The Information Technology Act, 2000
(No. 21 of 2000) [9th June, 2000]
An Act to provide legal recognition for
transactions carried out by means
of electronic data interchange and other
means of electronic
communication, commonly referred to as
"electronic commerce", which
involve the use of alternatives to
paper-based methods of communication
and storage of information, to
facilitate electronic filing of documents
with the Government agencies and further
to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the
Bankers' Books Evidence Act, 1891 and
the Reserve Bank of India Act, 1934 and
for matters connected therewith or
incidental thereto. whereas the General
Assembly of the United Nations by
resolution A/RES/51/162, dated the 30th
January, 1997 has adopted the
Model Law on Electronic Commerce adopted
by the United Nations Commission
on International Trade Law; and whereas
the said resolution recommends
inter alia that all States give
favourable consideration to the said Model
Law when they enact or revise their
laws, in view of the need for
uniformity of the law applicable to
alternatives to paper-cased methods of
communication and storage of
information; and whereas it is considered
necessary to give effect to the said
resolution and to promote efficient
delivery of Government services by means
of reliable electronic records.
be it enacted by Parliament in the
Fifty-first Year of the Republic of
India as follows:—
I - PRELIMINARY
1. Short title, extent, commencement
and application.
(1) This Act may be called the Information
Technology Act, 2000.
(2) It shall extend to the whole of India
and, save as otherwise provided
in this Act, it applies also to any
offence or contravention thereunder
committed outside India by any person.
(3) It shall come into force on such date as
the Central Government may,
by notification, appoint and different
dates may be appointed for
different provisions of this Act and any
reference in any such provision
to the commencement of this Act shall be
construed as a reference to the
commencement of that provision.
(4) Nothing in this Act shall apply to,
(a) a negotiable instrument as defined in
section 13 of the Negotiable
Instruments Act, 1881;
(b) a power-of-attorney as defined in section
1A of the Powers-of-
Attorney
Act, 1882;
(c) a trust as defined in section 3 of the
Indian Trusts Act, 1882;
(d) a will as defined in clause (h) of
section 2 of the Indian Succession
Act,
1925 including any other testamentary disposition by whatever name
called;
(e) any contract for the sale or conveyance
of immovable property or any
interest in such property;
(f) any such class of documents or transactions
as may be notified by the
Central Government in the Official
Gazette.
2.
Definitions.
(1) In this Act, unless the context
otherwise requires, —
(a) "access" with its grammatical
variations and cognate expressions
means gaining entry into, instructing or
communicating with the logical,
arithmetical, or memory function
resources of a computer, computer system
or computer network;
(b) "addressee" means a person who
is intended by the originator to
receive the electronic record but does
not include any intermediary;
(c) "adjudicating officer" means an
adjudicating officer appointed under
subsection
(1) of section 46;
(d) "affixing digital signature"
with its grammatical variations and
cognate expressions means adoption of
any methodology or procedure by a
person for the purpose of authenticating
an electronic record by means of
digital signature;
(e) "appropriate Government" means
as respects any matter,
(i) Enumerated in List II of the Seventh
Schedule to the Constitution;
(ii) relating to any State law enacted under
List III of the Seventh
Schedule to the Constitution, the State
Government and in any other case,
the Central Government;
(f) "asymmetric crypto system"
means a system of a secure key pair
consisting of a private key for creating
a digital signature and a public
key to verify the digital signature;
(g) "Certifying Authority" means a
person who has been granted a licence
to issue a Digital Signature Certificate
under section 24;
(h) "certification practice
statement" means a statement issued by a
Certifying Authority to specify the
practices that the Certifying
Authority employs in issuing Digital
Signature Certificates;
(i) "computer" means any electronic
magnetic, optical or other high-speed
data
processing device or system which performs logical, arithmetic, and
memory functions by manipulations of
electronic, magnetic or optical
impulses, and includes all input,
output, processing, storage, computer
software, or communication facilities
which are connected or related to
the computer in a computer system or
computer network;
(j) "computer network" means the
interconnection of one or more computers
through —
(i) the use of satellite, microwave,
terrestrial line or other
communication media; and
(ii) terminals or a complex consisting of two
or more interconnected
computers whether or not the
interconnection is continuously maintained;
(k) "computer resource" means
computer, computer system, computer
network, data,computer data base or software;
(l) "computer system" means a
device or collection of devices, including
input and output support devices and
excluding calculators which are not
programmable and capable of being used
in conjunction with external files,
which contain computer programmes,
electronic instructions, input data and
output data, that performs logic,
arithmetic, data storage and retrieval,
communication control and other
functions;
(m) "Controller" means the Controller
of Certifying Authorities appointed
under sub-section (1) of section 17;
(n) "Cyber Appellate Tribunal"
means the Cyber Regulations Appellate
Tribunal established under sub-section
(1) of section 48;
(o) "data" means a
representation of information, knowledge, facts,
concepts or instructions which are being
prepared or have been prepared in
a formalised manner, and is intended to
be processed, is being processed
or has been processed in a computer
system or computer network, and may be
in any form (including computer
printouts magnetic or optical storage
media, punched cards, punched tapes) or
stored internally in the memory of
the computer;
(p) "digital signature" means
authentication of any electronic record by a
subscriber by means of an electronic
method or procedure in accordance
with the provisions of section 3;
(q) "Digital Signature
Certificate" means a Digital Signature Certificate
issued under sub-section (4) of section
35;
(r) "electronic form" with
reference to information means any information
generated, sent, received or stored in
media, magnetic, optical, computer
memory, micro film, computer generated
micro fiche or similar device;
(s) "Electronic Gazette" means
the Official Gazette published in the
electronic form;
(t) "electronic record" means
data, record or data generated, image or
sound stored, received or sent in an
electronic form or micro film or
computer generated micro fiche;
(u) "function", in relation to
a computer, includes logic, control
arithmetical process, deletion, storage
and retrieval and communication or
telecommunication from or within a
computer;
(v) "information" includes
data, text, images, sound, voice, codes,
computer programmes, software and
databases or micro film or computer
generated micro fiche :
(w) "intermediary" with
respect to any particular electronic message means
any person who on behalf of another
person receives, stores or transmits
that message or provides any service
with respect to that message;
(x) "key pair", in an
asymmetric crypto system, means a private key and
its mathematically related public key,
which are so related that the
public key can verify a digital
signature created by the private key;
(y) "law" includes any Act of
Parliament or of a State Legislature,
Ordinances promulgated by the President or a Governor, as the
case may be.
Regulations made by the President under
article 240, Bills enacted as
President's Act under sub-clause (a) of
clause (1) of article 357 of the
Constitution and includes rules,
regulations, bye-laws and orders issued
or made thereunder;
(z) "licence" means a licence
granted to a Certifying Authority under
section 24;
(za) "originator" means a
person who sends, generates, stores or transmits
any electronic message or causes any
electronic message to be sent,
generated, stored or transmitted to any
other person but does not include
an intermediary;
(zb) "prescribed" means
prescribed by rules made under this Act;
(zc) "private key" means the
key of a key pair used to create a digital
signature;
(zd) "public key" means the
key of a key pair used to verify a digital
signature and listed in the Digital
Signature Certificate;
(ze) "secure system" means
computer hardware, software, and procedure that
(a) are reasonably secure from
unauthorised access and misuse;
(b) provide a reasonable level of
reliability and correct operation;
(c) are reasonably suited to performing the intended functions;
and
(d) adhere to generally accepted
security procedures;
(zf) "security procedure"
means the security procedure prescribed under
section 16 by the Central Government;
(zg) "subscriber" means a
person in whose name the Digital Signature
Certificate is issued;
(zh) "verify" in relation to a
digital signature, electronic record or
public key, with its grammatical
variations and cognate expressions means
to determine whether—
(a) the initial electronic record was
affixed with the digital signature
by the use of private key corresponding
to the public key of the
subscriber;
(b) the initial electronic record is
retained intact or has been altered
since such electronic record was so
affixed with the digital signature.
(2) Any reference in this Act to any
enactment or any provision thereof
shall, in relation to an area in which
such enactment or such provision is
not in force, be construed as a
reference to the corresponding law or the
relevant provision of the corresponding
law, if any, in force in that
area.
II -
DIGITAL SIGNATURE
3. Authentication of electronic
records.
(1) Subject to the provisions of this
section any subscriber may
authenticate an electronic record by
affixing his digital signature.
(2) The authentication of the electronic
record shall be effected by the
use of asymmetric crypto system and hash
function which envelop and
transform the initial electronic record
into another electronic record.
Explanation.—For the purposes of this
sub-section, "hash function" means
an algorithm mapping or translation of one sequence of bits into
another,
generally smaller, set known as
"hash result" such that an electronic
record yields the same hash result every
time the algorithm is executed
with the same electronic record as its
input making it computationally
infeasible —
(a) to derive or reconstruct the
original electronic record from the hash
result produced by the algorithm;
(b) that two electronic records can
produce the same hash result using the
algorithm.
(3) Any person by the use of a public
key of the subscriber can verify the
electronic record.
(4) The private key and the public key
are unique to the subscriber and
constitute a functioning key pair.
III
- ELECTRONIC GOVERNANCE
4. Legal recognition of electronic
records.
Where any law provides that information
or any other matter shall be in
writing or in the typewritten or printed
form, then, notwithstanding
anything contained in such law, such
requirement shall be deemed to have
been satisfied if such information or
matter is—
(a) rendered or made available in an
electronic form; and
(b) accessible so as to be usable for a
subsequent reference.
5. Legal recognition of digital
signatures.
Where any law provides that information
or any other matter shall be
authenticated by affixing the signature
or any document shall be signed or
bear the signature of any person (hen,
notwithstanding anything contained
in such law, such requirement shall be
deemed to have been satisfied, if
such information or matter is
authenticated by means of digital signature
affixed in such manner as may be
prescribed by the Central Government.
Explanation.—For the purposes of this
section, "signed", with its
grammatical variations and cognate
expressions, shall, with reference to a
person, mean affixing of his hand
written signature or any mark on any
document and the expression
"signature" shall be construed accordingly.
6. Use of electronic records and digital
signatures in Government and its
agencies.
(1) Where any law provides for
(a) the filing of any form. application
or any other document with any
office, authority, body or agency owned
or controlled by the appropriate
Government in a particular manner;
(b) the issue or grant of any licence,
permit, sanction or approval by
whatever name called in a particular
manner;
(c) the receipt or payment of money in a
particular manner, then,
notwithstanding anything contained in
any other law for the time being in
force, such requirement shall be deemed to have been satisfied
if such
filing, issue, grant, receipt or
payment, as the case may be, is effected
by means of such electronic form as may
be prescribed by the appropriate
Government.
