Reforming Cyber Law: The IT Act's Move Towards Decriminalisation
Reforming Cyber Law: The IT Act's Move Towards Decriminalisation
While the Jan Vishwas Act focusses on the decriminalisation and rationalisation of about 183 provisions in 42 Central Acts administered by 19 Ministries/Departments and the same were to be notified by specific notifications from various acts from time to time, what is highlighted here is the changes this article highlights the changes brought about by the said act in the IT Act and its allied rules, which have gone unnoticed so far.
"Decriminalising law shifts the focus from punishment to compliance, fostering a fairer and more progressive regulatory environment."
- Anonymous
The Information Technology Act, 2000 (“the Act/ the IT Act”) which is based on the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law in 1996, came into effect on October 17, 2000. The IT Act provides a legal framework for, inter alia, recognition of electronic records and providing legitimacy of information in electronic form and therefore essentially on e-governance. This Act, thus, was aimed to be a special legislation to deal comprehensively with the cyber space as far as it related to providing recognition, legitimacy and conclusiveness of the information and its transmission online. However, with the growing technology, the then IT Act could not deal with the rising crimes in the cyber space and therefore, there was a need for amending certain provisions pursuant to which amendments were made to Chapter XI – “Offences” of the IT Act in October 27, 2009, where modifications and additional offences were incorporated in the Act which entailed severe punishments including imprisonment and imposition of huge fines.
After the passing of over a decade and half, to overcome the difficulty that the citizens and businesses faced in their day-to-day affairs for minor, technical or procedural defaults, the Government of India introduced the Jan Vishwas (Amendment of Provisions) Act, 2023 (“the Jan Vishwas Act”) to decriminalise and rationalize provisions under several Acts including the IT Act.
While the Jan Vishwas Act focusses on the decriminalisation and rationalisation of about 183 provisions in 42 Central Acts administered by 19 Ministries/Departments and the same were to be notified by specific notifications from various acts from time to time, this article highlights the changes brought about by the said act in the IT Act and its allied rules, which have gone unnoticed so far.
Decriminalisation of provisions of the IT Act vis-à-vis the Jan Vishwas Act
In 2022, the Jan Vishwas (Amendment of Provisions) Bill was introduced in the Lok Sabha and subsequently referred to the Joint Committee of Parliament. After extensive deliberations and input from various quarters, the Committee submitted its report on March 13, 2023. Thereafter, the Jan Vishwas (Amendment of Provisions) Bill, 2023 was passed in the Lok Sabha on June 27, 2023, and in the Rajya Sabha on August 2, 2023. It finally received the President’s assent on August 11, 2023 and was published in the Gazette of India.
The Jan Vishwas Act represents a significant stride towards fostering trust-based governance, improving the quality of life, and facilitating business activities. The amendments seek to achieve decriminalisation and effective enforcement by revising fines and penalties to better reflect the severity of offenses. It introduces measures like compounding of offenses, the establishment of adjudicating officers to administer penalties and the creation of appellate authorities to address appeals against penalties. The Jan Vishwas Act aims to bring forth several benefits, including:
- Rationalising criminal provisions and ensuring that citizens, businesses and the government departments operate without fear of imprisonment for minor, technical or procedural defaults.
- Creating a balance between the severity of the offence/violation committed and the gravity of the prescribed punishment thereby ensuring the adherence to law by businesses and citizens, without losing the rigor of the law.
- Reducing undue pressure on the justice system, reducing the pendency of cases and helping in a more efficient and effective justice dispensation by introducing suitable administrative adjudication mechanisms, wherever applicable and feasible.
- Decriminalising provisions which affect citizens and certain categories of government employees for minor violations.
In a significant development, vide Notification S.O. 4745(E) dated October 31, 2023, the provisions of the Jan Vishwas Act, insofar as it relates to the IT Act came into force. Along with the aforesaid notification, amendments were also brought about in the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 (“IT Qualification Rules”) vide Notification G.S.R. 808(E) dated October 31, 2023, which are dealt with extensively hereinbelow.
