INFORMATION TECHNOLOGY ACT 2000

by Usha Rai · April 26, 2015

THE INFORMATIONTECHNOLOGY ACT, 2000

ACT No. 21 OF 2000

[As amended by TheNegotiable Instruments (Amendment and Miscellaneous Provisions) Act, 2002]

9th June, 2000

An Act to providelegal recognition for transactions carried out by means of electronic datainterchange and other means ofelectronic communication, commonly referred to as "electroniccommerce", which involve the use of alternatives to paper-based methods ofcommunication and storage of information, to facilitate electronic filing of documentswith the Government agencies and further to amend the Indian Penal Code theIndian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and theReserve Bank of India Act, 1934 and for matters connected therewith orincidental thereto

WHEREAS the General Assembly of the UnitedNations by resolution A. RES /51/162, dated the 30th January, 1997 had adoptedthe Model Law on Electronic Commerce adopted by the United Nations Commissionon International Trade Law;

AND WHEREAS the said resolution recommendsinter alia that all States give favourable consideration to the said Model Lawwhen they enact or revise their laws, in view of the need for uniformity of thelaw applicable to alternatives to paper-based methods of communication andstorage of information;

AND WHEREAS it is considered necessary togive effect to the said resolution and to promote efficient delivery ofGovernment services by means of reliable electronic records.

BE it enacted by Parliament in theFifty-first Year of the Republic of India as follows: –

CHAPTER I

Preliminary

1.Short title, extent, commencement andapplication: (1) This Act may be called the Information Technology Act, 2000.

(2) It shall extend to the whole of India,and save as otherwise provided in this Act, it applies also to any offence orcontravention thereunder committed outside India by any person.

(3) It shall come into force on such dateas the Central Government may, by notification, appoint and different dates maybe appointed for different provisions of this Act and any reference in any suchprovision to the commencement of this Act shall be construed as a reference tothe commencement of that provision.

(4) Nothing in this shall apply to, –

[(a) anegotiable instrument (other thana cheque) as definedin

section 13 of the Negotiable InstrumentsAct, 1881 (26 of 1881);]

(b) a power of attorney as defined insection 1A of the Powers-of-Attorney Act, 1882 (7 of 1882);

(d) a will as defined in clause (h) ofsection 2 of the Indian Succession Act, 1925 (39 of 1925) including any othertestamentary disposition by whatever name called;

(e) any contract for the sale orconveyance of immovable property or any interest in such property;

(f) any such class of documents ortransactions as may be notified by Central Government in the Official Gazette.

2.Definitions: (1) In this Act, unless thecontext otherwise requires, –

(a)"access" with its grammatical variations and cognateexpressions means gaining entry into, instructing or communicating with thelogical, arithmetical, or memory function resources of a computer, computersystem or computer network;

(b) "addressee" means a personwho is intended by the originator to receive the electronic record but does notinclude any intermediary;

(d) "affixing digital signature"with its grammatical variations and cognate expressions means adoption of anymethodology or procedure by a person for the purpose of authenticating anelectronic record by means of digital signature;

(e) "appropriate Government"means as respects any matter, –

(i) enumerated in List II of the SeventhSchedule to the Constitution;

(ii) relating to any State law enactedunder List III of the Seventh Schedule to the Constitution,

the State Government and in any othercase, the Central Government;

(f) " asymmetric crypto system"means a system of a secure key pair consisting of a private key for creating adigital signature and a public key to verify the digital signature;

(g) "Certifying Authority" meansa person who has been granted a licence to issue a Digital SignatureCertificate under section 24;

(h) "certification practicestatement" means a statement issued by a Certifying Authority to specifythe practices that the Certifying Authority employs in issuing DigitalSignature Certificates;

(i) "computer" means anyelectronic magnetic, optical or other high – speed data processing device orsystem which performs logical, arithmetic, and memory functions bymanipulations of electronic, magnetic or optical impulses, and includes allinput, output, processing, storage, computer software, or communicationfacilities which are connected or related to the computer in a computer systemor computer network;

(j) "computer network" means theinterconnection of one or more computers through –

(i) the use of satellite, microwave,terrestrial line or other communication media; and

(ii) terminals or a complex consisting oftwo or more interconnected computers whether or not the interconnection iscontinuously maintained;

(k) "computer resource" meanscomputer, computer system, computer network data, computer database orsoftware;

(l) "computer system" means adevice or collection of devices, including input and output support devices andexcluding calculators which are not programmable and capable of being used inconjunction with external files, which contain computer programmes, electronicinstructions, input data and output data, that performs logic arithmetic, datastorage and retrieval, communication control and other functions;

(m) "Controller" means theController of Certifying Authorities appointed under sub-section (1) of section17;

(n) "Cyber Appellate Tribunal"means the Cyber Regulations Appellate Tribune! established under sub-section(1) of section 48;

(o) "data" means arepresentation of information, knowledge, facts, concepts or instructions whichare being prepared or have been prepared in a formalised manner, and isintended to be processed, is being processed or has been processed in acomputer system or computer network, and may be in any form (including computerprintouts magnetic or optical storage media, punched cards, punched tapes) orstored internally in the memory of the computer;

(p)"digital signature" means authentication of any electronicrecord by a subscriber by means of an electronic method or procedure inaccordance with the provisions of section 3;

(q) "Digital SignatureCertificate" means a Digital Signature Certificate issued undersub-section (4) of section 35;

(r) "electronic form" withreference to information means any information generated, sent, received orstored in media, magnetic, optical, computer memory, micro film, computergenerated micro fiche or similar device;

(s) "Electronic Gazette" meansthe Official Gazette published in the electronic form;

(t) "electronic record" meansdata, record or data generated, image or sound stored, received or sent in anelectronic form or micro film or computer generated micro fiche;

(u) "function", in relation to acomputer, includes logic, control, arithmetical process, deletion, storage andretrieval and communication or telecommunication from or within a computer;

(v) "information" includes data,text, images, sound, voice, codes, computer programmes, software and data basesor micro film or computer generated micro fiche;

(w) "intermediary" with respectto any particular electronic message means any person who on behalf of anotherperson receives, stores or transmits that message or provides any service withrespect to that message;

(x) "key pair", in an asymmetriccrypto system, means a private key and its mathematically related public key,which are so related that the public key can verify a digital signature createdby the private key;

(y) "law" includes any Act ofParliament or of a State Legislature, Ordinances promulgated by the Presidentor a Governor, as the case may be. Regulations made by the President underarticle 240, Bill enacted as President’s Act under sub-clause (a) of clause (1)of article 357 of the Constitution and includes rules, regulations, bye-lawsand orders issued or made thereunder;

(z) "licence" means a licencegranted to a Certifying Authority under section 24;

(za) "originator" means a personwho sends, generates, stores or transmits any electronic message or causes anyelectronic message to be sent, generated, stored or transmitted to any otherperson but does not include an intermediary;

(zb) "prescribed" meansprescribed by rules made under this Act;

(zc) "private key" means the keyof a key pair used to create a digital signature;

(zd) "public key" means the keyof a key pair used to verify a digital signature and listed in the DigitalSignature Certificate;

(ze) "secure system" meanscomputer hardware, software and procedure that –

(a) are reasonably secure fromunauthorised access and misuse;

(b) provide a reasonable level ofreliability and correct operation;

(d) adhere to generally accepted securityprocedures;

(zf) "security procedure" meansthe security procedure prescribed under section 16 by the Central Government;

(zg) "subscriber" means a personin whose name the Digital Signature Certificate is issued;

(zh) "verify" in relation to adigital signature, electronic record or public key, with its grammaticalvariations and cognate expressions means to determine whether –

(a) the initial electronic record wasaffixed with the digital signature by the use of private key corresponding tothe public key of the subscriber;

(b) the initial electronic record isretained intact or has been altered since such electronic record was so affixedwith the digital signature.

(2) Any reference in this Act to anyenactment or any provision thereof shall, in relation to an area in which suchenactment or such provision is not in force, be construed as a reference to thecorresponding law or the relevant provision of the corresponding law, if any,in force in that area.

CHAPTER II

Digital Signature

3.Authentication of electronic records:(1) Subject to the provisions of this section any subscriber may authenticatean electronic record by affixing his digital signature.

(2) The authentication of the electronicrecord shall be effected by the use of asymmetric crypto system and hashfunction which envelop and transform the initial electronic record into anotherelectronic record.

Explanation: – For the purposes of thissub-section, "hash function" means an algorithm mapping ortranslation of one sequence of bits into another, generally smaller, set knownas "hash result" such that an electronic record yields the same hashresult every time the algorithm is executed with the same electronic record asits input making it computationally infeasible –

(a) to derive or reconstruct the originalelectronic record from the hash result produced by the algorithm;

(b) that two electronic records canproduce the same hash result using the algorithm.

(3) Any person by the use of a public keyof the subscriber can verify the electronic record.

(4) The private key and the public key areunique to the subscriber and constitute a functioning key pair.

CHAPTER III

ElectronicGovernance

4.Legal recognition of electronic records: Where any law provides that information orany other matter shall be in writing or in the typewritten or printed form,then, notwithstanding anything contained in such law, such requirement shall bedeemed to have been satisfied if such information or matter is –

(a) rendered or made available in anelectronic form; and

(b) accessible so as to be usable forsubsequent reference.

5.Legal recognition of digital signatures:Where any law provides that information or any other matter shall beauthenticated by affixing the signature or any document shall be signed or bearthe signature of any person then, notwithstanding anything contained in suchlaw, such requirement shall be deemed to have been satisfied, if suchinformation or matter is authenticated by means of digital signature affixed insuch manner as may be prescribed by the Central Government.

Explanation: – For the purposes of thissection, "signed", with its grammatical variations and cognateexpressions, shall, with reference to a person, mean affixing of his handwritten signature or any mark on any document and the expression"signature" shall be construed accordingly.

