This article is written by Kazi Ashique Azfar pursuing Diploma in Cyber Law, FinTech Regulations, and Technology Contracts from LawSikho.


In today’s day and age, computers and the internet have become an integral part of our lives, and we rely on them for various activities, from information to ordering food, booking rides, etc. Digital or cyberspace is the driving force for the world today, and more and more people are becoming a part of it. It has brought the world at the tap of a finger, and the credit for all this goes to the advent of the internet and technology. The emergence of digital technologies and the convergence of computing and communication devices have changed how we socialise and conduct business.

The internet has enhanced people’s lives in various ways, but as the saying goes, every coin has two sides. Crime follows opportunity and has given rise to cyber-crime in the digital world. cyber-crime, also known as computer crime, can be understood as any unlawful act in which a computer is used as a mean, a target, or both.

Download Now

Cybersecurity is one of the world’s most pressing issues today as most of the major crimes today, such as counterfeiting, extremism, piracy, and privacy, are in some way or another linked to cyberspace. Like other countries, India is also vulnerable and exposed to cyber-attacks and has a hard time grappling with the advent of such crimes. The reasons for this include difficult-to-remove intrinsic vulnerabilities, numerous internet entry points, misdirected attribution to third parties, and the fact that the development of technology to exploit the vulnerabilities is constantly outpacing any defensive methodology framed. The situation for India is even graver because of the rapid adoption of technology (India has the second-largest internet user base in the world) by the masses who do not understand the use and misuse of technology. 

What is cyber-crime?

There is no definition of ‘cyber-crime’ in any legislation, but cyber-crime legislation can be found in a variety of statutes and even rules drafted by different regulators. The Indian Penal Code, 1860(IPC) and the Information Technology Act, 2000(IT Act) also penalise a variety of cyber-crimes, and interestingly, certain provisions in the IPC and the IT Act overlap. However, it can be understood as any illegal activity that uses a computer as an instrument, target, or means of committing further crimes

Computer-related crime, also known as ‘cyber-crime’, ‘e-crime’, or ‘digital technology crime’, is a long-standing phenomenon, but the evolution of modern cyber-crime is inextricably linked to the growth of global connectivity. It is used to refer to unlawful acts like offences against electronic data and infrastructure (such as ‘hacking’), computer-related forgery and fraud (such as ‘phishing’), disseminating child pornography, and copyright offences (such as the dissemination of pirated content).

Present trends of cyber-crime in India

In total, 44,546 cases of cyber-crime were recorded in 2019, representing a massive increase of 63.5 per cent over 2018. (27,248 cases). In this group, the crime rate rose from 2.0 in 2018 to 3.3 in 2019. In 2019, fraud accounted for 60.4 per cent of all cyber-crime cases (26,891 out of 44,546), followed by sexual harassment at 5.1 per cent (2,266 cases) and causing disrepute at 4.2 per cent (1,874 cases).

Current Indian legal framework against cyber-crime

The penal provisions against cyber-crimes in India are enumerated mainly within two statutes:

  • The Information Technology Act, 2000
  • Indian Penal Code of 1860.

The IT Act of 2000 provides protection against crimes such as email account hacking, credit card fraud, web defacement, virus introduction, phishing and email scams, source code theft, and theft of confidential information. Despite the fact that the IT Act does not specifically describe cyber-crime, it does cover both cyber-crime and cyber-violations. The following are the main provisions relating to cyber-crime and its penalties:



Punishment for the offence

Section 43

Damage to Computer systems etc.

Compensation to the person affected.

Section 66

Computer-related offence

Imprisonment for a term of 3 years or fine for 5 lakh rupees or both.

Section 67

Publication or transmission of obscene material in e-form

Fine of 5 lakh rupees, and imprisonment of 3 years and double conviction on the second offence

Section 68

Not complying with directions of controller

Fine up to 1 lakh or imprisonment of 2 years or both.

Section 70

Protected System

Imprisonment up to 10 years and shall also be liable for a fine.

Section 72

Breaking confidentiality of the information of computer

Imprisonment for a term of 2 years or fine of 1 lakh rupees or both.

Section 73

Publishing of false digital signatures

Imprisonment for a term of 2 years or fine for 1 lakh rupees or both

Section 74

Publication of digital signature for  fraudulent purposes

Imprisonment for a term of 2 years or fine for 1 lakh rupees or both.

The Indian Penal Code, 1860 though not originally meant to deal with cyber-crimes, has been adopted to deal with the advent of new crimes. It was amended to include the term “electronic,” broadening the reach of the IPC by treating electronic records and documents in the same way as physical records and documents are treated, and the sections dealing with false entry or false document were similarly amended. Interestingly IPC deals with many of the cyber-crimes penalised by the IT Act. 

The corresponding provision to the IT acts section 43 and 66 would be section 378 of IPC. Since section 22 of the IPC states that the terms “movable property” is intended to include corporeal property of any kind, excluding land and items attached to the earth or permanently fastened to something attached to the earth, section 378 of the IPC, which deals with “theft” of movable property, would refer to the theft of any data, online or otherwise. The statutory penalty for theft under section 378 of the IPC is three years in prison or a fine, or both. Further, section 424 and 425 of the IPC can be used to deal with data theft and damaging computer systems or even denying access to a computer system.