Broadly the amendments as proposed by the Jan Vishwas Act in the provisions of the IT Act can be categorised as follows:2
A. Increase in the penalties prescribed under the IT Act
SECTION | AMENDED PROVISIONS OF THE IT ACT AS PER THE JAN VISHWAS ACT |
|---|---|
| Section 33 | Surrender of licence- (1) Every Certifying Authority whose licence is suspended or revoked shall immediately after such suspension or revocation, surrender the licence to the Controller. (2) Where any Certifying Authority fails to surrender a licence under sub-section (1), the person in whose favour a licence is issued, shall be guilty of an offence and shall be |
| Section 44 | Penalty for failure to furnish information, return, etc.–If any person who is required under this Act or any rules or regulations made thereunder to- (a) furnish any document, return or report to the Controller or the Certifying Authority fails to furnish the same, he shall be liable to a penalty not exceeding (b) file any return or furnish any information, books or other documents within the time specified therefor in the regulations fails to file return or furnish the same within the time specified therefor in the regulations, he shall be liable to a penalty not exceeding (c) maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding |
| Section 45 | Residuary penalty – Whoever contravenes any (a) ten lakh rupees, by an intermediary, company or body corporate; or (b) one lakh rupees, by any other person. |
| Section 70B | Indian Computer Emergency Response Team to serve as national agency for incident response – (1) The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team. (2) The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such other officers and employees as may be prescribed. (3) The salary and allowances and terms and conditions of the Director-General and other officers and employees shall be such as may be prescribed. (4) The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security,– (a) collection, analysis and dissemination of information on cyber incidents; (b) forecast and alerts of cyber security incidents; (c) emergency measures for handling cyber security incidents; (d) coordination of cyber incidents response activities; (e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, preventation, response and reporting of cyber incidents; (f) such other functions relating to cyber security as may be prescribed. (5) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed. (6) For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information and give direction to the service providers, intermediaries, data centres, body corporate and any other person. (7) Any service provider, intermediaries, data centres, body corporate or person who fails to provide the information called for or comply with the direction under sub-section (6), shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh one crore rupees or with both. |
B. Decriminalisation / reduction of imprisonment sentence of certain offences under Chapter XI of the IT Act
SECTION | AMENDED PROVISIONS OF THE IT ACT AS PER THE JAN VISHWAS ACT |
|---|---|
| Section 67C | Preservation and retention of information by intermediaries – (1) Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe. (2) any intermediary who intentionally or knowingly contravenes the provisions of sub-section (1) shall be |
| Section 68 | Power of Controller to give directions – (1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder. (2) Any person who intentionally or knowingly fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable |
| Section 69B | Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security. – (1) The Central Government may, to enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant in the country, by notification in the Official Gazette, authorise any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource. (2) The intermediary or any person in-charge or the computer resource shall, when called upon by the agency which has been authorised under sub-section (1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information. (3) The procedure and safeguards for monitoring and collecting traffic data or information, shall be such as may be prescribed. (4) Any intermediary who intentionally or knowingly contravenes the provisions of sub-section (2) shall be punished with an imprisonment for a term which any extend to |
| Section 72 | Penalty for Breach of confidentiality and privacy. – Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be |
| Section 72 A |
Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be |
The Jan Vishwas Act stands as a monumental step towards a more equitable, efficient, and accountable legal framework in India. Its far -reaching reforms, ranging from decriminalisation to fine-tuning penalties and addressing long-standing contentious provisions, demonstrate a commitment to fostering trust, promoting responsible governance, and safeguarding fundamental rights
C. Omission of Section 66A of the IT Act
Perhaps the most noteworthy amendment introduced by the Jan Vishwas Act is the omission of Section 66A of the IT Act, which was declared Section 66A unconstitutional by the Hon’ble Supreme Court in the case of Shreya Singhal v. Union of India3.
Section 66A4 criminalised sending offensive information via computers or electronic devices, and was criticised for its vagueness and overreach, particularly in stifling political dissent and silencing social and political commentary on the internet.
However, despite being rendered unconstitutional, the provision continued to be mis-utilised by law enforcement agencies time and again.
Owing to the aforesaid situation, in the matter of Peoples Union for Civil Liberties vs. Union of India and Ors.5, the Supreme Court noting that there were numerous crimes and proceedings subsisting under the said provision and persons were facing prosecution for the alleged violation of Section 66A of the IT Act despite the provision being declared unconstitutional.
The crux of the Hon’ble Supreme Court can be summarised vide the below:
“The information given in tabular form shows that despite the issue regarding validity of Section 66A of the 2000 Act having been pronounced upon by this Court, number of crimes and criminal proceedings still reflect and rely upon the provisions of Section 66A of the 2000 Act and citizens are still facing prosecution for the alleged violation of Section 66A of the 2000 Act. Such criminal proceedings, in our view, are directly in the teeth of the directions issued by this Court in Shreya Singhal (supra).”