6.Use of electronic records and digitalsignatures in Government and its agencies: (1) Where any law provides for –

(a) the filing of any form, application orany other document with any office, authority, body or agency owned orcontrolled by the appropriate Government in a particular manner;

(b) the issue or grant of any licence,permit, sanction or approval by whatever name called in a particular manner;

then, notwithstanding anything containedin any other law for the time being in force, such requirement shall be deemedto have been satisfied if such filing, issue, grant, receipt or payment, as thecase may be, is effected by means of such electronic form as may be prescribedby the appropriate Government.

(2) The appropriate Government may, forthe purposes of sub-section (1), by rules, prescribe –

(a) the manner and format in which suchelectronic records shall be filed, created or issued;

(b) the manner or method of payment of anyfee or charges for filing, creation or issue any electronic record under clause(a).

7.Retention of electronic records: (1)Where any law provides that documents, records or information shall be retainedfor any specific period, then, that requirement shall be deemed to have beensatisfied if such documents, records or information are retained in theelectronic form, if –

(a) the information contained thereinremains accessible so as to be usable for a subsequent reference;

(b) the electronic record is retained inthe format in which it was originally generated, sent or received or in aformat which can be demonstrated to represent accurately the informationoriginally generated, sent or received;

(c) the details which will facilitate theidentification of the origin, destination, date and time of despatch or receiptof such electronic record are available in the electronic record:

Provided that this clause does not applyto any information which is automatically generated solely for the purpose ofenabling an electronic record to be despatched or received.

(2) Nothing in this section shall apply toany law that expressly provides for the retention of documents, records orinformation in the form of electronic records.

8.Publication of rule, regulation, etc.,in Electronic Gazette: Where any law provides that any rule, regulation, order,bye-law, notification or any other matter shall be published in the OfficialGazette, then, such, requirement shall be deemed to have been satisfied if suchrule, regulation, order, bye-law, notification or any other matter is publishedin the Official Gazette or Electronic Gazette:

Provided that where any rule regulation,order, bye-law, notification or any other matter is published in the OfficialGazette or Electronic Gazette, the date of Publication shall be deemed to bethe date of the Gazette which was first published in any form.

9.Sections 6, 7 and 8 not to confer rightto insist document should be accepted in electronic form: Nothing contained insections 6, 7 and 8 shall confer a right upon any person to insist that anyMinistry or Department of the Central Government or the State Government or anyauthority or body established by or under any law or controlled or funded bythe Central or State Government should accept, issue, create, retain andpreserve any document in the form of electronic records or effect any monetarytransaction in the electronic form.

10.Power to make rules by CentralGovernment in respect of digital signature: The Central Government may, for thepurposes of this Act, by rules, prescribe –

(a) the type of digital signature;

(b) the manner and format in which thedigital signature shall be affixed;

(d) control processes and procedures toensure adequate integrity, security and confidentiality of electronic recordsor payments; and

(e) any other matter which is necessary togive legal effect to digital signatures.

CHAPTER IV

Attribution,Acknowledgement and Despatch of Electronic Records

11.Attribution of electronic records: Anelectronic record shall be attributed to the originator –

(a) as if it was sent by the originatorhimself;

(b) by a person who had the authority toact on behalf of the originator in respect of that electronic record; or

12.Acknowledgement of receipt: (1) Wherethe originator has not agreed with the addressee that the acknowledgment ofreceipt of electronic record be given in a particular form or by a particularmethod, an acknowledgment may be given by –

(a) any communication by the addressee,automated or otherwise; or

(b) any conduct of the addressee,sufficient to indicate to the originator that the electronic record has beenreceived.

(2) Where the originator has stipulatedthat the electronic record shall be binding only on receipt of anacknowledgment of such electronic record by him, then unless acknowledgment hasbeen so received, the electronic record shall be deemed to have been never sentby the originator.

(3) Where the originator has notstipulated that the electronic record shall be binding only on receipt of suchacknowledgment, and the acknowledgment has not received by the originatorwithin the time specified or agreed or, if no time has been specified or agreedto within a reasonable time, then the originator may give notice to theaddressee stating that no acknowledgment has been received by him and specifyinga reasonable time by which the acknowledgment must be received by. him and ifno acknowledgment is received within the aforesaid time limit he may aftergiving notice to the addressee, treat the electronic record as though it hasnever been sent.

13.Time and place of despatch and receiptof electronic record: (1) Save as otherwise agreed to between the originatorand the addressee, the despatch of an electronic record occurs when it enters acomputer resource outside the control of the originator.

(2) Save as otherwise agreed between theoriginator and the addressee, the time of receipt of an electronic record shallbe determined as follows, namely: –

(a) if the addressee has designated acomputer resource for the purpose of receiving electronic records, –

(i) receipt occurs at the time when theelectronic record enters the designated computer resource; or

(ii) if the electronic record is sent to acomputer resource of the addressee that is not the designated computerresource, receipt occurs at the time when the electronic record is retrieved bythe addressee;

(b) if the addressee has not designated acomputer resource along with specified timings, if any, receipt occurs when theelectronic record enters the computer resource of the addressee.

(3) Save as otherwise agreed to betweenthe originator and the addressee, an electronic record is deemed to bedespatched at the place where the originator has his place of business, and isdeemed to be received at the place where the addressee has his place of business.

(4) The provisions of sub-section (2)shall apply notwithstanding that the place where the computer resource islocated may be different from the place where the electronic record is deemedto have been received under sub-section (3).

(5) For the purposes of this section, –

(a) if the originator or the addressee hasmore than one place of business, the principal place of business, shall be theplace of business;

(b) if the originator or the addresseedoes not have a place of business his usual place of residence shall be deemedto be the place of business;

CHAPTER V

Secure ElectronicRecords and Secure Digital Signatures

14.Secure electronic record: Where anysecurity procedure has been applied to an electronic record at a specific pointof time, then such record shall be deemed to be a secure electronic record fromsuch point of time to the time of verification.

15.Secure digital signature: If, byapplication of a security procedure agreed to by the parties concerned, it canbe verified that a digital signature, at the time it was affixed, was –

(a) unique to the subscriber affixing it;

(b) capable of identifying suchsubscriber;

(c) created in a manner or using a meansunder the exclusive control of the subscriber and is linked to the electronicrecord to which it relates in such a manner that if the electronic record wasaltered the digital signature would be invalidated,

then such digital signature shall bedeemed to be a secure digital signature.

16.Security procedure: The CentralGovernment shall for the purposes of this Act prescribe the security procedurehaving regard to commercial circumstances prevailing at the time when the procedurewas used, including –

(a) the nature of the transaction;

(b) the level of sophistication of theparties with reference to their technology capacity;

(d) the availability of alternativesoffered to but rejected by any party;

(e) the cost of alternative procedures;and

(f) the procedures in general use forsimilar types of transactions or communications.

CHAPTER VI

Regulation ofCertifying Authorities

17.Appointment of Controller and otherofficers: (1) The Central Government may, by notification in the OfficialGazette, appoint a Controller of Certifying Authorities for the purposes ofthis Act and may also by the same or subsequent notification appoint suchnumber of Deputy Controllers and Assistance Controllers as it deems fit.

(2) The Controller shall discharge hisfunctions under this Act subject to the general control and directions of theCentral Government.

(3) The Deputy Controllers and AssistantControllers shall perform the functions assigned to them by the Controllerunder the general superintendence and control of the Controller.

(4) The qualifications, experience andterms and conditions of service of Controller, Deputy Controllers and AssistantControllers shall be such as may be prescribed by the Central Government.

(5) The Head Office and Branch Office ofthe office of the Controller shall be at such places as the Central Governmentmay specify, and these may be established at such places as the Central Governmentmay think fit.

(6) There shall be a seal of the Office ofthe Controller.

18.Functions of Controller: The Controllermay perform all or any of the following functions, namely: –

(a) exercising supervision over theactivities of the Certifying Authorities;

(b) certifying public keys of theCertifying Authorities;

(d) specifying the qualifications andexperience which employees of the Certifying Authorities should possess;

(e) specifying the conditions subject towhich the Certifying Authorities shall conduct their business;

(f) specifying the contents of written,printed or visual materials and advertisements that may be distributed or usedin respect of a Digital Signature Certificate and the public key;

(g) specifying the form and content of aDigital Signature Certificate and the key;

(h) specifying the form and manner inwhich accounts shall be maintained by the Certifying Authorities;

(i) specifying the terms and conditionssubject to which auditors may be appointed and the remuneration to be paid tothem;

(j) facilitating the establishment of anyelectronic system by a Certifying Authority either solely or jointly with otherCertifying Authorities and regulation of such systems;

(k) specifying the manner in which theCertifying Authorities shall conduct their dealings with the subscribers;

(l) resolving any conflict of interestsbetween the Certifying Authorities and the subscribers;

(m) laying down the duties of theCertifying Authorities;

(n) maintaining a data base containing thedisclosure record of every Certifying Authority containing such particulars asmay be specified by regulations, which shall be accessible to public.

19.Recognition of foreign CertifyingAuthorities: (1) Subject to such conditions and restrictions as may bespecified by regulations, the Controller may with the previous approval of theCentral Government, and by notification in the Official Gazette, recognise anyforeign Certifying Authority as a Certifying Authority for the purposes of thisAct.

(2) Where any Certifying Authority isrecognised under sub-section (1), the Digital Signature Certificate issued bysuch Certifying Authority shall be valid for the purposes of this Act

(3) The Controller may, if he is satisfiedthat any Certifying Authority has contravened any of the conditions andrestrictions subject to which it was granted recognition under sub-section (1)he may, for reasons to be recorded in writing, by notification in the OfficialGazette, revoke such recognition.

20.Controller to act as repository: (1)The Controller shall be the repository of all Digital Signature Certificatesissued under this Act.

(2) The Controller shall –

(a) make use of hardware, software andprocedures that are secure from intrusion and misuse;

(b) observe such other standards as may beprescribed by the Central Government,

to ensure that the secrecy and security ofthe digital signatures are assured.

(3) The Controller shall maintain a computeriseddata base of all public keys in such a manner that such data base and thepublic keys are available to any member of the public.

21.Licence to issue Digital SignatureCertificates: (1) Subject to the provisions of sub-section (2), any person maymake an application, to the Controller, for a licence to issue DigitalSignature Certificates.

