ABSTRACT
India is changing fast, with all this digital stuff taking over everything from business to how the government works to even daily chats. Programs like Digital India have pushed things along, plus more people getting internet and using Aadhaar for everything, and then there’s UPI making payments super quick. It seems like India is one of the top-growing digital hubs in the world because of that.
But honestly, the laws haven’t kept up at all. The Information Technology Act from 2000, it was made back when tech was just starting, and now it feels way too basic for all the new problems popping up. Cyber threats are getting more complicated, and law enforcement struggles with that kind of crime all the time. I think this study looks at it through doctrinal ways and some analysis, pulling in laws, court cases, policies, and even stuff from other places like the GDPR in Europe.
New tech like blockchain and AI brings up ethical issues and legal questions that nobody has really sorted out yet. There are no solid rules for them right now, which makes things messy. The main point here is to point out where the current framework falls short, and push for something updated that actually fits tech today.
It might need to be more flexible, too. Like, maybe an Information Technology Act 2.0 or whatever they call it, to handle digital rights and keep India strong in the digital world. That part stands out, but I’m not totally sure how they would make it all work without messing up sovereignty or something. The growth is exciting, but the gaps are hard to ignore.
KEYWORDS
Information Technology Act, Cyber Law, Digital Personal Data Protection Act, Artificial Intelligence, Cyberspace, Cybersecurity, Digital India, Jan Vishwas Act.
INTRODUCTION
In 2000, the Indian parliament passed a law to regulate cyberspace in India. Since then, the Act has not been updated as new cyber space crimes has arises in the technological world, in 2008 its first amendment came. It has been 25 years since the IT Act came into force and was notified by the Ministry of Electronics and Information Technology. This makes it a silver jubilee for one of the foundational laws in cyberspace in India. It has been a quarter-century of evolution, struggle, tweaks, court battles, reform attempts, and yet not completed the adoption of the UNCITRAL Model Law. It gives legal recognition to electronic signature, digital signature, creates basic cyber offences, and establishes the admissibility of electronic evidence. The framework is supported by the legislation, which shaped the practice by courts; it is the first legal support by the legislature to regulate cyberspace in India. The IT Act was majorly amended twice, in 2023 by the Jan Vishwas Act.[1] amended section 11[2], and the DPDPA[3] 2023 amended section 3[4] of the IT Act. This unawareness exists; new technology like search engines or AI tools has been authored by IT professionals or cyber law diploma holders. The IT Act 2000 mainly deals with cybercrimes, which has come near 2000; it is unaware or not able to deal with today’s problems or cybercrimes. Recently Ministry has notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules,2025. Which amend the Rule 3(1)(d) of the IT Rules 2021.
After multiple requests, a major amendment came with an expansion in the domain of offences (identity theft, privacy invasion of images, cyber terrorism), created a new power of investigation, strengthened intermediaries’ treatment, and formalized some institutional pieces (CERT-In role under the Act)[5].
Some provisions later proved controversial (section 66A was added in this Amendment). The Amendment responded to phishing, spam, the rise of social media/online messaging, malware, cyber terrorism risks, but it was drafted before when smartphone or AI were widely used.
In Shreya Singhal v. Union of India[6] On March 24, 2015, the Supreme Court of India struck down Section 66A as unconstitutional, marking a defining moment for digital free speech in India. but police, public prosecutor and event some judges in filing of FIR, framing of charges and even when pronouncing a judgment uses the application of Section 66A, On 2 August 2021 the Hon’ble Supreme Court had issued notices to all states and union territories and registrars general high court, government yet had to actually bring in section in the Jan Vishwas Act, 2023 which formally repealed this section.
RESEARCH METHODOLOGY
This research is doctrinal nature and based on secondary sources for the deep analysis of Information Technology Act,2000. Secondary sources of information, like Articles, journals, websites, law reviews, and newspapers, are used for the research.
REVIEW OF LITERATURE
A few scholars have pointed out the limitations of the IT Act, 2000, in dealing with contemporary cyber challenges. Legal luminaries have started that the IT Act is only concerned with e contract, ecommerce activities and does not have provisions relating to new technology like Artificial Intelligence and big data analytics[7].
Cyber law framework in India has subject of critical discussion over new Digital era, various scholars, policy analysts and makers, practicing advocates have examined its core strengths and limitations, particularly in light of rapid technology advancement and rise of cyber crime in India. Their research give a significant concerns over the outdated legislation( IT Act,2000).
