February 21, 2023

Cyberspace regulation:detailed analysis of national legal framework

This article has been written by Ms Panya Sethi, a third year BBA.LLB student of Symbiosis Law School, Noida.


The online environment has seen a meteoric rise in popularity, with millions of users now having constant access to a vast array of online tools and contributing information on a regular basis. While this information is accessible from any computer with internet connection, it may be physically located in a number of separate “servers” that are not necessarily inside the same country as the user. Cybercrime is on the increase in today’s increasingly digital world, calling for new cyber laws to protect the public. Cyber laws provide rules that both persons and corporations must follow while interacting in digital spaces. Protecting data from hackers and other unauthorized users is one way to lessen the impact of cybercrime and ensure that confidential data like emails, personnel records, and corporate files remain out of the wrong hands.

Users of the Internet may have no idea at all as to the actual location of the material they are accessing. Businesses of all stripes have benefited greatly from this form of digital networking since it facilitates a wider range of financial and customer service activities. In addition to the traditional retail market, the Internet also allows for the distribution of digitally produced items including music, photos, books, movies, multimedia works, and software. There may be more opportunities for economic and creative exchanges in the future, but there will also be more opportunities for conflicts to arise over the ownership, control, sharing, and dissemination of information. This article analyses the indian legal framework related to cyber crimes.


1. Application Security 

The majority of the apps we download and use on our mobile devices are protected by Google’s strict guidelines for the Google Play Store. Users may choose from over 1.85 million unique applications. Even if we have alternative options, this does not imply that we should assume all applications are secure. Lots of applications provide the impression that they’re secure, but they end up stealing our data and then forcing us to sell it to a third party in exchange for money. At once, it’s the target of a cyberattack. A reliable source, not Google Chrome, must be used for app installation. 

2. Network Security 

Improved network security is necessary to protect internal networks against attacks from the outside world.

We used to often use free Wi-Fi in public places like cafés, malls, etc., which allows third parties to monitor our phone’s location through the internet. When we employ a payment processor, our bank account might be completely depleted. Since open networks do not often provide security, it is best to stay away from them. 

3. Cloud Security 

Over the last decade, cloud-based data storage has grown in popularity. It improves security and keeps information on the cloud, so it can be accessed from anywhere with the right credentials, but this also makes it vulnerable to unauthorised access. Famous platforms include Google Drive, Microsoft Cloud, Dropbox, etc. If we don’t mind sacrificing some privacy while storing our data, then we can use these services without cost. Amazon Web Services (AWS) is a cutting-edge method that safeguards your data and allows you to manage your organisation from anywhere in the world.

 4. Mobile Security 

Whether it’s taking lessons online, contacting customers, or transferring funds, everything we do these days is done through mobile devices. Therefore, it is imperative that all security updates for this mobile device be installed. All of our payment apps should be secured using the phone’s in-built app, and we should never give out our passwords to anybody other than our immediate loved ones.


There is just one legislation in India that can be considered a “The Information Technology Act of 2000 is a cyber law that regulates the use of computers and the Internet. The Act’s overarching goal is to make paperless communication and document filing a reality by setting rules for business dealings that take place through electronic data interchange and other forms of electronic communication (ecommerce) “organizations with a government mandate.

Electronic Signatures [Chapter II] 

With his Digital Signature in hand, “Digital documents may have their authenticity confirmed by any subscriber (the recipient of the Digital Signature Certificate). Any “data record or data generated image or sound” that is maintained, received, or communicated electronically, or any “microfilm or computer manufactured microfiche,” are all considered “electronic records” under Section 3 of the Act.”

Electronic Governance [Chapter III] 

The IT Act of 2000 addresses this issue in Sections 4-10A. It allows for legally binding electronic contracts to be made and signed, and it recognises electronic records and electronic signatures. 

The submission of information in electronic form will be adequate compliance with any legislation requiring “submission of information in writing, or in the typewritten or printed form. ” In addition, Digital Signatures may be used to comply with the requirements of any law that calls for a signature to be affixed to a document. Government offices also accept electronic forms for submitting applications, forms, and other documents with the appropriate authorities; issuing licences, permits, sanctions, and approvals; and recognising payments. Electronic records may be used to store information and documentation for as long as required by law. To illustrate, consider the “The publication of any rule, regulation, order, by-law, or notification in the Official Gazette or the Electronic Gazette is authorized. No federal or state agency or regulatory body may mandate that its constituents switch to electronic records exclusively “made possible by the passage of any law.

Regulation of Certifying Authorities [Chapter IV] 

Each Certification Authority is accountable to a “Certification Authority Controller, a position that may be created by the Federal Government. The IT Act establishes the role of the Controller of Certifying Authorities (CCA) in authorizing and regulating CAs. A digital signature certificate, issued by a Certifying Authority, is required for online subscriber identification verification (CAs). By verifying the public keys of CAs with its own private key, the CCA allows Internet users to determine whether or not a given certificate was issued by a trusted CA.”