(2) The appropriate Government may, for
the purposes of sub-section (1),
by rules, prescribe
(a) the manner and format in which such
electronic records shall be filed,
created or issued;
(b) the manner or method of payment of
any fee or charges for filing,
creation or issue any electronic record
under clause (a).
7. Retention of electronic records.
(1) Where any law provides that
documents, records or information shall be
retained for any specific period, then,
that requirement shall be deemed
to have been satisfied if such
documents, records or information are
retained in the electronic form, if —
(a) the information contained therein
remains accessible so as to be
usable for a subsequent reference;
(b) the electronic record is retained in
the format in which it was
originally generated, sent or received
or in a format which can be
demonstrated to represent accurately the
information originally generated,
sent or received;
(c) the details which will facilitate
the identification of the origin,
destination, date and time of despatch
or receipt of such electronic
record are available in the electronic
record :
Provided that this clause does not apply
to any information which is
automatically generated solely for the
purpose of enabling an electronic
record to be despatched or received.
(2) Nothing in this section shall apply
to any law that expressly provides
for the retention of documents, records
or information in the form of
electronic records.
8. Publication of rule, regulation,
etc., in Electronic Gazette.
Where any law provides that any rule,
regulation, order, bye-law,
notification or any other matter shall
be published in the Official
Gazette, then, such requirement shall be
deemed to have been satisfied if
such rule, regulation, order, bye-law,
notification or any other matter is
published in the Official Gazette or
Electronic Gazette :
Provided that where any rule,
regulation, order, bye-law, notification or
any other matter is published in the
Official Gazette or Electronic
Gazette, the date of publication shall
be deemed to be the date of the
Gazette which was first published in any
form.
9. Sections 6, 7 and 8 not to confer
right to insist document should be
accepted in electronic form.
Nothing contained in sections 6, 7 and 8
shall confer a right upon any
person to insist that any Ministry or
Department of the Central Government
or the State Government or any authority
or body established by or under
any law or controlled or funded by the
Central or State Government should
accept, issue, create, retain and
preserve any document in the form of
electronic records or effect any
monetary transaction in the electronic
form.
10. Power to make rules by Central
Government in respect of digital
signature.
The Central Government may, for the
purposes of this Act, by rules,
prescribe—
(a) the type of digital signature;
(b) the manner and format in which the
digital signature shall be affixed;
(c) the manner or procedure which
facilitates identification of the person
affixing the digital signature;
(d) control processes and procedures to
ensure adequate integrity,
security and confidentiality of
electronic records or payments; and
(e) any other matter which is necessary
to give legal effect to digital
signatures.
IV -
ATTRIBUTION, ACKNOWLEDGMENT AND DESPATCH OF ELECTRONIC RECORDS
11. Attribution of electronic
records.
An electronic record shall be attributed
to the originator—
(a) if it was sent by the originator
himself;
(b) by a person who had the authority to
act on behalf of the originator
in respect of that electronic record; or
(c) by an information system programmed
by or on behalf of the originator
to operate automatically.
12. Acknowledgment of receipt.
(1) Where the originator has not agreed
with the addressee that the
acknowledgment of receipt of electronic
record be given in a particular
form or by a particular method, an
acknowledgment may be given by—
(a) any communication by the addressee,
automated or otherwise; or
(b) any conduct of the addressee,
sufficient to indicate to the originator
that the electronic record has been
received.
(2) Where the originator has stipulated
that the electronic record shall
be binding only on receipt of an acknowledgment
of such electronic record
by him, then unless acknowledgment has
been so received, the electronic
record shall be deemed to have been
never sent by the originator.
(3) Where the originator has not
stipulated that the electronic record
shall be binding only on receipt of such
acknowledgment, and the
acknowledgment has not been received by
the originator within the time
specified or agreed or, if no time has
been specified or agreed to within
a reasonable time, then the originator
may give notice to the addressee
stating that no acknowledgment has been
received by him and specifying a
reasonable time by which the
acknowledgment must be received by him and if
no acknowledgment is received within the
aforesaid time limit he may after
giving notice to the addressee, treat
the electronic record as though it
has never been sent.
13. Time and place of despatch and
receipt of electronic record.
(1) Save as otherwise agreed to between
the originator and the addressee,
the dispatch of an electronic record
occurs when it enters a computer
resource outside the control of the
originator.
(2) Save as otherwise agreed between the
originator and the addressee, the
time of receipt of an electronic record
shall be determined as follows,
namely :—
(a) if the addressee has designated a
computer resource for the purpose of
receiving electronic records,—
(i) receipt occurs at the time when the
electronic, record enters the
designated computer resource; or
(ii) if the electronic record is sent to
a computer resource of the
addressee that is not the designated
computer resource, receipt occurs at
the time when the electronic record is
retrieved by the addressee;
(b) if the addressee has not designated
a computer resource along with
specified timings, if any, receipt
occurs when the electronic record
enters the computer resource of the
addressee.
(3) Save as otherwise agreed to between
the originator and the addressee,
an electronic record is deemed to be
dispatched at the place where the
originator has his place of business,
and is deemed to be received at the
place where the addressee has his place
of business.
(4) The provisions of sub-section (2)
shall apply notwithstanding that the
place where the computer resource is
located may be different from the
place where the electronic record is
deemed to have been received under
sub-section (3).
(5) For the purposes of this
section,
(a) if the originator or the addressee
has more than one place of
business, the principal place of
business, shall be the place of business;
(b) if the originator or the addressee
does not have a place of business,
his usual place of residence shall be
deemed to be the place of business;
(c) "usual place of
residence", in relation to a body corporate, means the
place where it is registered.
V -
SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES
14. Secure electronic record.
Where any security procedure has been
applied to an electronic record at a
specific point of time. then such record
shall be deemed to be a secure
electronic record from such point of
time to the time of verification.
15. Secure digital signature.
If, by application of a security
procedure agreed to by the parties
concerned, it can be verified that a
digital signature, at the time it was
affixed, was
(a) unique to the subscriber affixing
it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means
under the exclusive control of
the subscriber and is linked to the
electronic record to which it relates
in such a manner that if the electronic
record was altered the digital
signature would be invalidated, then
such digital signature shall be
deemed to be a secure digital signature.
16. Security procedure.
The Central Government shall for the
purposes of this Act prescribe the
security procedure having regard to
commercial circumstances prevailing at
the time when the procedure was used,
including —
(a) the nature of the transaction;
(b) the level of sophistication of the
parties with reference to their
technological capacity;
(c) the volume of similar transactions
engaged in by other parties;
(d) the availability of alternatives
offered to but rejected by any party;
(e) the cost of alternative procedures;
and
(f) the procedures in general use for
similar types of transactions or
communications.
VI - REGULATION OF CERTIFYING AUTHORITIES
17. Appointment of Controller and other
officers.
(1) The Central Government may, by
notification in the Official Gazette,
appoint a Controller of Certifying
Authorities for the purposes of this
Act and may also by the same or
subsequent notification appoint such
number of Deputy Controllers and
Assistant Controllers as it deems fit.
(2) The Controller shall discharge his functions under this Act
subject to
the general control and directions of
the Central Government.
(3) The Deputy Controllers and Assistant
Controllers shall perform the
functions assigned to them by the
Controller under the general
superintendence and control of the
Controller.
(4) The qualifications, experience and
terms and conditions of service of
Controller, Deputy Controllers and
Assistant Controllers shall be such as
may be prescribed by the Central
Government.
(5) The Head Office and Branch Office of
the office of the Controller
shall be at such places as the Central
Government may specify, and these
may be established at such places as the
Central Government may think fit.
(6) There shall be a seal of the Office
of the Controller.
18. Functions of Controller.
The Controller may perform all or any of
the following functions, namely :—
(a) exercising supervision over the
activities of the Certifying
Authorities;
(b) certifying public keys of the
Certifying Authorities;
(c) laying down the standards to be
maintained by the Certifying
Authorities;
(d) specifying the qualifications and
experience which employees of the
Certifying Authorities should possess;
(e) specifying the conditions subject to
which the Certifying Authorities
shall conduct their business;
(f) specifying the contents of written,
printed or visual materials and
advertisements that may be distributed
or used in respect of a Digital
Signature Certificate and the public
key;
(g) specifying the form and content of a
Digital Signature Certificate and
the key,
(h) specifying the form and manner in
which accounts shall be maintained
by the Certifying Authorities;
(i) specifying the terms and conditions
subject to which auditors may be
appointed and the remuneration to be
paid to them;
(j) facilitating the establishment of
any electronic system by a
Certifying Authority either solely or
jointly with other Certifying
Authorities and regulation of such
systems;
(k) specifying the manner in which the
Certifying Authorities shall
conduct their dealings with the
subscribers;
(l) resolving any conflict of interests
between the Certifying Authorities
and the subscribers;
(m) laying down the duties of the
Certifying Authorities;
(n) maintaining a data base containing
the disclosure record of every
Certifying Authority containing such
particulars as may be specified by
regulations, which shall be accessible
to public.
19. Recognition of foreign Certifying
Authorities.
(1) Subject to such conditions and
restrictions as may be specified by
regulations, the Controller may with the
previous approval of the Central
Government, and by notification in the
Official Gazette, recognise any
foreign Certifying Authority as a
Certifying Authority for the purposes of
this Act.
(2) Where any Certifying Authority is
recognised under sub-section (1),
the Digital Signature Certificate issued
by such Certifying Authority
shall be valid for the purposes of this
Act.
(3) The Controller may, if he is
satisfied that any Certifying Authority
has contravened any of the conditions
and restrictions subject to which it
was granted recognition under
sub-section (1) he may, for reasons to be
recorded in writing, by notification in
the Official Gazette, revoke such
recognition.
20. Controller to act as repository.
(1) The Controller shall be the
repository of all Digital Signature
Certificates issued under this Act.
(2) The Controller shall —
(a) make use of hardware, software and
procedures that are secure from
intrusion and misuse;
(b) observe such other standards as may be prescribed by the
Central
Government, to ensure that the secrecy
and security of the digital
signatures are assured.
(3) The Controller shall maintain a
computerised data base of all public
keys in such a manner that such data
base and the public keys are
available to any member of the public.
21. Licence to issue Digital Signature
Certificates.
(1) Subject to the provisions of
sub-section (2), any person may make an
application, to the Controller, for a
licence to issue Digital Signature
Certificates.
