📞 Helpline No: 9311159707, 7859999944
Akhil Bhartiya Cyber Suraksha Sangathan (Regd.)
Regd. with Registrar of Society of NCT Delhi-Regd. No-287
Cyber Criminals se Suraksha, Digital India ki Raksha
अखिल भारतीय साइबर सुरक्षा संगठन (पंजी)
भारत की पहली साइबर क्राइम इन्वेस्टीगेशन एन जी ओ
ऑनलाइन रहें सतर्क, साइबर अपराध से रहें सुरक्षित
www.abcss.org Email: info@abcss.org
AMIT MALHOTRA
(Cyber Crime Investigation Specialist)
Founder Akhil Bhartiya Cyber Suraksha Sangathan
18 yrs experience in crime prevention, detection and investigation. Certified Ethical Hacker from Ec-Council. Certified Cyber Crime Investigator from Asian School of Cyber Laws. Presently working in the area of cyber crime investigation.
India has a comprehensive legal framework to address cyber crimes and protect citizens in the digital space. The primary legislation governing cyber activities is the Information Technology Act, 2000 (IT Act) — amended significantly in 2008 — along with provisions under the Bharatiya Nyaya Sanhita (BNS), 2023 which replaced the Indian Penal Code (IPC) from July 1, 2024. Additional protections are provided under the Protection of Children from Sexual Offences (POCSO) Act, the Aadhaar Act, and various data protection regulations. Knowing these laws empowers citizens to understand their rights, recognise criminal acts, and take informed legal action against cyber criminals.
⚡ Jump To Section:
IT Act 2000
BNS 2023
POCSO Act
Aadhaar Act
Data Protection
Law Comparison
Your Rights
📜 Information Technology Act, 2000 (with 2008 Amendments)
The IT Act 2000 is the primary law governing electronic commerce, digital signatures, cyber crimes and data protection in India. It was significantly amended in 2008 to expand the definition of cyber offences and increase penalties. Click on any section below to read the full description.
Sec 43
Penalty for Damage to Computer System
Compensation up to ₹1 Crore
Whoever without permission of the owner accesses, downloads, introduces virus, disrupts service, denies access, assists unauthorised access or tampers with a computer system shall be liable to pay damages by way of compensation to the person affected. Covers hacking, data destruction, denial of service and unauthorised access to computer systems and networks.
Sec 43A
Compensation for Failure to Protect Sensitive Personal Data
Compensation as determined
A body corporate that possesses, deals or handles sensitive personal data and is negligent in implementing reasonable security practices, causing wrongful loss or gain to any person, shall be liable to pay damages to the affected person. This section applies to companies, organisations and institutions handling personal data including medical records, financial information and passwords.
Sec 65
Tampering with Computer Source Code
3 Yrs Imprisonment + ₹2 Lakh Fine
Whoever knowingly or intentionally conceals, destroys or alters any computer source code required to be kept or maintained by law shall be punishable with imprisonment up to 3 years or a fine up to ₹2 lakh, or both. This section protects the integrity of software source codes mandated to be maintained by government or regulatory bodies.
Sec 66
Computer Related Offences (Hacking)
3 Yrs Imprisonment + ₹5 Lakh Fine
If any person dishonestly or fraudulently does any act referred to in Section 43, he shall be punishable with imprisonment up to 3 years or fine up to ₹5 lakh or both. This is the primary hacking section covering all forms of unauthorised access, data theft, system damage and network intrusion done with fraudulent or dishonest intent.
Sec 66B
Punishment for Dishonestly Receiving Stolen Computer Resource
3 Yrs Imprisonment + ₹1 Lakh Fine
Whoever dishonestly receives or retains any stolen computer resource or communication device, knowing or having reason to believe it is stolen, shall be punished with imprisonment up to 3 years or a fine up to ₹1 lakh, or both. Applicable to persons who buy, use or store hacked accounts, stolen data or compromised devices.
Sec 66C
Identity Theft
3 Yrs Imprisonment + ₹1 Lakh Fine
Whoever fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person shall be punished with imprisonment up to 3 years along with a fine up to ₹1 lakh. Covers fake profile creation using another person's identity, password theft, SIM swapping and account takeovers.
Sec 66D
Cheating by Personation Using Computer Resource
3 Yrs Imprisonment + ₹1 Lakh Fine
Whoever by means of any communication device or computer resource cheats by personation shall be punished with imprisonment up to 3 years and a fine up to ₹1 lakh. Directly applicable to phishing attacks, vishing calls, fake banking portals, impersonation of government officials and business email compromise scams.
