Sample Read
© Taxmann
Price : ` 395
Law stated in this book is as updated till 1st December, 2025
Published by : Taxmann Publications (P.) Ltd.
Sales & Marketing :
59/32, New Rohtak Road, New Delhi-110 005 India
Phone : +91-11-45562222
Website : www.taxmann.com
E-mail : sales@taxmann.com
Regd. Office :
21/35, West Punjabi Bagh, New Delhi-110 026 India
Printed at :
Tan Prints (India) Pvt. Ltd.
44 Km. Mile Stone, National Highway, Rohtak Road Village Rohad, Distt. Jhajjar (Haryana) India
E-mail : sales@tanprints.com
Disclaimer
Every effort has been made to avoid errors or omissions in this publication. In spite of this, errors may creep in. Any mistake, error or discrepancy noted may be brought to our notice which shall be taken care of in the next edition. It is notified that neither the publisher nor the author or seller will be responsible for any damage or loss of action to any one, of any kind, in any manner, therefrom. It is suggested that to avoid any doubt the reader should cross-check all the facts, law and contents of the publication with original Government publication or notifications.
No part of this book may be reproduced or copied in any form or by any means [graphic, electronic or mechanical, including photocopying, recording, taping, or information retrieval systems] or reproduced on any disc, tape, perforated media or other information storage device, etc., without the written permission of the publishers. Breach of this condition is liable for legal action.
For binding mistake, misprints or for missing pages, etc., the publisher’s liability is limited to replacement within seven days of purchase by similar edition. All expenses in this connection are to be borne by the purchaser. All disputes are subject to Delhi jurisdiction only.
CHAPTER V
DUTIES OF SUBSCRIBERS
52A.
52C.
52D.
53.
55.
56.
58.
66D.
EXAMINER OF ELECTRONIC EVIDENCE
INFORMATION TECHNOLOGY (CERTIFYING AUTHORITIES) RULES, 2000
CYBER REGULATIONS APPELLATE
(PROCEDURE) RULES, 2000
RULES,
INFORMATION TECHNOLOGY (SECURITY PROCEDURE) RULES, 2004
5.
CYBER APPELLATE TRIBUNAL (PROCEDURE
6.
3.
4.
5.
6.
7.
8.
9.
10.
INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARD FOR MONITORING AND COLLECTING TRAFFIC DATA OR INFORMATION) RULES, 2009
5.
SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011
INFORMATION TECHNOLOGY (GUIDELINES FOR CYBER CAFE) RULES, 2011
5.
6.
7.
8.
INFORMATION TECHNOLOGY (THE INDIAN COMPUTER EMERGENCY RESPONSE TEAM AND MANNER OF PERFORMING FUNCTIONS AND DUTIES) RULES, 2013
DIGITAL SIGNATURE (END ENTITY) RULES, 2015
1.
CYBER APPELLATE TRIBUNAL (POWERS AND FUNCTIONS OF THE CHAIRPERSON) RULES, 2016
6.
8.
4.
4A.
4B.
4C.
PART II
INFORMATION TECHNOLOGY (CERTIFYING AUTHORITY) REGULATIONS, 2001
NATIONAL POLICY ON SOFTWARE PRODUCTS, 2019
National Policy on Software Products, 2019 319
AAROGYA SETU DATA ACCESS AND KNOWLEDGE SHARING PROTOCOL, 2020
Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 326
Information Technology Act, 2000
[21 OF 2000]
An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.
WHEREAS the General Assembly of the United Nations by resolution A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law ;
AND WHEREAS the said resolution recommends inter alia that all States give favourable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper based methods of communication and storage of information;
AND WHEREAS it is considered necessary to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records;
BE it enacted by Parliament in the Fifty-first Year of the Republic of India as follows :—
CHAPTER I
PRELIMINARY
Short title, extent, commencement and application.
1. (1) This Act may be called the Information Technology Act, 20001.
(2) It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.
(3) It shall come into force on such date2 as the Central Government may, by notification, appoint and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the commencement of that provision.
3[(4) Nothing in this Act shall apply to documents or transactions specified in the First Schedule:
Provided that the Central Government may, by notification in the Official Gazette, amend the First Schedule by way of addition or deletion of entries thereto.
(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.]
COMMENTS
SECTION NOTES
1.1 Extent of Applicability:
The Act applies to the entire territory of India, including all states and union territories. Its jurisdiction is also extraterritorial, meaning it applies to offenses or contraventions under the Act committed outside India by any individual. [See Section 75]
The Act’s application to offenses outside India underscores its focus on combating cross-border cybercrime.
1. Dated 9-6-2000.
2. With effect from 17-10-2000.
3. Substituted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009. Prior to its substitution, sub-section (4), as amended by the Negotiable Instruments (Amendment and Miscellaneous Provisions) Act, 2002, w.e.f. 6-2-2003 read as under :
“(4) Nothing in this Act shall apply to,—
(a) a negotiable instrument (other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881 (26 of 1881);
(b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882 (7 of 1882);
(
(
c) a trust as defined in section 3 of the Indian Trusts Act, 1882 (2 of 1882);
d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 (39 of 1925), including any other testamentary disposition by whatever name called;
(
e) any contract for the sale or conveyance of immovable property or any interest in such property;
(
f) any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.”