(2) No licence shall be issued under
sub-section (1), unless the applicant
fulfills such requirements with respect
to qualification, expertise,
manpower, financial resources and other
infrastructure facilities, which
are necessary to issue Digital Signature
Certificates as may be prescribed
by the Central Government
(3) A licence granted under this section
shall —
(a) be valid for such period as may be
prescribed by the Central
Government;
(b) not be transferable or heritable;
(c) be subject to such terms and
conditions as may be specified by the
regulations.
22. Application for licence.
(1) Every application for issue of a
licence shall be in such form as may
be prescribed by the Central Government.
(2) Every application for issue of a
licence shall be accompanied by
(a) a certification practice statement;
(b) a statement including the procedures
with respect to identification of
the applicant;
(c) payment of such fees, not exceeding
twenty-five thousand rupees as may
be prescribed by the Central Government;
(d) such other documents, as may be
prescribed by the Central Government.
23. Renewal of licence.
An application for renewal of a licence
shall be
(a) in such form;
(b) accompanied by such fees, not
exceeding five thousand rupees,
as may be prescribed by the Central
Government and shall be made not less
than forty-five days before the date of
expiry of the period of validity
of the licence.
24. Procedure for grant or rejection of
licence.
The Controller may, on receipt of an
application under sub-section (1) of
section 21, after considering the
documents accompanying the application
and such other factors, as he deems fit,
grant the licence or reject the
application :
Provided that no application shall be
rejected under this section unless
the applicant has been given a
reasonable opportunity of presenting his
case.
25. Suspension of licence.
(1) The Controller may, if he is
satisfied after making such inquiry, as
he may think fit, that a Certifying
Authority has,
(a) made a statement in, or in relation
to, the application for the issue
or renewal of the licence, which is
incorrect or false in material
particulars;
(b) failed to comply with the terms and
conditions subject to which the
licence was granted;
(c) failed to maintain the standards
specified under clause (b) of
sub-section (2) of section 20;
(d) contravened any provisions of this
Act, rule, regulation or order made
thereunder, revoke the licence :
Provided that no licence shall be
revoked unless the Certifying Authority
has been given a reasonable opportunity
of showing cause against the
proposed revocation.
(2) The Controller may, if he has
reasonable cause to believe that there
is any ground for revoking a licence
under sub-section (1), by order
suspend such licence pending the
completion of any inquiry ordered by him:
Provided that no licence shall be
suspended for a period exceeding ten
days unless the Certifying Authority has
been given a reasonable
opportunity of showing cause against the
proposed suspension.
(3) No Certifying Authority whose
licence has been suspended shall issue
any Digital Signature Certificate during
such suspension.
26. Notice of suspension or revocation
of licence.
(1) Where the licence of the Certifying
Authority is suspended or revoked,
the Controller shall publish notice of
such suspension or revocation, as
the case may be, in the database
maintained by him.
(2) Where one or more repositories are
specified, the Controller shall
publish notices of such suspension or
revocation, as the case may be, in
all such repositories :
Provided that the data base containing
the notice of such suspension or
revocation, as the case may be, shall be made available through
a web site
which shall be accessible round the
clock :
Provided further that the Controller
may, if he considers necessary,
publicise the contents of database in such
electronic or other media, as
he may consider appropriate.
27. Power to delegate.
The Controller may, in writing,
authorise the Deputy Controller, Assistant
Controller or any officer to exercise
any of the powers of the Controller
under this Chapter.
28. Power to investigate
contraventions.
(1) The Controller or any officer
authorised by him in this behalf shall
take up for investigation any
contravention of the provisions of this Act,
rules or regulations made thereunder.
(2) The Controller or any officer
authorised by him in this behalf shall
exercise the like powers which are
conferred on Income-tax authorities
under Chapter XIII of the Income-tax
Act, 1961 and shall exercise such
powers, subject to such limitations laid
down under that Act.
29. Access to computers and data.
(1) Without prejudice to the provisions
of sub-section (1) of section 69,
the Controller or any person authorised
by him shall, if he has reasonable
cause to suspect that any contravention
of the provisions of this Act,
rules or regulations made thereunder has
been committed, have access to
any computer system, any apparatus, data
or any other material connected
with such system, for the purpose of
searching or causing a search to be
made for obtaining any information or
data contained in or available to
such computer system.
(2) For the purposes of sub-section (1),
the Controller or any person
authorised by him may, by order, direct
any person incharge of, or
otherwise concerned with the operation
of, the computer system, data
apparatus or material, to provide him
with such reasonable technical and
other assistance as he may consider
necessary.
30. Certifying Authority to follow
certain procedures.
Every Certifying Authority shall, —
(a) make use of hardware, software and
procedures that are secure from
intrusion and misuse;
(b) provide a reasonable level of
reliability in its services which are
reasonably suited to the performance of
intended functions;
(c) adhere to security procedures to
ensure that the secrecy and privacy
of the digital signatures are assured;
and
(d) observe such other standards as may
be specified by regulations.
31. Certifying Authority to ensure
compliance of the Act, etc.
Every Certifying Authority shall ensure
that every person employed or
otherwise engaged by it complies, in the
course of his employment or
engagement, with the provisions of this
Act, rules, regulations and orders
made thereunder.
32. Display of licence.
Every Certifying Authority shall display
its licence at a conspicuous
place of the premises in which it
carries on its business.
33. Surrender of licence.
(1) Every Certifying Authority whose
licence is suspended or revoked shall
immediately after such suspension or
revocation, surrender the licence to
the Controller.
(2) Where any Certifying Authority fails
to surrender a licence under
sub-section (1), the person in whose
favour a licence is issued, shall be
guilty of an offence and shall be
punished with imprisonment which may
extend up to six months or a fine which
may extend up to ten thousand
rupees or with both.
34. Disclosure.
(1) Every Certifying Authority shall
disclose in the manner specified by
regulations
(a) its Digital Signature Certificate
which contains the public key
corresponding to the private key used by
that Certifying Authority to
digitally sign another Digital Signature
Certificate;
(b) any certification practice statement
relevant thereto;
(c) notice of the revocation or
suspension of its Certifying Authority
certificate, if any; and
(d) any other fact that materially and
adversely affects either the
reliability of a Digital Signature
Certificate, which that Authority has
issued, or the Authority's ability to
perform its services.
(2) Where in the opinion of the
Certifying Authority any event has
occurred or any situation has arisen
which may materially and adversely
affect the integrity of its computer
system or the conditions subject to
which a Digital Signature Certificate
was granted, then, the Certifying
Authority shall —
(a) use reasonable efforts to notify any
person who is likely to be
affected by that occurrence; or
(b) act in accordance with the procedure
specified in its certification
practice statement to deal with such event or situation.
VII
- DIGITAL SIGNATURE CERTIFICATES
35. Certifying Authority to issue
Digital Signature Certificate.
(1) Any person may make an application
to the Certifying Authority for the
issue of a Digital Signature Certificate
in such form as may be prescribed
by the Central Government
(2) Every such application shall be
accompanied by such fee not exceeding
twenty-five thousand rupees as may be
prescribed by the Central
Government, to be paid to the Certifying
Authority :
Provided that while prescribing fees
under sub-section (2) different fees
may be prescribed for different classes
of applicants'.
(3) Every such application shall be
accompanied by a certification
practice statement or where there is no
such statement, a statement
containing such particulars, as may be specified
by regulations.
(4) On receipt of an application under
sub-section (1), the Certifying
Authority may, after consideration of
the certification practice statement
or the other statement under sub-section
(3) and after making such
enquiries as it may deem fit, grant the
Digital Signature Certificate or
for reasons to be recorded in writing,
reject the application :
Provided that no Digital Signature
Certificate shall be granted unless the
Certifying Authority is satisfied that —
(a) the applicant holds the private key
corresponding to the public key to
be listed in the Digital Signature
Certificate;
(b) the applicant holds a private key,
which is capable of creating a
digital signature;
(c) the public key to be listed in the
certificate can be used to verify a
digital signature affixed by the private
key held by the applicant :
Provided further that no application
shall be rejected unless the
applicant has been given a reasonable
opportunity of showing cause against
the proposed rejection.
36. Representations upon issuance of
Digital Signature Certificate.
A Certifying Authority while issuing a
Digital Signature Certificate shall
certify that --
(a) it has complied with the provisions
of this Act and the rules and
regulations made thereunder,
(b) it has published the Digital
Signature Certificate or otherwise made
it available to such person relying on
it and the subscriber has accepted
it;
(c) the subscriber holds the private key
corresponding to the public key,
listed in the Digital Signature
Certificate;
(d) the subscriber's public key and
private key constitute a functioning
key pair,
(e) the information contained in the
Digital Signature Certificate is
accurate; and
(f) it has no knowledge of any material
fact, which if it had been
included in the Digital Signature
Certificate would adversely affect the
reliability of the representations made
in clauses (a) to (d).
37. Suspension of Digital Signature
Certificate.
(1) Subject to the provisions of
sub-section (2), the Certifying Authority
which has issued a Digital Signature
Certificate may suspend such Digital
Signature Certificate, —
(a) on receipt of a request to that
effect from —
(i) the subscriber listed in toe Digital
Signature Certificate; or
(ii) any person duly authorised to act
on behalf of that subscriber,
(b) if it is of opinion that the Digital
Signature Certificate should be
suspended in public interest
(2) A Digital Signature Certificate
shall not be suspended for a period
exceeding fifteen days unless the
subscriber has been given an opportunity
of being heard in the matter.
(3) On suspension of a Digital Signature
Certificate under this section,
the Certifying Authority shall
communicate the same to the subscriber.
38. Revocation of Digital Signature Certificate.
(1) A Certifying Authority may revoke a
Digital Signature Certificate
issued by it
(a) where the subscriber or any other
person authorised by him makes a
request to that effect; or
(b) upon the death of the subscriber, or
(c) upon the dissolution of the firm or
winding up of the company where
the subscriber is a firm or a company.
(2) Subject to the provisions of
sub-section (3) and without prejudice to
the provisions of sub-section (1), a
Certifying Authority may revoke a
Digital Signature Certificate which has
been issued by it at any time, if
it is of opinion that
(a) a material fact represented in the Digital
Signature Certificate is
false or has been concealed;
(b) a requirement for issuance of the
Digital Signature Certificate was
not satisfied;
(c) the Certifying Authority's private
key or security system was
compromised in a manner materially
affecting the Digital Signature
Certificate's reliability;
(d) the subscriber has been declared
insolvent or dead or where a
subscriber is a firm or a company, which
has been dissolved, wound-up or
otherwise ceased to exist
(3) A Digital Signature Certificate
shall not be revoked unless the
subscriber has been given an opportunity
of being heard in the matter.
