UNIT-5 INFORMATION TECHNOLOGY LAW

WHY DO WE NEED CYBER LAWS

 Protecting Personal Information

Cyber laws establish guidelines and regulations for the protection of personal data. They
ensure that individuals' private information stored online, whether it's on social media,
e-commerce websites, or financial institutions, remains secure and is not misused or
accessed without authorization.
 Preventing Cybercrimes
These laws define cybercrimes and provide a legal framework for addressing offenses
such as hacking, identity theft, data breaches, malware distribution, and cyber stalking.
They outline the penalties and procedures for law enforcement to investigate and
prosecute these crimes.
 Safeguarding Intellectual Property
In the digital age, intellectual property (IP) rights are at risk due to easy replication and
distribution of digital content. Cyber laws protect copyrights, patents, trademarks, and
trade secrets. They set rules for the use, distribution, and protection of digital content to
prevent unauthorized use or theft.
 Regulating Online Conduct
Cyber laws establish standards for online behavior, delineating what actions are
acceptable and what aren't. They address issues like cyber bullying, online harassment,
hate speech, and defamation, ensuring a safer and more respectful online environment.
 Facilitating E-commerce
In the realm of electronic commerce, cyber laws provide a legal framework for online
transactions, contracts, and business dealings. They ensure the validity of electronic
contracts and establish rules for consumer protection, resolving disputes, and enforcing
obligations in digital transactions.
 International Collaboration
Given the borderless nature of the internet, cyber laws facilitate cooperation between
nations in dealing with cybercrimes that often involve actors from different countries.
They establish protocols and frameworks for international cooperation in investigating
and prosecuting cyber offenses.
 Ensuring Ethical Use of Technology
Cyber laws also play a role in ensuring the ethical use of technology. They regulate
emerging technologies like artificial intelligence, biotechnology, and cybersecurity
practices to maintain ethical standards and prevent their misuse.
  Protecting Critical Infrastructure
Critical infrastructure, such as power grids, financial systems, and communication
networks, is increasingly reliant on digital systems. Cyber laws help in safeguarding
these systems from cyber threats and attacks that could have catastrophic
consequences if breached.
 Balancing Privacy and Security
Cyber laws aim to strike a balance between privacy and security concerns. They address
the challenges of surveillance, data collection, and government access to personal
information while ensuring national security and public safety.

IT ACT 2000

 The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October
17, 2000. It is the law that deals with cybercrime and electronic commerce in India.
 In 1996, the United Nations Commission on International Trade Law (UNCITRAL)
adopted the model law on electronic commerce (e-commerce) to bring uniformity in the
law in different countries.
 Further, the General Assembly of the United Nations recommended that all countries
must consider this model law before making changes to their own laws. India became
the 12th country to enable cyber law after it passed the Information Technology Act,
2000.
 While the first draft was created by the Ministry of Commerce, Government of India as
the E-Commerce Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’,
and passed in May 2000.
 The IT Act, 2000 had been enacted with prime motive to determine the use, abuse and
the misuse of the digital medium and its regulation in the country.
 The applicability of The IT Act, 2000 as written clearly, extends to the whole of India.
Except as otherwise provided, it also applies to any offence or contravention there
under, committed outside India by any person.
 The IT Act, 2000 has 13 Chapters and 90 Sections which deals with heads like- legal
recognition of electronic records, legal recognition of digital signatures, offences and
contraventions and justice dispensation systems for cyber crimes
 The last four sections that starts from ‘section 91 – section 94’, deals with the revisions
to the Indian Penal Code 1860.
 The IT Act, 2000 has two schedules:
i. First Schedule
It deals with documents to which the Act shall not apply.
 ii. Second Schedule
It deals with electronic signature or electronic authentication method.
 In the wake of the recent Indo-China border clash, the Government of India banned
various Chinese apps under the Information Technology Act.