Digital Signature Certificate [Chapter VII] 

It is possible for anybody to request “a Digital Signature Certificate from the relevant Certifying Authority. When granting such a certificate,” the Certifying Authority must attest that it has followed all requirements set out by the Act. 

Duties of subscribers [Chapter VIII]

Sections 40-42 of Chapter VIII detail the obligations of subscribers. When discussing electronic signature certificates, the term “subscriber” refers to the individual to whom the certificate was granted. A subscriber might be compared to a buyer or a client. Follows are the responsibilities of subscribers:

  1. Sec 40: Any time a subscriber accepts a Digital Signature Certificate, they must follow the security protocol to create a public key pair. 
  2. Sec 41(1): To prove that the digital signature certificate issued by the certification authority is legitimate, he must show it to a third party, either in a repository or in person. 
  3. In accordance with section 41, the subscriber is required to provide accurate information (2).
  4. Sec 42(1): He is responsible for ensuring that his public key stated in his Digital Signature Certificate is kept secret and never shared with unauthorised parties.
  5. Sec 42(2): In the event that the subscriber learns that the security of the private key used to generate the public key used in the Digital Signature Certificate has been compromised, they must immediately notify the Certifying Authority.”

Penalties and Adjudication [Chapter IX] 

Punishments and judgements are discussed in Sections 43–47 of Chapter IX. You may not access, use, copy from, distribute, or tamper with another person’s or organization’s computer(s), computer(s), computer(s), computer(s), system(s), network(s), or data without that person’s or organization’s express consent. If you break any of these rules, the owner may sue you for up to One Crore Indian Rupees. 

The Appellate Tribunal [Chapter X] 

The Telecom Debates Repayment and Redrafting Court established under Section 14 of the Telecom Administrative Power of India Act, 1997, shall serve as the investigating council for the purposes of this Demonstration, and shall exercise the ward, powers, and authority conferred upon it by or under this Demonstration,” as stated in Section 48 of the IT Act. The authority of the Redrafting Court may rely on the subject matter and geographic scope of justice as specified by a notification from the Focal Government. In the event that a person is unable to refrain from appealing a decision made by the Regulator of Ensuring Authority or the Settling Official under the Demonstration, they may do so with the Digital Guidelines Redrafting Court, which may be established by the Central Government.

Offences [Chapter XI] 

“Penalties for breaking into a computer system or modifying its source code may include up to three years in prison and a fine of up to two million rupees (Rs. 2 lakhs). One may be sentenced to up to ten years in prison and a fine of up to two million rupees (Rs. 10 million) for distributing sexually explicit information online,” and the penalties rise with each subsequent offense. The Indian Supreme Court invalidated Article 66A of the Information Technology Act, 2000 in 2015 on the grounds that it restricted citizens’ freedom of expression in violation of Article 19(1)(a) of India’s constitution. Because of this, the Information Technology Act of 2000 was revised.


Section 75: ” It is the intention of the legislature that the provisions of this Act apply to any offence or repudiation committed outside of India by any individual regardless of his” identit, provided that the demonstration or direct comprising the offence or repudiation includes a computer, computer system, or computer network located in India.

Section 76: Confiscation: Any “computer, computer system, floppies, compact discs, tape drives, or any other accessories connected thereto” that is “used, possessed, or controlled with intent to violate any provision of this Act, rules, orders, or regulations imposed thereunder” is susceptible to confiscation. Nonetheless, if it can be shown that the money were not used to commit fraud, only the defaulting party will be jailed.”


The three most important cyber security circulars issued by SEBI are as follows:

 1. This framework for cyber security and resilience for stockbrokers and depositories was defined in a SEBI Circular from December 03, 2018.

 2. This framework for cyber security and resilience was developed by a SEBI Circular dated December 07, 2018, and it applies to Stock Exchanges, Clearing Corporations, and Depositories. 

3. Mutual funds and asset management firms have a new standard for cyber security and resilience according to a SEBI circular issued on January 10, 2019. (AMCs).

The Securities and Exchange Board of India (SEBI) announced new rules in December 2018 that cover a wide range of topics, from human resource practices to technological guidelines for encrypting and protecting consumer data. An intriguing aspect of this circular is that it was written together by SEBI, industry players, and technologists like Zerodha. Stock exchanges and depository institutions are required, under a circular from the Securities and Exchange Board of India (SEBI), to implement and maintain a comprehensive cyber security and cyber resilience architecture to safeguard customer data and personal information. 

Enhancing Stockbrokers’ and Depository Participants’ Cyber Security and Cyber Resilience is a primary priority. This is done to ensure the safety of investors’ personal information and securities holdings. It applies to information they generate, receive, or store in the course of performing their tasks and responsibilities, regardless of the location or medium in which the information is stored.