(2) No licence shall be issued undersub-section (1), unless the applicant fulfills such requirements with respectto qualification, expertise, manpower, financial resources and otherinfrastructure facilities, which are necessary to issue Digital SignatureCertificates as may be prescribed by the Central Government.

(3) A licence granted under this sectionshall –

(a) be valid for such period as may be prescribedby the Central Government;

(b) not be transferable or heritable;

22.Application for licence: (1) Everyapplication for issue of a licence shall be in such form as may be prescribedby the Central Government.

(2) Every application for issue of alicence shall be accompanied by –

(a) a certification practice statement;

(b) a statement including the procedureswith respect to identification of the applicant;

(d) such other documents, as may beprescribed by the Central Government.

23.Renewal of licence: An application forrenewal of a licence shall be –

(a) in such form;

(b) accompanied by such fees, notexceeding five thousand rupees,

as may be prescribed by the CentralGovernment and shall be made not less than forty-five days before the date ofexpiry of the period of validity of the licence.

24.Procedure for grant or rejection oflicence: The Controller may, on receipt of an application under sub-section (1)of section 21, after considering the documents accompanying the application andsuch other factors, as he deems fit, grant the licence or reject theapplication:

Provided that no application shall berejected under this section unless the applicant has been given a reasonableopportunity of presenting his case.

25.Suspension of licence: (1) TheController may, if he is satisfied after making such inquiry, as he may thinkfit, that a Certifying Authority, has, –

(a) made a statement in, or in relationto, the application for the issue or renewal of the licence, which is incorrector false in material particulars;

(b) failed to comply with the terms andconditions subject to which the licence was granted;

(d) contravened any provisions of thisAct, rule, regulation or order made thereunder,

revoke the licence:

Provided that no licence shall be revokedunless the Certifying Authority has been given a reasonable opportunity ofshowing cause against the proposed revocation.

(2) The Controller may, if he hasreasonable cause to believe that there is any ground for revoking a licenceunder sub-section (1), by order suspend such licence pending the completion ofany inquiry ordered by him:

Provided that no licence shall besuspended for a period exceeding ten days unless the Certifying Authority hasbeen given a reasonable opportunity of showing cause against the proposedsuspension.

(3) No Certifying Authority whose licencehas been suspended shall issue any Digital Signature Certificate during suchsuspension.

26.Notice of suspension or revocation oflicence: (1) Where the licence of the Certifying Authority is suspended orrevoked, the Controller shall publish notice of such suspension or revocation,as the case may be, in the data base maintained by him.

(2) Where one or more repositories arespecified, the Controller shall publish notices of such suspension orrevocation, as the case may be, in all such repositories:

Provided that the data base containing thenotice of such suspension or revocation, as the case may be, shall be madeavailable through a web site which shall be accessible round the clock:

Provided further that the Controller may,if he considers necessary, publicise the contents of data base in suchelectronic or other media, as he may consider appropriate.

27.Power to delegate: The Controller may,in writing, authorise the Deputy Controller, Assistant Controller or anyofficer to exercise any of the powers of the Controller under this Chapter.

28. Power to investigate contraventions:(1) The Controller or any officer authorised by him in this behalf shall takeup for investigation any contravention of the provisions of this Act, rules orregulations made thereunder.

(2) The Controller or any officerauthorised by him in this behalf shall exercise the like powers which are conferredon Income-tax authorities under Chapter XIII of the Income-tax Act, 1961 (43 of1961) and shall exercise such powers, subject to such limitations laid downunder that Act.

29.Access to computers and data: (1)Without prejudice to the provisions of sub-section (1) of section 69, theController or any person authorised by him shall, if he has reasonable cause tosuspect that any contravention of the provisions of this Act, rules orregulations made thereunder has been committed, have access to any computersystem, any apparatus, data or any other material connected with such system,for the purpose of searching or causing a search to be made for obtaining anyinformation or data contained in or available to such computer system.

(2) For the purposes of sub-section (1),the Controller or any person authorised by him may, by order, direct any personincharge of, or otherwise concerned with the operation of, the computer system,data apparatus or material, to provide him with such reasonable technical andother assistance as he may consider necessary.

30.Certifying Authority to follow certainprocedures: Every Certifying Authority shall, –

(a) make use of hardware, software andprocedures that are secure from intrusion and misuse;

(b) provide a reasonable level ofreliability in its services which are reasonably suited to the performance ofintended functions;

(d) observe such other standards as may bespecified by regulations.

31.Certifying Authority to ensurecompliance of the Act, etc.: Every Certifying Authority shall ensure that everyperson employed or otherwise engaged by it complies, in the course of hisemployment or engagement, with the provisions of this Act, rules, regulationsand orders made thereunder.

32.Display of licence: Every CertifyingAuthority shall display its licence at a conspicuous place of the premises inwhich it carries on its business.

33.Surrender of licence: (1) EveryCertifying Authority whose licence is suspended or revoked shall immediatelyafter such suspension or revocation surrender the licence to the Controller.

(2) Where any Certifying Authority failsto surrender a licence under sub-section (1), the person in whose favour alicence is issued, shall be guilty of an offence and shall be punished withimprisonment which may extend up to six months or a fine which may extend up toten thousand rupees or with both.

34.Disclosure: (1) Every CertifyingAuthority shall disclose in the manner specified by regulations –

(a) its Digital Signature Certificatewhich contains the public key corresponding to the private key used by thatCertifying Authority to digitally sign another Digital Signature Certificate;

(b) any certification practice statementrelevant thereto;

(d) any other fact that materially andadversely affects either the reliability of a Digital Signature Certificate,which that Authority has issued, or the Authority’s ability to perform itsservices.

(2) Where in the opinion of the CertifyingAuthority any event has occurred or any situation has arisen which maymaterially and adversely affect the integrity of its computer system or theconditions subject to which a Digital Signature Certificate was granted, then,the Certifying Authority shall –

(a) use reasonable efforts to notify anyperson who is likely to be affected by that occurrence; or

(b) act in accordance with the procedurespecified in its certification practice statement to deal with such event orsituation.

CHAPTER VII

Digital SignatureCertificates

35.Certifying Authority to issue DigitalSignature Certificate: (1) Any person may make an application to the CertifyingAuthority for the issue of a Digital Signature Certificate in such form as maybe prescribed by the Central Government.

(2) Every such application shall beaccompanied by such fee not exceeding twenty-five thousand rupees as may beprescribed by the Central Government, to be paid to the Certifying Authority;

Provided that while prescribing fees undersub-section (2) different fees may be prescribed for different classes ofapplicants.

(3) Every such application shall beaccompanied by a certification practice statement or where there is no suchstatement, a statement containing such particulars, as may be specified byregulations.

(4) On receipt of an application undersub-section (1), the Certifying Authority may, after consideration of thecertification practice statement or the other statement under sub-section (3)and after making such enquiries as it may deem fit, grant the Digital SignatureCertificate or for reasons to be recorded in writing, reject the application:

Provided that no Digital SignatureCertificate shall be granted unless the Certifying Authority is satisfied that-

(a) the applicant holds the private keycorresponding to the public key to be listed in the Digital SignatureCertificate;

(b) the applicant holds a private key,which is capable of creating a digital signature;

(c) the public key to be listed in thecertificate can be used to verify a digital signature affixed by the privatekey held by the applicant:

Provided further that no application shallbe rejected unless the applicant has been given a reasonable opportunity ofshowing cause against the proposed rejection.

36.Representations upon issuance ofDigital Signature Certificate: A Certifying Authority while issuing a DigitalSignature Certificate shall certify that –

(a) it has complied with the provisions ofthis Act and the rules and regulations made thereunder;

(b) it has published the Digital SignatureCertificate or otherwise made it available to such person relying on it and thesubscriber has accepted it;

(d) the subscriber’s public key andprivate key constitute a functioning key pair;

(e) the information contained in theDigital Signature Certificate is accurate; and

(f) it has no knowledge of any materialfact, which if it had been included in the Digital Signature Certificate wouldadversely affect the reliability of the representations made in clauses (a) to(d).

37.Suspension of Digital SignatureCertificate: (1) Subject to the provisions of sub-section (2), the CertifyingAuthority which has issued a Digital Signature Certificate may suspend suchDigital Signature Certificate, –

(a) on receipt of a request to that effectfrom –

(i) the subscriber listed in the DigitalSignature Certificate; or

(ii) any person duly authorised to act onbehalf of that subscriber;

(b) if it is of opinion that the DigitalSignature Certificate should be suspended in public interest

(2) A Digital Signature Certificate shallnot be suspended for a period exceeding fifteen days unless the subscriber hasbeen given an opportunity of being heard in the matter.

(3) On suspension of a Digital SignatureCertificate under this section, the Certifying Authority shall communicate thesame to the subscriber.

38.Revocation of Digital SignatureCertificate: (1) A Certifying Authority may revoke a Digital SignatureCertificate issued by it –

(a) where the subscriber or any otherperson authorised by him makes a request to that effect; or

(b) upon the death of the subscriber; or

(2) Subject to the provisions of sub-section(3) and without prejudice to the provisions of sub-section (1), a CertifyingAuthority may revoke a Digital Signature Certificate which has been issued byit at any time, if it is of opinion that –

(a) a material fact represented in theDigital Signature Certificate is false or has been concealed;

(b) a requirement for issuance of theDigital Signature Certificate was not satisfied;

(c) the Certifying Authority’s private keyor security system was comprised in a manner materially affecting the DigitalSignature Certificate’s reliability;

(d) the subscriber has been declaredinsolvent or dead or where a subscriber is a firm or a company, which has beendissolved, wound-up or otherwise ceased to exist.

(3) A Digital Signature Certificate shallnot be revoked unless the subscriber has been given an opportunity of beingheard in the matter.

(4) On revocation of a Digital SignatureCertificate under this section, the Certifying Authority shall communicate thesame to the subscriber.

39.Notice of suspension or revocation: (1)Where a Digital Signature Certificate is suspended or revoked under section 37or section 38, the Certifying Authority shall publish a notice of suchsuspension or revocation, as the case may be, in the repository specified in theDigital Signature Certificate for publication of such notice.

