The Information Technology Act, 2000 (IT Act) was India’s first step toward creating a legal framework for governing cyberspace. Enacted to provide legal recognition to electronic commerce and digital signatures, the IT Act also introduced a detailed set of punishable offences, addressing growing concerns related to cyber crimes, data breaches, and digital misconduct.
As technology evolves, so do the methods of committing offences. Therefore, over time, amendments have been made—most notably through the Information Technology (Amendment) Act, 2008—to widen the scope of punishable cyber offences. This essay enumerates and explains the key offences and penalties under the IT Act, incorporating the latest rules, case references, and regulatory trends.
I. Offences and Penalties under the IT Act, 2000
Offences under the IT Act can be grouped into two major categories:
- Civil contraventions (e.g., unauthorized access, failure to protect data)
- Criminal offences (e.g., cyber terrorism, identity theft, obscenity)
1. Section 43 – Penalty for Damage to Computer, Computer System, etc.
This section covers civil contraventions. If a person without permission:
- Accesses a computer or network
- Downloads, copies, or extracts data
- Introduces viruses or malware
- Disrupts a computer or system
- Denies access to an authorized user
- Damages or deletes data
- Charges a service user fraudulently
They are liable to pay compensation not exceeding ₹1 crore to the affected person or organization.
Example: Unauthorized access to an organization’s server and deleting files.
2. Section 43A – Compensation for Failure to Protect Sensitive Personal Data
Companies or intermediaries that fail to implement reasonable security practices for protecting sensitive personal data and cause wrongful loss or gain are liable to pay compensation.
This section was reinforced by the SPDI Rules, 2011, and now complements the Digital Personal Data Protection Act, 2023 (DPDP Act).
3. Section 66 – Computer-Related Offences (Criminal Version of Section 43)
If the acts mentioned in Section 43 are committed dishonestly or fraudulently, they become criminal offences under Section 66.
Punishment: Imprisonment up to 3 years, or fine up to ₹5 lakh, or both.
4. Section 66B – Dishonest Receipt of Stolen Computer Resource
Receiving or retaining a stolen computer resource or device knowingly is punishable under this section.
Punishment: Imprisonment up to 3 years, or fine up to ₹1 lakh, or both.
5. Section 66C – Identity Theft
Using another person’s password, digital signature, or biometric data to impersonate them.
Punishment: Up to 3 years imprisonment and ₹1 lakh fine.
Example: Logging into someone’s bank account using their credentials.
6. Section 66D – Cheating by Personation Using Computer Resources
Using digital means to cheat by pretending to be someone else.
Punishment: Imprisonment up to 3 years, and fine up to ₹1 lakh.
Example: Phishing emails or fake job portals asking for money.
7. Section 66E – Violation of Privacy
Capturing, publishing, or transmitting the image of a person’s private area without consent, under circumstances violating their privacy.
Punishment: Up to 3 years imprisonment, or fine up to ₹2 lakh, or both.
8. Section 66F – Cyber Terrorism
Cyber terrorism includes:
- Denial of access to authorized personnel
- Hacking into sensitive networks (e.g., defense)
- Causing death or damage through digital means
Punishment: Life imprisonment.
This section was inserted to deal with rising cyber threats to national security.
9. Section 67 – Publishing or Transmitting Obscene Material
Any person who publishes, transmits, or causes the transmission of obscene content in electronic form.
Punishment:
- First conviction: Up to 3 years imprisonment and ₹5 lakh fine
- Subsequent conviction: Up to 5 years imprisonment and ₹10 lakh fine
10. Section 67A – Sexually Explicit Material
Publishing or transmitting material containing sexually explicit acts or conduct.
Punishment:
- First conviction: Up to 5 years imprisonment and ₹10 lakh fine
- Subsequent conviction: Up to 7 years and increased fine
11. Section 67B – Child Pornography
Publishing or transmitting child sexual abuse material (CSAM), browsing, collecting, or promoting such content.
Punishment:
- First conviction: Up to 5 years imprisonment and ₹10 lakh fine
- Subsequent conviction: Up to 7 years and higher fine
12. Section 69 – Powers to Intercept, Monitor, and Decrypt
The government may, in the interest of:
- Sovereignty
- Integrity
- Public order
- Security of the state
direct any agency to intercept or monitor any digital communication.
Failure to assist in decryption can lead to 7 years imprisonment.
13. Section 70 – Protected Systems
The government can declare any computer resource as a “protected system” (e.g., defense, nuclear).
Unauthorized access to these systems is punishable with 10 years imprisonment and a fine.
14. Section 72 – Breach of Confidentiality and Privacy
If any person authorized to access electronic data discloses such data without consent, they may face 2 years imprisonment or ₹1 lakh fine, or both.
15. Section 72A – Disclosure of Information in Breach of Contract
Applies to corporate entities or service providers who misuse or disclose sensitive personal information.
Punishment: Up to 3 years or ₹5 lakh fine, or both.
II. Amendments and Recent Developments
✅ Information Technology (Amendment) Act, 2008
- Introduced Sections 66A to 66F.
- Added clarity to terms like cyber terrorism, identity theft, and data breach.
- Introduced Section 43A for corporate data protection.
✅ Section 66A – Declared Unconstitutional
Struck down by the Supreme Court in Shreya Singhal v. Union of India (2015) for being vague and violating freedom of speech.
✅ New IT Rules, 2021
The Intermediary Guidelines and Digital Media Ethics Code Rules regulate:
- Social media platforms
- OTT content providers
- News portals
They enforce due diligence, traceability, and complaint redressal systems.
✅ Digital Personal Data Protection Act, 2023
Though not yet integrated into the IT Act, it complements Section 43A and penalizes misuse of personal data by data fiduciaries and processors.
Conclusion
The Information Technology Act, 2000, with its amendments, plays a crucial role in combatting cyber crime and regulating digital behavior. It recognizes a wide spectrum of punishable acts—from financial fraud and identity theft to cyber terrorism and privacy violations. As technology evolves, so must the law. With the DPDP Act, new IT Rules, and potential enactment of the Digital India Act, India’s legal framework is gradually catching up with digital realities.
Enforcement, judicial training, public awareness, and international cooperation are key to ensuring these laws are effectively applied to protect citizens and organizations alike.
✅ Mnemonic Sentence to Remember Major Offences:
“Hackers Steal Data, Impersonate Victims, Threaten Privacy, and Circulate Obscene Content Online.”
| Mnemonic Word | Represents |
|---|---|
| Hackers | Section 66 – Hacking and unauthorized access |
| Steal | Section 66B – Receiving stolen digital resources |
| Data | Section 43A – Failure to protect personal data |
| Impersonate | Section 66C – Identity theft |
| Victims | Section 66D – Online cheating and impersonation |
| Threaten | Section 66F – Cyber terrorism |
| Privacy | Sections 66E, 72 – Privacy violations |
| Circulate | Section 67A – Sexually explicit content |
| Obscene | Section 67 – Obscene content |
| Content | Section 67B – Child pornography |
| Online | Section 69 – Interception and surveillance |