Accordingly, the Supreme Court issued the following directions:
- No citizen can be prosecuted for alleged violation of offence under Section 66A;
- Deletion of reference of Section 66A from pending cases/matters;
- Director Generals of Police, Home Secretaries of States and Competent Officers in Union Territories to instruct their police forces to not register any complaint qua Section 66A;
- Reference to Section 66A to be coupled with an informative about its unconstitutionality.
D. Scope of the adjudicating officer expanded to the entire IT Act
Section 46 of the IT Act read with the IT Qualification Rules pertains to the appointment of adjudicating officers (“Adjudicating Officers”) to adjudicate / hold enquiry qua contraventions by any person of the provisions of the IT Act, or rules, regulations, directions or orders made thereunder, which renders the person liable to penalty or compensation. Pertinently, this provision grants the Adjudicating Officer the powers of a civil court, and also supplements the criteria/qualifications required for the same.
SECTION | AMENDED PROVISIONS OF THE IT ACT AS PER THE JAN VISHWAS ACT |
|---|---|
| Section 46 | Power to adjudicate. – (1) For the purpose of adjudging (1A) The adjudicating officer appointed under sub-section (1) shall exercise jurisdiction to adjudicate matters in which the claim for |
To further the intent and purposes of the changes brought about by the Jan Vishwas Act, Section 46 of the IT Act as well as the IT Qualification Rules were amended to expand the scope of the provision from Chapter IX to the entire IT Act i.e., from adjudicating contraventions for the purpose of imposition of penalty and compensation to the entire IT Act, which was not the case when the IT Act was initially introduced.
Prior to the amendments, the scope of Section 46 as well as the eligibility and expanse of the enquiry as per the IT Qualification Rules was restricted to the auspices of Chapter IX which essentially were offences resulting in a civil liability i.e., penalty or compensation. This is further supplemented by the fact that Rule 4(l)6 of the IT Qualification Rules mandated reference of any case which (a) extended to the scope of offences enumerated under Chapter XI of the IT Act (offences which essentially carried criminal elements / prosecution), and (b) which required appropriate punishment instead of mere financial penalty, by the Adjudicating Officer to a jurisdictional criminal magistrate.
The scope of the functions of the Adjudicating Officer enumerated under the IT Act coupled with the eligibility criteria under Rule 37 of the IT Qualification Rules evidence that the Adjudicating Officer is not a judicial member and plays a quasi-judicial role. Further, the purport of Rule 4(l) of the IT Qualification Rules elucidates that the Adjudicating Officer cannot adjudicate criminal offences and is in fact, obligated to refer the same to the Magistrate of competent jurisdiction.8
Decriminalising law shifts the focus from punishment to compliance, fostering a fairer and more progressive regulatory environment
While the amendment brought to Section 46 of the IT Act may simply be construed to be in line with the purport of the Jan Vishwas Act, the authors believe that there are two ways in which the amended provision and the IT Qualification Rules may be read / interpreted, which are as follows:
1. Adjudicating Officer may now also adjudicate over the decriminalised offences under Chapter XI of the IT Act for the purpose of imposition of fines, and the criminal offences thereunder will still be required to be referred to the Magistrate as per the procedure established under the IT Qualification Rules ; or
2. Adjudicating Officer may enter into the realm of judicial adventurism as he will have discretion and/or power to adjudicate over cases which have both a civil and criminal flavour owing to the overarching scope of the term “adjudging under this Act” in Section 46 of the IT Act and can pass orders (which may be subject to challenges as per law) as the case may be. This interpretation emanates from amendment to Rule 4(a) read with the language of Rule 4(l) of the IT Qualification Rules, which confers discretion on the Adjudicating Officer to decide on the criminal nature of an offence / case.
Owing to the aforementioned, the authors believe that it cannot be ruled out that the said amendment may be misused by complainants to disguise / colour a criminal prosecution as a civil claim and later, seek criminal prosecution of the offence owing to the criminal purport / elements in the respective case, or at the very least, claim that a civil compensation may not be enough and criminal prosecution ought to be done.
Be that as it may, the authors also believe that the said interpretation may not be entirely cogent with law owing to, inter alia, the following:
1. The legislative intent of the Jan Vishwas Act was to decriminalise and rationalise offences for minor, technical or procedural defaults thereby reducing undue pressure on the justice system and reduce the pendency of cases. This was done so as to enhance trust-based governance for ease of living and doing business. One of the cardinal principles of the interpretation of statutes is to discover and give effect to the legislative intention9, for harmonious construction and to not make the provisions otiose10 and in no event the same can be treated to expand the provision of law, which the IT Act did not confer in the first place.
