IT Act 2000: Objectives, Features, Amendments, Sections, Offences and Penalties

Mayashree Aacharya
Over the past decade, the rise of technology and electronic commerce has led to a surge in
cybercrimes and data-related offences in India. As per the latest news by a renowned paper
house, the cybercrime cases increased from 3,693 in 2012 to 65,893 in 2022, recording the
highest spike rate. The situation became alarming as even data crucial to national security and
integrity was at risk. In response, the government opted to regulate activities on electronic
mediums and the data stored therein.
Thus, the Information Technology Act or IT Act 2000 was introduced. In this article, we will
provide a comprehensive overview of this Act, highlighting all the associated factors that you
need to know.
What Is the Information Technology Act 2000?
A legal framework proposed by the Indian Parliament, the Informational Technology Act of
2000, is the primary legislation in India dealing with cybercrime and electronic commerce. It
was formulated to ensure the lawful conduct of digital transactions and the reduction of cyber
crimes, on the basis of the United Nations Model Law on Electronic Commerce 1996
(UNCITRAL Model). This legal framework, also known as IT Act 2000, comes with 94
sections, divided into 13 chapters and 2 schedules.
When IT Act 2000 Came Into Effect?
The bill of this law was passed in the Budget by a group of Parliament members, headed by
the then Minister of Information Technology and signed by the President on 9 May 2000. It
finally came into effect on October 17, imposing restrictions on all individuals regardless of
their nationality and geographic location.
Importance of IT Act 2000
Read the pointers highlighted below to understand the importance of formulating Information
Technology Act 2000:
 The Act provides legal recognition to electronic records, resulting in the growth of e-
commerce and digital transactions in India.
 It has established electronic signatures as the legal equivalent of physical signatures.
 The formulation of this act has come up with the establishment of the Controller of
Certifying Authorities (CCA), a government body that is responsible for issuing and
maintaining the security of digital signatures as well as certificates.
 The Act has made it mandatory for companies to obtain consent from consumers when
it comes to collecting or using their personal information.
 With the Act becoming effective, individuals have the right to seek compensation in
case of damage or misuse of their personal data by an unauthorised party.
 Through the Act, the Government of India can criminalise cybercrime, hacking and
spreading of computer viruses.
 The Information Technology Act 2000 also authorised the establishment of the Cyber
Appellate Tribunal, a specialised official body hired to address the appeals against
orders passed by Adjudicating Officers under the Act.
  It contains provisions that safeguard the critical information infrastructure, including
communication networks and power grids.
Objectives of the Information Technology Act 2000
 The following are the main objectives of the Information Technology Act of 2000 that
you should know:
 Promote efficient delivery of government services electronically or facilitate digital
transactions between firms and regular individuals
 Impose penalties upon cybercrimes like data theft, identity theft, cyberstalking and so
on, in order to create a secure cyber landscape
 Formulate rules and regulations that monitor the cyber activity and electronic mediums
of communication and commerce
 Promote the expansion and foster innovation and entrepreneurship in the Indian
IT/ITES sector
Features of the Information Technology Act 2000
Take a look at the salient features of the Information Technology Act 2000:
 The provisions of this Act are implemented by the Central Government to regulate
electronic commerce and penalise cybercrime.
 The Act states the roles and responsibilities of intermediaries as well as conditions
under which their liability can be exempted.
 The Information Technology Act is associated with CERT-In (Indian Computer
Emergency Response Team), a nodal agency that is responsible for cybersecurity and
cyber incident response.
 There have been 2 amendments associated with this Act, addressing the technological
advancements, implementability concerns and anomalies.
IT Act 2000 and Its Amendments
As technology evolved over time, the Indian Parliament recognized the need to revise the Act
in order to align it with societal needs, resulting in its amendment. Two significant amendments
were made to the IT Act 2000 that you should know about.
1. Amendment of 2008
The 2008 amendment came up with modifications to Section 66A of the IT Act, 2000. The
section outlined penalties for sharing offensive messages electronically. This includes any
message or information that incited hatred or compromised the integrity and security of the
nation. However, the lack of clarity in defining 'offensive' messages led to unnecessary
punishment of several individuals, ultimately resulting in the striking down of the section.
