Information Technology Act, 2000

The Information Technology Act, 2000 ("IT Act" or "the Act") was enacted primarily to recognize the growing influence of digital transactions, and provide a sufficient legal framework to supplement the same. It provided recognition for a variety of emerging technologies, including electronic records and digital signatures. In fact, it goes further to define and provide punitive measures for cybercrimes. It establishes Tribunals and sets standards for a variety of components pertaining to Information Technology. The Act also amended various sections of the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the Banker's Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 to make them compliant with new technologies.

The IT Act was based on the UNCITRAL Model Law on Electronic Commerce (1996), and came into force on 17 October 2000. Over time, its scope has grown substantially to include provisions on intermediary liability, government powers of surveillance and blocking, and the regulation of certifying authorities for digital signatures. A major amendment in 2008 also introduced a more structured framework for cyber offences, data protection responsibilities for companies, and expanded government powers over digital networks.

Presently, continuously evolving technologies necessitate constant amendments to the IT Act—the absence of which is a core tenet of the criticisms accorded to it today. Accordingly, the Ministry of Electronics and Information Technology ("MEITY") in India has suggested the introduction of the Digital India Act, which is set to be a more forward-looking replacement to the IT Act. However, with government officials suggesting that the Digital India Act will take time to be introduced in Parliament, not to mention be voted on and enacted, the IT Act along with its affiliated Rules will continue to be the primary provision governing Information and Communication Technologies. Other legislations like the Digital Personal Data Protection Act 2023 ("DPDP Act"), which is yet to be enforced, will be important considerations as well.

Full text of the Information Technology Act 2000 can be accessed here.