All You Need To Know About Cyber Laws In India

March 03, 2017
cyber litigation

This article is co-authored by Yashraj Bais and Raghav Vaid.


The computer-generated world of internet is known as cyberspace and the laws prevailing this area are known as Cyber laws and all the users of this space come under the ambit of these laws as it carries a kind of worldwide jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.

The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these governing mechanisms and legal structures come within the domain of Cyber law.

Cyber law is important because it touches almost all aspects of transactions and activities and on involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal angles.

Cyber Crime is not defined in Information Technology Act 2000 nor in the National Cyber Security Policy 2013 nor in any other regulation in India. In fact, it cannot be too. Crime or offence has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber-crime, one can say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber-crime’. Interestingly even a petty offence like stealing or pick pocket can be brought within the broader purview of cybercrime if the basic data or aid to such an offence is a computer or an information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cybercrime.

In a cyber-crime, computer or the data itself the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime.

Cyber law encompasses laws relating to:


The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP). It is a network of networks that consists of millions of private and public, academic, business and government networks of local to global scope that are linked by copper wires, fiber optic cables, wireless connections and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail, in addition to popular services such as online chat, file transfer and file sharing, online gaming, and Voice over Internet Protocol (VoIP) person to person communication via voice and video. The origins of the Internet dates back to the 1960s when the United States funded research projects of its military agencies to build robust, fault tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid-1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life.

The terms ‘Internet’ and ‘World Wide Web’ are often used in everyday speech without much distinction. However, the Internet and the World Wide Web are not one and the same. The Internet is a global data communications system. It is a hardware and software infrastructure that provides connectivity between computers. In contrast, the Web is one of the services communicated via the Internet. It is a collection of interconnected documents and other resources, linked by hyperlinks and Uniform Resource Locator (URLs).

The World Wide Web was invented in 1989 by the English Physicist Tim Berners-Lee, now the Director of the World Wide Web Consortium, and later assisted by Robert Cailliau, a Belgian computer scientist, while both were working at CERN in Geneva, Switzerland. In 1990, they proposed building a “web of nodes” storing “hypertext pages” viewed by “browsers” on a network and released that web in December.

Overall the Internet usage saw a tremendous growth. From 2000 to 2009, the number of Internet users globally rose from 394 million to 1.858 billion. By 2010, 22 percent of the world’s population had access to computers with one billion Google searches every day, 300 million Internet users reading blogs and two billion videos viewed daily on YouTube.

After English (27%), the most requested languages on the World Wide Web are Chinese (23%), Spanish (8%), Japanese (5%), Portuguese and German (4% each), Arabic, French and Russian (3% each), and Korean (2%). Bu region, 42% of the world’s Internet users are based in Asia, 24% in Europe, 14% in North America, 10% in Latin America and the Caribbean taken together, 6% in Africa, 3% in the Middle East and 1% in Australia/Oceania.

             Click Above

Need for Cyber Law

In today’s techno-savvy environment, the world is becoming more and more digitally sophisticated and so are the crimes. Internet was initially developed as a research and information sharing tool and was in an unregulated manner. As the time passed by it became more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal issues related to internet crime are dealt with through cyber laws. As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.

In today’s highly digitalized world, almost everyone is affected by cyber law. For example:

Technology per se is never a disputed issue but for whom and at what cost has been the issue in the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickle-down effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix.

The rising Cyber Crime

As per the cybercrime data maintained by National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 Cyber Crime cases were registered under the Information Technology Act, 2000 during 2007, 2008, 2009 and 2010 respectively. Also, a total of 328, 176, 276 and 356 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007, 2008, 2009 and 2010 respectively. A total of 154, 178, 288, 799 persons were arrested under Information Technology Act 2000 during 2007-2010. A total number of 429, 195, 263 and 294 persons were arrested under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007-2010.

As per 2011 NCRB figures, there were 1791 cases registered under the IT Act during the year 2011 as compared to 966 cases during the previous year (2010) thereby reporting an increase of 854% in 2011 over 2010.

Of this, 19.5% cases (349 out of 1791 cases) were reported from Andhra Pradesh followed by Maharashtra (306), Kerala (227), Karnataka (151) and Rajasthan (122). And 46.1% (826 cases) of the total 1791 cases registered under IT Act, 2000 were related to loss/damage to computer resource/utility reported under hacking with computer systems.

According to NCRB, the police have recorded less than 5000; only 4829 cases and made fewer arrests (3187) between 2007 2011, under both the Information Technology (IT) Act as well as the Indian Penal Code (IPC).

And convictions remain in single digits, according to lawyers. Only 487 persons were arrested for committing such offences during the year 2011. There were 496 cases of obscene publications/transmission in electronic form during the year 2011 wherein 443 persons were arrested.

A major program has been initiated on development of cyber forensics specifically cyber forensic tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyse the digital evidence and present them in Court.

Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training of Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analysing and presenting digital evidence.

Cyber forensic training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, Government has set up cyber forensic training and investigation labs in Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu and Kashmir.

In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata. DSCI has organized 112 training programmes on Cyber Crime Investigation and awareness and a total of 3680 Police officials, judiciary and Public prosecutors have been trained through these programmes.

Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cyber security threats and measures to be taken to  prevent cyber incidents and enhance security of Information Technology systems.