2. Amendment Bill 2015
In 2015, another bill was initiated to amend Section 66A with the aim of safeguarding the
fundamental rights guaranteed to citizens by the country's Constitution. This was later
accomplished by declaring it as violative of Article 19 of the Constitution.
Digital Signature Under IT Act 2000
The Information Technology Act 2000 includes provisions that legally introduce the use of
digital signatures for submitting crucial documents online, ensuring their security and
authenticity. The Act further mandates all companies/LLPs under the MCA21 e-Governance
programme to utilise digital signatures for document filing.
Electronic Governance Under IT Act 2000
Electronic Governance or E-Governance involves the application of legal rules and regulations
for managing, controlling, and administering government processes that are conducted through
electronic means. Keep reading to find out how electronic governance is dealt with under the
Information Technology Act 2000:
 Section 4: This Section grants legal recognition to electronic records, making it an
equivalent of paper-based documents.
 Section 5: In Section 5 of the Indian IT Act, 2000, digital signatures get equal legal
recognition as handwritten signatures. However, the authentication of these digital
signatures is determined by the Central Government.
 Section 6: Eliminating red tapism, Section 6 promotes use of the electronic records and
digital signatures by all agencies of the Indian Government. This involves online filing
of documents, issuance of licences/approvals electronically and digital receipt/payment
of money.
 Section 7: This Section authorises the retention of electronic records for fulfilment of
legally retaining records.
IT Act 2000 Sections
The Information Technology Act 2000 has 94 sections focusing on the regulation of electronic
exchanges. These sections collectively establish a comprehensive framework for electronic
governance, digital signatures, and the legal recognition of electronic records. All these
sections play a crucial role in facilitating the use of digital technologies in governance.
Section 43 of IT Act 2000
Section 43 of Chapter IX of the IT Act, 2000 outlines various actions for which a penalty is
imposed if done without permission from the person in charge of the computer system. These
actions are discussed below.
 Access information from the system
 Download or copy data with proper authorisation
 Introduce virus or other malicious software into the system
 Cause damage to a computer network or database
 Prevent an authorised user from accessing the system
 Assist others in breaching the provisions of the law
 Charge someone for services they have not utilised
 Alter or remove information to reduce its value or cause harm
 Steal or mess with the code that makes a computer program work
Section 66 of IT Act 2000
If an individual engages in any action outlined in Section 43 with dishonest or fraudulent intent,
he/she shall be subject to punishment. As per Section 66 of the IT Act 2000, this punishment
may include imprisonment for a period of up to 3 years, a fine of up to Rs. 5 lakh, or both.
Section 66A of IT Act 2000
The Information Technology Act of 2000 was amended to introduce a new section, Section
66A in order to address instances of cybercrime arising from the emergence of technology and
the internet. This section imposes penalties for sending offensive messages through
communication services.
As per this section, a person will face punishment in the following scenarios:
 Sending information that is highly offensive or has a menacing character
 Using a computer resource or communication device to send false information with the
intent of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred, or ill will
 Sending any electronic mail or message with the intention of causing annoyance,
inconvenience, deception, or misleading the recipient
Section 66B of IT Act 2000
Section 66B outlines the punishment for dishonestly receiving stolen computer resources or
communication devices. As per this section, anyone who knowingly receives or retains any
stolen computer resource or communication device shall be liable to imprisonment for up to 3
years, or a fine of up to Rs. 1 lakh, or both.
Section 67A of the IT Act 2000
Section 67A deals with the punishment for publishing or sharing material containing sexually
explicit acts in electronic form. On 1st conviction, individuals who publish such material shall
face imprisonment for up to 5 years and a fine of up to Rs. 10 lakh. In the event of a 2nd or
subsequent conviction, the punishment may extend to imprisonment for up to 7 years and a
fine of up to Rs. 10 lakh.