Pavan Duggal, Arghya Sengupta, Anja Kovacs, Gautam Bhatia, Usha Ramanathan Sunil Abraham, these Scholars paint a overarching picture of Cyber laws in India, The IT Act and its amendments were seen as pioneering in early years. Most of the scholars and legal Practitioners will agree that the current laws dealing with cyberspace are not fit for Modern digital age. The literature consistently links cyber laws to broader issues of surveillance and democratic accountability[8].
Studies on Data protection have pointed out that India does not have a sound data protection regime, even though it recognizes data privacy as a fundamental right. This has been partly addressed by the introduction of the Digital Personal Data Protection Act, 2023, but its integration with existing cyber laws is a challenge. Studies on cybercrime have pointed out a significant increase in digital fraud and cyber hacking, indicating a lack of effective enforcement and outdated legislation. Scholars pointed importance of effective intermediary liability regulations and content modernization guidelines.[9]
International literature has pointed out how countries like the European Union have formulated effective data protection regulations like the General Data protection which could be emulated by India.[10]
METHOD
The study includes an analytical approach to test the effectiveness of the IT Act and examine the statutory provisions, gaps, and a deep analysis of recent judicial decisions. Comparative analysis between the international framework and domestic legislation, which is used to propose reforms. The method also includes assessment of technological trends impacting legal regulation and policy evaluation.
NEED FOR INFORMATION TECHNOLOGY ACT 2.0
The Information Technology Act was adopted 25 years ago, when digital technology was not in much use. It does not address modern issues such as the regulation of Artificial intelligence, the protection of data, cyber space warfare and national security threats, cryptocurrency and blockchain technologies, modern day cybercrimes. The absence of provisions related to these issues makes it ineffective and creates regulatory gaps.
India has witnessed a significant increase in cybercrimes, including phishing, ransomware attacks, identity theft, and financial fraud. IT Act provisions are sufficient to deal with these cyber threats and become helpless to these crimes. According to NCRB[11] The number of cybercrime cases significantly increased from 52974 in 2021 to 86420 in 2023, with cyber fraud accounting for 69% of these cases. However, the conviction rate of these cases is very low. IN 2021 alone, only 490 cases got convictions out of 52430 cases, resulting merely 0.93% conviction rate. There is a huge pendency of cases every year, and this number is increasing year by year. The national rate of cybercrime increase is 6.2 cases per lakh population, which makes an urgent need for updated cyber law enforcement and judicial reforms.
Despite judicial recognition of the right to privacy as a fundamental right in K.S. Puttaswamy v. Union of India[12]The IT Act does not provide any related provision for the protection of personal data. For which a separate law was enacted Digital Personal Data Protection Act, 2023, for the security of personal data, but it operates independently and lacks integration with the existing Information Technology Act, 2000, and the cyber law enforcement mechanism.
Today, social media and communication platforms play a crucial role in the transfer of information dissemination, but also contribute to misinformation, hate speech, and fake news. Currently intermediary liability framework under section 79[13] of the IT Act,2000, provides a safe harbor for protection to internet intermediaries (like social media, ISPs, and e- commerce sites), which lacks clarity and consistency, and recent rules have attempted to address such rules, but a comprehensive legislation is needed.
Cyber threats pose significant risks to national security, including attacks on cyber infrastructure. The IT Act does not provide a provision or a robust framework for cybersecurity governance in India. To protect national cybersecurity standards, reports of cyber incidents, and to strengthen CERT-In mechanisms, we need updated laws with provisions related to modern cybersecurity problems.
In the past 25 years, India has build expansive cyber infrastructure (legal and enforcement framework), but till now, cybercrime awareness among citizens has not reached its full potential. One of the major reasons is that India has linguistic diversity and a lack of vernacular outreach. For these cyber campaigns done by cyber cells, CERT-In advisors, and police awareness campaigns done in English or Hindi, leaving a vast segment that resides in rural semi-rural areas where internet adoption has exploded with cheap smartphones and regional-language apps, largely uninformed about basic digital hygiene. Institutions like NCRB, CERT, Cybercrime Coordination Centre (I4C) made strides in the capacity of police or educators to do mass citizen awareness programs, particularly in non-metro areas where digital literacy is functional but cyber risk comprehension is minimal. Bridging this gap requires localized cyber education in every Indian language and state-level community campaigns. Until cybersecurity awareness speaks the language of the people, cybercrime will continue to outpace consciousness.[14].