(4) On revocation of a Digital Signature
Certificate under this section,
the Certifying Authority shall
communicate the same to the subscriber.
39. Notice of suspension or
revocation.
(1) Where a Digital Signature
Certificate is suspended or revoked under
section 37 or section 38, the Certifying
Authority shall publish a notice
of such suspension or revocation, as the
case may be, in the repository
specified in the Digital Signature
Certificate for publication of such
notice.
(2) Where one or more repositories are
specified, the Certifying Authority
shall publish notices of such suspension
or revocation, as the case may
he. in all such repositories.
VIII - DUTIES OF SUBSCRIBERS
40. Generating key pair.
Where any Digital Signature Certificate, the public key of which
corresponds to the private key of that
subscriber which is to be listed in
the Digital Signature Certificate has
been accepted by a subscriber, then,
the subscriber shall generate the key
pair by applying the security
procedure.
41. Acceptance of Digital Signature
Certificate.
(1) A subscriber shall be deemed to have
accepted a Digital Signature
Certificate if he publishes or
authorises the publication of a Digital
Signature Certificate
(a) to one or more persons;
(b) in a repository, or otherwise
demonstrates his approval of the Digital
Signature Certificate in any manner.
(2) By accepting a Digital Signature
Certificate the subscriber certifies
to all who reasonably rely on the
information contained in the Digital
Signature Certificate that
(a) the subscriber holds the private key
corresponding to the public key
listed in the Digital Signature
Certificate and is entitled to hold the
same;
(b) all representations made by the subscriber
to the Certifying Authority
and all material relevant to the
information contained in the Digital
Signature Certificate are true;
(c) all information in the Digital
Signature Certificate that is within
the knowledge of the subscriber is true.
42. Control of private key.
(1) Every subscriber shall exercise
reasonable care to retain control of
the private key corresponding to the
public key listed in his Digital
Signature Certificate and take all steps
to prevent its disclosure to a
person not authorised to affix the
digital signature of the subscriber.
(2) If the private key corresponding to
the public key listed in the
Digital Signature Certificate has been
compromised, then, the subscriber
shall communicate the same without any
delay to the Certifying Authority
in such manner as may be specified by
.the regulations.
Explanation. For the removal of doubts, it is hereby declared that the
subscriber shall be liable till he has
informed the Certifying Authority
that the private key has been
compromised.
IX -
PENALTIES AND ADJUDICATION
43. Penalty for damage to computer,
computer system, etc.
If any person without permission of the
owner or any other person who is
incharge of a computer, computer system
or computer network, —
(a) accesses or secures access to such
computer, computer system or
computer network;
(b) downloads, copies or extracts any
data, computer data base or
information from such computer, computer
system or computer network
including information or data held or
stored in any removable storage
medium;
(c) introduces or causes to be
introduced any computer contaminant or
computer virus into any computer,
computer system or computer network;
(d) damages or causes to be damaged any
computer, computer system or
computer network, data, computer data
base or any other programmes
residing in such computer, computer
system or computer network;
(e) disrupts or causes disruption of any
computer, computer system or
computer network;
(f) denies or causes the denial of
access to any person authorised to
access any computer, computer system or
computer network by any means;
(g) provides any assistance to any person
to facilitate access to a
computer, computer system or computer
network in contravention of the
provisions of this Act, rules or
regulations made thereunder;
(h) charges the services availed of by a
person to the account of another
person by tampering with or manipulating
any computer, computer system, or
computer network, e shall be liable to pay damages by way of
compensation
not
exceeding one crore rupees to the person so affected.
Explanation.—For the purposes of this
section,—
(i) "computer contaminant"
means any set of computer instructions that are
designed
(a) to modify, destroy, record, transmit
data or programme residing within
a computer, computer system or computer
network; or
(b) by any means to usurp the normal
operation of the computer, computer
system, or computer network;
(ii) "computer data base"
means a representation of information,
knowledge, facts, concepts or
instructions in text, image, audio, video
that are being prepared or have been
prepared in a formalised manner or
have been produced by a computer,
computer system or computer network and
are intended for use in a computer,
computer system or computer network;
(iii) "computer virus" means
any computer instruction, information, data
or programme that destroys, damages,
degrades or adversely affects the
performance of a computer resource or attaches itself to another
computer
resource and operates when a programme,
data or instruction is executed or
some other event takes place in that
computer resource;
(iv) "damage" means to
destroy, alter, delete, add, modify or rearrange
any computer resource by any means.
44. Penalty for failure to furnish
information return, etc.
If any person who is required under this
Act or any rules or regulations
made thereunder to —
(a) furnish any document, return or
report to the Controller or the
Certifying Authority fails to furnish
the same, he shall be liable to a
penalty not exceeding one lakh and fifty
thousand rupees for each such
failure;
(b) file any return or furnish any
information, books or other documents
within the time specified therefor in
the regulations fails to file return
or furnish the same within the time specified
therefor in the regulations,
he shall be liable to a penalty not
exceeding five thousand rupees for
every day during which such failure
continues;
(c) maintain books of account or
records, fails to maintain the same, he
shall be liable to a penalty not
exceeding ten thousand rupees for every
day during which the failure continues.
45. Residuary penalty.
Whoever contravenes any rules or
regulations made under this Act, for .the
contravention of which no penalty has
been separately provided, shall be
liable to pay a compensation not
exceeding twenty-five thousand rupees to
the person affected by such
contravention or a penalty not exceeding
twenty-five thousand rupees.
46. Power to adjudicate.
(1) For the purpose of adjudging under
this Chapter whether any person has
committed a contravention of any of the
provisions of this Act or of any
rule, regulation, direction or order
made thereunder the Central
Government shall, subject to the
provisions of sub-section (3), appoint
any officer not below the rank of a
Director to the Government of India or
an equivalent officer of a State Government
to be an adjudicating officer
for holding an inquiry in the manner
prescribed by the Central Government.
(2) The adjudicating officer shall,
after giving the person referred to in
sub-section (1) a reasonable opportunity
for making representation in the
matter and if, on such inquiry, he is
satisfied that the person has
committed the contravention, he may
impose such penalty or award such
compensation as he thinks fit in
accordance with the provisions of that
section.
(3) No person shall be appointed as an
adjudicating officer unless he
possesses such experience in the field
of Information Technology and legal
or judicial experience as may be
prescribed by the Central Government.
(4) Where more than one adjudicating
officers are appointed, the Central
Government shall specify by order the
matters and places with respect to
which such officers shall exercise their
jurisdiction.
(5) Every adjudicating officer shall
have the powers of a civil court
which are conferred oh the Cyber
Appellate Tribunal under sub-section (2)
of section 58, and
(a) all proceedings before it shall be
deemed to be judicial proceedings
within the meaning of sections 193 and
228 of the Indian Penal Code;
(b) shall be deemed to be a civil court
for the purposes of sections 345
and 346 of the Code of Criminal
Procedure, 1973.
47. Factors to be taken into account by
the adjudicating officer.
While adjudging the quantum of
compensation under this Chapter, the
adjudicating officer shall have due
regard to the following factors,
namely :
(a) the amount of gain of unfair
advantage, wherever quantifiable, made as
a result of the default;
(b) the amount of loss caused to any
person as a result of the default;
(c) the repetitive nature of the
default.
X -
THE CYBER REGULATION APPELLATE TRIBUNAL
48. Establishment of Cyber Appellate
Tribunal.
(1) The Central Government shall, by
notification, establish one or more
appellate tribunals to be known as the
Cyber Regulations Appellate
Tribunal.
(2) The Central Government shall also
specify, in the notification
referred to in sub-section (1), the
matters and places in relation to
which the Cyber Appellate Tribunal may
exercise jurisdiction.
49. Composition of Cyber Appellate
Tribunal.
A Cyber Appellate Tribunal shall consist
of one person only (hereinafter
referred to as the Residing Officer of
the Cyber Appellate Tribunal) to be
appointed, by notification, by the
Central Government.
50. Qualifications for appointment as
Presiding Officer of the Cyber
Appellate Tribunal.
A person shall not be qualified for
appointment as the Presiding Officer
of a Cyber Appellate Tribunal unless
he
(a) is, or has been. or is qualified to
be, a Judge of a High Court; or
(b) is or has been a member of the
Indian Legal Service and is holding or
has
held a post in Grade I of that Service for at least three years.
51. Term of office.
The Presiding Officer of a Cyber
Appellate Tribunal shall hold office for
a term of five years from the date on
which he enters upon his office or
until he attains the age of sixty-five
years, whichever is earlier.
52. Salary, allowances and other terms
and conditions of service of
Presiding Officer.
The salary and allowances payable to,
and the other terms and conditions
of service including pension, gratuity
and other retirement benefits of.
the Presiding Officer of a Cyber
Appellate Tribunal shall be such as may
be prescribed :
Provided that neither the salary and
allowances nor the other terms and
conditions of service of the Presiding
Officer shall be varied to his
disadvantage after appointment.
53. Filling up of vacancies.
If, for reason other than temporary
absence, any vacancy occurs in the
office n the Presiding Officer of a
Cyber Appellate Tribunal, then the
Central Government shall appoint another
person in accordance with the
provisions of this Act to fill the
vacancy and the proceedings may be
continued before the Cyber Appellate
Tribunal from the stage at which the
vacancy is filled.
54. Resignation and removal.
(1) The Presiding Officer of a Cyber
Appellate Tribunal may, by notice in
writing under his hand addressed to the
Central Government, resign his
office :
Provided that the said Presiding Officer
shall, unless he is permitted by
the Central Government to relinquish his
office sooner, continue to hold
office until the expiry of three months
from the date of receipt of such
notice or until a person duly appointed
as his successor enters upon his
office or until the expiry of his term
of office, whichever is the
earliest.
(2) The Presiding Officer of a Cyber
Appellate Tribunal shall not be
removed from his office except by an
order by the Central Government on
the ground of proved misbehaviour or
incapacity after an inquiry made by a
Judge of the Supreme Court in which the
Presiding Officer concerned has
been informed of the charges against him
and given a reasonable
opportunity of being heard in respect of
these charges.
(3) The Central Government may, by
rules, regulate the procedure for the
investigation of misbehaviour or
incapacity of the aforesaid Presiding
Officer.
55. Orders constituting Appellate
Tribunal to be final and not to
invalidate its proceedings.