SCOPE OR APPLICABILITY OF THE ACT

 According to Section 1 (2), the Act extends to the entire country, which also includes
Jammu and Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of
the constitution. Further, it does not take citizenship into account and provides extra-
territorial jurisdiction.
 Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or
contravention committed outside India as well. If the conduct of person constituting the
offence involves a computer or a computerized system or network located in India, then
irrespective of his/her nationality, the person is punishable under the Act.
 Lack of international cooperation is the sole limitation of this provision.

NON-APPLICABILITY OF THE ACT

According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to
the following documents:

 Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except

cheques.
 Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
 Creation of Trust under the Indian Trust Act, 1882.
 Execution of a Will under the Indian Succession Act, 1925 including any other
testamentary disposition
by whatever name called.
 Entering into a contract for the sale of conveyance of immovable property or any interest
in such property.
 Any such class of documents or transactions as may be notified by the Central
Government in the Gazette.

OBJECTIVES OF THE ACT

The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic
commerce transactions.

This also involves the use of alternatives to a paper-based method of communication and
information storage to facilitate the electronic filing of documents with the Government
agencies.

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the
Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The objectives of
the Act are as follows:

 Grant legal recognition to all transactions done via electronic exchange of data or other
electronic means of communication or e-commerce, in place of the earlier paper-based
method of communication.
 Give legal recognition to digital signatures for the authentication of any information or
matters requiring legal authentication
 Facilitate the electronic filing of documents with Government agencies and also
departments
 Facilitate the electronic storage of data
 Give legal sanction and also facilitate the electronic transfer of funds between banks and
financial institutions
 Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of
India Act, 1934, for keeping the books of accounts in electronic form.

E-GOVERNANCE

 The e in e governance stands for electronic Governance refers to lawful rules for
management, control and administration. E governance is a public sector, use of
information and communication technologies with aim of improving information and
service delivery encouraging the citizen to participate in decision making process and
making the government more accountable, transparent and effective.
 E governance generally considered as a wider concept than E government, since it bring
change in the way of citizen, relate to government and to each other. E governance can
bring the concept of citizenship. Its objectives are to enable, engage and empower the
citizen.
 E-governance means application of electronic means in the interaction between:
i. Government and citizen
ii. Citizen and Government
 iii. Government and Business
iv. Business and Government
v. Internal Government Operation
 Objectives of E governance:
E governance is not only providing information about the various activities and
organizations of the government but it involves citizens to communicate with
government and participate in decisions-making process.
i. Putting government rules and regulations online.
ii. Putting information relating to government plans, budget, expenditures and
performances online
iii. Putting online key judicial decision like environment decision etc, which is
important for citizen and create precedence for future actions.
iv. Making available contact addresses of local, regional, national and international
officials online.
v. Filing of grievances and receiving feedback from the citizens.
vi. Making available the reports of enquiry committees or commission online.
 E governance under IT Act, 2000:
Electronic governance dealt under sections 4 to 10A of the IT act, 2000.
i. Legal recognition of record (section 4)
ii. Legal recognition of electronic signatures ( section 5)
iii. Use of electronic records and electronic signature in government and it's
agencies (section 6)
iv. Delivery of services by service provider (section 6A)
v. Retention of electronic records (section 7)
vi. Audit of documents etc. Maintained in electronic form (section 7A)
vii. Publication of rule, regulation etc in electronic gazette (section 8)
viii. No right to insist government office etc to interact in electronic form (section 9)
ix. Power to make rules by central government in respect of electronic signature
(section 10)
 Some E Governance Projects In India:
In India, the main thrust for E governance was provided by the launching of NICNET in
1987- The National Satellite Based computer Network. This was followed by the launch
of district information system of national informatics centre program to computerize all
district offices to the state government.
i. Parliament of Indian website:
Website of Indian parliament carries information of the parliament, the
constitution of India, various budgets, resume of work, parliamentary debates,
 committee and members of the house and links to other central and state
government website.
ii. E-governance centre at Haryana secretariat:
The Haryana government has set up E-governance centre at the secretariat to
effectively monitor information technology in the state.
iii. Bhoomi:
This project was started by the state of Karnataka which involves
computerization of more than 200 treasuries all over the state and it was mainly
for computerization of land record system.