The Securities and Exchange Board of India (SEBI) updated its Circular from December 3, 2018 with new requirements for stock brokers and depository participants in its “Cyber Security and Cyber resilience framework” on June 7, 2022. The Guidelines have been amended to reflect SEBI’s mandate that businesses catalogue their critical resources and maintain an accurate accounting of their worth.

The Securities and Exchange Board of India (SEBI) is releasing these rules to protect the privacy and security of its constituents and the public by keeping a close check on the stock exchange’s activities. A robust cyber security and cyber resilience structure is required to safeguard investors’ interests.


In an effort to update antiquated legislation, the Information Technology Act of 2000 also includes provisions for dealing with cybercrime. These regulations are necessary to ensure that individuals may shop securely online using their credit cards. The Act provides the necessary legal structure to ensure that information stored in electronic records is not automatically rendered invalid, unenforceable, or otherwise unreliable just because it is stored in an electronic format.

  • The provisions of India’s IT Act of 2000 are generally favourable to the growth of electronic commerce in the country. For starters, what this means for online firms is that emails may be used as admissible evidence in a court of law and need not be deleted if they are ever needed.
  • Now that the legal framework for doing business online has been established by the Act, businesses may engage in electronic commerce.
  • The Act recognises digital signatures as genuine and enforceable documents.
  • Companies may now act as Certifying Authorities and issue Digital Signature Certificates after the Act cleared the way for their participation in the market.
  • E-governance has been heralded by the Act, which mandates that the government may now publish notices online.

Organizations may submit any structure, application, or other report in electronic form to any office, authority, body, or office claimed or constrained by the relevant Government in accordance with the Demonstration, provided that the form uses electronic structure as may be characterized by the relevant Government.

  • Security concerns, vital to the growth of e-commerce, are also addressed in the IT Act. Secure digital signatures that have gone through a security process, as mandated by the Government at a later period, are now legally defined thanks to the Act.
  • With the passage of the Information Technology Act of 2000, businesses will have a legal recourse available to them in the event that an unauthorised person gains access to their network or computer system and either causes harm or steals information. If you break the law and are caught, you may sue for damages up to Rs. 1 crore.


There are several dangers lurking in cyberspace that must be addressed urgently. Despite being aware of the increasing hazards, cyber society is more concerned with technological advancement than with establishing concrete steps to stabilise this sector. Fixing the current status of cyberspace is, therefore, of the utmost importance. There has to be strict data protection and data privacy rules so that internet users may feel safe. Other areas that need attention include the ease with which obscene and indecent content can be accessed, the shifting of business transactions from tangible to intangible assets, and the resulting regulatory and jurisdictional issues. 


  1. Kaur, G. (1970, January 1). Unit-4 Regulation of Cyberspace: An overview. eGyanKosh. Retrieved December 23, 2022, from https://egyankosh.ac.in/bitstream/123456789/72999/1/Unit%204-%20Regulation%20%26%20Cyber%20spaceFinal.Image.Marked.pdf 
  1. Tripathi, S. (2019, November 9). Regulatory framework for cyber crimes : Facts to know about. iPleaders.Retrieved December 23, 2022 from https://blog.ipleaders.in/regulatory-framework-for-cyber-crimes/#Legal_regime_in_India 
  1.  Nisha Holla and Vikas Kathuria, Regulating Cyberspace: Perspectives from the private sector in Asia (New Delhi: ORF and Konrad-Adenauer Stiftung, 2021) Retrieved December 23 from https://www.orfonline.org/wp-content/uploads/2021/10/Regulating-Cyberspace.pdf 
  1. Singh, N. (2022, June). Cyber Security Initiatives by Securities and Exchange Board India* – ICSI. Institute of Company Secretaries of India. Retrieved December 23, 2022, from https://www.icsi.edu/media/webmodules/06072022_Cyber_Security_Initiatives_by_Securities_and_Exchange_Board_India.pdf 
  1. Cyber Laws of India. ISEA. (n.d.). Retrieved December 24, 2022, from https://infosecawareness.in/cyber-laws-of-india 

Aishwarya Says:

Law students often face problems, which they cannot share with their friends and families. We have started a column on our website Student’s Corner. In this column we are talking to several law students about the challenges that they face. Students who are interested in participating in the same, can fill this Google Form.


The copyright of this Article belongs exclusively to Ms. Aishwarya Sandeep. Reproduction of the same, without permission will amount to Copyright Infringement. Appropriate Legal Action under the Indian Laws will be taken.

If you would also like to contribute to my website, then do share your articles or poems to aishwarya@aishwaryasandeep.com

Join our  Whatsapp Group for latest Job Opening

Related articles