Offences and Penalties Under IT Act 2000
There are provisions in the Information Technology Act 2000 that outline different offences
and penalties related to the misuse of technology and electronic communication. Let us take a
look:
Section Offence Penalty
Tampering documents stored within a computer Imprisonment of 3 years or a fine
Section 65
system of Rs. 2 lakhs or both
Offences associated with computers or any act Imprisonment of 3 years or a fine
Section 66
outlined in Section 43 that extends to Rs. 5 lakhs or both
Dishonestly receiving a stolen computer source or Imprisonment for 3 years or a fine
Section 66B
device of Rs. 1 lakh or both
Imprisonment of 3 years or a fine
Section 66C Identity theft
of Rs. 1 lakh or both
 Either imprisonment for 3 years
Section 66D Cheating by personation
or a fine of Rs. 1 lakh or both
Either imprisonment up to 3 years
Section 66E Invading privacy
or a fine of Rs. 2 lakhs or both
Section 66F Cyber terrorism Life imprisonment
Sending explicit or obscene material in electronic Imprisonment of 5 years and a
Section 67
form fine of Rs. 10 lakhs
Sending material containing sexually explicit acts Imprisonment of 7 years and a
Section 67A
through electronic means fine of Rs. 10 lakhs
Depicting children in sexually explicit form and Imprisonment of 7 years and a
Section 67B
sharing such material through electronic mode fine of Rs. 10 lakhs
Failure to preserve and retain the information by Imprisonment for 3 years and a
Section 67C
intermediaries fine
Tampering documents stored within a computer Imprisonment of 3 years or a fine
Section 65
system of Rs. 2 lakhs or both

Cyber Crime Under IT Act 2000

When it comes to cybersecurity, there are 5 main types of laws followed in India. These include
the Information Technology Act 2000 (IT Act), the Indian Penal Code of 1860 (IPC), the
Information Technology Rules (IT Rules), the Companies Act of 2013, and the Cybersecurity
Framework (NCFS).
The cyber law established under the IT Act of 2000 stands as the first cyber law approved by
the Indian Parliament. It highlights penalties and sanctions enacted by the Parliament of India
that safeguard the sectors of e-governance, e-banking and e-commerce.
Advantages and Disadvantages of IT Act 2000
While the IT Act of 2000 offers numerous benefits, it also carries certain disadvantages. Let us
begin by exploring its advantages.
 Before the Act was enacted, emails, messages and such other means of communication
were not legally recognised and thus not admissible as evidence in court. However,
with the introduction of the IT Act of 2000, electronic communications gained legal
recognition.
 By leveraging the legal infrastructure provided by this Act, companies can engage in e-
commerce or e-business.
 With the legalisation of digital signatures, it has become easier to carry out transactions
online or verify the identity of an individual on the internet.
 Corporations get statutory remedies in the event of unauthorised access or hacking into
their computer systems or networks.
 Individuals get monetary assistance or compensation as a remedy for damages of any
kind incurred in computer systems.
 The Act identifies and penalises various cybercrimes such as hacking, spamming,
identity theft, phishing, and so on, which were previously not addressed in any
legislation.
 The Act permits companies to serve as certifying authorities and issue digital
certificates.
  It empowers the Indian Government to issue notices on the internet through e-
governance.
Let us now walk through a list of disadvantages that came forth after the enactment of the
Information Technology Act 2000:
 The Information Technology Act of 2000 fails to address the issues involving domain
names, and the rights, and liabilities of domain owners.
 Despite the prevalence of copyright and patent issues in India, the Act still does not
protect Intellectual Property Rights when it comes to computer programs and networks.
 Various kinds of cybercrimes such as cyberstalking, cyber fraud, chat room abuse, theft
of internet hours, and many more are not covered by this Act.
 The IT Act has also failed to address critical issues such as privacy and content
regulation.
With the rapid escalation of cybercrime cases in India, there emerged an urgent need for a
mechanism to detect and control them. The IT Act 2000 is a step towards safeguarding the data
and sensitive information stored with online intermediaries. In addition, this Act comes with
various provisions that benefit citizens and protect their data from misuse.