AMENDMENTS IN THE IT ACT, 2000

 In 2008, an important amendment to the law was passed in India. This amendment
introduced Section 66(A): which penalized the sending of “offensive messages,” and
Section 69(A): granting authorities the power to intercept, monitor, or decrypt
information from computer resources.
 It also introduced penalties for child porn, cyber terrorism and voyeurism.
 Amendment was passed on 22 December 2008 without any debate in Lok Sabha. The
next day it was passed by the Rajya Sabha. It was signed by the then President (Pratibha
Patil) on 5 February 2009.
 Section 66(A):
i. Section 66A granted authorities the power to arrest individuals for posting
potentially ‘offensive’ content on social media.
ii. This amendment was passed in Parliament without any debate or discussion.
iii. It allowed for the conviction of individuals sending ‘grossly offensive or
menacing’ information.
iv. The section criminalized the dissemination of knowingly false information
through electronic means for the purpose of annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill-will.
v. Penalties included imprisonment for up to three years and a fine.

The government defended the section, contending that it did not encroach upon any
fundamental rights and merely placed restrictions on specific words. They argued
that with the burgeoning number of internet users in the country, it was necessary
to regulate online content in a manner similar to print and electronic media.
However, in 2015, the Supreme Court rendered a momentous verdict, declaring this
section of the IT Act unconstitutional. The court held that it violated Article 19(1) (a)
 of the Constitution, marking a significant turning point in the landmark case of
Shreya Singhal vs. Union of India (2015).

 Section 69(A):
i. Section 69(A) grants authorities the power to intercept, monitor, or decrypt
information from any computer resource, when it’s deemed necessary in the
interest of India’s sovereignty, integrity, defense, state security, foreign
relations, and public order, or to prevent incitement to a cognizable offense or
for investigation purposes.
ii. It also provides the government with the authority to block internet sites in the
national interest, with established procedural safeguards for such actions.
Opposition parties claimed that this section infringed on the right to privacy, but
the Supreme Court ruled that national security takes precedence over individual
privacy, thereby upholding the section’s constitutional validity.
iii. Recent bans on certain Chinese Apps in India were justified using provisions
under Section 69(A) of the IT Act.

Notably, while the Indian Telegraph Act, of 1885 permits the government to tap
phones, a 1996 Supreme Court judgment restricts phone tapping to situations of
‘public emergency.’ Section 69(A) of the IT Act does not impose such a public
emergency restriction on the government.

THE OFFENCES AND THE PUNISHMENTS IN IT ACT 2000

 Tampering with the computer source documents.

 Directions of Controller to a subscriber to extend facilities to decrypt information.
 Publishing of information which is obscene in electronic form.
 Penalty for breach of confidentiality and privacy.
 Hacking for malicious purposes.
 Penalty for publishing Digital Signature Certificate false in certain particulars.
 Penalty for misrepresentation.
 Confiscation.
 Power to investigate offences.
 Protected System.
 Penalties for confiscation not to interfere with other punishments.
 Act to apply for offence or contravention committed outside India.
 Publication for fraud purposes.
 Power of Controller to give directions.

SECTIONS AND PUNISHMENTS

 SECTION PUNISHMENT

This section of IT Act, 2000 states that any act of destroying, altering or
stealing computer system/network or deleting data with malicious
intentions without authorization from owner of the computer is liable
Section 43 for the payment to be made to owner as compensation for damages.

This section of IT Act, 2000 states that any corporate body dealing with
sensitive information that fails to implement reasonable security
practices causing loss of other person will also liable as convict for
Section 43A compensation to the affected party.

Hacking of a Computer System with malicious intentions like fraud will

be punished with 3 years imprisonment or the fine of Rs.5, 00,000 or
Section 66 both.

Section 66 B, Fraud or dishonesty using or transmitting information or identity theft is

C, D punishable with 3 years imprisonment or Rs. 1, 00,000 fine or both.

