Technology laws: Development and growth in India


The massive “Digital India” effort, which was introduced in 2015, has significantly changed India’s digital environment in the last few years. With this programme, India hopes to become a knowledge-based economy, empower its population, and close the digital gap. In a similar vein, regulations are also designed to accommodate the rapidly evolving digital environment. Nonetheless, the underlying statute, the IT Act, is now seen as antiquated. The country’s digital environment enters a new phase with the passage of the Digital India Act of 2023. It promotes a more safe, responsible, and creative online space. 


Technology, e-commerce, safe harbour, digitalisation, online safety, Information Technology Act,2000, Digital India Act


The term “technology” finds its roots in two Greek words, namely techne and logos. Techne denotes art, skill, craft, or the method, manner, or means by which something is achieved. Logos refers to word, the expression through which inner thoughts are communicated, a statement, or an utterance. Thus, in its literal sense, technology signifies discourse or discussion about the means of accomplishing tasks. According to the Merriam Webster dictionary, it denotes the practical application of knowledge, particularly in a specific field.
In today’s world, technology’s pervasive influence is unmistakable, exemplified notably by its impact on the legal sphere. Traditionally reliant on established practices and paper-based workflows, the legal sector has undergone significant transformation in the aftermath of the Covid pandemic. While the digitization of courts commenced as early as 2005 with the establishment of the SC e-committee, it is only now, nearly 18 years later, that this initiative is nearing fruition. This underscores the imperative for technology law and policy to evolve in tandem with the changing landscape of technology, ensuring adaptability and transformative capacity. 


This is an illustrated work that uses secondary sources to provide a thorough analysis of the evolution of technology laws in India and the concept from a legal perspective. Papers, diaries, journals, and websites are examples of auxiliary data sources that are used in the analysis.


With the advent of social media in the early 2000s, the protection of personal information from cyber threats emerged as a pressing concern. At the forefront of legislation addressing this issue stood the Information Technology Act, 2000 (‘IT Act’), complemented by subordinate legislation governing new technologies.

The genesis of the IT Act can be traced back to the proposal of the 1996 United Nations Model Law on Electronic Commerce (UNCITRAL Model) by the United Nations General Assembly on January 30, 1997. This model law provided the foundational framework for the IT Act and called upon each nation to formulate its own regulations pertaining to cybercrimes and electronic commerce. Enacted in 2000 to safeguard both government and citizen data, the IT Act elevated India to the status of the 12th nation globally to institute laws combating cybercrimes. Notably, while UNCITRAL subsequently introduced the Model Law on Electronic Signatures (2001) and the Convention on the Use of Electronic Communications in International Contracts (2005), India has yet to become a signatory to these agreements.

Given India’s dualistic political system, the incorporation of international agreements and treaties into domestic law necessitates ratification. The authority to enact legislation is vested in both the Central and State Governments by the VIIth Schedule and Article 246 of the Constitution. Additionally, Article 253 empowers the Central Government to enact laws to fulfill its international obligations, while Article 51(c) mandates that states adhere to international law.

The journey towards enacting the IT Act commenced with the Ministry of Commerce drafting the Electronic Commerce Bill in 1998, later transformed into the Information Technology Bill, 1999 (“Bill”). President K.R. Narayana signed the bill into law on June 9, 2000, during the budget session of 2000, following its finalization by a team of officials led by then-Minister of Information Technology, Pramod Mahajan.

Apart from the main act the various other subordinate legislations are :

  1. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘Intermediary Rules’): The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘Intermediary Rules’), comprehensively address all intermediaries operating within India’s jurisdiction. As per the IT Act of 2000, an intermediary is defined as a person who receives, stores, or transmits any electronic record and provides any service related to such records on behalf of another person. The Intermediary Rules categorize intermediaries into various groups, including social media intermediaries, OTT platforms, and publishers of news and current affairs. Recently, a new type of intermediary has been identified: online gaming intermediaries, which are also subject to regulation under these rules.
  2. Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (‘CERT-In Rules’): A national level agency was formed called the The Indian Computer Emergency Response Team or ‘CERT-In’ which main task was to look into cyber security threats and issue various directions and guidelines related to the same. CERT-In issued various guidelines in 2022 concerning reporting of cyber security incidents, upon intermediaries, body corporates, governmental entities and various categories of service providers (including VPN service providers, among others) which also included the directions impose a stringent 6-hour timeline for reporting a cybersecurity incident and broaden the ambit of the kinds of cybersecurity issues that must be reported by the relevant entities.
  3. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘RSP Rules’): The RSP Rules are currently the main pieces of legislation in India that control how a body corporate uses its online platform to collect, store, transfer, disclose, and handle “personal information” as well as “sensitive personal data and information” belonging to “providers of information,” or Indian individuals.