No order of the Central Government
appointing any person as the Presiding
Officer of a Cyber Appellate Tribunal
shall be called in question in any
manner and no act or proceeding before a
Cyber Appellate Tribunal shall be
called in question in any manner on the
ground merely of any defect in the
constitution of a Cyber Appellate
Tribunal.
56. Staff of the Cyber Appellate
Tribunal.
(1) The Central Government shall provide
the Cyber Appellate Tribunal with
such officers and employees as that
Government may think fit.
(2) The officers and employees of the
Cyber Appellate Tribunal shall
discharge their functions under general
superintendence of the Presiding
Officer.
(3) The salaries, allowances and other
conditions of service of the
officers and employees or' the Cyber
Appellate Tribunal shall be such as
may be prescribed by the Central
Government.
57. Appeal to Cyber Appellate Tribunal.
(1) Save as provided in sub-section (2),
any person aggrieved by an order
made by Controller or an adjudicating
officer under this Act may prefer an
appeal to a Cyber Appellate Tribunal
having jurisdiction in the matter.
(2) No appeal shall lie to the Cyber
Appellate Tribunal from an order made
by an adjudicating officer with the
consent of the parties.
(3) Every appeal under sub-section (1)
shall be filed within a period of
tony-five days from the date on which a
copy of the order made by the
Controller or the adjudicating officer
is received by the person aggrieved
and it shall be in such form and be
accompanied by such fee as may be
prescribed :
Provided that the Cyber Appellate
Tribunal may entertain an appeal after
the expiry of the said period of
tony-five days if it is satisfied that
there was sufficient cause tor not filing
it within that period.
(4) On receipt of an appeal under
sub-section (1), the Cyber Appellate
Tribunal may, after giving the parties
to the appeal, an opportunity of
being heard, pass such orders thereon as
it thinks fit, confirming,
modifying or setting aside the order
appealed against.
(5) The Cyber Appellate Tribunal shall
send a copy of every order made by
it to the parties to the appeal and to
the concerned Controller or
adjudicating officer.
(6) The appeal filed before the Cyber
Appellate Tribunal under sub-section
(1) shall be dealt with by it as
expeditiously as possible and endeavour
shall be made by it to dispose of the
appeal finally within six months
from the date of receipt of the appeal.
58. Procedure and powers of the Cyber
Appellate Tribunal.
(1) The Cyber Appellate Tribunal shall
not be bound by the procedure laid
down by the Code of civil Procedure,
1908 but shall be guided by the
principles of natural justice and,
subject to the other provisions of this
Act and of any rules, the Cyber
Appellate Tribunal shall have powers to
regulate its own procedure including the
place at which it shall have its
sittings.
(2) The Cyber Appellate Tribunal shall
have, for the purposes of
discharging its functions under this
Act, the same powers as are vested in
a civil court under the Code of Civil Procedure,
1908, while trying a
suit, in respect of the following
matters, namely :—
(a) summoning and enforcing the
attendance of any person and examining him
on oath;
(b) requiring the discovery and
production of documents or other
electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the
examination of witnesses or documents;
(e) reviewing its decisions;
(f) dismissing an application for
default or deciding it ex pane;
(g) any other matter which may be
prescribed.
(3) Every proceeding before the Cyber
Appellate Tribunal shall be deemed
to be a judicial proceeding within the meaning
of sections 193 and 228,
and for the purposes of section 196 of
the Indian Penal Code and the Cyber
Appellate Tribunal shall be deemed to be
a civil court for the purposes of
section 195 and Chapter XXVI of the Code
of Criminal Procedure, 1973.
59. Right to legal representation.
The appellant may either appear in
person or authorise one or more legal
practitioners or any of its officers to
present his or its case before the
Cyber Appellate Tribunal.
60. Limitation.
The provisions of the Limitation Act,
1963, shall, as far as may be, apply
to an appeal made to the Cyber Appellate
Tribunal.
61. Civil court not to have
jurisdiction.
No court shall have jurisdiction to
entertain any suit or proceeding in
respect of any matter which an
adjudicating officer appointed under this
Act or the Cyber Appellate Tribunal
constituted under this Act is
empowered by or under this Act to
determine and no injunction shall be
granted by any court or other authority
in respect of any action taken or
to be taken in pursuance of any power
conferred by or under this Act.
62. Appeal to High Court.
Any person aggrieved by any decision or
order of the Cyber Appellate
Tribunal may file an appeal to the High
Court within sixty days from the
date of communication of the decision or
order of the Cyber Appellate
Tribunal to him on any question of fact
or law arising out of such order
Provided that the High Court may, if it
is satisfied that the appellant
was prevented by sufficient cause from
filing the appeal within the said
period, allow it to be filed within a
further period not exceeding sixty
days.
63. Compounding of contraventions.
(1) Any contravention under this Chapter
may, either before or after the
institution of adjudication proceedings,
be compounded by the Controller
or such other officer as may be
specially authorised by him in this behalf
or by the adjudicating officer, as the
case may be, subject to such
conditions as the Controller or such other
officer or the adjudicating
officer may specify :
Provided that such sum shall not, in any
case, exceed the maximum amount
of the penalty which may be imposed
under this Act for the contravention
so compounded.
(2) Nothing in sub-section (1) shall
apply to a person who commits the
same or similar contravention within a
period of three years from the date
on which the first contravention,
committed by him, was compounded.
Explanation. For the
purposes of this sub-section, any second or
subsequent contravention committed after
the expiry of a period of three
years from the date on which the
contravention was previously compounded
shall be deemed to be a first
contravention.
(3) Where any contravention has been
compounded under sub-section (1), no
proceeding or further proceeding, as the
case may be, shall be taken
against the person guilty of such
contravention in respect of the
contravention so compounded.
64. Recovery of penalty.
A penalty imposed under this Act, if it
is not paid, shall be recovered as
an arrear of land revenue and the
licence or the Digital Signature
Certificate, as the case may be, shall be suspended till the penalty is
paid.
XI -
OFFENCES
65. Tampering with computer source
documents.
Whoever knowingly or intentionally
conceals, destroys or alters or
intentionally or knowingly causes
another to conceal, destroy or alter any
computer source code used for a
computer, computer programme, computer
system or computer network, when the
computer source code is required to
be kept or maintained by law for the
time being in force, shall be
punishable with imprisonment up to three
years, or with fine which may
extend up to two lakh rupees, or with
both.
Explanation.—For the purposes of this
section, "computer source code"
means the listing of programmes,
computer commands, design and layout and
programme analysis of computer resource in any form.
66. Hacking with computer system.
(1) Whoever with the intent to cause or
knowing that he is likely to cause
wrongful loss or damage to the public or
any person destroys or deletes or
alters any information residing in a
computer resource or diminishes its
value or utility or affects it
injuriously by any means, commits hack :
(2) Whoever commits hacking shall be
punished with imprisonment up to
three years, or with fine which may
extend upto two lakh rupees, or with
both.
67. Publishing of information which is
obscene in electronic form.
Whoever publishes or transmits or causes
to be published in the electronic
form, any material which is lascivious
or appeals to the prurient interest
or if its effect is such as to tend to
deprave and corrupt persons who are
likely, having regard to all relevant
circumstances, to read, see or hear
the matter contained or embodied in it,
shall be punished on first
conviction with imprisonment of either
description for a term which may
extend to five years and with fine which
may extend to one lakh rupees and
in the event of a second or subsequent
conviction with imprisonment of
either description for a term which may
extend to ten years and also with
fine which may extend to two lakh
rupees.
68. Power of Controller to give
directions.
(1) The Controller may, by order, direct
a Certifying Authority or any
employee of such Authority to take such
measures or cease carrying on such
activities as specified in the order if
those are necessary to ensure
compliance with the provisions of this
Act, rules or any regulations made
thereunder.
(2) Any person who fails to comply with
any order under sub-section (1)
shall be guilty of an offence and shall
be liable on conviction to
imprisonment for a term not exceeding
three years or to a Fine not
exceeding two lakh rupees or to both.
69. Directions of Controller to a
subscriber to extend facilities to
decrypt information.
(1) If the Controller is satisfied that
it is necessary or expedient so to
do in the interest of the sovereignty or
integrity of India, the security
of the State, friendly relations with
foreign Stales or public order or
for preventing incitement to the
commission of any cognizable offence, for
reasons to be recorded in writing, by
order, direct any agency of the
Government to intercept any information
transmitted through any computer
resource.
(2) The subscriber or any person
incharge of the computer resource shall,
when called upon by any agency which has
been directed under sub-section
(1), extend all facilities and technical
assistance to decrypt the
information.
(3) The subscriber or any person who
fails to assist the agency referred
to in sub-section (2) shall be punished
with an imprisonment for a term
which may extend to seven years.
70. Protected system.
(1) The appropriate Government may, by
notification in the Official
Gazette, declare that any computer,
computer system or computer network to
be a protected system.
(2) The appropriate Government may, by order in writing, authorise the
persons who are authorised to access
protected systems notified under
sub-section (1).
(3) Any person who secures access or attempts to secure access to
a
protected system in contravention of the
provisions of this section shall
be punished with imprisonment of either
description for a term which may
extend to ten years and shall also be
liable to fine.
71. Penalty for misrepresentation.
Whoever makes any misrepresentation to,
or suppresses any material fact
from, the Controller or the Certifying
Authority for obtaining any licence
or Digital Signature Certificate, as the
case may be. shall be punished
with imprisonment for a term which may
extend to two years, or with fine
which may extend to one lakh rupees, or
with both.
72. Penalty for breach of
confidentiality and privacy.
Save as otherwise provided in this Act
or any other law for the time being
in force, any person who, in pursuance
of any of the powers conferred
under this Act, rules or regulations
made thereunder, has secured access
to any electronic record, book,
register, correspondence, information,
document or other material without the
consent of the person concerned
discloses such electronic record, book.
register, correspondence,
information, document or other material
to any other person shall be
punished with imprisonment for a term
which may extend to two years, or
with fine which may extend to one lakh
rupees, or with both.
73. Penalty for publishing Digital
Signature Certificate false in certain
particulars.
(1) No person shall publish a Digital
Signature Certificate or otherwise
make it available to any other person
with the knowledge that
(a) the Certifying Authority listed in the certificate has not issued
it;
or
(b) the subscriber listed in the
certificate has not accepted it; or
(c) the certificate has been revoked or
suspended, unless such publication
is for the purpose of verifying a
digital signature created prior to such
suspension or revocation.