This Section is for Violation of privacy by transmitting image of private

Section 66 E area is punishable with 3 years imprisonment or 2, 00,000 fine or both.

This Section is on Cyber Terrorism affecting unity, integrity, security,

sovereignty of India through digital medium is liable for life
Section 66 F imprisonment.

This section states publishing obscene information or pornography or

transmission of obscene content in public is liable for imprisonment up
Section 67 to 5 years or fine of Rs. 10, 00,000 or both.

IMPORTANT CHAPTERS AND SECTIONS

 CHAPTER I: PRELIMINARY
Section 2: Definitions
i. Access: Gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system
or computer network.
ii. Certifying Authority: A person who has been granted a license to issue a Digital
Signature Certificate under section 24.
iii. Computer: Any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software, or
communication facilities which are connected or related to the computer in a
computer system or computer network
 iv. Controller: The Controller of Certifying Authorities appointed under sub-
section (l) of section 17.
v. Data: A representation of information, knowledge, facts, concepts or
instructions which are being prepared or have been prepared in a formalized
manner, and is intended to be processed, is being processed or has been
processed in a computer system or computer network, and may be in any
form (including computer printouts magnetic or optical storage media,
punched cards, punched tapes) or stored internally in the memory of the
computer.
vi. Digital signature: Authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the
provisions of section 3.
vii. Information: Includes data, text, images, sound, voice, codes, computer
programs, software and databases or micro film or computer generated micro
fiche.
viii. Private key: The key of a key pair used to create a digital signature
ix. Public key: The key of a key pair used to verify a digital signature and listed in
the Digital Signature Certificate.

 CHAPTER II: DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE

Section 3: Authentication of electronic records
1. Subscribers can prove an electronic record's authenticity using their digital
signature.
2. The record's authentication involves using special methods that transform it
into a different form using complex codes (asymmetric crypto system and hash
function).
a. It's really hard to figure out or recreate the original electronic record
from the special code (hash result) created by the algorithm.
b. The chance of two different electronic records creating the same
special code (hash result) using the algorithm is very low.
3. Anyone with the subscriber's public key can verify the record.
4. The subscriber has a unique pair of keys (private and public) for this process.
Section 3A: Electronic signature
1. In spite of what's in section (3), but following the guidelines in sub-section (2),
a subscriber may authenticate any electronic record by such electronic
signature or electronic authentication technique which:
a. Is considered reliable; and
b. May be specified in the Second Schedule.
2. An electronic signature or authentication technique is considered reliable in
this section if:
a. It's connected only to the person who signed or authenticated it, within
the relevant context.
 b. At the time of signing, it was controlled only by the signer or
authenticator, not anyone else.
c. Any changes made to the signature after it was affixed can be noticed.
d. Any changes made to the information after being authenticated by
electronic signature can be noticed. It meets any other conditions that
might be specified.
3. The Central Government can set the procedure to confirm if an electronic
signature belongs to the person who supposedly affixed or authenticated it.
4. The Central Government can update the Second Schedule by adding or
removing any electronic signature or authentication technique, as well as the
procedure for using such a signature. However, any added signature or
technique must be reliable.
5. Every notification made under sub-section (4) needs to be presented before
each House of Parliament.