Types of Cyber Crimes in India

Ordinarily Cyber Crimes can be classified into several types having regard to its nature and quantum of damage caused to the victim, but the main Cyber Crimes which are presently prevailing in India, and is on its peak are:

Laws for Cyber Crime in India

After the adoption of Policy of LPG in 1991, the Indian has grown tremendously in the field or Import-Export and other related ancillary business activities, including the IT Sector. Owing to the need and seriousness of the Cyber Crimes, Hon’ble Parliament of India enacted Information and Technology Act, 2000 which was notified on 17 October, 2000. As from the name itself it can be widely inferred that the Act was having it’s purview and ambit only in the cases dealing with Cyber Crime and Crimes related to the Electronic Commerce. 

The Information and Technology Act, 2000 explicitly provides the legal framework for the electronic governance by giving identification to the electronic records and digital signatures, it also expressly defines penalties for culprits after commitment of the cyber crime. It statutorily had also established a Cyber Appellate Tribunal to resolve the disputes especially related to Cyber Crimes and Online Frauds.

Apart from it some of the statutory provisions of Indian Penal Code, 1860 especially in the crime of Fraud, Criminal Intimidation, Cheating, Breach of Trust, Abetment of Suicide via Blackmailing, etc. may be charged on accused having regard to the circumstances, and discretionary powers of the Court, however it must be noted that a person cannot be punished twice for the same offence, as it will violates his Fundamental Right ensured under Article 20 (2) of the Indian Constitution i.e. Double Jeopardy. 

Remedies in India

Everyone today must be aware about some very basic provisions of the two Acts which are hereby used as a tool by the Courts for providing remedy to the victims of Cyber Crime. They are as follows:

Information and Technology Act, 2000


If a crime is committed on a computer or computer network in India by a person resident outside India, then can the offence be tried by the Courts in India?

According to Section 1(2) of Information Technology Act, 2000, the Act extends to the whole of India and also applies to any offence or contravention committed outside India by any person. Further Section 75 of the I.T. Act, 2000 also mentions about the applicability of the Act for any offence or contravention committed outside India. According to this section, the Act will apply to an offence contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

A Police officer not below the rank of Deputy Superintendent of Police should only investigate any offence under this Act. (Sec. 78 of I.T Act, 2000)

Without a duly signed extradition treaty or a multilateral cooperation arrangement, trial of such offences and conviction is a difficult proposition.


Section 79 deals with the immunity available to intermediaries. The Information Technology (Intermediaries guidelines) Rules, 2011 governs the duties of the intermediaries.

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet device providers, web hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.

Intermediary will not be liable for any third party information, data or communication link hosted by him. It will apply only if:

The intermediary will be held liable if he collaborated or assisted or aided or persuaded whether by intimidations or promise or otherwise in the commission of the unlawful act. He will also be liable if upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act and it fails to expeditiously remove or disable access to that material.

The intermediary should observe the following due diligence while discharging his duties:

Indian Penal Code, 1860

Applicability of IT Act and IPC both in Cybercrime

Now, the greatest ambiguity ever relating to the applicability of both Information and Technology Act, 2000 and Indian Penal Code, 1860 simultaneously in the Cyber Crimes is prevalent these days also in front of Hon’ble Judiciary. I just want my able readers to wonder for a minute that is applying provisions of both the acts on the culprit of the Cyber Crime, as some on the provisions of IT Act are considerably lenient as compared to the harsh provisions of Indian Penal Code, is justifiable? 

The ambiguity was resolved by Hon’ble High Court of Bombay on 6 Nov, 2018 which explicitly delivered it’s Judgement, in the case of Data Theft been lodged by a Kolhapur based Company that develops software for the hospital management against its employees alleging data theft resulting into wrongful looses to the Company. The provisions of IPC for the crime of cheating, breach of trust and theft were invoked, even when it was in purview and were also tried under Section 43 and Section 66 of the IT Act. The High Court highly relied on the decision of Hon’ble Supreme Court of India in the famous case of Sharat Babu Digumar v. NCT of Delhi,  and said that “Prosecuting the petitioners under the both IPC and IT Act would be a brazen violation of protection against the double jeopardy, and we are also having a special law in the form of IT Act for specifically curbing and preventing the cyber crimes, in such circumstances prosecution under both the laws for the same offence is un-constitutional.”

 Even on 24 March, 2015 the Hon’ble Supreme Court of India, gave a verdict striking-off Section 66-A of the Information and Technology Act, 2000 as un-constitutional in its entirety. It was done due to its massive misuse by the Investigating Authorities against the innocent individuals.

Recently Hon’ble High Court of Bombay also ruled that the Admins of the Whatsapp Groups cannot be held liable for posting any fake or obscene messages by the members in the group under Section 66-A of the IT Act, 2000 as they cannot be punished for the offence which they haven’t committed, however giving instant reaction or removing the member immediately from the Group, or enable only admin can post feature is obligatory on the Admin to justify his bona-fide intension in the eyes of law.


To sum up, though a crime free society is perfect and exists only in illusion, it should be constant attempt of rules to keep the criminalities lowest. Especially in a society that is dependent more and more on technology, crime based on electronic law-breaking are bound to increase and the law makers have to go the extra mile compared to the impostors, to keep them at bay. Technology is always a double-edged sword and can be used for both the purposes – good or bad. Steganography, Trojan Horse, Scavenging (and even Dos or DDos) are all technologies and per se not crimes, but falling into the wrong hands with an illicit intent who are out to exploit them or misuse them, they come into the array of cyber-crime and become punishable offences. Hence, it should be the tenacious efforts of rulers and law makers to ensure that technology grows in a healthy manner and is used for legal and ethical business growth and not for committing crimes.

It should be the duty of the three stake holders viz. i) the rulers, regulators, law makers and agents ii) Internet or Network Service Suppliers or banks and other intercessors and iii) the users to take care of information security playing their respective role within the permitted limitations and ensuring obedience with the law of the land.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:  


Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Exit mobile version