence granted to a Certifying Authority under section 24;

(za) “originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;

(zb) “prescribed” means prescribed by rules made under this Act;

(

zc) “private key” means the key of a key pair used to create a digital signature;

(zd) “public key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;

(ze) “secure system” means computer hardware, software, and procedure that—

(a) are reasonably secure from unauthorised access and misuse;

(b) provide a reasonable level of reliability and correct operation;

(c) are reasonably suited to performing the intended functions; and

(d) adhere to generally accepted security procedures;

(zf) “security procedure” means the security procedure prescribed under section 16 by the Central Government;

(zg) “subscriber” means a person in whose name the 15[Electronic Signature] Certificate is issued;

(zh) “verify” in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether—

(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

(2) Any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be

15. Substituted for “Digital Signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.

construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

COMMENTS

SECTION NOTES

2.1 General Application of Definitions:

The section specifies that the definitions provided are applicable throughout the Act unless the context explicitly suggests otherwise.

2.2 Key Terms and Their Implications:

Access [Section 2(1)(a)]:

Refers to gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. This de nition is critical for identifying unauthorized access under cyber laws.

Addressee [Section 2(1)(b)]:

A person intended by the originator to receive an electronic record.

The term “addressee” excludes intermediaries.

Adjudicating Officer [Section 2(1)(c)]:

An of cer appointed under this Act for the purpose of adjudging whether any person a contravention of any of the provisions of this Act or of any rule, regulation, direction or order made thereunder which renders him liable to pay penalty or compensation [See Section 46(1)]

The adjudicating of cer shall adjudicate matters in which the claim for damage does not exceed rupees ve crore [See Section 46(1A)]

Electronic Signature [Section 2(1)(ta)]:

Authentication of electronic records by any subscriber by using methods prescribed in the Second Schedule.

The term also includes digital signatures.

2.3 Technical Terms and Systems:

Asymmetric Crypto System [Section 2(1)(f)]:

De nes a secure key pair system for creating and verifying digital signatures, essential for secure electronic transactions.

It consists of a private key for creating a digital signature and a public key to verify the digital signature

Private key [Section 2(1)(zc)]:

the key of a key pair used to create a digital signature

Public key [Section 2(1)(zd)]:

the key of a key pair used to verify a digital signature and listed in the Digital Signature Certi cate

Certifying Authority [Section 2(1)(g)]:

Entities licensed under section 24 to issue electronic signature certi cates.

INFORMATION TECHNOLOGY ACT 2000 WITH RULES – BARE ACT WITH SECTION NOTES

AUTHOR : TAXMANN'S EDITORIAL BOARD

PUBLISHER : TAXMANN

DATE OF PUBLICATION : FEBRUARY 2025

EDITION : 2025 EDITION

ISBN NO : 9789364551595

NO. OF PAGES : 356

BINDING TYPE : PAPERBACK

DESCRIPTION

Information Technology Act 2000 with Rules [Bare Act with Section Notes] by Taxmann is a definitive legal resource that compiles the complete text of the IT Act—including rules, regulations, and amendments—with expert annotations, detailed section notes, and extensive cross‑references. This volume clarifies the statutory framework governing digital transactions, electronic records, and cybersecurity in India. This book is intended for the following audience:

• Legal Professionals & Academics

• IT & Cybersecurity Practitioners

• Government & Regulatory Officials

• Corporate Legal & Compliance Teams

The Present Publication is the 2025 Edition, covering the amended and updated text of the Information Technology Act [Act No. 21 of 2000] and Rules, with the following noteworthy features:

• [Bare Act & Section Notes] Presents the unembellished text of the IT Act with expert commentary on each section

• [Up-to-date Amendments] Reflects the latest amendments and notifications for current legal accuracy

• [Pre-amendment Provisions] Includes text from before amendments via footnotes for historical context.

• [Comprehensive Coverage of Rules] Covers key subsidiary rules and regulations such as:

o Information Technology (Certifying Authorities) Rules, 2000

o Information Technology (Use of Electronic Records and Digital Signatures) Rules, 2004

o Information Technology (Security Procedure) Rules, 2004

o Information Technology (Procedure and Safeguards for Blocking Access of Information by Public) Rules, 2009

o Information Technology (Guidelines for Cyber Cafe) Rules, 2011

o Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2023

o Digital Signature (End Entity) Rules, 2015

o Information Technology (Certifying Authority) Regulations, 2001

o National Policy on Software Products 2019

o Aarogya Setu Data Access and Knowledge Sharing Protocol 2020

• [Annotations & Section Notes] Provides expert notes to elucidate complex legal and technical provisions

• [Cross‑referencing & Detailed Indexing] Features an extensive subject index and glossary for effortless navigation

• [User-friendly Layout] Designed with clear headings, sub-headings, and a logical structure for enhanced readability