1.2 Exemptions and Schedules:
Sub-section (4) excludes certain documents and transactions specified in the First Schedule from the Act’s applicability.
The Central Government is empowered to amend the First Schedule by notification. Definitions.
2. (1) In this Act, unless the context otherwise requires,—
(a) “access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;
(b) “addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary;
(c) “adjudicating officer” means an adjudicating officer appointed under sub-section (1) of section 46;
(d) “affixing 4[electronic signature]”, with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of 4[electronic signature];
5[(da) “Appellate Tribunal” means the Appellate Tribunal referred to in subsection (1) of section 48;]
(e) “appropriate Government” means as respects any matter,—
(i) enumerated in List II of the Seventh Schedule to the Constitution;
(ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government;
(f) “asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
(g) “Certifying Authority” means a person who has been granted a licence to issue a 6[Electronic Signature] Certificate under section 24;
(h) “certification practice statement” means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing 6[Electronic Signature] Certificates;
7[(ha) “communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image;]
4. Substituted for “digital signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
5. Inserted by the Finance Act, 2017, w.e.f. 26-5-2017.
6. Substituted for “Digital Signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
7. Inserted, ibid.
(i) “computer” means any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
8[(j) “computer network” means the inter-connection of one or more computers or computer systems or communication device through—
(i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and
(
ii) terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the inter-connection is continuously maintained;]
(k) “computer resource” means computer, computer system, computer network, data, computer database or software;
(l) “computer system” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
(
m) “Controller” means the Controller of Certifying Authorities appointed under sub-section (1) of section 17;
(n) 9[***]
10[(na) “cyber cafe” means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public;
(nb) “cyber security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction;]
(o) “data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed
8. Substituted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009. Prior to its substitution, clause (j) read as under :
‘(j) “computer network” means the inter-connection of one or more computers through— (i) the use of satellite, microwave, terrestrial line or other communication media; and (ii) terminals or a complex consisting of two or more inter-connected computers whether or not the inter-connection is continuously maintained;’
9. Omitted by the Finance Act, 2017, w.e.f. 26-5-2017. Prior to its omission, clause (n), as amended by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009 read as under :
‘(n) “Cyber Appellate Tribunal” means the Cyber Appellate Tribunal established under sub-section (1) of section 48;’
10. Inserted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
(
or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
(
q) “Digital Signature Certificate” means a Digital Signature Certificate issued under sub-section (4) of section 35;
(
r) “electronic form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similar device;
(
s) “electronic Gazette” means the Official Gazette published in the electronic form;
(
t) “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated micro fiche;
11[(ta) “electronic signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature;
(
tb) “Electronic Signature Certificate” means an Electronic Signature Certificate issued under section 35 and includes Digital Signature Certificate;]
(u) “function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
12[(ua) “Indian Computer Emergency Response Team” means an agency established under sub-section (1) of section 70B;]
(v) “information” includes 13[data, message, text], images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated micro fiche;
14[(w) “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes;]
11. Inserted by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
12. Inserted, ibid.
13. Substituted for “data, text”, ibid.
14. Substituted, ibid. Prior to its substitution, clause (w) read as under:
‘(w) “intermediary” with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;’
(x) “key pair”, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;
(y) “law” includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case may be, Regulations made by the President under article 240, Bills enacted as President’s Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, bye-laws and orders issued or made thereunder;
(z) “licence” means a licence granted to a Certifying Authority under section 24;
(za) “originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;
(zb) “prescribed” means prescribed by rules made under this Act;
(zc) “private key” means the key of a key pair used to create a digital signature;
(zd) “public key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;
(ze) “secure system” means computer hardware, software, and procedure that—
(a) are reasonably secure from unauthorised access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures;
(zf) “security procedure” means the security procedure prescribed under section 16 by the Central Government;
(zg) “subscriber” means a person in whose name the 15[Electronic Signature] Certificate is issued;
(zh) “verify” in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether—
(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
( b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
(2) Any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be
15. Substituted for “Digital Signature” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.
COMMENTS
SECTION NOTES
2.1 General Application of Definitions:
The section specifies that the definitions provided are applicable throughout the Act unless the context explicitly suggests otherwise.
2.2 Key Terms and Their Implications:
Access [Section 2(1)(a)]:
Refers to gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. This definition is critical for identifying unauthorized access under cyber laws.
Addressee [Section 2(1)(b)]:
A person intended by the originator to receive an electronic record.
The term “addressee” excludes intermediaries.
