What are the main objectives of Information Technology Act 2000?

The primary objectives of the Information Technology Act 2000 are multifaceted. Firstly, it aims to provide legal recognition for electronic transactions, facilitating e-commerce and e-governance by giving legal validity to electronic records and digital signatures. Secondly, it seeks to create a secure legal environment for electronic communication and data storage. Thirdly, it defines and prescribes penalties for various cybercrimes, thereby deterring malicious activities in the digital space. Lastly, it establishes a regulatory framework for Certifying Authorities and a mechanism for dispute resolution through Adjudicating Officers and the Cyber Appellate Tribunal, ensuring trust and confidence in the digital ecosystem.

Which sections of IT Act 2000 deal with cyber crimes?

Several key sections of the IT Act 2000, particularly after the 2008 amendment, deal with cybercrimes. Prominent among these are Section 43 (penalty for damage to computer systems, unauthorized access), Section 66 (computer-related offenses like hacking, data theft with malicious intent), Section 66C (identity theft), Section 66D (cheating by personation), Section 66E (violation of privacy), Section 67 (publishing or transmitting obscene material), Section 67A (publishing sexually explicit acts), Section 67B (child pornography), and Section 84A (cyber terrorism). These sections define specific offenses and prescribe corresponding penalties, ranging from fines to imprisonment.

Why was Section 66A of IT Act declared unconstitutional?

Section 66A of the IT Act was declared unconstitutional by the Supreme Court in the landmark Shreya Singhal v. Union of India case (2015) primarily because it violated Article 19(1)(a) of the Indian Constitution, which guarantees freedom of speech and expression. The court found the language of Section 66A to be vague and overbroad, criminalizing online content that could cause 'annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.' These terms were not clearly defined, leading to arbitrary application and a chilling effect on legitimate online discourse. The court ruled that it did not fall within the reasonable restrictions permitted under Article 19(2).

How does IT Act 2000 regulate electronic evidence?

The IT Act 2000 significantly amended the Indian Evidence Act, 1872, by introducing Section 65B, which specifically deals with the admissibility of electronic records as evidence. This section provides that any information contained in an electronic record, which is printed on a paper, stored, recorded, or copied in optical or magnetic media produced by a computer, shall be deemed to be a document and shall be admissible in any proceedings, without further proof or production of the original, if certain conditions are satisfied. These conditions primarily ensure the integrity and authenticity of the electronic record, such as the computer being in proper working order and the information being regularly fed into it. This provision is crucial for prosecuting cybercrimes.

What is the role of Cyber Appellate Tribunal under IT Act?

The Cyber Appellate Tribunal (CAT) was established under the IT Act 2000 to hear appeals against the orders of the Adjudicating Officers and the Controller of Certifying Authorities. Its primary role was to provide a specialized and speedy mechanism for resolving disputes related to cyber law, electronic transactions, and digital signatures. The CAT was designed to have expertise in both legal and technical aspects of cyber law. However, with the enactment of the Finance Act, 2017, the functions of the CAT were transferred to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT), making TDSAT the appellate body for IT Act matters. Appeals from TDSAT lie with the High Court.

How does IT Act 2000 protect personal data?

Initially, the IT Act 2000 protected personal data primarily through Section 43A and Section 72. Section 43A, introduced in 2008, made corporate bodies liable to pay compensation if they failed to implement reasonable security practices and procedures while handling sensitive personal data, leading to wrongful loss. Section 72 criminalized the breach of confidentiality and privacy by unauthorized disclosure of electronic records. However, with the enactment of the Digital Personal Data Protection Act, 2023, Section 43A has been repealed, and the DPDP Act now serves as the comprehensive legal framework for personal data protection in India, largely superseding the IT Act's role in this domain. Section 72, however, remains relevant for unauthorized disclosure of information.

What are the penalties for hacking under IT Act 2000?

The IT Act 2000 addresses hacking primarily through Section 43 and Section 66. Section 43 deals with civil liability for unauthorized access, downloading, introduction of viruses, disruption, and other forms of digital trespass, making the perpetrator liable to pay compensation. If these acts are committed 'dishonestly or fraudulently' with the intent to cause wrongful loss or damage, they become criminal offenses under Section 66. The punishment under Section 66 can include imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both. The severity of the penalty depends on the nature and extent of the damage or loss caused.

What is intermediary liability under IT Act?

Intermediary liability under the IT Act 2000 refers to the legal responsibility of online platforms (like internet service providers, social media companies, search engines, e-commerce sites) for third-party content hosted or transmitted through their services. Section 79 provides a 'safe harbor' for intermediaries, exempting them from liability for third-party content, provided they observe 'due diligence' and comply with government directions for content removal. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, further elaborate on these due diligence requirements, mandating grievance redressal mechanisms, content moderation, and cooperation with law enforcement, thereby shaping the extent of their responsibility.

