Internal Security·Legal Reforms
Information Technology Act 2000 — Legal Reforms
Constitution VerifiedUPSC Verified
Version 1Updated 7 Mar 2026
| Entry | Year | Description | Impact |
|---|---|---|---|
| Information Technology (Amendment) Act, 2008 | 2008 | This was a comprehensive amendment that significantly expanded the scope and punitive powers of the original IT Act 2000. It introduced new definitions for cybercrimes, enhanced penalties, and brought in crucial provisions related to data protection, intermediary liability, and government powers for content blocking and interception. | Transformed the IT Act from primarily an e-commerce facilitation law to a robust cyber security and regulatory framework. Introduced Sections like 43A (data protection), 66A (offensive messages, later struck down), 69 (interception), 69A (blocking), 79 (intermediary liability), and 84A (cyber terrorism). Increased penalties for various offenses and broadened the definition of 'electronic signature' from 'digital signature'. |
| Finance Act, 2017 | 2017 | This Act, among other things, abolished several tribunals and merged their functions with existing ones. Specifically, it transferred the functions of the Cyber Appellate Tribunal (CAT) to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT). | The Cyber Appellate Tribunal (CAT), established under the IT Act, ceased to exist as a separate entity. All appeals against orders of Adjudicating Officers and the Controller of Certifying Authorities under the IT Act are now heard by the TDSAT. This aimed at streamlining the tribunal system but raised concerns about the specialized expertise available for cyber law matters. |
| Digital Personal Data Protection Act, 2023 | 2023 | While a standalone Act, the DPDP Act 2023 significantly impacts the IT Act 2000 by repealing Section 43A and amending certain other provisions related to data protection and privacy. | The DPDP Act 2023 establishes a comprehensive legal framework for personal data protection in India, making it the primary law in this domain. It effectively supersedes the data protection provisions previously contained in the IT Act, particularly Section 43A, which dealt with compensation for failure to protect data. This marks a major evolution in India's approach to data privacy, moving towards a rights-based framework. |