The Information Technology Act is an emerging law that still needs to be developed to ensure it keeps pace with the dynamic nature of cybercrime[15]. This renders it harder for authorities to adequately comprehend and implement the law. Law enforcement organizations have particular barriers in executing the Act against various types of cybercrime, for example, the investigation and prosecution of crime, which involves anonymous or encrypted communications, are challenged[16]. The Act also fails to grant police authorities enough authority to investigate and punish cybercrime offenders. The Act needs to be updated to reinforce this authority and allow it to keep up with the ever-evolving nature of cybercrime. Cybercrime is a worldwide issue that calls for global collaboration to properly address the problem and come up with an effective solution. The Information Technology Act should be updated to allow for greater global interaction in the enquiry into cybercrime and punishment.
SUGGESTIONS
India needs a comprehensive new information technology Act 2.0 that will replace the existing framework with a modern day technology neutral law and provide speedy justice, and new law should make a coordination or harmonized with digital personal data protection Act, ensuring consistency in privacy and data governance and also enhanced penalties for cyber offences and make a special cyber courts for speedy justice and disposal of cases, also improves investigating power for law enforcement. The establishment of a regulatory authority of AI mandates transparency in AI systems and AI deployment guidelines.
There is a clear suggestion to take adjudication online, for much like the Grievance Appellate Committee (GAC) mechanism under the IT Rules of 2021[17], advocating for ODR[18] mechanisms under the IT Act, as it faces failure of the AO (adjudicating officer) appointed in IT Act. New legal framework required the clear intermediary liability for social media platform which makes transparent content moderation and protection of freedom of speech, and makes mandatory cybersecurity compliance for organizations like social media platforms, e-commerce websites, public-private partnerships, etc.
Legal framework should also have a training program for its law enforcement agency, and also provide public awareness campaigns on cyber safety and promote digital literacy.
India needs international collaboration just like the GDPR.[19] for information sharing and enforcement, as cyber threats are global in nature and India’s cyber law still grapples with cross-border data transfers, jurisdiction over foreign intermediaries, cyber storage, and extra-territorial cybercrimes. Cybercrime is borderless; more needs to be done to tackle cybercrime and put territorial boundaries. Concerning the imbalance between state power and its citizens’ rights. The state should exercise its power of blocking, content takedown, interception, or surveillance; there must be procedural transparency, judicial remedy, and independent oversight. Unfortunately, the IT Act is inconsistently applied, eroding both trust and accountability.
To tackle the emerging issues, we need to strengthen our Cyberspace laws by ensuring the safety and protection of citizens and their data. The Indian constitution mandates the state to protect the security of its citizens and provide opportunities and facilities to develop in every sector. Article 12 of the United Nations Convention on the Rights of the Child suggests that states should take the views of children into account for their protection from abuse in cyberspace. The Indian constitution also talks about the safety and protection of children, but the existing legal framework (IT Act) talks about child pornography under section 65(B)[20] The Supreme Court ruled that section 65B not only punishes the electronic dissemination of child pornographic material but also covers creation, possession, propagation, and consumption of such material. This provision can be used as a frontrunner to take legislative, executive, and judicial steps for protecting the rights of children in this digital cyberspace.[21]
CONCLUSION
India has really pushed ahead with digital stuff in the past couple of decades. Everywhere you look, there’s internet access, data plans that don’t cost much, and startups jumping in left and right. Paying for things on your phone or getting government help online just feels normal these days, even with AI creeping into everything. But the laws lag behind.
The old IT Act from 2000, It made sense when it started. Back then, dial-up was the thing, and nobody really pictured social media or AI taking over. It sort of legalized online deals and handled basic cyber crimes, which got the ball rolling at first. Now, though, technology has exploded in ways no one saw coming.
Were deep into this AI era now, with machine learning and big data changing jobs, daily routines, all that. Blockchain and the Internet of Things add to it, opening up new economic paths. But problems pile up too, like data breaches or attacks, algorithms that bias decisions, and fake news flying around. The current rules leave big holes, and it gets confusing fast.
For a fresh act, it needs to think ahead, stay flexible somehow. Not just patching up issues as they hit, but prepared for whatever comes next. Switching to principles over rigid rules might help it adapt without blocking fresh ideas. I might be making this too simple, but yeah.
Privacy stands out as a big deal in all this. Data acts like oil these days, fueling everything. People should have control over their own information, how it’s grabbed, stored, and shared around. Governments and companies need to be open about it, held accountable. If trust breaks down, the digital setup crumbles.
AI governance feels pressing, too. Systems make calls on loans or hiring, even in policing. Without checks, bias sneaks in, and no ones really responsible. A new law could push for ethical standards, like AI explaining its choices or humans stepping in. At the same time, it has to encourage research so India keeps up worldwide. Some see it as too much control, others say it’s necessary.