 CHAPTER VI: REGULATION OF CERTIFYING AUTHORITIES

Section 17: Appointment of Controller and other officers
1. The Central Government can appoint a Controller of Certifying Authorities,
along with Deputy Controllers, Assistant Controllers, and other necessary
officers and employees, through an official notification in the Official Gazette.
2. The Controller of Certifying Authorities operates under the guidance and
control of the Central Government.
3. Deputy Controllers and Assistant Controllers work under the Controller's
supervision and perform tasks assigned by the Controller.
4. The qualifications, experience, and terms of service for these positions are set
by the Central Government.
5. The Controller's main and branch offices are located where the Central
Government specifies, chosen as deemed appropriate.
6. The Office of the Controller has an official seal.
Section 18: Functions of Controller
The Controller may perform all or any of the following functions, namely:
a. Supervising Certifying Authorities' activities.
b. Certifying public keys of Certifying Authorities.
c. Establishing standards for Certifying Authorities.
d. Specifying qualifications for Certifying Authority employees.
e. Setting conditions for how Certifying Authorities conduct business.
f. Defining the content and format of materials related to electronic signature
certificates and keys.
g. Specifying the form and content of electronic signature certificates and keys.
h. Defining how Certifying Authorities maintain their accounts.
i. Specifying terms and payment for auditors.
j. Facilitating electronic system establishment by Certifying Authorities.
k. Setting guidelines for how Certifying Authorities deal with subscribers.
l. Resolving conflicts of interest between Certifying Authorities and subscribers.
 m. Outlining the duties of Certifying Authorities.
n. Maintaining a public-accessible database with specific details about each
Certifying Authority's disclosure record.