(2) Any person who contravenes the
provisions of sub-section (1) shall be
punished with imprisonment for a term
which may extend to two years, or
with fine which may extend to one lakh
rupees, or with both.
74. Publication for fraudulent purpose.
Whoever knowingly creates, publishes or
otherwise makes available a
Digital Signature Certificate for any
fraudulent or unlawful purpose shall
be punished with imprisonment for a term
which may extend to two years, or
with fine which may extend to one lakh
rupees, or with both.
75. Act to apply for offence or
contravention committed outside India.
(1) Subject to the provisions of
sub-section (2), the provisions of this
Act shall apply also to any offence or
contravention committed outside
India by any person irrespective of his
nationality.
(2) For the purposes of sub-section (1),
this Act shall apply to an
offence or contravention committed
outside India by any person if the act
or conduct constituting the offence or
contravention involves a computer,
computer system or computer network
located in India.
76. Confiscation.
Any computer, computer system, floppies,
compact disks, tape drives or any
other accessories related thereto, in
respect of which any provision of
this Act. rules, orders or regulations
made thereunder has been or is
being contravened, shall be liable to
confiscation :
Provided that where it is established to
the satisfaction of the court
adjudicating the confiscation that the person in whose
possession, power
or control of any such computer,
computer system, floppies, compact disks,
tape drives or any other accessories
relating thereto is found is not
responsible for the contravention of the
provisions of this Act, rules,
orders or regulations made thereunder,
the court may, instead of making an
order for confiscation of such computer,
computer system, floppies,
compact disks, tape drives or any other
accessories related thereto, make
such other order authorised by this Act
against the person contravening of
the provisions of this Act, rules,
orders or regulations made thereunder
as it may think fit.
77. Penalties or confiscation not to
interfere with other punishments.
No penalty imposed or confiscation made
under this Act shall prevent the
imposition of any other punishment to
which the person affected thereby is
liable under any other law for the time
being in force.
78. Power to investigate offences.
Notwithstanding anything contained in
the Code of Criminal Procedure,
1973, a police officer not below the
rank of Deputy Superintendent of
Police shall investigate any offence
under this Act.
XII
- NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES
79. Network service providers not to be
liable in certain cases.
For the removal of doubts, it is hereby
declared that no person providing
any service as a network service
provider shall be liable under this Act,
rules or regulations made thereunder for
any third party information or
data made available by him if he proves
that the offence or contravention
was committed without his knowledge or
that he had exercised all due
diligence to prevent the commission of
such offence or contravention.
Explanation.—For the purposes of this
section, —
(a) "network service provider"
means an intermediary;
(b) "third party information"
means any information dealt with by a
network service provider in his capacity
as an intermediary;
XIII
- MISCELLANEOUS
80. Power of police officer and other
officers to enter, search, etc.
(1) Notwithstanding anything contained
in the Code of Criminal Procedure,
1973, any police officer, not below the
rank of a Deputy Superintendent of
Police, or any other officer of the
Central Government or a State
Government authorised by the Central
Government in this behalf may enter
any public place and search and arrest
without warrant any person found
therein who is reasonably suspected or
having committed or of committing
or of being about to commit any offence
under this Act.
Explanation.—For the purposes of this
sub-section, the expression "public
place" includes any public
conveyance, any hotel, any shop or any other
place intended for use by, or accessible
to the public.
(2) Where any person is arrested under
sub-section (1) by an officer other
than a police officer, such officer
shall, without unnecessary delay, take
or send the person arrested before a
magistrate having jurisdiction in the
case or before the officer-in-charge of
a police station.
(3) The provisions of the Code of
Criminal Procedure, 1973 shall, subject
to the provisions of this section,
apply, so far as may be, in relation to
any entry, search or arrest, made under
this section.
81. Act to have overriding effect.
The provisions of this Act shall have
effect notwithstanding anything
inconsistent therewith contained in any
other law for the time being in
force.
82. Controller, Deputy Controller and
Assistant Controllers to be public
servants.
The Presiding Officer and other officers
and employees of a Cyber
Appellate Tribunal, the Controller, the
Deputy Controller and the
Assistant Controllers shall be deemed to
be public servants within the
meaning of section 21 of the Indian
Penal Code.
83. Power to give directions.
The Central Government may give
directions to any State Government as to
the carrying into execution in the State
of any of the provisions of this
Act or of any rule, regulation or order
made thereunder.
84. Protection of action taken in good
faith.
No suit, prosecution or other legal
proceeding shall lie against the
Central Government, the State
Government, the Controller or any person
acting on behalf of him, the Presiding
Officer, adjudicating officers and
the staff of the Cyber Appellate
Tribunal for anything which is in good
faith done or intended to be done in
pursuance of this Act or any rule,
regulation or order made thereunder.
85. Offences by companies.
(1) Where a person committing a
contravention of any of the provisions of
this Act or of any rule, direction or
order made thereunder is a company,
every person who, at the time the
contravention was committed, was in
charge of, and was responsible to, the
company for the conduct of business
of the company as well as the company,
shall be guilty of the
contravention and shall be liable to be
proceeded against and punished
accordingly :
Provided that nothing contained in this
sub-section shall render any such
person liable to punishment if he proves
that the contravention took place
without his knowledge or that he
exercised all due diligence to prevent
such contravention.
(2) Notwithstanding anything contained
in sub-section (1), where a
contravention of any of the provisions
of this Act or of any rule,
direction or order made thereunder has
been committed by a company and it
is proved that the contravention has
taken place with the consent or
connivance of, or is attributable to any
neglect on the part of, any
director, manager, secretary or other
officer of the company, such
director, manager, secretary or other
officer shall also be deemed to be
guilty of the contravention and shall be
liable to be proceeded against
and punished accordingly.
Explanation.—For the purposes of this
section,—
(i) "company" means any body
corporate and includes a firm or other
association of individuals; and
(ii) "director", in relation
to a firm, means a partner in the firm.
86. Removal of difficulties.
(1) If any difficulty arises in giving
effect to the provisions of this
Act, the Central Government may, by
order published in the Official
Gazette, make such provisions not
inconsistent with the provisions of this
Act as appear to it to be necessary or
expedient for removing the
difficulty :
Provided that no order shall be made
under this section after the expiry
of a period of two years from the
commencement of this Act.
(2) Every order made under this section
shall be laid, as soon as may be
after it is made, before each House of
Parliament.
87. Power of Central Government to make
rules.
(1) The Central Government may, by
notification in the Official Gazette
and in the Electronic Gazette make rules
to carry out the provisions of
this Act.
(2) In particular, and without prejudice
to the generality of the
foregoing power, such rules may provide
for all or any of the following
mailers, namely :
(a) the manner in which any information
or matter may be authenticated by
means of digital signature under section
5;
(b) the electronic form in which filing,
issue, grant or payment shall be
effected under sub-section (1) of
section 6;
(c) the manner and format in which
electronic records shall be filed, or
issued and the method of payment under
sub-section (2) of section 6;
(d) the matters relating to the type of
digital signature, manner and
format in which it may be affixed under
section 10;
(e) the security procedure for the purpose
of creating secure electronic
record and secure digital signature
under section 16;
(f) the qualifications, experience and
terms and conditions of service of
Controller, Deputy Controllers and
Assistant Controllers under section 17;
(g) other standards to be observed by
the Controller under clause (b) of
subsection (2) of section 20;
(h) the requirements which an applicant
must fulfil under sub-section (2)
of section 21;
(i) the period of validity of licence
granted under clause (a) of
sub-section (3) of section 21;
(j) the form in which an application for
licence may be made under
sub-section (1) of section 22;
(k) the amount of fees payable under
clause (c) of sub-section (2) of
section 22;
(l) such other documents which shall
accompany an application for licence
under clause (a) of sub-section (2) of
section 22;
(m) the form and the fee for renewal of
a licence and the fee payable
there of under section 23;
(n) the form in which application for
issue of a Digital Signature
Certificate may be made under
sub-section (1) of section 35;
(o) the fee to be paid to the Certifying
Authority for issue of a Digital
Signature Certificate under sub-section
(2) of section 35;
(p) the manner in which the adjudicating
officer shall hold inquiry under
subsection (1) of section 46;
(q) the qualification and experience
which the adjudicating officer shall
possess under sub-section (3) of section
46;
(r) the salary, allowances and the other
terms and conditions of service
of the Presiding Officer under section
52;
(s) the procedure for investigation of
misbehaviour or incapacity of the
Presiding Officer under sub-section (3)
of section 54;
(t) the salary and allowances and other
conditions of service of other
officers and employees under sub-section
(3) of section 56;
(u) the form in which appeal may be
filed and the fee thereof under sub
-section (3) of section 57;
(v) any other power of a civil court
required to be prescribed under
clause (g) of sub-section (2) of section
58; and
(w) any other matter which is required
to be, or may be, prescribed.
(3) Every notification made by the
Central Government under clause (f) of
subsection (4) of section 1 and every
rule made by it shall be laid, as
soon as may be after it is made, before
each House of Parliament, while it
is in session, for a total period of
thirty days which may be comprised in
one session or in two or more successive
sessions, and if, before the
expiry of the session immediately
following the session or the successive
sessions aforesaid, both Houses agree in
making any modification in the
notification or the rule or both Houses
agree that the notification or the
rule should not be made, the
notification or the rule shall thereafter
have effect only in such modified form
or be of no effect, as the case may
be; so, however, that any such
modification or annulment shall be without
prejudice to the validity of anything
previously done under that
notification or rule.
88. Constitution of Advisory Committee.
(1) The Central Government shall, as
soon as may be after the commencement
of this Act, constitute a Committee
called the Cyber Regulations Advisory
Committee.
(2) The Cyber Regulations Advisory
Committee shall consist of a
Chairperson and such number of other
official and non-official members
representing the interests principally
affected or having special
knowledge of the subject-matter as the
Central Government may deem fit.
(3) The Cyber Regulations Advisory
Committee shall advise
(a) the Central Government either
generally as regards any rules or for
any other purpose connected with this
Act;
(b) the Controller in framing the
regulations under this Act.
(4) There shall be paid to the non-official members of such Committee
such
travelling and other allowances as the
Central Government may fix.
89. Power of Controller to make regulations.
(1) The Controller may, after
consultation with the Cyber Regulations
Advisory Committee and with the previous
approval of the Central
Government, by notification in the
Official Gazette, make regulations
consistent with this Act and the rules
made thereunder to carry out the
purposes of this Act.
