Information Technology Act, 2000

To provide a concise introduction to the Information Technology Act, 2000 and assist users in understanding the purpose, scope and key regulatory themes of the Act before reading or downloading the bare text.

Overview #

The Information Technology Act, 2000 is India’s principal legislation for legal recognition of electronic records, electronic signatures, e-governance, cyber offences, intermediary liability and certain aspects of cyber security. It gives statutory validity to transactions carried out through electronic data interchange and other electronic means, and creates a legal framework for authentication, attribution, retention and use of electronic records.

The Act is relevant not only to technology companies and online platforms, but also to businesses, hospitals, pharmacies, laboratories, educational institutions, government bodies and professionals who maintain records, issue documents, provide services, advertise, communicate or transact through digital systems.

Object of the legislation #

The object of the Information Technology Act, 2000 is to facilitate electronic commerce and electronic governance by giving legal recognition to electronic records and electronic signatures. It also establishes a regulatory framework for Certifying Authorities and electronic signature certificates, and provides remedies, penalties and offences for unauthorised access, data-related contraventions, cyber fraud, identity theft, privacy violations, obscene or harmful online content, cyber terrorism and related misconduct.

The Act is intended to support trust in electronic transactions while providing enforcement mechanisms for misuse of computer resources and digital communications.

Scope and relevance #

The Act applies across India and also contains provisions dealing with offences or contraventions committed outside India where the computer resource involved is connected with India. Its coverage includes electronic records, electronic signatures, computer systems, computer networks, intermediaries, certifying authorities, subscribers of electronic signature certificates and government use of electronic records.

For commercial and compliance purposes, the Act is important for electronic contracts, online service delivery, digital record retention, data security practices, intermediary due diligence, lawful interception or blocking directions, cyber incident response and electronic evidence. In regulated sectors such as healthcare, pharmacy, diagnostics, e-commerce and digital advertising, the Act may operate alongside sector-specific laws such as drug, consumer protection, data confidentiality and professional conduct rules.

Selected important provisions and themes #

• Sections 3 and 3A deal with authentication of electronic records through digital signatures and electronic signatures.
• Sections 4 and 5 provide legal recognition to electronic records and electronic signatures, forming the foundation for digital documentation and online transactions.
• Sections 6, 6A, 7, 7A and 8 address electronic governance, electronic service delivery, retention of electronic records, audit of electronic documents and publication in the Electronic Gazette.
• Section 10A recognises the validity of contracts formed through electronic means, which is important for online business transactions and platform-based services.
• Sections 17 to 34 regulate the Controller and Certifying Authorities, including licensing, investigation, compliance duties, suspension and disclosure obligations.
• Sections 43 and 43A cover penalty, compensation and failure to protect data in specified circumstances involving computer resources and sensitive information handling.
• Sections 65 to 78 contain important cyber offence provisions, including computer-related offences, identity theft, cheating by personation using computer resources, privacy violations, cyber terrorism and publication or transmission of obscene or sexually explicit material in electronic form.
• Sections 69, 69A, 69B, 70, 70A and 70B deal with interception, monitoring, blocking of public access, protected systems, national cyber security functions and the role of the Indian Computer Emergency Response Team.

How to use this Bare Act #

• Use this page as the starting point for reading the bare text of the Information Technology Act, 2000, especially when dealing with electronic records, electronic signatures, cyber offences or intermediary compliance.
• For questions on online contracts, digital consent, digital notices or electronic record keeping, first read the provisions on legal recognition of electronic records, electronic signatures, retention and validity of electronic contracts.
• For cybercrime or digital fraud matters, refer to the offence provisions and also check the applicable criminal procedure and evidence law provisions.
• For online platforms, service providers and digital businesses, read the provisions on intermediary liability, preservation of information and government directions along with applicable rules and notifications.
• For healthcare, pharmacy or e-commerce compliance, read this Act together with sector-specific statutes and rules governing drugs, medical services, consumer rights, advertising, confidentiality and record retention.

Related Bare Acts and statutes #

• Consumer Protection Act, 2019
• Right to Information Act, 2005
• Bharatiya Sakshya Adhiniyam, 2023
• Bharatiya Nyaya Sanhita, 2023
• Companies Act, 2013

The attached bare text should be used as statutory reference material. Users should verify the latest amendments, rules, notifications and judicial developments before relying on any provision for legal advice, compliance, litigation or academic submission. In particular, cyber law compliance often depends on subordinate rules, government directions and sector-specific regulatory requirements.