Sec 66E
Violation of Privacy
3 Yrs Imprisonment + ₹2 Lakh Fine
Whoever intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment up to 3 years or a fine up to ₹2 lakh or both. Covers voyeurism, hidden camera use, image morphing, non-consensual intimate image sharing and peeping tom offences.
Sec 66F
Cyber Terrorism
Life Imprisonment
Whoever with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people denies or causes denial of access to any person authorized to access the computer resource, or attempts to penetrate or access a computer resource without authorisation, or introduces or causes to be introduced any computer contaminant, shall be punishable with imprisonment which may extend to life. The most serious cyber offence under the IT Act.
Sec 67
Publishing Obscene Material in Electronic Form
3–5 Yrs + ₹5–10 Lakh Fine
Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest shall on first conviction be punished with imprisonment up to 3 years and fine up to ₹5 lakh; on second or subsequent conviction, imprisonment up to 5 years and fine up to ₹10 lakh. Covers obscene content shared via WhatsApp, social media or websites.
Sec 67A
Publishing Sexually Explicit Material
5–7 Yrs + ₹10 Lakh Fine
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall on first conviction be punished with imprisonment up to 5 years and fine up to ₹10 lakh; on second or subsequent conviction, imprisonment up to 7 years and fine up to ₹10 lakh. Applicable to revenge porn, non-consensual intimate content sharing and adult content distribution.
Sec 67B
Child Sexual Abuse Material (CSAM) Online
5–7 Yrs + ₹10 Lakh Fine
Whoever publishes, transmits, creates, collects, seeks, browses, downloads or exchanges material depicting children in sexually explicit or obscene acts shall on first conviction be punished with imprisonment up to 5 years and fine up to ₹10 lakh; on second conviction imprisonment up to 7 years and fine up to ₹10 lakh. Read with POCSO Act for comprehensive child protection online.
Sec 72
Breach of Confidentiality and Privacy
2 Yrs Imprisonment + ₹1 Lakh Fine
Any person who has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such material to any other person shall be punished with imprisonment up to 2 years or fine up to ₹1 lakh or both. Applicable to government officials, intermediaries and service providers who misuse private data.
Sec 74
Publication for Fraudulent Purpose
2 Yrs Imprisonment + ₹1 Lakh Fine
Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment up to 2 years or fine up to ₹1 lakh or both. Covers fake digital certificates, fraudulent e-sign usage and digital forgery.
📗 Bharatiya Nyaya Sanhita (BNS), 2023 — Cyber Provisions
The Bharatiya Nyaya Sanhita (BNS) 2023 replaced the Indian Penal Code (IPC) 1860 with effect from July 1, 2024. It retains and strengthens all major cyber crime provisions from the IPC with enhanced penalties and clearer definitions for the digital age.
BNS 111
Organised Cyber Crime (Replaces IPC 120B)
Up to 7 Yrs or Life + Fine
BNS Section 111 deals with organised crime syndicates — including cyber crime gangs that run large-scale fraud operations, phishing networks, dark web markets or money mule operations. Punishment ranges from 5 years to life imprisonment with heavy fines depending on the gravity of the offence and scale of the criminal enterprise.
BNS 318
Cheating (Replaces IPC 420)
Up to 7 Yrs + Fine
Covers all forms of online cheating — financial fraud, fake investment schemes, OTP scams, lottery fraud, romance scams, job fraud and matrimonial fraud carried out through digital means. Whoever cheats and thereby dishonestly induces the person deceived to deliver any property, or to make, alter or destroy the whole or any part of a valuable security shall be punished with imprisonment up to 7 years and fine.
BNS 319
Cheating by Impersonation (Replaces IPC 419)
Up to 5 Yrs + Fine
Directly applicable to digital arrest scams, vishing calls impersonating police/CBI/bank officials, fake customer care executives and business email compromise attacks. Whoever cheats by pretending to be some other person, or by knowingly substituting one person for another, or representing that he or any other person is a person other than he or such other person really is, shall be punished with imprisonment up to 5 years and fine.
BNS 351
Criminal Intimidation (Replaces IPC 503/506)
Up to 7 Yrs + Fine
Covers online threats, extortion messages, WhatsApp threats, email blackmail and sextortion — threatening to cause injury to person, reputation or property to compel someone to do an act they are not legally bound to do. Aggravated form (anonymous threats, threats to cause death or grievous hurt) carries up to 7 years imprisonment.