(2) In particular, and without prejudice
to the generality of the
foregoing power, such regulations may
provide for all or any of the
following matters, namely :
(a) the particulars relating to maintenance of data-base
containing the
disclosure record of every Certifying
Authority under clause (m) of
section 18;
(b) the conditions and restrictions
subject to which the Controller may
recognise any foreign Certifying
Authority under sub-section (1) of
section 19;
(c) the terms and conditions subject to
which a licence may be granted
under clause (c) of sub-section (3) of
section 21;
(d) other standards to be observed by a
Certifying Authority under clause
(d) of section 30;
(e) the manner in which the Certifying
Authority shall disclose the
matters specified in sub-section (1) of
section 34;
(f) the particulars of statement which
shall accompany an application
under sub-section (3) of section 35;
(g) the manner in which the subscriber
shall communicate the compromise of
private key to the certifying Authority
under sub-section (2) of section
42.
(3) Every regulation made under this Act
shall be laid, as soon as may be
after it is made, before each House of
Parliament, while it is in session,
for a total period of thirty days which
may be comprised in one session or
in two or more successive sessions, and
if, before the expiry of the
session immediately following the
session or the successive sessions
aforesaid, both Houses agree in making
any modification in the regulation
or both Houses agree that the regulation
should not be made, the
regulation shall thereafter have effect
only in such modified form or he
of no effect, as the case may be; so,
however, that any such modification
or annulment shall be without prejudice
to the validity of anything
previously done under (hat regulation.
90. Power of State Government to make
rules.
(1) The State Government may, by
notification in the Official Gazette,
make rules to carry out the provisions
of this Act.
(2) In particular, and without prejudice
to the generality of the
foregoing power, such rules may provide
for all or any of the following
matters, namely :
(a) the electronic form in which filing,
issue, grant receipt or payment
shall be effected under sub-section (1)
of section 6;
(b) for matters specified in sub-section
(2) of section 6;
(c) any other matter which is required
to be provided by rules by the
State Government.
(3) Every rule made by the State
Government under this section shall be
laid, as soon as may be after it is
made, before each House of the State
Legislature where it consists of two
Houses, or where such Legislature
consists of one House, before that
House.
91. Amendment of Act 45 of 1860.
The Indian Penal Code shall be amended in the manner specified in the
First Schedule to this Act.
92. Amendment of Act 1 of 1872.
The Indian Evidence Act, 1872 shall be
amended in the manner specified in
the Second Schedule to this Act.
93. Amendment of Act 18 of 1891.
The Bankers' Books Evidence Act, 1891
shall be amended in the manner
specified in the Third Schedule to this
Act.
94. Amendment of Act 2 of 1834.
The Reserve Bank of India Act, 1934
shall be amended in the manner
specified in the Fourth Schedule to this
Act.
SCHEDULES
The First Schedule - Amendments to the
Indian Penal Code, 1860.
(See section 91)
Amendments to the Indian Penal Code
(45 of 1860)
1. After section 29, the following
section shall be inserted, namely :
Electronic record.
"29A. The words "electronic
record" shall have the meaning assigned to
them in clause (t) of sub-section (1) of
section 2 of the Information
Technology Act, 2000."
2. In section 167, for the words
"such public servant, charged with the
preparation or translation of any
document, frames or translates that
document", the words "such
public servant, charged with the preparation or
translation of any document or
electronic record, frames, prepares or
translates that document or electronic
record" shall be substituted.
3. In section 172, for the words
"produce a document in a Court of
Justice", the words "produce a
document or an electronic record in a Court
of Justice" shall be substituted.
4. In section 173, for the words "to
produce a document in a Court of
Justice", the words "to
produce a document or electronic record in a Court
of Justice" shall be substituted.
5. In section 175, for the word
"document" at both the places where it
occurs, the words "document or
electronic record" shall be substituted.
6. In section 192, for the words
"makes any false entry in any book or
record, or makes any document containing
a false statement", the words
"makes any false entry in any book
or record, or electronic record or
makes any document or electronic record
containing a false statement"
shall be substituted.
7. In section 204, for the word
"document" at both the places where it
occurs, the words "document or electronic record"
shall be substituted.
8. In section 463, for the words
"Whoever makes any false documents or
part of a document with intent to cause
damage or injury", the words
"Whoever makes any false documents
or false electronic record or part of a
document or electronic record, with
intent to cause damage or injury"
shall be substituted.
9. In section 464, —
(a) for the portion beginning with the
words "A person is said to make a
false document" and ending with the
words "by reason of deception
practised upon him, he does not know the
contents of the document or the
nature of the alteration", the
following shall be substituted, namely :—
"A person is said to make a false
document or false electronic record
First
Who dishonestly or fraudulently —
(a) makes, signs, seals or executes a
document or part of a document;
(b) makes or transmits any electronic
record or part of any electronic
record;
(c) affixes any digital signature on any
electronic record;
(d) makes any mark denoting the
execution of a document or the
authenticity of the digital signature,with the intention of
causing it to
be
believed that such document or part of document, electronic record or
digital
signature was made, signed, sealed, executed, transmitted or
affixed
by or by the authority of a person by whom or by whose authority
he
knows that it was not made, signed, sealed, executed or affixed; or
Secondly Who, without lawful authority, dishonestly or fraudulently, by
cancellation or otherwise, alters a
document or an electronic record in
any material part thereof, after it has
been made, executed or affixed
with digital signature either by himself
or by any other person, whether
such person be living or dead at the
time of such alteration; or
Thirdly Who dishonestly or fraudulently causes any person to sign, seal,
execute or alter a document or an
electronic record or to affix his
digital signature on any electronic record
knowing that such person by
reason of unsoundness of mind or
intoxication cannot, or that by reason of
deception practised upon him, he does
not know the contents of the
document or electronic record or the
nature of the alteration. " ;
(b) after Explanation 2, the following
Explanation shall be inserted at
the end, namely :—
'Explanation 3.—For the purposes of this
section, the expression "affixing
digital signature" shall have the meaning
assigned to it in clause (d) of
subsection (1) of section 2 of the
Information Technology Act, 2000.'.
10. In section 466,—
(a) for the words "Whoever forges a
document", the words "Whoever forges a
document or an electronic record"
shall be substituted;
(b) the following Explanation shall be
inserted at the end, namely :—
'Explanation.—For the purposes of this
section, "register" includes any
list, data or record of any entries
maintained in the electronic form as
defined in clause (r) of sub-section (1)
of section 2 of the Information
Technology Act, 2000.'.
11. In section 468, for the words
"document forged", the words "document
or electronic record forged" shall be substituted.
12. In section 469, for the words
"intending that the document forged",
the words "intending that the
document or electronic record forged" shall
be substituted.
13. In section 470, for the word
"document" in both the places where it
occurs, the words "document or
electronic record" shall be substituted.
14. In section 471, for the word
"document" wherever it occurs, the words
"document or electronic
record" shall be substituted.
15. In section 474, for the portion
beginning with the words "Whoever has
in his possession any document" and
ending with the words "if the document
is one of the description mentioned in
section 466 of this Code", the
following shall be substituted, namely :
—
"Whoever has in his possession any
document or electronic record, knowing
the same to be forged and intending that
the same shall fraudulently or
dishonestly be used as a genuine, shall,
if the document or electronic
record is one of the description
mentioned in section 466 of this Code.".
16. In section 476, for the words
"any document", the words "any document
or electronic record" shall be
substituted.
17. In section 477A, for the words
"book, paper, writing" at both the
places where they occur, the words
"book, electronic record, paper,
writing" shall be substituted.
The Second Schedule - Amendments to the
Indian Evidence Act, 1872.
(See section 92)
Amendments to the Indian Evidence Act,
1872
(1 of 1872)
1. In section 3,—
(a) in the definition of
"Evidence", for the words "all documents produced
for the inspection of the Court",
the words "all documents including
electronic records produced for the
inspection of the Court" shall be
substituted;
(b) after the definition of "India", the following
shall be inserted,
namely:
'the expressions "Certifying Authority", "digital
signature",
"Digital Signature
Certificate", "electronic form", "electronic records",
"information", "secure
electronic record", "secure digital signature" and
"subscriber" shall have the
meanings respectively assigned to them in the
Information Technology Act, 2000.'.
2. In section 17, for the words
"oral or documentary,", the words "oral or
documentary or contained in electronic
form" shall be substituted.
3.After section 22, the following section shall be inserted, namely: —
When oral admission as to contents of
electronic records are relevant.
"22A. Oral admissions as to the
contents of electronic records are not
relevant, unless the genuineness of the
electronic record produced is in
question.".
4. In section 34, for the words
"Entries in the books of account", the
words "Entries in the books of
account, including those maintained in an
electronic form" shall be
substituted.
5. In section 35, for the word
"record", in both the places where it
occurs, the words "record or an electronic record" shall be
substituted.
6. For section 39, the following section
shall be substituted, namely: —
What evidence to be given when statement
forms part of a conversation,
document, electronic record, book or
series of letters or papers.
"39. When any statement of which
evidence is given forms part of a longer
statement, or of a conversation or pan
of an isolated document, or is
contained in a document which forms part
of a book, or is contained in
part of electronic record or of a
connected series of letters or papers,
evidence shall be given of so much and
no more of the statement,
conversation, document, electronic
record, book or series of letters or
papers as the Court considers necessary
in that particular case to the
full understanding of the nature and
effect of the statement, and of the
circumstances under which it was
made.".
7. After section 47, the following
section shall be inserted, namely: —
Opinion as to digital signature where
relevant.
"47A. When the Court has 10 form an
opinion as to the digital signature of
any person, the opinion of the
Certifying Authority which has issued the
Digital Signature Certificate is a
relevant fact.".
8. In section 59, for the words
"contents of documents" the words
"contents of documents or
electronic records" shall be substituted.
9. After section 65, the following
sections shall be inserted, namely: —
Special provisions as to evidence
relating to electronic record.
'65A. The contents of electronic records
may be proved in accordance with
the provisions of section 65B.
Admissibility of electronic records.
65B. (1) Notwithstanding anything
contained in this Act, any information
contained in an electronic record which
is printed on a paper, stored,
recorded or copied in optical or
magnetic media produced by a computer
(hereinafter referred to as the computer
output) shall be deemed to be
also a document, if the conditions
mentioned in this section are satisfied
in relation to the information and computer in question and shall
be
admissible in any proceedings, without
further proof or production of the
original, as evidence of any contents of
the original or of any fact
stated therein of which direct evidence
would be admissible.
