LCI Learning

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Coverage of this article

  •  Key Takeaways 
  •  Introduction
  •  Previous Cyber Laws: Their History
  •  A few Relevant Sections
  •  Expanding the Scope of Cybersecurity
  •  Laws In Place
  •  IT RULES (2021)
  •  KYC (Know Your Customer)
  •  Institutions Enforcing the Regulations
  •  Conclusion


 "Cyber laws" are laws governing activities that occur in the virtual world of the internet, where information technology merges with online interactions and the web of computer networks.

The Information Technology Amendment Act 2008 (IT Act 2008) was enacted in October 2008, and it was welcomed as an innovative and long-awaited move toward a better cybersecurity framework in India.

To secure its online interests and national security online, India has to create its own national cyber security law that makes use of strong rules, sophisticated security measures, and cyber audits.


  • Cybersecurity is a set of technologies and procedures that companies employ to secure their computing environments against attacks and illegal data access by hackers or malevolent insiders.
  • Cyberspace is the name given to the virtual world of the internet.
  • Cyber laws are the set of rules that manage this place for hassle-free functioning.

 In the last ten years, as the world has become more interconnected, the threat of online malware attacks has multiplied. India, a developing country that has been the target of the majority of these assaults, is moving toward digitalization. Individuals and businesses are more vulnerable to cyber dangers, whether through Aadhaar or a PAN card. While online payment services such as GPAY, Paytm, and electronic banking have simplified the process of conducting cashless transactions, the lack of adequate safety checks has allowed evil organizations and individuals to take unfair advantage of the same system. For instance, a certain gang of hackers regularly withdrew Rs 2.50 from the bank accounts of the targeted individuals, but the impacted individuals were unsure whether to notify their respective banks of the fraudulent operations. However, if we consider that tens of thousands of accounts were targeted in a similar manner, we can see the exponential profits mined unlawfully. Security of the Internet of Things (IoT), data security infrastructure security, and security of databases, the cloud, and mobile devices are top priorities for big companies nowadays.

The necessary actions taken by the relevant authorities to counteract the detrimental attacks experienced by the Indian economy include legal recognition for organizational cybersecurity, safeguarding e-payments and digital transactions, and monitoring and decoding electronic records. These attacks have the potential to have a negative impact on the GDP and, thus, the overall growth of the country in the near future. Even if it is expensive, the consequences of ignoring these problems are considerably more serious. As said, a stitch in time saves nine.

At an alarming rate of 60% of the 829 million cybercrime incidents worldwide, India was directly targeted (Chatterjee, 2022).

Previous Cyber Laws: Their History

The Information Technology Law, 2000 (Wikipedia), sometimes referred to as an IT Act, is a law that was proposed by the Indian Parliament and reported on October 17, 2000. Its main objectives are to allow legitimate and trustworthy electronic, digital, and online transactions and to minimize or eradicate cybercrime. This Information Technology Act was developed based on the United Nations Model Law on Electronic Commerce of 1996 (UNCITRAL Model), which was suggested by the General Assembly of the United Nations in a resolution dated January 30, 1997. It is the most significant e-commerce and cybercrime law in India.

On May 13, 2000, the law was endorsed by the Union Cabinet, and on May 17, 2000, the Information Technology Law was adopted by both chambers of the Indian Parliament. On June 9, 2000, the President gave his approval to the bill, which became the Information Technology Act of 2000. On October 17, 2000, the Act became effective.

The IT Act, 2000, needed to be revised in order to include new categories of cyber offenses and close other gaps that prevented the law's effective enforcement as technology advanced and new ways to commit crimes, including computers and the internet, emerged. [Indian Cyber Security]


The IT Act of the 2000s:

Section 43 imposes financial penalties on those found guilty of deliberately erasing data without the owner's permission, tampering with, or stealing a computer system or network.

 Section 66: This provision outlines the life sentence that is imposed for online cyberterrorism that jeopardizes the unity, integrity, security, or sovereignty of India.

 Expanding the scope of cybersecurity

The Information Technology Amendment Act 2008 (IT Act 2008) was enacted in October 2008, and it was welcomed as an innovative and long-awaited move toward a better cybersecurity framework in India.