(2) Where one or more repositories arespecified, the Certifying Authority shall publish notices of such suspension orrevocation, as the case may be, in all such repositories.

CHAPTER VIII

Duties ofSubscribers

40.Generating key pair: Where any DigitalSignature Certificate, the public key of which corresponds to the private keyof that subscriber which is to be listed in the Digital Signature Certificatehas been accepted by a subscriber, then, the subscriber shall generate the keypair by applying the security procedure.

41.Acceptance of Digital SignatureCertificate: (1) A subscriber shall be deemed to have accepted a DigitalSignature Certificate if he publishes or authorises the publication of aDigital Signature Certificate –

(a) to one or more persons;

(b) in a repository, or otherwisedemonstrates his approval of the Digital Signature Certificate in any manner.

(2) By accepting a Digital SignatureCertificate the subscriber certifies to ail who reasonably rely on theinformation contained in the Digital Signature Certificate that –

(a) the subscriber holds the private keycorresponding to the public key listed in the Digital Signature Certificate andis entitled to hold the same;

(b) all representations made by thesubscriber to the Certifying Authority and all material relevant to theinformation contained in the Digital Signature Certificate are true;

42.Control of private key: (1) Everysubscriber shall exercise reasonable care to retain control of the private keycorresponding to the public key listed in his Digital Signature Certificate andtake all steps to prevent its disclosure to a person not authorised to affixthe digital signature of the subscriber.

(2) If the private key corresponding tothe public key listed in the Digital Signature Certificate has beencompromised, then, the subscriber shall communicate the same without any delayto the Certifying Authority in such manner as may be specified by theregulations.

Explanation: – For the removal of doubts,it is hereby declared that the subscriber shall be liable till he has informedthe Certifying Authority that the private key has been compromised.

CHAPTER IX

Penalties andAdjudication

43.Penalty for damage to computer,computer system, etc.: If any person without permission of the owner or anyother person who is incharge of a computer, computer system or computernetwork, –

(a) accesses or secures access to suchcomputer, computer system or computer network;

(b) downloads, copies or extracts anydata, computer data base or information from such computer, computer system orcomputer network including information or data held or stored in any removablestorage medium;

(c) introduces or causes to be introducedany computer contaminant or computer virus into any computer, computer systemor computer network;

(d) damages or causes to be damaged anycomputer, computer system or computer network, data, computer data base or anyother programmes residing in such computer, computer system or computernetwork;

(e) disrupts or causes disruption of anycomputer, computer system or computer network;

(f) denies or causes the denial of accessto any person authorised to access any computer, computer system or computernetwork by any means;

(g) provides any assistance to any personto facilitate access to a computer, computer system or computer network incontravention of the provisions of this Act, rules or regulations madethereunder;

(h) charges the services availed of by aperson to the account of another person by tampering with or manipulating anycomputer, computer system, or computer network,

he shall be liable to pay damages by wayof compensation not exceeding one crore rupees to the person so affected.

Explanation: – For the purposes of thissection, –

(i) "computer contaminant" meansany set of computer instructions that are designed –

(a) to modify, destroy, record, transmitdata or programme residing within a computer, computer system or computernetwork; or

(b) by any means to usurp the normaloperation of the computer, computer system, or computer network;

(ii) "computer data base" meansa representation of information, knowledge, facts, concepts or instructions intext, image, audio, video that are being prepared or have been prepared in aformalised manner or have been produced by a computer, computer system orcomputer network and are intended for use in a computer, computer system orcomputer network;

(iii)"computer virus" means any computer instruction, information,data or programme that destroys, damages, degrades or adversely affects theperformance of a computer resource or attaches itself to another computerresource and operates when a programme, data or instruction is executed or someother event takes place in that computer resource;

(iv) "damage" means to destroy,alter, delete, add, modify or rearrange any computer resource by any means.

44.Penalty for failure to furnishinformation, return, etc.: If any person who is required under this Act or anyrules or regulations made thereunder to –

(a) furnish any document, return or reportto the Controller or the Certifying Authority fails to furnish the same, heshall be liable to a penalty not exceeding one lakh and fifty thousand rupeesfor each such failure;

(b) file any return or furnish anyinformation, books or other documents within the time specified therefor in theregulations fails to file return or furnish the same within the time specifiedtherefor in the regulations, he shall be liable to a penalty not exceeding fivethousand rupees for every day during which such failure continues;

(c) maintain books of account or records,fails to maintain the same, he shall be liable to a penalty not exceeding tenthousand rupees for every day during which the failure continues.

45.Residuary penalty: Whoever contravenesany rules or regulations made under this Act, for the contravention of which nopenalty has been separately provided, shall be liable to pay a compensation notexceeding twenty-five thousand rupees to the person affected by suchcontravention or a penalty not exceeding twenty-five thousand rupees.

46.Power to adjudicate: (1) For thepurpose of adjudging under this Chapter whether any person has committed acontravention of any of the provisions of this Act or of any rule, regulation,direction or order made thereunder the Central Government shall, subject to theprovisions of sub-section (3), appoint any officer not below the rank of aDirector to the Government of India or an equivalent officer of a StateGovernment to be an adjudicating officer for holding an inquiry in the mannerprescribed by the Central Government.

(2) The adjudicating officer shall, aftergiving the person referred to in sub-section (1) a reasonable opportunity formaking representation in the matter and if, on such inquiry, he is satisfiedthat the person has committed the contravention, he may impose such penalty oraward such compensation as he thinks fit in accordance with the provisions ofthat section.

(3) No person shall be appointed as anadjudicating officer unless he possesses such experience in the field ofInformation Technology and legal or judicial experience as may be prescribed bythe Central Government

(4) Where more than one adjudicatingofficers are appointed, the Central Government shall specify by order thematters and places with respect to which such officers shall exercise theirjurisdiction.

(5) Every adjudicating officer shall havethe powers of a civil court which are conferred on the Cyber Appellate Tribunalunder sub-section (2) of section 58, and –

(a) all proceedings before it shall bedeemed to be judicial proceedings within the meaning of sections 193 and 228 ofthe Indian Penal Code (45 of 1860);

(b) shall be deemed to be a civil courtfor the purposes of sections 345 and 346 of the Code of Criminal Procedure,1973 (2 of 1974).

47.Factors to be taken into account by theadjudicating officer: While adjudging the quantum of compensation under thisChapter, the adjudicating officer shall have due regard to the followingfactors, namely: –

(a) the amount of gain of unfairadvantage, wherever quantifiable, made as a result of the default;

(b) the amount of loss caused to anyperson as a result of the default;

CHAPTER X

The CyberRegulations Appellate Tribunal

48.Establishment of Cyber AppellateTribunal: (1) The Central Government shall, by notification, establish one ormore appellate tribunals to be known as the Cyber Regulations AppellateTribunal.

(2) The Central Government shall alsospecify, in the notification referred to in sub-section (1), the matters andplaces in relation to which the Cyber Appellate Tribunal may exercisejurisdiction.

49.Composition of Cyber AppellateTribunal: A Cyber Appellate Tribunal shall consist of one person only(hereinafter referred to as the Presiding Officer of the Cyber Appellate Tribunal)to be appointed, by notification, by the Central Government.

50.Qualifications for appointment asPresiding Officer of the Cyber Appellate Tribunal: A person shall not bequalified for appointment as the Presiding Officer of a Cyber Appellate tribunalunless he –

(a) is, or has been, or is qualified tobe, a Judge of a High Court; or

(b) is or has been a member of the IndianLegal Service and is holding or has held a post in Grade I of that Service forat least three years.

51.Term of office: The Presiding Officerof a Cyber Appellate Tribunal shall hold office for a term of five years fromthe date on which he enters upon his office or until he attains the age ofsixty-five years, whichever is earlier.

52.Salary, allowances and other terms and conditionsof service of Presiding Officer: The salary and allowances payable to, and theother terms and conditions of service including pension, gratuity and otherretirement benefits of, the Presiding Officer of a Cyber Appellate Tribunalshall be such as may be prescribed:

Provided that neither the salary andallowances nor the other terms and conditions of service of the PresidingOfficer shall be varied to his disadvantage after appointment.

53.Filling up of vacancies: If, for reasonother than temporary absence, any vacancy occurs in the office of the PresidingOfficer of a Cyber Appellate Tribunal, then the Central Government shallappoint another person in accordance with the provisions of this Act to fillthe vacancy and the proceedings may be continued before the Cyber AppellateTribunal from the stage at which the vacancy is filled.

54.Resignation and removal: (1) ThePresiding Officer of a Cyber Appellate Tribunal may, by notice in writing underhis hand addressed to the Central Government, resign his office:

Provided that the said Presiding Officershall, unless he is permitted by the Central Government to relinquish hisoffice sooner, continue to hold office until the expiry of three months fromthe date of receipt of such notice or until a person duly appointed as hissuccessor enters upon his office or until the expiry of his term of office,whichever is the earliest.

(2) The Presiding Officer of a CyberAppellate Tribunal shall not be removed from his office except by an order bythe Central Government on the ground of proved misbehaviour or incapacity afteran inquiry made by a Judge of the Supreme Court in which the Presiding Officerconcerned has been informed of the charges against him and given a reasonableopportunity of being heard in respect of these charges.

(3) The Central Government may, by rules,regulate the procedure for the investigation of misbehaviour or incapacity ofthe aforesaid Presiding Officer.

55.Orders constituting Appellate Tribunalto be final and not to invalidate its proceedings: No order of the CentralGovernment appointing any person as the Presiding Officer of a Cyber AppellateTribunal shall be called in question in any manner and no act or proceedingbefore a Cyber Appellate Tribunal shall be called in question in any manner onthe ground merely of any defect in the constitution of a Cyber AppellateTribunal.

56.Staff of the Cyber Appellate Tribunal:(1) The Central Government shall provide the Cyber Appellate Tribunal with suchofficers and employees as that Government may think fit.

(2) The officers and employees of theCyber Appellate Tribunal shall discharge their functions under generalsuperintendence of the Presiding Officer.