 CHAPTER IX: PENALTIES, COMPENSATION AND ADJUDICATION

Section 43: [Penalty and compensation] for damage to computer, computer system,
etc.
This law says if someone uses a computer or network without permission and does
things like accessing data, putting viruses, damaging systems, disrupting access, or
messing with data, they can get in trouble. It also explains terms like computer
contaminant, database, virus, and damage. If they harm someone's computer stuff,
they might have to pay for the damage.
Section 43(A): Compensation for failure to protect data
If a company or a group that handles important personal information in its computer
system is careless about protecting that data and it leads to someone losing money or
gaining money in the wrong way, that company or group has to pay for the damage
caused. For example, if they didn't have good security and someone's private
information got into the wrong hands, they'd have to compensate for the trouble
caused. The terms "body corporate," "reasonable security practices and procedures,"
and "sensitive personal data or information" are explained as well.
Section 44: Penalty for failure to furnish information, return, etc.
If someone is supposed to give certain papers or reports as per the law or rules made
under it but doesn't do so:
a. If they don't give documents to the Controller or Certifying Authority as
required, they can be fined up to one lakh and fifty thousand rupees for each
time they fail.
b. If they're late in filing returns or providing information within the time set by
the rules, they might be fined up to five thousand rupees for every day they're
late.
c. If they're supposed to keep records or accounts but don't, they could face a
fine of up to ten thousand rupees for each day they don't maintain them.
Section 45: Residuary penalty
If someone breaks any rules or regulations made under this law, and those rules don't
have a specific penalty mentioned for breaking them, that person might have to pay
compensation or a penalty, but it won't be more than twenty-five thousand rupees.
This is for the harm caused by breaking those rules.
Section 46: Power to adjudicate
1. To decide if someone broke the rules of this Act or any related laws and
should pay a penalty or compensation, the Central Government will choose an
officer, usually a high-ranking one, to be an adjudicating officer. This officer
will investigate and decide what action should be taken. If the damage claimed
is less than five crore rupees, this officer has the power to make a decision.
 But if the claimed damage is more than five crore rupees, the case will go to a
higher court.
2. The person accused gets a fair chance to explain their side of the story to the
officer. If, after looking into it, the officer is convinced that the person did
break the rules, the officer can decide to give them a penalty or ask them to
compensate according to what's written in the law.
3. To become an adjudicating officer, a person must have specific experience in
Information Technology and legal or judicial matters. This requirement is set
by the Central Government, and without this kind of experience, they can't be
appointed as an adjudicating officer.
4. If there are multiple adjudicating officers, the Central Government will decide
and tell each officer what specific issues or cases they can handle and in which
places they can work. This helps clarify their roles and where they have the
authority to make decisions.
5. An adjudicating officer has powers similar to a civil court, like the ones the
Appellate Tribunal has under section 58(2).
a. All the proceedings in front of this officer are seen as judicial
proceedings, as defined in sections 193 and 228 of the Indian Penal
Code.
b. This officer is considered a civil court for matters covered in sections
345 and 346 of the Code of Criminal Procedure, 1973.
c. Additionally, they're treated as a civil court for the purposes of Order
XXI of the Civil Procedure Code, 1908.
Section 47: Factors to be taken into account by the adjudicating officer
When deciding how much compensation to give in a case, the adjudicating officer
considers a few things:
a. The unfair advantage or profit gained because of the wrongdoing, if it can be
measured.
b. The losses suffered by anyone affected by the wrongdoing.
c. Whether this wrongdoing has happened more than once, if it's a repeated
thing.
 CHAPTER XI: OFFENCES
Section 65: Tampering with computer source documents
This law says that if someone deliberately hides, damages, or changes computer
source code (which includes programs, commands, and designs used in a computer),
especially when they're supposed to keep it according to the law, they can be
punished. The punishment could be going to jail for up to three years, or paying a fine
of up to two lakh rupees, or both.
Section 66: Computer related offences
If someone does something dishonest or fraudulent as mentioned in section 43, they
can be punished. The punishment could be imprisonment for up to three years, a fine
of up to five lakh rupees, or both. This law uses the meanings of "dishonestly" and
"fraudulently" as defined in sections 24 and 25 of the Indian Penal Code (1860).
Section 66A: Punishment for sending offensive messages through communication
service, etc.
This law says that if someone uses a computer or a phone to:
a. Send really offensive or threatening information, or
b. Knowingly sends false information to bother, annoy, or cause harm to
someone else persistently, or
c. Sends emails or messages to annoy, mislead, or trick someone about where
the message came from,
They could go to jail for up to three years and might have to pay a fine. This law
covers messages or information sent through computers or phones, including things
like text, pictures, sound, video, or any other electronic stuff that can be sent along
with a message.
Section 66B: Punishment for dishonestly receiving stolen computer resource or
communication device
If someone gets or keeps a computer or a phone that they know or think is stolen,
they could get in trouble. They might go to jail for up to three years or have to pay a
fine of up to one lakh rupees, or both.
Section 66C: Punishment for identity theft
If someone uses another person's electronic signature, password, or any special ID
thing dishonestly or falsely, they could be in trouble. The punishment for doing this
could be going to jail for up to three years and having to pay a fine of up to one lakh
rupees.