 The IT Act of 2008 expanded the definition of cybercrime and the verification of digital signing by adding new phrases that were updated and reinterpreted for modern usage. Additionally, it holds businesses accountable for data breaches and strongly encourages them to implement enhanced security practices. Anyone who uses computer resources, computer networks, or other data forms and information technology in India must comply with the IT Act of 2008, which also applies to businesses and big, medium, and small organizations that act as intermediaries. Internet, network, and (registered) telecom service companies are also included. Also, it includes non-Indian foreign organizations operating in the country.

The major changes include gateway oversight, revised penalties, and fines for breaches of the law such as defamation, cheating, and distribution of private photos without approval, as well as censorship and speech restrictions. Moreover, in August 2021, the Revamped Distribution Sector Scheme got approval from the government in India. This regulation's main objective is to enhance the cyberinfrastructure via AI-based technologies in order to enhance the operations of DISCOMs (distribution firms). As a consequence, organizations and companies will be more competent to achieve the goals of the framework.


 The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Privacy Rules) are a further important component of cybersecurity law covered by the IT Act.

 As part of their respective laws, other Indian industries, including financial services, insurance, telecommunications, and healthcare, also have data privacy safeguards.

 IT RULES (2021)

The Ministry of Electronics and Information Technology released the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, on February 25, 2021, as a substitute for the IT Rules, 2011. A little over a year later, on June 6, 2022, the Indian Ministry of Electronics and IT announced the freshly revised suggested changes to the IT Act in an effort to make it more effective and keep up with the difficulties of the rapidly evolving digital world.

 The new changes aim to provide regular consumers of digital platforms with the option to demand responsibility and seek compensation for their complaints.

 KYC (know your customer)

These policies are global standards and practices set forth by the RBI (Reserve Bank of India). When it comes to better safeguarding against fraud and the theft of payment information, KYC refers to the monitoring and tracking of customer information security. It demands the verification and identification of all consumers by banks, insurance firms, and other digital payment companies that carry out monetary transactions. (chin, 2023)

 In order to make the regulations even more stringent, the following rules and amendments were put in place:

 Indian Penal Code, 1860: Amendments made by the IT Act, 2000

 In Section 91 and the First Schedule of the IT Act, 2000, changes to the IPC were made. Sec. 91 was omitted as a result of the enactment of the Information Technology (Amending) Act, 2008, and the provisions relating to the Indian Penal Code were inserted in Part III of the Amending Act.

 The Indian Penal Code has undergone the following revisions:

 1) Section 4 Amendment:

 (i) After clause (2) in Section 4, it is necessary to insert the following clause: (3) Any person who commits an offense beyond India that targets a computer resource that is located in India

 ii) The following explanation should be used in place of the descriptive statement, namely:

(a) The term "offense" refers to any conduct that, if it were done in India, would be penalized under this law.

(b) The definition of "computer resource" in clause (k) of subsection (1) of Section 2 of the Information Technology Act, 2000, shall apply.

 2) Section 40 (Amendment)

After the figure "117" in clause (2), the figures "118, 119, and 120" must be added.

  3) Sec. 118 Amendment:

The phrase "voluntarily conceals, by any act or illegal omission, the existence of a design" should be replaced in Section 118 with "voluntarily conceals, by any act or omission or by use of encryption or any other information hiding tool, the existence of a design."

 4) Sec. 119 Amendment:

The phrase "voluntarily covers up, by any act or unlawful omission, the fact that there is a design" should be replaced in Section 119 with "voluntarily covers up, by any act or omission or by use of encryption or any other kind of concealment tool, the identity of a design."

 5) Section 464 Amendment:

Everywhere the term "digital signature" appears in Section 464, the term "electronic signature" shall be used in its stead.

Institutions enforcing the regulations

The Telecom Regulatory Authority of India (TRAI) and the Department of Telecommunications (DoT)

Insurance Regulatory and Development Authority (IRDAI)

Securities and Exchange Board (SEBI) of India


India is a little behind the curve at a time when many other countries have already begun drafting specialized cybersecurity regulations. In this regard, suitable action is required. It has the opportunity to begin establishing its own national cyber security law promptly. In order to protect India's cyber security and sovereign online interests, such a law is urgently required. More Effective regulations, cyber audits, safeguards for resources, and advanced security will all be used to make online space trustworthy and truly safe, and it aims to educate people in general about the significance of preventing attacks via the internet.

"Loved reading this piece by Shivani Negi?
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"

Tags :

Category Others, Other Articles by - Shivani Negi