INFORMATION TECHNOLOGY ACT, 2000 – DETAILED EXPLANATION WITH EXAMPLES
06/December/2025 23:57
Share:
The Information Technology Act, 2000 is India’s first and most important cyber law, enacted to provide legal recognition to electronic records, digital signatures, and online transactions, while also preventing cybercrimes. Before this Act, digital transactions had no legal validity, making e-commerce, online banking, and e-governance unreliable. With the rise of the internet, email communication, and online data exchange, it became necessary for India to introduce a law that supports secure electronic business. Thus, the IT Act 2000 was created to promote digital business, improve cybersecurity, and support e-governance throughout the country.
---
1. DIGITAL SIGNATURE – LEGAL RECOGNITION (WITH EXAMPLES)
The concept of digital signature is central to the IT Act 2000. A digital signature is an electronic method of signing a document using cryptographic techniques. It ensures that the message or document is authentic, not altered, and sent by the correct person. The Act recognises digital signatures under Section 3, giving them the same legal value as handwritten signatures. It uses Public Key Infrastructure (PKI), where a person uses a private key to sign a document and a public key to verify the signature.
A digital signature becomes extremely useful in online government and business transactions. For example, when a company files its annual returns with the Ministry of Corporate Affairs (MCA), its directors must sign the documents using Digital Signature Certificates (DSC). Similarly, chartered accountants, company secretaries, and taxpayers use digital signatures for income tax filing, GST filings, and e-tender submissions. These signatures prevent fraud because no one can modify the file once it is digitally signed.
---
2. ELECTRONIC GOVERNANCE (E-GOVERNANCE) UNDER IT ACT, 2000
The IT Act promotes the use of electronic communication in government processes, enabling efficiency, transparency, and quicker public services. Sections 4 to 10 of the Act give legal recognition to electronic records, electronic applications, and digital storage. Earlier, government work relied heavily on paper records, leading to delays. With the IT Act, electronic documents are considered valid and legally enforceable.
For example, when citizens apply for PAN card, birth certificate, or driving license, they can submit all documents online. Aadhaar-based services such as e-KYC, Digital Locker, and UPI payments are also possible due to this Act. Courts now accept electronic evidence such as emails, CCTV videos, and digital documents, which is crucial in cybercrime investigations. Hence, e-governance has simplified public service delivery and reduced corruption.
---
3. ACKNOWLEDGEMENT OF ELECTRONIC RECORDS (SECTION 12) – EXPLANATION WITH EXAMPLES
Acknowledgement of electronic records means confirming that a digital message or document sent by a person has been received by the intended receiver. Under Section 12, if the sender requires an acknowledgement, the receiver must confirm the receipt through an email, automated reply, or digital signature.
For example, when a student submits an online university admission form, the system sends an automatic email: “Your application has been received successfully.” This is an acknowledgement under the IT Act. Similarly, when businesses send invoices through email, the purchaser may reply confirming the receipt of the invoice. Without acknowledgement, there is no proof that the electronic record was delivered.
---
4. DISPATCH OF ELECTRONIC RECORDS (SECTION 13) – EXPLANATION WITH EXAMPLES
The Act also explains when an electronic record is considered sent (dispatched) and received. According to Section 13, an electronic record is considered dispatched when it enters a computer system outside the control of the sender. It is considered received when it enters the designated computer system of the receiver.
For example, if Company A emails a purchase order to Company B at 10:00 AM and the email reaches B’s server at 10:02 AM, legally the “dispatch” time is 10:02 AM. Even if Company B reads the email at 2 PM, the official receipt time remains 10:02 AM. This helps in commercial disputes to determine when a contract was accepted or when a legal notice was served.
---
5. REGULATION OF CERTIFYING AUTHORITIES (CA) – DETAILED WITH EXAMPLES
Certifying Authorities (CAs) are organisations that issue Digital Signature Certificates to individuals and businesses. The IT Act empowers the Controller of Certifying Authorities (CCA) to regulate, monitor, and license these certifying bodies. CAs must follow strict security rules to issue trusted digital signatures.
The responsibilities of a Certifying Authority include verifying the identity of applicants, issuing DSCs, maintaining digital records, and revoking certificates when misuse is reported. They must also conduct audits and comply with CCA guidelines. For example, eMudhra, Sify, Capricorn, and (n)Code Solutions are well-known licensed CAs in India. If a DSC is found to be used in a fraudulent manner, the CA must immediately suspend or cancel it. The CCA has the power to inspect CA offices and take action against violations.
---
6. DUTIES OF SUBSCRIBERS (WITH EXAMPLES)
A subscriber is a person or organisation who receives a digital signature certificate. The Act imposes certain duties to ensure the safe use of electronic signatures. The first duty is to keep the private key secure. The subscriber must prevent unauthorized access because anyone who gets the key can misuse the signature. If the private key is stolen, the subscriber must inform the Certifying Authority immediately so the certificate can be cancelled.
For example, if the digital signature of a company’s CEO is hacked and used to sign fake financial documents, the CEO is legally responsible unless he proves that he reported the compromise on time. Another duty is that subscribers must use the digital signature only for lawful purposes and must provide accurate information when applying for certificates. Any false detail can lead to legal penalties under the IT Act.
---
7. CYBER REGULATIONS APPELLATE TRIBUNAL (CRAT) – WITH EXAMPLES
The IT Act establishes the Cyber Regulations Appellate Tribunal (CRAT) to handle appeals against orders issued by adjudicating officers and the Controller of Certifying Authorities. CRAT deals with disputes related to cybercrimes, digital signatures, unauthorized access, hacking, and misuse of electronic data. It ensures that justice is delivered quickly in cyber-related matters.
For example, if a person is fined by an adjudicating officer for alleged hacking but believes the decision is incorrect, they can appeal to the CRAT. Similarly, if there is a dispute between a company and a Certifying Authority regarding the wrongful suspension of a digital certificate, the case is heard by the tribunal. In 2017, the CRAT was merged with TDSAT (Telecom Disputes Settlement and Appellate Tribunal) to streamline the appeals process.
---
CONCLUSION
The Information Technology Act, 2000 is a crucial law that strengthens digital communication, cybersecurity, and electronic commerce in India. It gives legal recognition to digital signatures and electronic records, promotes e-governance, regulates certifying authorities, defines the responsibilities of subscribers, and establishes the Cyber Appellate Tribunal to resolve cyber disputes. This Act is essential in today’s digital world and supports India’s movement toward a transparent, secure, and technology-driven economy.