Section 66D: Punishment for cheating by personation by using computer resource
If someone tricks or cheats using a phone or computer by pretending to be someone
else, they could get punished. They might go to jail for up to three years and have to
pay a fine of up to one lakh rupees.
Section 66E: Punishment for violation of privacy
If someone takes, shares, or sends a picture of a private part of someone without
their agreement and it violates their privacy, they could be in trouble. They might go
to jail for up to three years, have to pay a fine of up to two lakh rupees, or both.
Section 66F: Punishment for cyber terrorism
If someone intentionally tries to harm the unity, safety, or important systems of India
using a computer, they're committing cyber terrorism. This includes things like
denying access to authorized people, trying to get into computers without
permission, or causing harm by introducing harmful things into computer systems. If
this causes harm, like injury, damage to property, or disruption of essential services,
or if they get secret information that could harm the country, they could go to jail for
life.
Section 67: Punishment for publishing or transmitting obscene material in
electronic form
If someone puts out or shares inappropriate material online that could make people
think or act in a bad way, they could get in trouble. For the first time, they might go
to jail for up to three years and have to pay a fine of up to five lakh rupees. If they do
it again, they could go to jail for up to five years and have to pay a bigger fine of up to
ten lakh rupees.
Section 67A: Punishment for publishing or transmitting of material containing
sexually explicit act, etc., in electronic form
If someone shares or puts out material online that shows sexual stuff, they could get
in trouble. For the first time, they might go to jail for up to five years and have to pay
a fine of up to ten lakh rupees. If they do it again, they could go to jail for up to seven
years and have to pay the same big fine of up to ten lakh rupees.
Section 67B: Punishment for publishing or transmitting of material depicting
children in sexually explicit act, etc., in electronic form.
If someone shares or creates material online that shows children in a sexual or
indecent way, they could get in trouble. For the first time, they might go to jail for up
to five years and have to pay a fine of up to ten lakh rupees. If they do it again, they
could go to jail for up to seven years and have to pay the same big fine. But if it's for a
good reason like education or cultural purposes, or it's kept for heritage or religious
reasons, then these rules might not apply. The term "children" in this case means
anyone below 18 years old.
Section 67C: Preservation and retention of information by intermediaries
This law says that companies or platforms in the middle of online stuff must keep
specific information for a certain time, as the government tells them. If these
companies don't do this on purpose, they could go to jail for up to three years and
might have to pay a fine.
Section 68: Power of Controller to give directions
This law gives the Controller the power to tell a Certifying Authority or its employees
to do certain things or stop doing certain activities to make sure they follow the rules
of this Act. If someone deliberately or knowingly doesn't follow this order, they could
be charged with a crime and, if convicted, might go to jail for up to two years or have
to pay a fine of up to one lakh rupees, or both.
Section 69: Power to issue directions for interception or monitoring or decryption of
any information through any computer resource
This law allows the government or its authorized officers to order agencies to listen
to, watch, or decode information from computers if they believe it's essential for
protecting India's safety, relationships with other countries, public order, or to
prevent serious crimes. There are rules (that will be made) for how this should be
done safely. The law also says that if someone in charge of a computer system
doesn't help these government agencies when they're asked, they could go to jail for
up to seven years and might have to pay a fine.
Section 69A: Power to issue directions for blocking for public access of any
information through any computer resource
This law says that if the Central Government or its authorized officers believe it's
necessary for India's safety, relationships with other countries, public order, or to
prevent serious crimes, they can tell government agencies or online platforms to stop
people from accessing certain information online. There will be rules made for how
this should be done safely. If an online platform doesn't follow this order, the person
in charge could go to jail for up to seven years and might have to pay a fine.
Section 69B: Power to authorize to monitor and collect traffic data or information
through any computer resource for cyber security
This law lets the Central Government authorize some government agencies to watch
and collect information moving through computer systems to prevent cyber threats
and keep things safe. If a person in charge of a computer system is asked by these
authorized agencies to help and they don't, they might go to jail for up to three years
and might also have to pay a fine. The rules for how this monitoring should happen
will be decided later. The law also defines "computer contaminant" as mentioned in
another section and explains that "traffic data" means information that shows where
a communication is coming from, where it's going, how it's moving, and other details.
Section 70: Protected system
This law allows the government to label any computer system that's very important
for the country's safety as a "protected system." The government can then give
permission in writing to specific people to access these protected systems. If
someone tries to get into these systems without permission, they could go to jail for
up to ten years and might also have to pay a fine. The Central Government will create
rules for the security practices needed to protect these important systems.
Section 70A: National nodal agency
This law lets the Central Government pick a government organization and call it the
main group responsible for protecting really important computer systems. This
organization will handle everything needed, including research and development, to
keep these critical computer systems safe. How this group works and what they do
will be decided and written down later as rules.