Information Technology Act 2000

Internal Security

Constitution VerifiedUPSC Verified

Version 1Updated 7 Mar 2026

Explore This Topic

Definition Detailed Explanation Legal Precedents Security Framework Legal Reforms UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

WHEREAS the General Assembly of the United Nations by its resolution A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL); AND WHEREAS it is considered necessary to give effect to the said Model Law and to promote efficient delivery of Government services by means of reliable elect…

Quick Summary

The Information Technology Act, 2000 (IT Act 2000) is India's primary legislation for the digital world, enacted to provide legal recognition for electronic transactions and combat cybercrimes. It was initially designed to facilitate e-commerce by giving legal validity to electronic records and digital signatures, crucial for paperless governance and online business.

Key provisions in its original form focused on the legal framework for digital certificates, appointment of Certifying Authorities, and the establishment of the Cyber Appellate Tribunal for dispute resolution.

The Act underwent a significant transformation with the Information Technology (Amendment) Act, 2008. This amendment expanded the Act's scope to address the growing menace of cybercrime more comprehensively.

It introduced new definitions for various cyber offenses, enhanced penalties, and brought in critical concepts like data protection (Section 43A), intermediary liability (Section 79), and government powers for content blocking (Section 69A) and interception (Section 69).

The 2008 amendment also introduced provisions against cyber terrorism (Section 84A) and child pornography (Section 67B), reflecting a shift towards national security and protection of vulnerable groups.

From a constitutional perspective, the IT Act interacts profoundly with fundamental rights, particularly Article 19 (freedom of speech) and Article 21 (right to privacy). The striking down of Section 66A in Shreya Singhal v.

Union of India (2015) underscored the importance of balancing state regulation with digital rights. The Act also integrates with other laws, notably the Indian Evidence Act, 1872, through Section 65B, which governs the admissibility of electronic records in court.

Recent developments, such as the Digital Personal Data Protection Act, 2023, have further refined India's legal landscape, with the DPDP Act now serving as the primary law for personal data protection, superseding some IT Act provisions.

Understanding the IT Act 2000 is vital for UPSC aspirants, as it forms the bedrock of India's cyber law and internal security framework.

Vyyuha

Your 6-Month Blueprint, Updated Nightly

AI analyses your progress every night. Wake up to a smarter plan. Every. Single.…

Enacted: — 2000, Amended: 2008 (major), 2017 (CAT to TDSAT).

Purpose: — Legal recognition for e-transactions, cybercrime deterrence.

Key Sections:

- Sec 43: Damage to computer (civil liability). - Sec 43A: Data protection (repealed by DPDP Act 2023). - Sec 66: Computer-related offenses (hacking, criminal intent). - Sec 66A: Offensive messages (STRUCK DOWN by Shreya Singhal, 2015).

- Sec 67: Obscenity. - Sec 69: Interception/Monitoring by Govt. - Sec 69A: Blocking of content by Govt. - Sec 70: Protected Systems. - Sec 72: Breach of confidentiality. - Sec 79: Intermediary Liability ('safe harbor').

- Sec 80: Police power to search/arrest without warrant (DySP rank). - Sec 84A: Cyber Terrorism.

Constitutional Links: — Art 19 (Free Speech), Art 21 (Privacy), Art 14 (Equality).

Related Acts: — Indian Evidence Act 1872 (Sec 65B for electronic evidence), Indian Telegraph Act 1885.

Landmark Case: — Shreya Singhal v. UoI (2015) - Struck down 66A.

Recent: — DPDP Act 2023 (supersedes 43A), IT Rules 2021 (for Sec 79).

Vyyuha's CYBER-SHIELD for IT Act 2000:

C - Crimes (Sec 66, 67, 84A) Y - Year 2000 (Enactment) & 2008 (Amendment) B - Blocking (Sec 69A) & Breach of Confidentiality (Sec 72) E - Electronic Records & Evidence (Sec 65B Evidence Act) R - Rights (Art 19, 21) & Repeal (Sec 43A by DPDP Act)

S - Shreya Singhal (Struck down 66A) H - Hacking (Sec 43, 66) I - Intermediary Liability (Sec 79) & Interception (Sec 69) E - E-commerce (Original focus) L - Legal Recognition (Digital Signatures) D - Data Protection (DPDP Act now primary)

Vyyuha's DATA-GUARD for Data Protection:

D - DPDP Act 2023 (New Law) A - Article 21 (Right to Privacy) T - Three Tests (Puttaswamy: Legality, Necessity, Proportionality) A - Accountability (Data Fiduciaries)

G - Gaps (IT Act's 43A limitations) U - User Rights (Data Principal Rights) A - Amendments (IT Act 43A repealed) R - Regulator (Data Protection Board) D - Due Diligence (Security Practices)

Information Technology Act 2000

Quick Summary

Related Topics