(2) The conditions referred to in
sub-section (1) in respect of a computer
output shall be the following, namely: —
(a) the computer output containing the
information was produced by the
computer during the period over which
the computer was used regularly to
store or process information for the
purposes of any activities regularly
carried on over that period by the
person having lawful control over the
use of the computer;
(b) during the said period, information
of the kind contained in the
electronic record or of the kind from
which the information so contained
is derived was regularly fed into the
computer in the ordinary course of
the said activities;
(c) throughout the material part of the
said period, the computer was
operating properly or, if not, then in
respect of any period in which it
was not operating properly or was out of
operation during that part of the
period, was not such as to affect the
electronic record or the accuracy of
its contents; and
(d) the information contained in the
electronic record reproduces or is
derived from such information fed into
the computer in the ordinary course
of the said activities.
(3) Where over any period, the function
of storing or processing
information for the purposes of any
activities regularly carried on over
that period as mentioned in clause (a)
of sub-section (2) was regularly
performed by computers, whether—
(a) by a combination of computers operating over that period; or
(b) by different computers operating in succession
over that period; or
(c) by different combinations of
computers operating in succession over
that period; or
(d) in any other manner involving the
successive operation over that
period, in whatever order, of one or
more computers and one or more
combinations of computers, all the
computers used for that purpose during
that
period shall be treated for the purposes of this section as
constituting
a single computer; and references in this section to a
computer
shall be construed accordingly.
(4) In any proceedings where it is
desired to give a statement in evidence
by virtue of this section, a certificate
doing any of the following
things, that is to say, —
(a) identifying the electronic record
containing the statement and
describing the manner in which it was
produced;
(b) giving such particulars of any
device involved in the production of
that electronic record as may be
appropriate for the purpose of showing
that the electronic record was produced
by a computer;
(c) dealing with any of the matters to
which the conditions mentioned in
sub-section (2) relate,
and purporting to be signed by a person
occupying a responsible official
position in relation to the operation of
the relevant device or the
management of the relevant activities
(whichever is appropriate) shall be
evidence of any matter stated in the certificate; and for the
purposes of
this sub-section it shall be sufficient
for a matter to be stated to the
best of the knowledge and belief of the
person stating it.
(5) For the purposes of this section, —
(a) information shall be taken to be
supplied to a computer if it is
supplied thereto in any appropriate form
and whether it is so supplied
directly or (with or without human
intervention) by means of any
appropriate equipment;
(b) whether in the course of activities carried on by any official,
information is supplied with a view to
its being stored or processed for
the purposes of those activities by a
computer operated otherwise than in
the course of those activities, that
information, if duly supplied to that
computer, shall be taken to be supplied
to it in the course of those
activities;
(c) a computer output shall be taken to have been produced by a computer
whether it was produced by it directly
or (with or without human
intervention) by means of any
appropriate equipment.
Explanation.—For the purposes of this
section any reference to information
being derived from other information
shall be a reference to its being
derived therefrom by calculation,
comparison or any other process.
10. After section 67, the following
section shall be inserted, namely : —
Proof as to digital signature.
"67A. Except in the case of a
secure digital signature, if the digital
signature of any subscriber is alleged
to have been affixed to an
electronic record the fact that such
digital signature is the digital
signature of the subscriber must be
proved.".
11. After section 73, the following
section shall be inserted, namely: —
Proof as to verification of digital
signature.
'73A. In order to ascertain whether a
digital signature is that of the
person by whom it purports to have been
affixed, the Court may direct—
(a) that person or the Controller or the
Certifying Authority to produce
the Digital Signature Certificate;
(b) any other person to apply the public
key listed in the Digital
Signature Certificate and verify the
digital signature purported to have
been affixed by that person.
Explanation.—For the purposes of this
section, "Controller" means the
Controller appointed under sub-section
(1) of section 17 of the
Information Technology Act, 2000'.
12. Presumption as to Gazettes in
electronic forms.
After section 81, the following section
shall be inserted, namely: —
"81A. The Court shall presume the
genuineness of every electronic record
purporting to be the Official Gazette,
or purporting to be electronic
record directed by any law to be kept by
any person, if such electronic
record is kept substantially in the form
required by law and is produced
from proper custody.".
13. Presumption as to electronic
agreements.
After section 85, the following sections
shall be inserted, namely: —
"85A. The Court shall presume that
every electronic record purporting to
be an agreement containing the digital
signatures of the parties was so
concluded by affixing the digital
signature of the parties.
Presumption as to electronic records and
digital signatures.
85B. (1) In any proceedings involving a
secure electronic record, the
Court shall presume unless contrary is
proved, that the secure electronic
record has not been altered since the
specific point of time to which the
secure status relates.
(2) In any proceedings, involving secure
digital signature, the Court
shall presume unless the contrary is
proved that—
(a) the secure digital signature is
affixed by subscriber with the
intention of signing or approving the
electronic record;
(b) except in the case of a secure
electronic record or a secure digital
signature, nothing in this section shall
create any presumption relating
to authenticity and integrity of the
electronic record or any digital
signature.
Presumption as to Digital Signature
Certificates.
85C. The Court shall presume, unless contrary is proved, that
the
information listed in a Digital
Signature Certificate is correct, except
for information specified as subscriber
information which has not been
verified, if the certificate was
accepted by the subscriber.".
14. Presumption as to electronic
messages.
After section 88, the following section
shall be inserted, namely: —
'88A. The Court may presume that an
electronic message forwarded by the
originator through an electronic mail
server to the addressee to whom the
message purports to be addressed
corresponds with the message as fed into
his computer for transmission; but the
Court shall not make any
presumption as to the person by whom such message was sent.
Explanation.—For the purposes of this
section, the expressions "addressee"
and "originator" shall have
the same meanings respectively assigned to
them in clauses (b) and (za) of
sub-section (1) of section 2 of the
Information Technology Act, 2000.'.
15. Presumption as to electronic records
five years old.
After section 90, the following section
shall be inserted, namely: —
"90A. Where any electronic record,
purporting or proved to be five years
old, is produced from any custody which
the Court in the particular case
considers proper, the Court may presume
that the digital signature which
purports to be the digital signature of
any particular person was so
affixed by him or any person authorised
by him in this behalf.
Explanation.—Electronic records are said
to be in proper custody if they
are in the place in which, and under the
care of the person with whom,
they naturally be; but no custody is
improper if it is proved to have had
a legitimate origin, or the
circumstances of the particular case are such
as to render such an origin probable.
This Explanation applies also to section
81A.".
16. For section 131, the following
section shall be substituted, namely: —
Production of documents or electronic
records which another person, having
possession, could refuse to produce.
"131. No one shall be compelled to
produce documents in his possession or
electronic records under his control,
which any other person would be
entitled to refuse to produce if they
were in his possession or control,
unless such last-mentioned person
consents to their production.".
The Third Schedule - Amendments to the
Bankers' Books Evidence Act, 1891.
(See section 93)
Amendments to the Bankers' Books
Evidence Act, 1891
(18 of 1891)
1. In section 2 —
(a) for clause (3), the following clause
shall be substituted, namely :—
'(3) "bankers' books" include
ledgers, day-books, cash-books,
account-books and all other books used
in the ordinary business of a bank
whether kept in the written form or as
printouts of data stored in a
floppy, disc, tape or any other form of
electro-magnetic data storage
device;
(b) for clause (8), the following clause
shall be substituted, namely:
'(8) "certified copy" means
when the books of a bank,—
(a) are maintained in written form, a
copy of any entry in such books
together with a certificate written; the
foot of such copy that it is a
true copy of such entry, that such entry
is contained in one of the
ordinary books of the bank and was made
in the usual and ordinary course
of business and that such book is still
in the custody of the bank, and
where the copy was obtained by a
mechanical or other process which in
itself ensured the accuracy of the copy,
a further certificate to that
effect, but where the book from which
such copy was prepared has been
destroyed in the usual course of the
bank's business after the date on
which the copy had been so prepared, a
further certificate to that effect,
each such certificate being dated and
subscribed by the principal
accountant or manager of the bank with
his name and official title; and
(b) consist of printouts of data stored
in a floppy, disc, tape or any
other electro-magnetic data storage
device, a printout of such entry or a
copy of such printout together with such statements certified in
accordance with the provisions of
section 2A.'.
2. After section 2, the following
section shall be inserted, namely:
Conditions in the printout.
"2A. A printout of entry or a copy
of printout referred to in sub-section
(8) of section 2 shall be accompanied by
the following, namely: —
(a) a certificate to the effect that it
is a printout of such entry or a
copy of such printout by the principal
accountant or branch manager; and
(b) a certificate by a person in-charge
of computer system containing a
brief description of the computer system
and the particulars of—
(A) the safeguards adopted by the system
to ensure that data is entered or
any other operation performed only by
authorised persons;
(B) the safeguards adopted to prevent
and detect unauthorised change of
data;
(C) the safeguards available to retrieve
data that is lost due to systemic
failure or any other reasons;
(D) the manner in which data is transferred from the system to removable
media like floppies, discs, tapes or
other electro-magnetic data storage
devices;
(E) the mode of verification in order to
ensure that data has been
accurately transferred to such removable
media;
(F) the mode of identification of such
data storage devices;
(G) the arrangements for the storage and
custody of such storage devices;
(H) the safeguards to prevent and detect
any tampering with the system;
and
(I) any other factor which will vouch
for the integrity and accuracy of
the system.
(c) a further certificate from the
person in-charge of the computer system
to the effect that to the best of his
knowledge and belief, such computer
system operated properly at the material
time, he was provided with all
the relevant data and the printout in
question represents correctly, or is
appropriately derived from, the relevant
data.".
The Fourth Schedule - Amendment to the
Reserve Bank of India Act, 1934.
(See section 94)
Amendment to the Reserve Bank of India
Act, 1934
(2 of 1934)
In the Reserve Bank of India Act, 1934,
in section 58, in sub-section (2),
after clause (p), the following clause
shall be inserted, namely :—
"(pp) the regulation of fund
transfer through electronic means between the
banks or between the banks and other
financial institutions referred to in
clause (c) of section 45-1, including the
laying down of the conditions
subject to which banks and other
financial institutions shall participate
in such fund transfers, the manner of
such fund transfers and the rights
and obligations of the participants in
such fund transfers;".
SUBHASH C. JAIN,
Secy. to the Govt. of India.
PRINTED BY THE MANAGER, GOVERNMENT OF
INDIA PRESS (PLU), MINTO ROAD, NEW
DELHI AND PUBLISHED BY THE CONTROLLER OF
PUBLICATIONS, DELHI, 2000.
MGIP (PLU) MRND—1359G1—14-6-2000.