BNS 78
Cyber Stalking (Replaces IPC 354D)
3 Yrs (1st) / 5 Yrs (Repeat) + Fine
Any man who follows a woman and contacts or attempts to contact such woman to foster personal interaction repeatedly despite a clear indication of disinterest by such woman, or monitors the use by a woman of the internet, email or any other form of electronic communication, commits the offence of stalking. Punishment: up to 3 years imprisonment and fine for first offence; up to 5 years and fine for second or subsequent offence.
BNS 356
Defamation Online (Replaces IPC 499/500)
Up to 2 Yrs + Fine
Whoever makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such imputation will harm, the reputation of such person is said to defame that person. Online defamation includes false posts on social media, fake news, defamatory WhatsApp messages and reputation damage campaigns. Punishment: imprisonment up to 2 years or fine or both.
BNS 308
Extortion / Sextortion (Replaces IPC 383/384)
Up to 3–10 Yrs + Fine
Covers sextortion — blackmailing victims using intimate images or videos — as well as ransom demands after hacking, ransomware attacks, and digital extortion schemes. Whoever intentionally puts any person in fear of any injury to that person or to any other, and thereby dishonestly induces that person to deliver any property shall be punished with imprisonment up to 3 years and fine. Aggravated forms carry up to 10 years.
👧 POCSO Act, 2012 — Child Protection Online
The Protection of Children from Sexual Offences (POCSO) Act 2012 provides comprehensive protection to children (under 18) from sexual abuse and exploitation, including online offences. It is read together with IT Act Section 67B for digital child safety.
POCSO Sec 11
Sexual Harassment of a Child
Up to 3 Yrs + Fine
A person commits sexual harassment upon a child when such person with sexual intent utters any word or sound, or shows any object or body part, or makes a gesture in the presence of a child — or makes a child exhibit their body or any body part. Online sexual harassment of children including sending obscene messages, video calls for sexual purposes and showing pornographic material to children falls under this section.
POCSO Sec 13
Using Child for Pornographic Purposes
Up to 5 Yrs + Fine (1st Offence)
Whoever uses a child in any form of media (including digital content, online platform or electronic form) for the purpose of sexual gratification shall be guilty of the offence of using a child for pornographic purposes. Using a child for live streaming, recording sexual acts or creating child abuse material online carries imprisonment up to 5 years for first offence and up to 7 years for subsequent offences along with fine.
POCSO Sec 15
Storage of Child Pornographic Material
Up to 3 Yrs + Fine or Both
Any person who stores or possesses pornographic material in any form involving a child but fails to report same shall be liable to fine. If the storage is for the purpose of sharing or transmitting such material, punishment is imprisonment up to 3 years or fine or both. Downloading, storing or sharing child sexual abuse material (CSAM) is a serious offence even if the person is not the creator.
🪪 Aadhaar Act, 2016 — Digital Identity Protection
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016 governs the use of Aadhaar-based identity in digital transactions and protects against misuse of biometric and demographic data.
Aadhaar Sec 29
Restriction on Sharing of Aadhaar Information
Up to 3 Yrs + ₹10,000 Fine
No Aadhaar number or biometric information collected under the Aadhaar Act shall be used for any purpose other than generation of Aadhaar numbers and authentication. No entity shall publish, display or post publicly any Aadhaar number. Sharing Aadhaar details without consent or posting Aadhaar cards on social media or public platforms is prohibited and punishable.
Aadhaar Sec 37
Penalty for Unauthorised Access to Aadhaar Data
Up to 3 Yrs + ₹10 Lakh Fine
Any person who with intent to defraud impersonates another person with or without his consent to obtain Aadhaar number or biological attributes shall be punished with imprisonment up to 3 years or fine up to ₹10 lakh or both. Covers fraudulent Aadhaar enrolments, biometric data theft and identity fraud using another person's Aadhaar credentials.
🔐 Digital Personal Data Protection Act (DPDP), 2023
The Digital Personal Data Protection Act 2023 is India's first comprehensive data protection law. It establishes rights of data principals (individuals) and duties of data fiduciaries (entities that collect and process data) in the digital environment.
DPDP Sec 4
Grounds for Processing Personal Data
Penalty up to ₹250 Crore
A Data Fiduciary may process personal data of a Data Principal only for a lawful purpose upon consent of the Data Principal. Personal data must be collected only to the extent necessary for the specified purpose. Companies and apps that collect excessive data, share data without consent or use data for undisclosed purposes are in violation. Penalties for data breaches can reach up to ₹250 crore.