Section 70B: Indian Computer Emergency Response Team to serve as national
agency for incident response
This law says that the Central Government will create a team called the Indian
Computer Emergency Response Team (CERT-In) to handle cyber threats and
incidents. This team will collect information about cyber problems, give warnings,
take emergency steps during cyber attacks, coordinate responses, and share advice to
prevent such incidents. They'll have the authority to ask for information from service
providers, companies, and other people involved in online services. If these entities
don't provide the requested information or don't follow the team's directions, they
could be fined or even go to jail for up to a year. Also, only a specific officer
authorized by CERT-In can file a complaint in court regarding any offenses related to
this law.
Section 71: Penalty for misrepresentation
This law says that if someone lies or hides important information from the Controller
or the Certifying Authority to get a license or an electronic signature certificate, they
could be punished. The punishment might be going to jail for up to two years, paying
a fine of up to one lakh rupees, or both.
Section 72: Penalty for Breach of confidentiality and privacy
This law states that unless there's another law saying otherwise, if someone gets
access to your electronic stuff because of the powers given by this Act or its rules and
then shares that stuff with someone else without your permission, they could be
punished. The punishment might be going to jail for up to two years, paying a fine of
up to one lakh rupees, or both.
Section 72A: Punishment for disclosure of information in breach of lawful contract
This law says that unless there's another law saying it's okay, if someone, like a
company or a person working for them, gets access to your personal information
through a legal agreement and then shares that information with someone else to
cause harm or gain unfairly, they could be punished. The punishment might be going
to jail for up to three years, paying a fine of up to five lakh rupees, or both.
Section 73: Penalty for publishing [electronic signature] Certificate false in certain
particulars
This law says that no one should share or make available an electronic signature
certificate to someone else if they know that the authority listed in the certificate
didn't issue it, or the person mentioned in the certificate didn't agree to it, or if the
certificate has been canceled or suspended. The only exception is if it's used to verify
a signature made before it was canceled or suspended. If someone breaks this rule,
they could be punished by going to jail for up to two years, paying a fine of up to one
lakh rupees, or both.
Section 74: Publication for fraudulent purpose
This law says that if someone intentionally makes or shares an electronic signature
certificate for a dishonest or illegal reason, they could be punished. The punishment
might be going to jail for up to two years, paying a fine of up to one lakh rupees, or
both.
Section 75: Act to apply for offence or contravention committed outside India
This law says that the rules in this Act apply to anyone, no matter their nationality, if
they commit a crime related to computers outside of India. However, this applies only
if the crime involves a computer or network located within India.
Section 76: Confiscation
This law states that if any computer or related items are used to break the rules in
this Act, they can be taken away (confiscated) by the authorities. However, if it's
proven in court that the person who has those items isn't responsible for breaking
the rules, the court might decide not to take away the items. Instead, the court can
take action against the person who actually broke the rules.
Section 77: Compensation, penalties or confiscation not to interfere with other
punishment
This law says that if someone is penalized, their property is taken away, or they're
made to pay a fine according to this Act, it doesn't stop them from facing
compensation or other penalties or punishments under different laws that are
currently in place. Essentially, they can still face consequences under other laws
despite any actions taken under this Act.
Section 77A: Compounding of offences
This law allows certain offenses under this Act to be settled outside of court, called
compounding, by a competent court, except for serious offenses that have harsh
punishments or affect the country's social and economic conditions, or if the victim is
a child below 18 years or a woman.
However, if someone has been previously convicted, or if the offense could lead to a
different or higher punishment due to past convictions, the court can't settle the case
through compounding.
If someone accused of an offense under this Act wants to settle it outside of court,
they can file an application in the court where the case is being heard. The rules and
procedures for this settlement process will be as per the Code of Criminal Procedure,
1973.
Section 77B: Offences with three years imprisonment to be bailable
This rule says that even if the regular criminal procedure law (the Code of Criminal
Procedure, 1973) says something different, any crime where the punishment is three
years or more in jail will be seen as serious and can be acted upon without needing a
 warrant. If the punishment for a crime is exactly three years, then the person accused
of that crime can get bail.
Section 78: Power to investigate offences
This rule says that regardless of what the regular criminal procedure law says, a police
officer of at least the rank of an inspector must investigate any crime that falls under
this Act.

EMERGING TRENDS IN INFORMATION TECHNOLOGY LAW

Emerging trends in Information Technology law include the following:

1. Automation: Law firms are increasingly using automation to streamline mundane and
routine tasks, such as document review and contract management.
2. Artificial Intelligence (AI): AI is being used to manage day-to-day tasks, such as data
management, and improve the client experience.
3. Cloud-Native Solutions: Law firms are adopting cloud-native solutions to enhance
their digital transformation and reach clients where they want to be.
4. Virtual Legal Assistants: Virtual legal assistants are being used to automate legal
work and improve efficiency.
5. Data Privacy and Cybersecurity: Law firms are focusing on data privacy and
cybersecurity to protect sensitive client information.