(3) The salaries, allowances and otherconditions of service of the officers and employees of the Cyber AppellateTribunal shall be such as may be prescribed by the Central Government.

57.Appeal to Cyber Appellate Tribunal: (1)Save as provided in sub-section (2), any person aggrieved by an order made byController or an adjudicating officer under this Act may prefer an appeal to aCyber Appellate Tribunal having jurisdiction in the matter.

(2) No appeal shall lie to the CyberAppellate Tribunal from an order made by an adjudicating officer with theconsent of the parties.

(3) Every appeal under sub-section (1)shall be filed within a period of forty-five days from the date on which a copyof the order made by the Controller or the adjudicating officer is received bythe person aggrieved and it shall be in such form and be accompanied by suchfee as may be prescribed:

Provided that the Cyber Appellate Tribunalmay entertain an appeal after the expiry of the said period of forty-five daysif it is satisfied that there was sufficient cause for not filing it withinthat period.

(4) On receipt of an appeal undersub-section (1), the Cyber Appellate Tribunal may, after giving the parties tothe appeal, an opportunity of being heard, pass such orders thereon as itthinks fit, confirming, modifying or setting aside the order appealed against.

(5) The Cyber Appellate Tribunal shallsend a copy of every order made by it to the parties to the appeal and to theconcerned Controller or adjudicating officer.

(6) The appeal filed before the CyberAppellate Tribunal under sub-section (1) shall be dealt with by it asexpeditiously as possible and endeavour shall be made by it to dispose of theappeal finally within six months from the date of receipt of the appeal.

58.Procedure and powers of Cyber AppellateTribunal: (1) The Cyber Appellate Tribunal shall not be bound by the procedurelaid down by the Code of Civil Procedure, 1908 (5 of 1908), but shall be guidedby the principles of natural justice and, subject to the other provisions ofthis Act and of any rules, the Cyber Appellate Tribunal shall have powers toregulate its own procedure including the place at which it shall have itssittings.

(2) The Cyber Appellate Tribunal shallhave, for the purposes of discharging its functions under this Act, the samepowers as are vested in a civil court under the Code of Civil Procedure, 1908(5 of 1908), while trying a suit, in respect of the following matters, namely:-

(a) summoning and enforcing the attendanceof any person and examining him on oath;

(b) requiring the discovery and productionof documents or other electronic records;

(d) issuing commissions for theexamination of witnesses or documents;

(e) reviewing its decisions;

(f) dismissing an application for defaultor deciding it ex parts;

(g) any other matter which may beprescribed.

(3) Every proceeding before the CyberAppellate Tribunal shall be deemed to be a judicial proceeding within themeaning of sections 193 and 228, and for the purposes of section 196 of theIndian Penal Code and the Cyber Appellate Tribunal shall be deemed to be acivil court for the purposes of section 195 and Chapter XXVI of the Code ofCriminal Procedure, 1973 (2 of 1974).

59.Right to legal representation: Theappellant may either appear in person or authorise one or more legalpractitioners or any of its officers to present his or its case before theCyber Appellate Tribunal.

60.Limitation: The provisions of theLimitation Act, 1963 (36 of 1963), shall, as far as may be, apply to an appealmade to the Cyber Appellate Tribunal.

61.Civil court not to have jurisdiction:No court shall have jurisdiction to entertain any suit or proceeding in respectof any matter which an adjudicating officer appointed under this Act isempowered by or under this Act to determine and no injunction shall be grantedby any court or other authority in respect of any action taken or to be takenin pursuance of any power conferred by or under this Act.

62.Appeal to High Court: Any personaggrieved by any decision or order of the Cyber Appellate Tribunal may file anappeal to the High Court within sixty days from the date of communication ofthe decision or order of the Cyber Appellate Tribunal to him on any question offact or law arising out of such order:

Provided that the High Court may, if it issatisfied that the appellant was prevented by sufficient cause from filing theappeal within the said period, allow it to be filed within a further period notexceeding sixty days.

63.Compounding of contraventions: (1) Anycontravention under this Chapter may, either before or after the institution ofadjudication proceedings, be compounded by the Controller or such other officeras may be specially authorised by him in this behalf or by the adjudicatingofficer, as the case may be, subject to such conditions as the Controller orsuch other officer or the adjudicating officer may specify:

Provided that such sum shall not, in anycase, exceed the maximum amount of the penalty which may be imposed under thisAct for the contravention so compounded.

(2) Nothing in sub-section (1) shall applyto a person who commits the same or similar contravention within a period ofthree years from the date on which the first contravention, committed by him,was compounded.

Explanation: – For the purposes of thissub-section, any second or subsequent contravention committed after the expiryof a period of three years from the date on which the contravention waspreviously compounded shall be deemed to be a first contravention.

(3) Where any contravention has beencompounded under sub-section (1), no proceeding or further proceeding, as thecase may be, shall be taken against the person guilty of such contravention inrespect of the contravention so compounded.

64.Recovery of penalty: A penalty imposedunder this Act, if it is not paid, shall be recovered as an arrear of landrevenue and the licence or the Digital Signature Certificate, as the case maybe, shall be suspended till the penalty is paid.

CHAPTER XI

Offences

65.Tampering with computer source documents:Whoever knowingly or intentionally conceals, destroys or alters orintentionally or knowingly causes another to conceal, destroy or alter. anycomputer source code used for a computer, computer programme, computer systemor computer network, when the computer source code is required to be kept ormaintained by law for the time being in force, shall be punishable withimprisonment up to three years, or with fine which may extend up to two lakhrupees, or with both.

Explanation: – For the purposes of thissection, "computer source code" means the listing of programmes,computer commands, design and layout and programme analysis of computerresource in any form.

66.Hacking with computer system: (1)Whoever with the intent to cause or knowing that he is likely to cause wrongfulloss or damage to the public or any person destroys or deletes or alters anyinformation residing in a computer resource or diminishes its value or utilityor affects it injuriously by any means, commits hacking.

(2) Whoever commits hacking shall bepunished with imprisonment up to three years, or with fine which may extendupto two lakh rupees, or with both.

67.Publishing of information which isobscene in electronic form: Whoever publishes or transmits or causes to bepublished in the electronic form, any materials which is lascivious or appealsto the prurient interest or if its effect is such as to tend to deprave andcorrupt persons who are likely, having regard to all relevant circumstances, toread, see or hear the matter contained or embodied in it, shall be punished onfirst conviction with imprisonment of either description for a term which mayextend to five years and with fine which may extend to one lakh rupees and inthe event of a second or subsequent conviction with imprisonment of eitherdescription for a term which may extend to ten years and also with fine whichmay extend to two lakh rupees.

68.Power of Controller to give directions:(1) The Controller may, by order, direct a Certifying Authority or any employeeof such Authority to take such measures or cease carrying on such activities asspecified in the order if those are necessary to ensure compliance with theprovisions of this Act, rules or any regulations made thereunder.

(2) Any person who fails to comply withany order under sub-section (1) shall be guilty of an offence and shall beliable on conviction to imprisonment for a term not exceeding three years or toa fine not exceeding two lakh rupees or to both.

69.Directions of Controller to asubscriber to extend facilities to decrypt information: (1) If the Controlleris satisfied that it is necessary or expedient so to do in the interest of thesovereignty or integrity of India, the security of the State, friendlyrelations with foreign States or public order or for preventing incitement tothe commission of any cognizable offence, for reasons to be recorded inwriting, by order, direct any agency of the Government to intercept anyinformation transmitted through any computer resource.

(2) The subscriber or any person inchargeof the computer resource shall, when called upon by any agency which has beendirected under sub-section (1), extend all facilities and technical assistanceto decrypt the information.

(3) The subscriber any person who fails toassist the agency referred to in sub-section (2) shall be punished with animprisonment for a term which may extend to seven years.

70.Protected system: (1) The appropriateGovernment may, by notification in the Official Gazette, declare that anycomputer, computer system or computer network to be a protected system.

(2) The appropriate Government may, byorder in writing, authorise the persons who are authorised to access protectedsystems notified under sub-section (1).

(3) Any person who secures access orattempts to secure access to a protected system in contravention of theprovisions of this section shall be punished with imprisonment of eitherdescription for a term which may extend to ten years and shall also be liableto fine.

71.Penalty for misrepresentation: Whoevermakes any misrepresentation to, or suppresses any material fact from, theController or the Certifying Authority for obtaining any licence or DigitalSignature Certificate, as the case may be, shall be punished with imprisonmentfor a term which may extend to two years, or with fine which may extend to onelakh rupees, or with both.

72.Penalty for breach of confidentialityand privacy: Save as otherwise provided in this Act or any other law for thetime being in force, any person who, in pursuance of any of the powersconferred under this Act, rules or regulations made thereunder, has securedaccess to any electronic record, book, register, correspondence, information,document or other material without the consent of the person concerneddiscloses such electronic record, book, register, correspondence, information,document or other material to any other person shall be punished withimprisonment for a term which may extend to two years, or with fine which mayextend to one lakh rupees, or with both.

73.Penalty for publishing DigitalSignature Certificate false in certain particulars: (1) No person shall publisha Digital Signature Certificate or otherwise make it available to any otherperson with the knowledge that –

(a) the Certifying Authority listed in thecertificate has not issued it; or

(b) the subscriber listed in thecertificate has not accepted it; or

unless such publication is for the purposeof verifying a digital signature created prior to such suspension orrevocation.2) Any person who contravenes the provisions of sub-section (1)shall be punished with imprisonment for a term which may extend to two years,or with fine which may extend to one lakh rupees, or with both.

74.Publication for fraudulent purpose:Whoever knowingly creates, publishes or otherwise makes available a DigitalSignature Certificate for any fraudulent or unlawful purpose shall be punishedwith imprisonment for a term which may extend to two years, or with fine whichmay extend to one lakh rupees, or with both.

75.Act to apply for offence orcontravention committed outside India: (1) Subject to the provisions ofsub-section (2), the provisions of this Act shall apply also to any offence orcontravention committed outside India by any person irrespective of hisnationality.

(2) For the purposes of sub-section (1),this Act shall apply to an offence or contravention committed outside India byany person if the act or conduct constituting the offence or contraventioninvolves a computer, computer system or computer network located in India.