Adjudicating Officer [Section 2(1)(c)]:
An officer appointed under this Act for the purpose of adjudging whether any person a contravention of any of the provisions of this Act or of any rule, regulation, direction or order made thereunder which renders him liable to pay penalty or compensation [See Section 46(1)]
The adjudicating officer shall adjudicate matters in which the claim for damage does not exceed rupees five crore [See Section 46(1A)]
Electronic Signature [Section 2(1)(ta)]:
Authentication of electronic records by any subscriber by using methods prescribed in the Second Schedule.
The term also includes digital signatures.
2.3 Technical Terms and Systems:
Asymmetric Crypto System [Section 2(1)(f)]:
Defines a secure key pair system for creating and verifying digital signatures, essential for secure electronic transactions.
It consists of a private key for creating a digital signature and a public key to verify the digital signature
Private key [Section 2(1)(zc)]:
the key of a key pair used to create a digital signature
Public key [Section 2(1)(zd)]:
the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate
Certifying Authority [Section 2(1)(g)]:
Entities licensed under section 24 to issue electronic signature certificates.
Computer [Section 2(1)(i)]:
High-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses. The device or system may be electronic magnetic, optical or any other. The term “computer” includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.
2.4 Cybersecurity and Data Protections:
Cybersecurity [Section 2(1)(nb)]:
Protection of information, devices, and networks from unauthorized access, use, disclosure, disruption, modification or destruction.
Data [Section 2(1)(o)]:
“data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network .
Data may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
2.5 Roles and Responsibilities:
Intermediary [Section 2(1)(w)]:
Includes entities like ISPs, search engines, and online platforms that facilitate communication or store/transmit records. Their role in cyber liability is pivotal.
Subscriber [Section 2(1)(zg)]:
The person in whose name the Electronic Signature Certificate is issued.
CASE LAWS
Admissibility of Electronic Records as Evidence - Section 2(t) defines “electronic record,” and its recognition under section 3 of the Evidence Act allows electronic records, such as compact discs containing recorded conversations, to be admitted as evidence. In this case, the Supreme Court affirmed that a contemporaneous electronic recording of a relevant conversation is analogous to a photograph of an incident and admissible under section 8 of the Evidence Act. The Court highlighted that the authenticity and relevance of such records must be proved to avoid manipulation or fabrication. - K.K. Velusamy v. N. Palanisamy 2011 AIR SCW 2296.
CHAPTER II
16[DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE]
Authentication of electronic records.
3. (1) Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature.
16. Substituted for “DIGITAL SIGNATURE” by the Information Technology (Amendment) Act, 2008, w.e.f. 27-10-2009.
Information Technology Act 2000 with Rules – Bare Act with Section Notes
AUTHOR : Taxmann’s Editorial Board
PUBLISHER : Taxmann
DATE OF PUBLICATION : December 2025
EDITION : 2026 Edition
ISBN NO : 9789371267144
No. of Pages : 360
BINDING TYPE : Paperback
Rs. 395
DESCRIPTION
Information Technology Act 2000 with Rules [Bare Act with Section Notes] by Taxmann is a definitive statutory reference that presents the complete and updated text of the Information Technology Act 2000, along with its allied Rules, Regulations, and key policy instruments. The IT Act constitutes the core legal framework governing electronic records, digital signatures, e-commerce, cybersecurity, intermediary liability, and cyber offences in India. The 2026 Edition is meticulously updated and enriched with concise section-wise notes, annotations, and cross-references, enabling readers to understand both the legislative intent and the practical application of the law in India’s evolving digital ecosystem.
This book is intended for the following audience:
• Legal Professionals & Academics
• IT, Cybersecurity & Technology Professionals
• Corporate Legal & Compliance Teams
• Government & Regulatory Officials
The Present Publication is the 2026 Edition, covering the amended and updated text of the Information Technology Act [Act No. 21 of 2000] and Rules, with the following noteworthy features:
• [Bare Act with Section Notes] Presents the verbatim statutory text, supported by concise and practical section-wise notes
• [Updated & Amended Text] Incorporates all amendments, notifications, and regulatory developments in force
• [Pre-amendment Footnotes] Includes pre-amendment provisions to aid understanding of the law as it stood earlier
• [Comprehensive Coverage of Rules] Includes key subsidiary legislation and policy instruments, such as:
o Information Technology (Certifying Authorities) Rules 2000
o Information Technology (Use of Electronic Records and Digital Signatures) Rules 2004
o Information Technology (Security Procedure) Rules 2004
o Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules 2009
o Information Technology (Guidelines for Cyber Cafe) Rules 2011
o Information Technology (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules 2013
o Digital Signature (End Entity) Rules 2015
o Information Technology (Certifying Authority) Regulations 2001
o National Policy on Software Products 2019
o Aarogya Setu Data Access and Knowledge Sharing Protocol 2020
• [Cross-References & Detailed Index] Extensive cross-referencing, subject index, and glossary of technical and legal terms
• [User-friendly Layout] Clear headings, logical sequencing, and easy navigation for quick statutory reference