The Information Technology Act, 2000 (IT Act) is a landmark legislation in India that was enacted to provide legal recognition to electronic transactions and digital signatures, thereby facilitating e-commerce and e-governance. The Act was inspired by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996), which aimed to standardize laws related to electronic transactions globally. India adopted this model to align with international standards and promote technological advancements in the digital realm.
The IT Act was passed by the Indian Parliament on 9th June 2000 and came into force on 17th October 2000. It was a response to the growing need for a legal framework to address issues arising from the digitalization of transactions, such as authentication, data security, and cybercrimes. The Act also amended other key laws, including the Indian Penal Code (1860), the Indian Evidence Act (1872), the Banker’s Books Evidence Act (1891), and the Reserve Bank of India Act (1934), to accommodate electronic records and signatures.
Over the years, the Act has undergone significant amendments, most notably through the Information Technology (Amendment) Act, 2008, which came into effect on 27th October 2009. This amendment introduced critical changes, such as:
Expanding the scope of electronic signatures to include technologies beyond digital signatures.
Strengthening data protection and privacy provisions, including the introduction of Section 43A for compensation due to negligence in protecting sensitive personal data.
Defining and penalizing new cybercrimes like cyber terrorism, identity theft, and privacy violations.
Establishing regulatory bodies like the Indian Computer Emergency Response Team (CERT-In) to handle cybersecurity incidents.
Preliminary (Sections 1–2)
The Act applies to the whole of India and extends to offenses committed outside India if they involve a computer or network located in India.
Key definitions include terms like "computer," "electronic record," "digital signature," and "intermediary."
2. Digital and Electronic Signatures (Sections 3–3A)
Provides legal recognition to electronic signatures (including digital signatures) for authentication.
Specifies secure methods for affixing electronic signatures, ensuring their reliability and integrity.
3. Electronic Governance (Sections 4–10A)
Grants legal validity to electronic records and signatures, allowing government agencies to accept digital documents.
Mandates the retention of electronic records in a secure and accessible format.
4. Regulation of Certifying Authorities (Sections 17–34)
Establishes the Controller of Certifying Authorities (CCA) to license and oversee entities issuing digital signature certificates.
Defines the duties of Certifying Authorities (CAs) and subscribers, ensuring secure key management.
5. Penalties and Adjudication (Sections 43–47)
Imposes penalties for unauthorized access, data theft, and damage to computer systems (Section 43).
Introduces compensation for data breaches due to negligence (Section 43A).
Empowers adjudicating officers to resolve disputes and impose fines.