76.Confiscation: Any computer, computersystem, floppies, compact disks, tape drives or any other accessories relatedthereto, in respect of which any provision of this Act, rules, orders orregulations made thereunder has been or is being contravened, shall be liableto confiscation:

Provided that where it is established tothe satisfaction of the court adjudicating the confiscation that the person inwhose possession, power or control of any such computer, computer system,floppies, compact disks, tape drives or any other accessories relating theretois found is not responsible for the contravention of the provisions of thisAct, rules, orders or regulations made thereunder, the court may, instead ofmaking an order for confiscation of such computer, computer system, floppies,compact disks, tape drives or any other accessories related thereto, make suchother order authorised by this Act against the person contravening of theprovisions of this Act, rules, orders or regulations made thereunder as it maythink fit.

77.Penalties or confiscation not tointerfere with other punishments: No penalty imposed or confiscation made underthis Act shall prevent the imposition of any other punishment to which theperson affected thereby is liable under any other law for the time being inforce.

78.Power to investigate offences:Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2of 1974), a police officer not below the rank of Deputy Superintendent ofPolice shall investigate any offence under this Act.

CHAPTER XII

Network serviceproviders not to be liable in certain cases

79.Network service providers not to beliable in certain cases: For the removal of doubts, it is hereby declared thatno person providing any service as a network service provider shall be liableunder this Act, rules or regulations made thereunder for any third partyinformation or data made available by him if he proves that the offence orcontravention was committed without his knowledge or that he had exercised alldue diligence to prevent the commission of such offence or contravention.

Explanation: – For the purposes of thissection, –

(a) "network service provider"means an intermediary;

(b) "third party information"means any information dealt with by a network service provider in his capacityas an intermediary;

CHAPTER XIII

Miscellaneous

80.Power of police officer and otherofficers to enter, search, etc.: (1) Notwithstanding anything contained in theCode of Criminal Procedure, 1973 (2 of 1974), any police officer, not below therank of a Deputy Superintendent of Police, or any other officer of the Centralgovernment or a State Government authorised by the Central Government in thisbehalf may enter any public place and search and arrest without warrant anyperson found therein who is reasonably suspected or having committed or ofcommitting or of being about to commit any offence under this Act.

Explanation: – For the purposes of thissub-section, the expression "public place" includes any publicconveyance, any hotel, any shop or any other place intended for use by, oraccessible to the public.

(2) Where any person is arrested undersub-section (1) by an officer other than a police officer, such officer shall,without unnecessary delay, take or send the person arrested before a magistratehaving jurisdiction in the case or before the officer-in-charge of a policestation.

(3) The provisions of the Code of CriminalProcedure, 1973 (2 of 1974) shall, subject to the provisions of this section,apply, so far as may be, in relation to any entry, search or arrest, made underthis section.

81.Act to have overriding effect: Theprovisions of this Act shall have affect notwithstanding anything inconsistenttherewith contained in any other law for the time being in force.

[81A. Application of theAct to electronic cheque andtruncated

cheque: (1) The provisions of this Act, for the timebeing in force, shall applyto, or inrelation to, electronic chequesand the truncated cheques subject to such modifications andamendments as may be necessaryfor carrying outthe purposes ofthe Negotiable Instruments Act,1881 (26 of 1881) by the CentralGovernment, in consultation withthe Reserve Bank of India, by notification in the Official Gazette.

(2) Every notificationmade by theCentral Government under sub-section (1)shall be laid, as soon as may be after it ismade, before each House ofParliament, while it is in session, for atotal period of thirty days whichmay be comprised in one session or in two ormore successive sessions, and if, before the expiry of the sessionimmediately following thesession or the successivesessions aforesaid, both Housesagree in making anymodification in the notification or both Houses agree that the notificationshould not be made, the notificationshall thereafter have effectonly in such modifiedform or be of no effect, as thecase may be; so, however, thatany such modification or annulment shall be without prejudice to thevalidity of anything previously done under that notification.

Explanation.-For the purposes of this Act, the expressions"electronic cheque" and "truncated cheque" shall have thesame meaning as assigned to them in section 6 of the Negotiable InstrumentsAct, 1881 (26 of 1881).]

82.Controller, Deputy Controller andAssistant Controllers to be public servants: The Presiding Officer and otherofficers and employees of a Cyber Appellate Tribunal, the Controller, theDeputy Controller and the Assistant Controllers shall be deemed to be publicservants within the meaning of section 21 of the Indian Penal Code (45 of1860).

83.Power to give directions: The CentralGovernment may give directions to any State Government as to the carrying intoexecution in the State of any of the provisions of this Act or of any rule,regulation or order may thereunder.

84.Protection of action taken in goodfaith: No suit, prosecution or other legal proceeding shall lie against theCentral Government, the State Government, the Controller or any person actingon behalf of him, the Presiding Officer, adjudicating officers and the staff ofthe Cyber Appellate Tribunal for anything which is in good faith done orintended to be done in pursuance of this Act or any rule, regulation or ordermade thereunder.

85.Offences by companies: (1) When aperson committing a contravention of any of the provision of any of theprovisions of this Act or of any rule, direction or order made thereunder in acompany, every person who, at the time the contravention was committed, was incharge of, and was responsible to, the company for the conduct of a business ofthe company as well as the company, shall be guilty of the contravention andshall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in thissub-section shall render any such person liable to punishment if he proves thatthe contravention took place without his knowledge or that he exercised all duediligence to prevent such contraventions.

(2) Notwithstanding anything contained insub-section (1), where a contravention of any of the provisions of this Act orof any rule, direction or order made thereunder has been committed by a companyand it is proved that the contravention has taken place with the consent orconnivance of, or is attributable to any neglect on the part of, any director,manager, secretary or other officer of the company, such director, manager,secretary or other officer shall also be deemed to be guilty of thecontravention and shall be liable to be proceeded against and punishedaccordingly.

Explanation: – For the purposes of this,section, –

(i) "company" means any bodycorporate and includes a firm or other association of individuals; and

(ii) "director", in relation toa firm means a partner in the firm.

86.Removal of difficulties: (1) If anydifficulty arises in giving effect to the provisions of this Act, the CentralGovernment may, by order published in the Official Gazette, make suchprovisions not inconsistent with the provisions of this Act as appear to it tobe necessary or expedient for removing the difficulty.

Provided that no order shall be made underthis section after the expiry of a period of two years from the commencement ofthis Act.

(2) Every order made under this sectionshall be laid, as soon as may be after it is made, before each House ofParliament.

87.Power of Central Government to makerules: (1) The Central Government may, by notification in the Official Gazetteand in the Electronic Gazette make rules to carry out the provisions of thisAct.

(2) In particular, and without prejudiceto the generality of the foregoing power, such rules may provide for all or anyof the following matters, namely: –

(a) the manner in which any information ormatter may be authenticated by means of digital signature under section 5;

(b) the electronic form in which filing,issue, grant or payment shall be effected under sub-section (1) of section 6;

(c) the manner and format in whichelectronic records shall be filed, or issued and the method of payment undersub-section (2) of section 6;

(d) the matters relating to the type ofdigital signature, manner and format in which it may be affixed under section10;

(e) the security procedure for the purposeof creating secure electronic record and secure digital signature under section16;

(f) the qualifications, experience andterms and conditions of service of Controller, Deputy Controllers and AssistantControllers under section 17;

(g) other standards to be observed by theController under clause (b) of subsection (2) of section 20;

(h) the requirements which an applicantmust fulfill under sub-section (2) of section 21;

(i) the period of validity of licencegranted under clause (a) of sub-section (3) of section 21;

(j) the form in which an application forlicence may be made under sub-section (1) of section 22;

(k) the amount of fees payable underclause (c) of sub-section (2) of section 22;

(l) such other documents which shallaccompany an application for licence under clause (d) of sub-section (2) ofsection 22;

(m) the form and the fee for renewal of alicence and the fee payable thereof under section 23;

(n) the form in which application forissue of a Digital Signature Certificate made under sub-section (1) of section35;

(o) the fee to be paid to the CertifyingAuthority for issue of a Digital Signature Certificate under sub-section (2) ofsection 35;

(p) the manner in which the adjudicatingofficer shall hold inquiry under subsection (1) of section 46;

(q) the qualification and experience whichthe adjudicating officer shall possess under sub-section (3) of section 46;

(r) the salary, allowances and the otherterms and conditions of service of the Presiding Officer under section 52;

(s) the procedure for investigation ofmisbehaviour or incapacity of the Presiding Officer under sub-section (3) ofsection 54;

(t) the salary and allowances and otherconditions of service of other officers and employees under sub-section (3) ofsection 56;

(u) the form in which appeal may be filedand the fee thereof under subsection (3) of section 57;

(v) any other power of civil courtrequired to be prescribed under clause (g) of sub-section (2) of section 58;and

(w) any other matter which is required tobe, or may be, prescribed.

(3) Every notification made by the CentralGovernment under clause (f) of subsection (4) of section 1 and every rule madeby it shall be laid, as soon as may be after it is made, before each House ofParliament, while it is in session, for a total period of thirty days which maybe comprised in one session or in two or more successive sessions, and if,before the expiry of the session immediately following the session or thesuccessive sessions aforesaid, both Houses agree in making any modification inthe notification or the rule or both Houses agree that the notification or therule should not be made, the notification or the rule shall thereafter haveeffect only in such modified form or be of no effect, as the case may be; so,however, that any such modification or annulment shall be without prejudice tothe validity of anything previously done under that notification or rule.

88.Constitution of Advisory Committee: (1)The Central Government shall, as soon as may be after the commencement of thisAct, constitute a Committee called the Cyber Regulations Advisory Committee.

(2) The Cyber Regulations AdvisoryCommittee shall consist of a Chairperson and such number of other official andnon-official members representing the interests principally affected or havingspecial knowledge of the subject-matter as the Central Government may deem fit.

(3) The Cyber Regulations AdvisoryCommittee shall advise –

(a) the Central Government eithergenerally as regards any rules or for any other purpose connected with thisAct;

(b) the Controller in framing theregulations under this Act.

