The Information Technology Act, 2000


This Act seeks to provide legal recognition for transactions carried out through electronic data interchange and other means of electronic communication, or ‘electronic commerce’.

‘Data’ refers to the representation of information, knowledge, facts, concepts or instructions – which are, or have been, prepared in a ‘formalised manner’, and is being, or will be, processed in a computer system or network – which may be in any form or stored internally in the computer’s memory.

The Parliament of India passed this Act on June 9, 2000, after the United Nations Commission on International Trade Law adopted the Model Law on Electronic Commerce on January 30, 1997.

The Act extends to the whole of India. It also applies to any contravention or offence committed by any person outside India.


  1. What does the Act say about electronic signatures and authenticating electronic records?

    An electronic record refers to data generated, stored, received or sent in an electronic form, microfilm or ‘computer generated micro fiche’.

    The Act states that any subscriber may authenticate an electronic record by affixing their digital signature to it using ‘asymmetric crypto system and hash function’.

    An electronic signature means the authentication of any electronic record by a subscriber through an electronic technique – including digital signatures. A subscriber means a person in whose name the electronic signature certificate is issued.

  2. What does the Act mandate about electronic records?

    Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall bear the signature of any person, such requirements shall be considered met if an electronic signature is used, in a manner prescribed by the central government.

  3. What does the Act say about issuing electronic signature certificates?

    Any person can make an application for an electronic signature certificate to the Certifying Authority, as appointed by the central government under this Act. Every application shall be submitted with a fee of not more than Rs. 25,000, as well as a certification practice statement. The Certifying Authority may suspend the certificate on receiving a request from the certificate’s subscriber, or if the Authority is of the opinion that doing so would be in public interest. The certificate shall not be revoked for more than 15 days unless the subscriber has been given a chance to be heard in the matter. The Authority may revoke an electronic signature certificate on the subscriber’s request, their death, or due to the dissolution of the firm (where the subscriber is a firm).

  4. What are some of the offences and penalties listed under this Act?

    The Act says that if any person accesses – without the permission of its owner – a computer and its data, damages it, downloads copies from it or introduces a virus in it, they shall be liable to pay damages to the person affected as compensation.

    If a person fails to furnish any document – when required by any authority under this Act – they shall be liable to a penalty of not more than Rs. 150,000 for each such failure. If a person fails to submit any such documents within the time specified by any authority under this Act, they shall be punishable with a fine of Rs. 50,000 per day for each such failure.

    Whoever knowingly or intentionally conceals, destroys or alters, any computer or source code used for a computer – where that code is required to be kept or maintained by law – they shall be punishable with imprisonment for up to three years, or with fine of up to Rs. 200,000, or both.

    If any person sends – by means of a computer resource or a communication device – any information that is ‘grossly offensive’ or has ‘menacing character’, or any information which they know to be false (for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will), they shall be punishable with imprisonment of up to three years, and with a fine.

    Whoever, fraudulently or dishonestly uses the electronic signature, password or any other unique identification feature of another person, shall be liable to imprisonment for three years, or a fine of up to Rs. 100,000, or both. Whoever – by means of any communication device or computer resource – cheats by ‘personation’, shall be punished with imprisonment for a term which may extend to three years, and with a fine which may extend to Rs. 100,000.

    Whoever intentionally or knowingly captures, publishes or transmits the image of a private area of any person without their consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine of up to Rs. 200,000, or both.

    Anyone who commits or conspires to commit an act of cyber terrorism, with intent to threaten the unity, integrity, security or sovereignty of India, shall be punishable with imprisonment which may extend to the rest of their life.

    Focus and Factoids by Jinson George Chacko.


Ministry of Law and Justice


Government of India, New Delhi


09 Jun, 2000