DPDP Sec 13
Right to Grievance Redressal
Citizen Right
Every Data Principal (citizen) has the right to have readily available means of grievance redressal provided by the Data Fiduciary. If a company misuses your personal data, fails to protect it or refuses to delete it on request, you have the legal right to file a complaint with the Data Protection Board of India established under this Act.
DPDP Sec 9
Special Provisions for Children's Data
Penalty up to ₹200 Crore
A Data Fiduciary shall, before processing any personal data of a child, obtain verifiable consent of the parent or lawful guardian of such child. No Data Fiduciary shall undertake any processing of personal data of a child that is likely to cause any detrimental effect on the well-being of the child. Platforms targeting children cannot profile them for advertising. Violations attract penalties up to ₹200 crore.
📊 QUICK REFERENCE — CYBER CRIME vs APPLICABLE LAW vs PUNISHMENT
| Cyber Crime | Applicable Law | Maximum Punishment |
|---|---|---|
| Hacking / Unauthorised Access | IT Act Sec 66 | 3 Years + ₹5 Lakh Fine |
| Identity Theft / Fake Profile | IT Act Sec 66C | 3 Years + ₹1 Lakh Fine |
| Phishing / Online Fraud | IT Act Sec 66D + BNS 318 | 3–7 Years + Fine |
| Cyber Stalking (Women) | BNS Sec 78 | 3–5 Years + Fine |
| Morphing / Privacy Violation | IT Act Sec 66E | 3 Years + ₹2 Lakh Fine |
| Sextortion / Blackmail | BNS Sec 308 + IT Act 67A | 3–10 Years + ₹10 Lakh Fine |
| Online Defamation | BNS Sec 356 | 2 Years + Fine |
| Child Pornography Online | IT Act Sec 67B + POCSO Sec 13 | 5–7 Years + ₹10 Lakh Fine |
| Cyber Terrorism | IT Act Sec 66F | Life Imprisonment |
| Ransomware Attack | IT Act Sec 66 + BNS 308 | 3–10 Years + Fine |
| Data Theft / Corporate Espionage | IT Act Sec 43 + Sec 66 | 3 Years + ₹5 Lakh Fine |
| Aadhaar Fraud / Biometric Theft | Aadhaar Act Sec 37 | 3 Years + ₹10 Lakh Fine |
| Online Cheating / Digital Arrest Scam | BNS Sec 319 + IT Act 66D | 5 Years + Fine |
| Obscene Content Circulation | IT Act Sec 67 | 3–5 Years + ₹5–10 Lakh Fine |
🛡️ YOUR RIGHTS AS A CYBER CRIME VICTIM IN INDIA
Right to Register FIR Without Jurisdiction Barrier
Under the Zero FIR provision, you can file a cyber crime complaint at ANY police station in India regardless of where the crime occurred. The station must register and forward the FIR to the appropriate jurisdiction.
Right to Report Online
You have the right to file a cyber crime complaint online at cybercrime.gov.in without visiting a police station. Online complaints for financial fraud, stalking, hacking and social media crimes are fully accepted.
Right to Privacy and Anonymity (Sensitive Crimes)
Victims of sexual offences, cyber stalking, sextortion and child exploitation have the right to file complaints confidentially. Your identity is protected and cannot be disclosed publicly under law.
Right to Compensation for Data Breach
Under IT Act Section 43A and the DPDP Act 2023, if a company's negligence caused a data breach affecting you, you have the right to claim compensation through the Data Protection Board of India.
Right to Have Offensive Content Removed
Under IT Act Section 79 and Intermediary Guidelines 2021, you can demand social media platforms and websites remove defamatory, morphed, obscene or harassing content about you within specified timelines.
Right to Free Legal Aid
Cyber crime victims who cannot afford legal representation have the right to free legal aid under the Legal Services Authorities Act. Contact your District Legal Services Authority (DLSA) for assistance.
CYBER SAFETY TIPS
COMPLAINT & POLICE STATION
Follow Us
MASSMATIC CYBER FORENSIC COURSES
- BEGINNER'S LEVEL (1 Month Training)
- ADVANCED LEVEL (6 Month Training)
- EXPERT LEVEL (18 Months Training)
- CERTIFIED CYBER CRIME INVESTIGATION OFFICER (3 Months Training)
- COMPUTER HACKING FORENSIC INVESTIGATOR (3 Months Training)
- CYBER COMMANDO TRAINING V3.0 (3 Months Training)
- FREE CYBER SECURITY & AWARENESS COURSE (Register Here)