(4) There shall be paid to thenon-official members of such Committee such travelling and other allowances asthe Central Government may fix.

89.Power of Controller to makeregulations: (1) The Controller may, after consultation with the CyberRegulations Advisory Committee and with the previous approval of the CentralGovernment, by notification in the Official Gazette, make regulationsconsistent with this Act and the rules made thereunder to carry out thepurposes of this Act.

(2) In particular, and without prejudiceto the generality of the foregoing power, such regulations may provide for allor any of the following matters, namely: –

(a) the particulars relating tomaintenance of data-base containing the disclosure record of every CertifyingAuthority under clause (m) of section 18;

(b) the conditions and restrictionssubject to which the Controller may recognise any foreign Certifying Authorityunder sub-section (1) of section 19;

(d) other standards to be observed by aCertifying Authority under clause (d) of section 30;

(e) the manner in which the CertifyingAuthority shall disclose the matters specified in sub-section (1) of section34;

(f) the particulars of statement whichshall accompany an application under sub-section (3) of section 35;

(g) the manner in which the subscribershall communicate the compromise of private key to the certifying Authorityunder sub-section (2) of section 42.

(3) Every regulation made under this Actshall be laid, as soon as may be after it is made, before each House ofParliament, while it is in session, for a total period of thirty days which maybe comprised in one session or in two or more successive sessions, and if,before the expiry of the session immediately following the session or thesuccessive sessions aforesaid, both Houses agree in making any modification inthe regulation or both Houses agree that the regulation should not be made, theregulation shall thereafter have effect only in such modified form or be of noeffect, as the case may be; so, however, that any such modification orannulment shall be without prejudice to the validity of anything previouslydone under that regulation.

90.Power of State Government to makerules: (1) The State Government may, by notification in the Official Gazette,make rules to carry out the provisions of this Act.

(2) In particular, and without prejudiceto the generality of the foregoing power, such rules may provide for all or anyof the following matters, namely: –

(a) the electronic form in which filing,issue, grant receipt or payment shall be effected under sub-section (1) ofsection 6;

(b) for matters specified in sub-section(2) of section 6;

(3) Every rule made by the StateGovernment under this section shall be laid, as soon as may be after it ismade, before each House of the State Legislature where it consists of twoHouses, or where such Legislature consists of one House, before that House.

91.Amendment of Act 45 of 1860: The IndianPenal Code shall be amended in the manner specified in the First Schedule tothis Act.

92.Amendment of Act 1 of 1872: The IndianEvidence Act, 1872 shall be amended in the manner specified in the SecondSchedule to this Act.

93.Amendment of Act 18 of 1891: TheBankers’ Books Evidence Act, 1891 shall be amended in the manner specified inthe Third Schedule to this Act.

94.Amendment of Act 2 of 1934: The ReserveBank of India Act, 1934 shall be amended in the manner specified in the FourthSchedule to this Act.

THE FIRST SCHEDULE

(See section 91)

Amendments to theIndian Penal Code (45 of 1860)

1. After section 29, the following sectionshall be inserted, namely: –

"29A.Electronic record: The words "electronic record" shall havethe meaning assigned to them in clause (t) of sub-section (1) of section 2 ofthe Information Technology Act, 2000 ".

2. In section 167, for the words"such public servant, charged with the preparation or translation of anydocument, frames or translates that document", the words "such publicservant, charged with the preparation or translation of any document orelectronic record, frames, prepares or translates that document or electronicrecord" shall be substituted.

3. In section 172, for the words"produce a document in a Court of Justice", the words "produce adocument or an electronic record in a Court of Justice" shall besubstituted.

4. In section 173, for the words "toproduce a document in a Court of Justice", the words "to produce adocument or electronic record in a Court of Justice" shall be substituted.

5. In section 175, for the word"document" at both the places where it occurs, the words"document or electronic record" shall be substituted.

6. In section 192, for the words"makes any false entry in any book or record, or makes any documentcontaining a false statement", the words "makes any false entry inany book or record, or electronic record or makes any document or electronicrecord containing a false statement" shall be substituted.

7. In section 204, for the word"document" at both the places where it occurs, the words"document or electronic record" shall be substituted.

8. In section 463, for the words"Whoever makes any false documents or part of a document with intent tocause damage or injury", the words "Whoever makes any false documentsor false electronic record or part of a document or electronic record, withintent to cause damage or injury" shall be substituted.

9. In section 464, –

(a) for the portion beginning with thewords "A person is said to make a false document" and ending with thewords "by reason of deception practiced upon him, he does not know thecontents of the document or the nature of the alteration", the followingshall be substituted, namely: –

"A person is said to make a falsedocument or false electronic record –

First -Who dishonestly or fraudulently –

(a) makes, signs, seals or executes adocument or part of a document;

(b) makes or transmits any electronicrecord or part of any electronic record;

(d) makes any mark denoting the executionof a document or the authenticity of the digital signature;

with the intention of causing it to bebelieved that such document or part of document, electronic record or digitalsignature was made, signed, sealed, executed, transmitted or affixed by or bythe authority of a person by whom or by whose authority he knows that it wasnot made, signed, sealed, executed or affixed; or

Secondly -Who, without lawful authority,dishonestly or fraudulently, by cancellation or otherwise, alters a document oran electronic record in any material part thereof, after it has been made, executedor affixed with digital signature either by himself or by any other person,whether such person be living or dead at the time of such alteration; or

Thirdly -Who dishonestly or fraudulentlycauses any person to sign, seal, execute or alter a document or an electronicrecord or to affix his digital signature on any electronic record knowing thatsuch person by reason of unsoundness of mind or intoxication cannot, or that byreason of deception practiced upon him, he does not know the contents of thedocument or electronic record or the nature of the alteration";

(b) after Explanation 2, the followingExplanation shall be inserted at the end, namely:-

‘Explanation 3: – For the purposes of thissection, the expression "affixing digital signature" shall have themeaning assigned to it in clause (d) of sub-section (1) of section 2 of theInformation Technology Act, 2000’.

10. In section 466, –

(a) for the words "Whoever forges adocument", the words "Whoever forges a document or an electronicrecord" shall be substituted;

(b) the following Explanation shall beinserted at the end, namely: –

‘Explanation: – For the purposes of thissection, "register" includes any list, data or record of any entriesmaintained in the electronic form as defined in clause (r) of sub-section (1)of section 2 of the Information Technology Act, 2000’.

11. In section 468, for the words"document forged", the words "document or electronic recordforged" shall be substituted.

12. In section 469, for the words"intending that the document forged", the words "intending thatthe document or electronic record forged" shall be substituted.

13. In section 470, for the word"document" in both the places where it occurs, the words"document or electronic record" shall be substituted.

14.In section 471, for the word "document" wherever it occurs,the words "document or electronic record" shall be substituted.

15. In section 474, for the portionbeginning with the words "Whoever has in his possession any document"and ending with the words "if the document is one of the descriptionmentioned in section 466 of this Code", the following shall besubstituted, namely: –

"Whoever has in his possession anydocument or electronic record, knowing the same to be forged and intending thatthe same shall fraudulently or dishonestly be used as a genuine, shall, if thedocument or electronic record is one of the description mentioned in section466 of this code".

16. In section 476, for the words"any document", the words "any document or electronicrecord" shall be substituted.

17. In section 477A, for the words"book, paper, writing" at both the places where they occur, the words"book, electronic record, paper, writing, shall be substituted.

THE SECOND SCHEDULE

(See section 92)

Amendments to theIndian Evidence Act, 1872 (1 of 1872)

1. In section 3, –

(a) in the definition of"Evidence", for the words "all documents produced for theinspection of the Court", the words "all documents includingelectronic records produced for the inspection of the Court" shall besubstituted;

(b) after the definition of"India", the following shall be inserted, namely: –

‘the expressions "CertifyingAuthority", "digital signature", "Digital SignatureCertificate", "electronic form", "electronic records","information", "secure electronic record", "securedigital signature" and "subscriber" shall have the meaningsrespectively assigned to them in the Information Technology Act, 2000’.

2. In section 17, for the words "oralor documentary", the words "oral or documentary or contained inelectronic form, shall be substituted.

3. After section 22, the following sectionshall be inserted namely: –

"22A. When oral admission as tocontents of electronic records are relevant: Oral admissions as to the contentsof electronic records are not relevant, unless the genuineness of theelectronic record produced is in question".

4. In section 34, for the words"Entries in the books of account", the words "Entries in thebooks of account, including those maintained in an electronic form" shallbe substituted.

5. In section 35, for the word"record", in both the places where it occurs, the words "recordor an electronic record" shall be substituted.

6. For section 39, the following sectionshall be substituted, namely: –

"39. What evidence to be given whenstatement forms part of a conversation, document, electronic record, book orseries of letters or papers: When any statement of which evidence is givenforms part of a longer statement, or of a conversation or part of an isolateddocument, or is contained in a document which forms part of a book, or iscontained in part of electronic record or of a connected series of letters orpapers, evidence shall be given of so much and no more of the statement,conversation, document, electronic record, or series of letters or papers asthe Court, considers necessary in that particular case to the fullunderstanding of the nature and effect of the statement, and of thecircumstances under which it was made".

7. After section 47, the following sectionshall be inserted, namely: –

"47A. Opinion as to digital signaturewhere relevant: When the Court has to form an opinion as to the digitalsignature of any person, the opinion of the Certifying Authority which hasissued the Digital Signature Certificate is a relevant fact".

8. In section 59, for the words"contents of documents" the words "contents of documents orelectronic records" shall be substituted.

9. After section 65, the followingsections shall be inserted, namely: –

’65A. Special provisions as to evidencerelating to electronic record: The contents of electronic records may be provedin accordance with the provisions of section 65B.

65B. Admissibility of electronic records:(1) Notwithstanding anything contained in this Act, any information containedin an electronic record which is printed on a paper, stored, recorded or copiedin optical or magnetic media produced by a computer (hereinafter referred to asthe computer output) shall be deemed to be also a document, if the conditionsmentioned in this section are satisfied in relation to the information andcomputer in question and shall be admissible in any proceedings, withoutfurther proof or production of the original, as evidence of any contents of theoriginal or of any fact stated therein of which direct evidence would beadmissible.