Section 411 of the IPC, like Section 66B of the IT Act proscribes the receipt of stolen property. It provides for imprisonment of either description for a term of up to 3 (three) years, or with fine, or with both as a punishment and is worded almost identically to Section 66B of the IT Act. The only difference being the IPC does not provide for an upper limit to the punishment.

Under Section 66C and 66D of the IT Act, identity theft is addressed by punishing someone who uses another person’s electronic signature, password, or other distinctive identification function fraudulently or dishonestly, as well as cheating by impersonation. The IPC, through Section 419, provides for punishment for cheating by personation. The provisions of sections 463, 465 and 468 of the IPC dealing with forgery for the purpose of cheating can be similarly used to deal with cases of identity theft.

The offences related to obscenity are similarly dealt with by both the IPC (sections 292 and 294) and IT Act (67, 67A and 67B). However, the IT act deals with more activities that are not covered under the IPC, like Cyber terrorism (Section 66F), violation of privacy (Section 66E), tampering with computer source documents (Section 65), among other things.  

The conflict between the IPC and the IT Act

The IPC and IT act both deals with the same offences even though the ingredients of both offences are the same, thus giving rise to a conflict as to which statute is applicable. The penalties under these laws vary slightly, particularly in terms of whether the offence is bailable, compoundable, or cognisable. For example, obscenity is a crime that can be committed in a variety of ways, both online and offline, however, if two separate laws refer to the same offence based on the media used and providing for different punishments, it could be unreasonable.

The courts were faced with the same issue in cases like Sharat Babu Digumarti v. Government of NCT of Delhi and Gagan Harsh Sharma v. The State of Maharashtra. In both cases, the accused was charged under both the provisions of the IPC and IT Act, and the courts decided to quash the charges from the IPC. This conclusion was drawn based on a well-established rule of interpretation that special laws will take precedence over general laws and that later laws will take precedence over previous legislation. 

The Supreme Court ruled in the Sharat Babu Digumarti case that no person can be convicted under the IPC for an offence arising out of certain actions or omissions if the same acts or omissions could also be prosecuted under the IT Act. However, the situation remains the same for offences like theft and obscenity, which will have differential repercussions based on the mode of carrying out the activity. While the physical act would be tried under IPC, the moment a computer is used to commit the same crime, it will turn ‘cyber’ and be tried under IT Act. 

Constitutional liability

According to the Supreme Court of India in Justice K.S. Puttaswamy (Retd) v. Union of India, the right to privacy is preserved as an integral part of the right to life and liberty guaranteed under Article 21 of Part III of the Constitution. As a result, if a person’s private property or personal belongings are violated by cyber-crime, the perpetrator may be prosecuted under Article 21 of the Indian Constitution.

Hacking into another person’s digital property, identity theft, or stealing another person’s intellectual work are some of the most common examples of this. It is a natural and essential need of every person because it establishes boundaries and limits other people’s involvement. While the IT act does provide provision dealing with the violation of privacy under section 66E, it does not cover the gamut of the protection provided under Article 21. It states that someone who deliberately or knowingly records, publishes, or transmits a picture of another person’s private area without their permission is guilty of violating that person’s privacy. Need for Efficient Cyber laws

Since the beginning of the twenty-first century, the IT Act has become the only law that protects individuals and businesses from cyber crimes and establishes penalties for them. The sufficiency of laws can be assured if the related crimes decrease after the laws are enacted, but this cannot be seen in this case. In the last 20 years, the rate of cyber-crime has risen exponentially, and the way these crimes are carried out has also changed. A single statute to deal with all things related to cyber-crime is not feasible if it to catch up with the ever-developing modes of conducting crimes

Learning from the United States

The United States has long been a world leader in security regulatory and data protection issues. Courts, regulators, and lawmakers apply data protection and privacy mandates at the federal, state, and local levels. The Wire Fraud Act was the primary legislation used to prosecute electronic criminals in the United States. It went on to adopt various statutes to deal with new crimes like the Computer Fraud and Abuse Act of 1984 and 1986, the Electronic Communication Privacy Act, and the Cyber Security Enhancement Act. These are all acts that deal with cyber-crime in the United States, and these statutes provide security and strict punishments for different types of cyber-crime.

There are more laws regulating cyber-crime and e-commerce in the United States than in India. Child pornography, data communication, data protection, electronic records, and storage have all been discussed in various acts and laws, putting the focus on a specific aspect of the Act. India can learn from the United States and adopt “dedicated law for major cyber-crimes.”


The current scenario in India is that the lawmakers have not been able to keep pace with the development of cyberspace, and therefore the laws also lack sophistication. The establishment of provision for dealing with cyber-crime within the IT Act was a major step but one that was ill-thought out. The IT Act was never intended to be a penal statute, and the difference of penalty for what is basically the same unlawful act but for the mode of conduct is a testament to the misunderstanding of the lawmakers.

Drawing inspiration from the international perspective of the USA or UK, where technological advancement reached much earlier than India, and so did the laws, it would be best to adopt statutes focusing on a specific aspect of cyber-crimes, depending on the sophistication of the crimes like privacy and data protection. However, the establishment of singular law is not enough but would require regular amendments to cope with changing trends.


Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here