Then digital sovereignty comes into play. Data zips across borders, big tech firms hold the reins. India wants a grip on its own digital space, protecting security and the economy without shutting out the world. Ideas like local data storage or border sharing rules, cybersecurity setups. Balancing that openness with national needs is not straightforward.
Cybersecurity demands more attention right now. Attacks hit harder, get cleverer all the time. Stronger requirements for reporting breaches, handling risks, enforcement, and teaming up across sectors. That way, losses drop, and people feel safer using systems.
Regulation, though, it cant squash innovation. India’s digital push creates jobs, sparks growth, and keeps competition alive. Overdo the rules and startups bolt, investors pull back. So ease up on business, boost entrepreneurship, and let ideas test out. Sandboxes for tech trials, skipping full regulations at first. That part repeats in my head, how to not overregulate.
The tricky spot is finding balance, security against freedom, rules versus fresh thinking, local interests with global links. Protect folks, grow businesses. Deal with todays mess and tomorrow’s unknowns.
India’s aim to lead in digital relies on laws that hold up. An IT Act 2.0 might fill those gaps, create something secure and open to all. Not just reining in tech, but steering it toward good for everyone. It could model how laws and tech work together for real progress, or so I hope. Some of this stays messy to sort through.
Abhishek Patel
Jagran Lakecity University, Bhopal.
[1] Jan Vishwas (amendment of Provisions) Act, 2023
[2] Section 11 deals with the Attribution of Electronic Records
[3] The Digital Personal Data Protection Act, 2023
[4] Section 3 provides legal recognition to a digital signature
[5] Prasant Mali, 25 Years of the IT Act,2000:India’s Digital Law at a crossroads from Dot- Com Dreams to AI Dilemmas, NLIU L. Rev. BLOG(Nov. 14, 2025), https://nliulawreview.nliu.ac.in/blog/25-years-of-the-it-act-2000-indias-digital-law-a-crossroads-from-dot-com-dreams-to-ai-dilemmas/.
[6] Shreya Singhal v. Union of India, AIR 2015 SC1523.
[7] Aparna Viswanathan, cyber law in India: challenges and reforms,12 J. Indian L. Inst. 45(2022).
[8] Pratyush Maurya, Research Paper: India’s Cyber Laws in the Age of Rising Digital Threats: An Inquiry into Legal Efficiency and Reform, THE AMIKUS QRIAE( Aug 27, 2025), https://theamikusqriae.com/research-paper-indias-cyber-laws-in-the-age-of-rising-digital-threats-an-inquiry-into-legal-efficiency-and-reform/.
[9] Anirudh Burman, Data Protection and Privacy in India, 8 Indian J. Const. L. 112(2021)
[10] Regulation (EU) @016/679 of the European Parliament (General Data Protection Regulation)
[11] NCRB (National Crime Records Bureau)
[12] Justice K.S Puttaswamy v. Union of India (2017) 10 SCC 1.
[13] Section 79 deals with the exemption from liability of an intermediary in certain cases.
[14] Prasant Mali, 25 Years of the IT Act,2000:India’s Digital Law at a crossroads from Dot- Com Dreams to AI Dilemmas, NLIU L. Rev. BLOG(Nov 14, 2025), https://nliulawreview.nliu.ac.in/blog/25-years-of-the-it-act-2000-indias-digital-law-a-crossroads-from-dot-com-dreams-to-ai-dilemmas/.
[15] Anmol Saxena& Ankit Saxena is: A critical Analysis of Information Technology Act,2000 with reference to Cyber Offence and Cyber Security, 4 Int ’ l J.L. Mgmt.& Humanities 1548(2021).
[16] Soumik Chakraborty and Sreedhar Kusuman, Critical Appraisal of Information Technology Act, Academike, (2014) https://www.lawctopus.com/academike/critical-appraisal-information-technology-act-2000/.
[17] Ministry of electronics and information Technology, intermediary Guidelines Rules (2021)
[18] ODR stands for online dispute resolution
[19] General Data Protection Regulation adopted by the European Union’s
[20] Section 65B penalizes the publishing and transmitting of child pornography
[21] Satyam Mangal, Safeguarding Digital Childhood: A Critical Analysis of the IT Act, 2000 In Addressing Cyberbegging and Sharenting, 6 J. Rts. Child NLUO 131(April,2025), https://nluo.ac.in/storage/2025/05/9.-safeguarding-digital-childhood-A- Critical-Analysis-Of-the-IT-Act2000-in-Addressing-cyberbegging-and-sharenting.pdf.