(2) The conditions referred to insub-section (1) in respect of a computer output shall be the following, namely:-

(a) the computer output containing theinformation was produced by the computer during the period over which thecomputer was used regularly to store or process information for the purposes ofany activities regularly carried on over that period by the person havinglawful control over the use of the computer;

(b) during the said period, information ofthe kind contained in the electronic record or of the kind from which theinformation so contained is derived was regularly fed into the computer in theordinary course of the said activities;

(c) throughout the material part of thesaid period, the computer was operating properly or, if not, then in respect ofany period in which it was not operating properly or was out of operationduring that part of the period, was not such as to affect the electronic recordor the accuracy of its contents; and

(d) the information contained in theelectronic record reproduces or is derived from such information fed into thecomputer in the ordinary course of the said activities.

(3) Where over any period, the function ofstoring or processing information for the purposes of any activities regularlycarried on over that period as mentioned in clause (a) of sub-section (2) wasregularly performed by computers, whether –

(a) by a combination of computersoperating over that period; or

(b) by different computers operating insuccession over that period; or

(d) in any other manner involving thesuccessive operation over that period, in whatever order, of one or morecomputers and one or more combinations of computers,

all the computers used for that purposeduring that period shall be treated for the purposes of this section asconstituting a single computer; and references in this section to a computershall be construed accordingly.

(4) In any proceedings where it is desiredto give a statement in evidence by virtue of this section, a certificate doingany of the following things, that is to say, –

(a) identifying the electronic recordcontaining the statement and describing the manner in which it was produced;

(b) giving such particulars of any deviceinvolved in the production of that electronic record as may be appropriate forthe purpose of showing that the electronic record was produced by a computer;.

and purporting to be signed by a personoccupying a responsible official position in relation to the operation of therelevant device or the management of the relevant activities (whichever isappropriate) shall be evidence of any matter stated in the certificate; and forthe purposes of this sub-section it shall be sufficient for a matter to bestated to the best of the knowledge and belief of the person stating it.

(5) For the purposes of this section, –

(a) information shall be taken to besupplied to a computer if it is supplied thereto in any appropriate form andwhether it is so supplied directly or (with or without human intervention) bymeans of any appropriate equipment;

(b) whether in the course of activitiescarried on by any official, information is supplied with a view to its beingstored or processed for the purposes of those activities by a computer operatedotherwise than in the course of those activities, that information, if dulysupplied to that computer, shall be taken to be supplied to it in the course ofthose activities;

(c) a computer output shall be taken tohave been produced by a computer whether it was produced by it directly or(with or without human intervention) by means of any appropriate equipment.

Explanation: – For the purposes of thissection any reference to information being derived from other information shallbe a reference to its being derived therefrom by calculation, comparison or anyother process’.

10. After section 67, the followingsection shall be inserted, namely: –

"67A. Proof as to digital signature:Except in the case of a secure digital signature, if the digital signature ofany subscriber is alleged to have been affixed to an electronic record the factthat such digital signature is the digital signature of the subscriber must beproved".

11. After section 73, the followingsection shall be inserted, namely: –

’73A. Proof as to verification of digitalsignature: In order to ascertain whether a digital signature is that of theperson by whom it purports to have been affixed, the Court may direct –

(a) that person or the Controller or theCertifying Authority to produce the Digital Signature Certificate;

(b) any other person to apply the publickey listed in the Digital Signature Certificate and verify the digitalsignature purported to have been affixed by that person.

Explanation: For the purposes of thissection, "Controller" means the Controller appointed undersub-section (1) of section 17 of the Information Technology Act, 2000′.

12. Presumption as to Gazettes inelectronic forms: After section 81, the following section shall be inserted,namely: –

"81 A. The Court shall presume the genuineness ofevery electronic record purporting to be the Official Gazette, or purporting tobe electronic record directed by any law to be kept by any person, if suchelectronic record is kept substantially in the form required by law and isproduced from proper custody".

13. Presumption as to electronicagreements: After section 85, the following sections shall be inserted, namely:-

"85A. The Court shall presume thatevery electronic record purporting to be an agreement containing the digitalsignatures of the parties was so concluded by affixing the digital signature ofthe parties.

85B. Presumption as to electronic recordsand digital signatures: (1) In any proceedings involving a secure electronicrecord, the Court shall presume unless contrary is proved, that the secureelectronic record has not been altered since the specific point of time towhich the secure status relates.

(2) In any proceedings, involving securedigital signature, the Court shall presume unless the contrary is proved that –

(a) the secure digital signature isaffixed by subscriber with the intention of signing or approving the electronicrecord;

(b) except m the case of a secureelectronic record or a secure digital signature, nothing in this section shallcreate any presumption relating to authenticity and integrity of the electronicrecord or any digital signature.

85C. Presumption as to Digital SignatureCertificates: The Court shall presume, unless contrary is proved, that theinformation listed in a Digital Signature Certificate is correct, except forinformation specified as subscriber information which has not been verified, ifthe certificate was accepted by the subscriber".

14. Presumption as to electronic messages:After section 88, the following section shall be inserted, namely: –

’88A. The Court may presume that anelectronic message forwarded by the originator through an electronic mailserver to the addressee to whom the message purports to be addressedcorresponds with the message as fed into his computer for transmission; but theCourt shall not make any presumption as to the person by whom such message wassent.

Explanation: – For the purposes of thissection, the expression "addressee" and "originator" shallhave the same meanings respectively assigned to them in clauses (b) and (za) ofsub-section (1) of section 2 of the Information Technology Act, 2000′.

15. Presumption as to electronic recordsfive years old: After section 90, the following section shall be inserted,namely: –

"90A. Where any electronic record,purporting or proved to be five years old, is produced from any custody whichthe Court in the particular case considers proper, the Court may presume thatthe digital signature which purports to be the digital signature of anyparticular person was so affixed by him or any person authorised by him in thisbehalf.

Explanation: – Electronic records are saidto be in proper custody if they are in the place in which, and under the careof the person with whom, they naturally be; but no custody is improper if it isproved to have had a legitimate origin, or the circumstances of the particularcase are such as to render such an origin probable.

This Explanation applies also to section81 A".

16. For section 131, the following sectionshall be substituted, namely: –

"131. Production of documents orelectronic records which another person, having possession, could refuse toproduce: No one shall be compelled to produce documents in his possession orelectronic records under his control, which any other person would be entitledto refuse to produce if they were in his possession or control, unless suchlast-mentioned person consents to their production".

THE THIRD SCHEDULE

(See section 93)

Amendments to theBankers’ Books Evidence Act 1891 (18 of 1891)

1. In section 2, –

(a) for clause (3), the following clauseshall be substituted, namely: –

‘(3) "bankers’ books" includeledgers, day-books, cash-books, account-books and all other books used in theordinary business of a bank whether kept in the written form or as printouts ofdata stored" m a floppy, disc, tape or any other forms ofelectronic-magnetic data storage device;

(b) for clause (8), the following clauseshall be substituted, namely: –

‘(8) "certified copy" means whenthe books of a bank, –

(a) are maintained in written form, 3 copyof any entry In such books together with a certificate written at the foot ofsuch copy that it is a true copy of such entry, that such entry is contained inone of the ordinary books of the bank and was made in the usual and ordinarycourse of business and that such book is still in the custody of the bank, andwhere the copy was obtained by a mechanical or other process which in itselfensured the accuracy of the copy, a further certificate to that effect, but wherethe book from which such copy was prepared has been destroyed in the usualcourse of the bank’s business after the date on which the copy has been soprepared, a further certificate to that effect, each such certificate beingdated and subscribed by the principal accountant or manager of the bank withhis name and official title; and

(b) consist of printouts of data stored ina floppy, disc, tape or any other electromagnetic data storage device, aprintout of such entry or a copy of such printout together with such statementscertified in accordance with the provisions of section 2A’.

2. After section 2, the following sectionshall be inserted, namely: –

"2A. Conditions in the printout: Aprintout of entry or a copy of printout referred to in sub-section (8) ofsection 2 shall be accompanied by the following, namely: –

(a) a certificate to the effect that it isa printout of such entry or a copy of such printout by the principal accountantor branch manager; and

(b) a certificate by a person in-charge ofcomputer system containing a brief description of the computer system and theparticulars of –

(A) the safeguards adopted by the systemto ensure that data is entered or any other operation performed only byauthorised persons;

(B) the safeguards adopted to prevent anddetect unauthorised change of data;

(D) the manner in which data istransferred from the system to removable media like floppies, discs, tapes orother electro-magnetic data storage devices;

(E) the mode of verification in order toensure that data has been accurately transferred to such removable media;

(F) the mode of identification of suchdata storage devices;

(G) the arrangements for the storage andcustody of such storage devices;

(H) the safeguards to prevent and detectany tampering with the system; and

(I) any other factor which will vouch forthe integrity and accuracy of the system.

(c) a further certificate from the personin-charge of the computer system to the effect that to the best of hisknowledge and belief, such computer system operated properly at the materialtime, he was provided with ad the relevant data and the printout in questionrepresents correctly, or is appropriately derived from, the relevantdata".

THE FOURTH SCHEDULE

(See section 94)

Amendment to the Reserve Bank of IndiaAct, 1934 (2 of 1934)

In the Reserve Bank of India Act, 1934, insection 58, in sub-section (2), after clause (p), the following clause shall beinserted, namely: –

"(pp) the regulation of fund transferthrough electronic means between the banks or between the banks and otherfinancial institutions referred to in clause (c) of section 45-1, including thelaying down of the conditions subject to which banks and other financialinstitutions shall participate in such fund transfers, the manner of such fundtransfers and the rights and obligations of the participants in such fundtransfers,".

INFORMATION TECHNOLOGY ACT 2000

Search Judgments

LATEST UPDATES

CATEGORIES

INFORMATION TECHNOLOGY ACT 2000

Related

Search Judgments

LATEST UPDATES

CATEGORIES