2. Under the IT Act and the relevant rules, the adjudicating officer exercises powers of a civil court. He is said to possess legal or judicial experience and discharges responsibility in administrative and quasi-judicial capacity only. The adjudicating officer, thus, cannot/ought not to be deliberate over criminal aspect of the offences falling under Chapter XI of the IT Act as this would amount to exercising judicial function and would go against the doctrine of separation of powers and independence of the judiciary11 and given that the said adjudicating officer is largely a non-judicial members may also be folly to the principles laid down by the Supreme Court in the matter of Union of India vs. R Gandhi. It has been repeatedly ruled by courts in a catena of decisions that judicial functions cannot be performed by technical members devoid of any adjudicatory experience.12
Therefore, only time will tell how the decriminalisation of the offences and the amendments made in the IT Act practically play out in the Indian legal landscape and how the threat/concerns expressed by the authors in this article will be dealt with by the legal system.
Conclusion
The Jan Vishwas Act stands as a monumental step towards a more equitable, efficient, and accountable legal framework in India. Its far-reaching reforms, ranging from decriminalisation to fine-tuning penalties and addressing long-standing contentious provisions, demonstrate a commitment to fostering trust, promoting responsible governance, and safeguarding fundamental rights.
Notably, the removal of Section 66A of the IT Act aligned with the Hon’ble Supreme Court’s verdict, marks a significant milestone in upholding freedom of expression in the digital age. As this legislative landmark takes root, it paves the way for a more just and progressive legal landscape, one that empowers citizens, businesses, and government entities alike to operate with confidence, while embracing the evolving dynamics of our interconnected world.
With the onset of the new proposed legislation i.e. “The Digital India Act”, which is all set to be introduced in the Parliament in the
coming months, there could be a higher chance that the IT Act be completely decriminalised or in the alternative completely overhauled to ensure that there is a specific legislation in relation to electronic recognition of data and better e-governance in Indian business
while a separate criminal prosecution mechanism to ensure safety of netizens, thereby segregating civil and criminal actions in cyberspace especially with the onset of AI, aspects of Deep fakes and other offences thereto.
Disclaimer – The views expressed in this article are the personal views of the authors and are purely informative in nature.
2. For ease of reference, a ready reckoner in the form of a table has been added where a comparison has been done between the old and the new act (deletions in red and additions in green).
3. (2015) 5 SCC 1.
4. “Punishment for sending offensive messages through communication service, etc.–
Any person who sends, by means of a computer resource or a communication device, –
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device;
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.
Explanation.–For the purposes of this section, terms –electronic mail‖ and –electronic mail message‖ means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.”
5. Miscellaneous Application No. 901 of 2021 in Writ Petition (Criminal) No. 199 of 2013.
7. “3. Eligibility for Adjudicating Officer: -
Whereas the purpose and intent of Section 46(3) of IT Act is that the Adjudicating Officer should be a person so qualified and experienced to take decisions with a view in relation to Information Technology aspects as well as in a position to determine the complaints keeping in view the legal or judicial mannerism on the principle of compensation of damages of IT Act.
A person shall not be qualified for appointment as Adjudicating Officer unless the person – (a) Possesses a University graduate Bachelor degree or equivalent, recognised by Central Government / State Government for the purpose of recruitment to grade I Service in a Government Department through Union / State Public Service Commission;
(b) Possesses Information Technology experience in the areas of relevance to public interface with Central / State Government functioning and experience obtained though the in-service training imparting competence to operate computer system to send and receive e-mails or other information through the computer network, exposure and awareness about the method of carrying information, data, sound, images or other electronic records through the medium of network including Internet.
(c) Possesses legal or judicial experience to discharge responsibilities connected with the role of Central / State Government in respect of making decisions or orders in relation to administration of laws as a District Magistrate, or Additional District Magistrate or Sub-Divisional Magistrate or an Executive Magistrate or in other administrative or quasijudicial capacity for a cumulative period of 5 years;
(d) Is working and holding a post in Grade I in Government Department either in State Government/Union Territories to perform functional duty & discharge job responsibility in the field of Information Technology;
(e) Is an in-service officer not below the rank of Director to the Government of India or an equivalent officer of State Government.”
8. Union of India vs. R. Gandhi, (2010) 11 SCC 1.
9. (2003) 3 SCC 57.
10. (1997) 1 SCC 373.
11. (2010) 11 SCC 1.
13. (2020) 6 SCC 1.