Information Technology Act, 2000
India's primary cyber law — digital signatures, cybercrimes and penalties, online fraud, intermediary liability, social media rules, data protection, and IT Rules 2021.
💻 Background
The Information Technology Act, 2000 was enacted on 17 October 2000 based on the UNCITRAL Model Law on Electronic Commerce. Amended significantly in 2008 (adding cyber terrorism, data protection, intermediary liability), it provides legal recognition for electronic transactions, digital/electronic signatures, and defines cybercrimes with penalties. The IT (Intermediary Guidelines) Rules, 2021 govern social media platforms, messaging apps, and digital news media.
🔐 Digital & Electronic Signatures
📝 Digital Signature (Sec 3)
Uses asymmetric cryptography (public-private key pair). Issued by licensed Certifying Authorities (CAs). Required for e-filing with government, company registration, patent filing, e-tendering.
✅ Electronic Signature (Sec 3A)
Added by 2008 amendment. Broader — includes Aadhaar e-Sign, biometric authentication. Legally equivalent to physical signature. Used for e-KYC, e-contracts, digital agreements.
🚨 Cybercrimes & Penalties
- 🔴 Hacking (Sec 66): Unauthorized access to computer system — imprisonment up to 3 years or fine up to ₹5 lakh
- 🔴 Identity Theft (Sec 66C): Fraudulently using another person's electronic signature, password, or unique identification — up to 3 years and ₹1 lakh fine
- 🔴 Cheating by Personation (Sec 66D): Using computer resource to cheat — up to 3 years and ₹1 lakh fine. Covers phishing, fake profiles for fraud
- 🔴 Data Theft (Sec 43): Unauthorized access, download, copy, extract data — compensation up to ₹5 crore (civil). Combined with Sec 66 for criminal prosecution
- 🔴 Cyber Terrorism (Sec 66F): Accessing protected system with intent to threaten national security — life imprisonment
- 🔴 Publishing Obscene Content (Sec 67): Up to 3 years (first offence), 5 years (subsequent). Child pornography (Sec 67B): up to 5-7 years
🌐 Intermediary Liability & IT Rules 2021
🛡️ Safe Harbour (Sec 79)
Intermediaries (platforms) not liable for third-party content if they exercise due diligence and follow takedown procedures. Must remove content within 36 hours of government order.
📱 Significant Social Media
Platforms with 50 lakh+ registered users in India must: appoint Chief Compliance Officer, Nodal Contact Person, and Resident Grievance Officer (all in India). Monthly compliance reports mandatory.
🔍 Traceability
Messaging platforms must identify the first originator of information when required by court order or government (for offences punishable with 5+ years). Specific to messaging — not general social media.
📋 Grievance Mechanism
All intermediaries must have a grievance officer. Acknowledge complaint in 24 hours. Resolve within 15 days (content complaints) or 72 hours (specific violations like nudity, impersonation).
📋 Reporting Cyber Crime
- 🌐 National Cybercrime Portal: cybercrime.gov.in — report online financial fraud, social media crimes, cyber stalking. Track complaint status online
- 📞 Helpline 1930: National cyber fraud helpline for immediate reporting of financial fraud. Helps in freezing fraudulently transferred funds
- 🏛️ Cyber Cell: Every state has a dedicated cyber crime cell/police station. FIR can be filed at any police station (zero FIR)
- ⏰ Golden Hour: Report financial fraud within minutes of discovering it. Banks must freeze the suspect account within hours if reported quickly via 1930
⚠️ Disclaimer
This page is for educational and informational purposes only and does not constitute legal, tax, or financial advice. While we strive for 100% accuracy, laws and regulations change frequently. Always refer to the official gazette notifications, consult a qualified Chartered Accountant (CA), Company Secretary (CS), or legal professional before making any financial or legal decisions. Tenhash is not responsible for any actions taken based on this information. Last reviewed: March 2026.