1. Definitions – only importance definitions are covered below, that is also in layman language
- Access means gaining entry into or instructing or communicating resources of a computer or computer system or computer network
- Asymmetric crypto system means a secure system of key pair (private key for creating a digital signature) (a public key to verify the digital signature) Example – Mr. A has sent a digitally signed message using his private key to the Mr. B and Mr. B has verified the same by using the public key. This is a dual-key approach where one key (private key) is used to encrypt and other key (public key) to decrypt.
- Computer means any electronic high-speed data processing device or system which performs logical, arithmetic, and memory functions. It includes all input, output, processing, storage, computer software, or communication facilities. It may be part of computer network or not
- Computer resource means computer and its software, data, system and network.
- Data means a representation of information, knowledge, facts, concepts or instructions in any form
- Digital signature means authentication of any electronic record by a subscriber by means of an electronic method
2. Electronic Governance
Chapter-III of the Act deals with Electronic Governance and provide for;- Authentication and Validity of electronic records (provided they can be retrieve on future date),
- Retention of Electronic Records – period and manner are specified also
- Audit of Electronic Records need to be performed to verify its authenticity
- Electronic contract are valid provided must carries certain attributes and electronic signature is affixed.
3. Certifying Authorities
- Certifying Authority means a person who grants a licence to issue Electronic Signature Certificates. (Note - they issue licence to issue DSC, they themselves are not issue DSC)
- Controller of Certifying Authorities perform supervise over the activities of the Certifying Authorities and can issue a statement called Certification practice statement to specify the practices that the Certifying Authority should employs
4. Digital Signature Certificates
- Section 35 to 39 of Act, provides that Certifying Authority through agents will issue Electronic Signature Certificate on an application by a person in the form prescribed (along with fee and supporting document) by the Central government.
- In case of ambiguity in application enquiries from applicant can be made, as it may deem fit, to grant the electronic Signature Certificate.
- Consideration should be provided to guidelines mentioned in certification practice statement while decision of grant or rejection
- Application can be rejected after given a reasonable opportunity being heard
5. Penalties
| Section | Offence | Penalty |
| 65 | Tampering with computer source documents | Imprisonment upto 3 yearsor Fine upto rupees two lakhs or Both. |
| 66 | Damage to Computer & computer system | Imprisonment upto 3 yearsor Fine upto rupees five lakhs or Both |
| 66A | Sending offensive messages through computer resource | Imprisonment upto 3 years and Fine |
| 66B | Dishonestly receives stolen computer resource | Imprisonment upto 3 yearsor Fine upto rupees one lakh or Both |
| 66C | Identity theft | Imprisonment upto 3 years and Fine upto rupee one lakh |
| 66D | Cheating by personating | Imprisonment upto 3 years and Fine upto rupee one lakh |
| 66E | Violation of Privacy | Imprisonment upto 3 yearsor Fine upto rupees two lakh or Both |
| 66F | Cyber terrorism | Imprisonment for life |
| 67 | Publishing & transmitting obscene information in e-form | First conviction – Imprisonment upto 3 years and fine upto rupees five lakhs Subsequent conviction - Imprisonment upto 5 years and fine upto rupees ten lakhs |
| 67A | Publishing material containing sexually explicit act in e-form | First conviction – Imprisonment upto 5 years and fine upto rupees ten lakhs Subsequent conviction - Imprisonment upto 7 years and fine upto rupees ten lakhs |
| 67B | Publishing material depicting children in sexually explicit act in e-form | First conviction – Imprisonment upto 5 years and fine upto rupees ten lakhs Subsequent conviction - Imprisonment upto 7 years and fine upto rupees ten lakhs |
| 67C | Preservation of Information by intermediaries | Imprisonment upto 3 years and Fine |
| 68 | Non-compliance with Controller’s directions | Imprisonment upto 2 yearsor Fine upto rupee one lakh or Both |
| 69 | Failure to assist in information decryption | Imprisonment upto 7 years and Fine |
| 69A | Failure to comply with Central Government direction | Imprisonment upto 7 years and Fine |
| 69B | Failure to assist in online access to computer resource | Imprisonment upto 3 years and Fine |
| 70 | Securing access to protected system | Imprisonment upto 10 years and Fine |
| 70B | Failure to provide information | Imprisonment upto 1 yearor Fine upto rupees one lakh or Both |
| 71 | Misrepresentation | Imprisonment upto 2 yearsor Fine upto rupees one lakh or Both |
| 72 | Breach of confidentiality & privacy | Imprisonment upto 2 yearsor Fine upto rupees one lakh or Both |
| 72A | Disclosure of information in breach of lawful contract | Imprisonment upto 3 yearsor Fine upto rupees five lakh or Both |
| 73 | Publishing false ESCs | Imprisonment upto 2 yearsor Fine upto rupees one lakh or Both |
| 74 | Publication for fraudulent purpose | Imprisonment upto 2 yearsor Fine upto rupees one lakh or Both |
| 84B | Abatement of Offence | Punishment provided for the offence under this Act. |
| 84C | Attempt to commit offence | Imprisonment of any description provided for the offence, for a term upto one-half of the longest term of imprisonment provided for that offence , or with such fine provided for the offence ,or Both |
6. Appeal
- An aggrieved party (a Certifying Authority or a subscriber) by the order of the Controller of Certifying Authorities may take following route;
- First Appeal - Adjudicating Officer – It shall be duty of Central Government to appoint any officer not below the rank of the Director to the Government of India to be an adjudicating officer. Every such officer shall have the powers of a civil court.
- Second Appeal - Cyber Regulations Appellate Tribunal (CRAT) - Established by the Central Government. Comprises of a Presiding officer to be appointed vide a notification by the Central Government. CRAT has same powers as are vested in a civil court under the Code of Civil Procedure, 1908. Note – Direct appeal against Controller of Certifying Authorities to CRAT can be done.
- Appeal to High Court - an aggrieved person, against the order of the CRAT may appeal to High Court within sixty days from the date of communication of the decision or order.