  1. Lack of clarity: The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, revised in 2018, regulate data protection rules in India. Nevertheless, neither the definition of “sensitive personal data” nor the steps that must be taken to guarantee data protection are sufficiently clarified under these regulations. As a result compliance with data protection rules has proven to be challenging 
  2. Weaknesses in cybercrime law: The swift advancement of technology has outpaced the provisions of the Information Technology Act of 2000. Despite amendments made in 2008, the act continues to fail to address a number of facets of cybercrime. 
  3. Lack of regulation for digital content: The digital content has remained largely unregulated which has led to the problem of dissemination of illegal content like pirated movies. 
  4. Insufficient regulation of social media: Similarly, there is a lack of regulation for social media in India. While there are guidelines in place for social media companies, there is no legal framework for regulating the same. In recent times there have been various social media post that promote hate speech but unfortunately there is no particular law to regulate it. 
  5. Lack of regulation for e-commerce: Although e-commerce has grown to be a significant component of the Indian economy, it is not well regulated there. While e-commerce enterprises are subject to rules, there is currently no legislative structure in place to regulate them. This has resulted in several fraud incidents, such as the internet sale of phoney goods. 

The problem of e-commerce websites not providing adequate consumer protection, is also serious. 

  1. Lack of regulation for fintech: With the development of various fintech apps like Google pay, Paytm which allows online payments, digital wallets brings with it the added danger of online fraud, data breaches and identity threats. However, there is no legal framework in place for regulating them.
  2. Limited enforcement of existing laws: Enforcing laws is a different matter from simply creating them. Even if India passes rules governing technology-related matters, it will be difficult for law enforcement personnel to implement them due to a lack of infrastructure, resources and knowledge.
    As a consequence  of this, cybercriminals may now operate with impunity since they are aware that the likelihood of being discovered and punished is low.
  3. Lack of international cooperation: It is not necessarily required that the perpetrators of technology related issues especially cyber crime are from the same nation. It is international in scope. This implies that criminals may operate out of one nation while pursuing victims in another. Nevertheless, there isn’t much international collaboration when it comes to solving these problems. This makes it challenging for law enforcement to find offenders and bring charges against them, especially when those offenders are abroad.

The most notable case in this regard was Shreya Singhal v. Union of India [AIR 2015 SC 1523] The validity of Section 66A of the IT Act, 2000 was contested in this case which violated  basic right to freedom of speech and expression is violated by this provision. It was argued that Article 19(2) of the Constitution does not even save or permit the limitations imposed by the aforementioned clause. The Hon’ble Supreme Court struck down Section 66A of the IT Act, 2000 in its entirety as being violative of Article 19 (1) (A) and is  not saved under Article 19 (2).On the other hand,  the court upheld the constitutional validity of Sections 69A and 79 of the IT Act, 2000 along with the IT (Procedure & Safeguards for Blocking for Access of Information by Public) Rules, 2009.


After almost two decades, the government is proposing to replace the Information Technology Act 2000 which was created in the early days of internet with the newly made Digital India Act. The IT act 2000 was formed when there was  only 5.5 million internet users with only one type of intermediaries and traditional forms of harm in comparison to today. 

The IT Act was enacted before the advent of current internet-based services. India’s commitment to establishing a future-ready legislative framework for its quickly developing digital environment is embodied in the DIA Act. The new law aims to regulate internet middlemen like Netflix, Amazon, and Meta by the Indian government. 

The $1 trillion digital economy outlined in the Digital India Goals of 2026 will be included in DIA. India bring the country with the largest internet user base seeks to influence global technological trends in the future. The act will guarantee the Internet’s transparency, security, reliability, and accountability. It will grant citizens their rights. The requirements are in line with both worldwide jurisprudence and the ever-evolving market trends. “Principles and rule-based approaches” are being adopted in order to allow for the adjustment of rules in order to comply with the proposed act’s changing laws.


One of the provisions in Section 79 of the IT Act of 2000 is safe harbour. As of right now, it shields middlemen like social media sites from liability for information hosted by third parties. It is expected that the safe harbour principle for intermediaries, which was created under Section 79 of the IT Act, would be revised by the DIA. It is important to highlight that one of the main forces for the development of the Internet was the United States Constitution and, more precisely, Section 230 of The Communications Decency Act of 1996, which protected websites from responsibility for user-generated content. Because of the way the Internet has changed, new laws are needed to made. The various features of DIA Act are 

  1. Open Internet: the new legislation puts emphasis on an open internet which will be able to protect the rights of the citizens. The various elements :
  • choice, 
  • competition, 
  • online diversity, 
  • fair market access, 
  • ease of doing business as well as ease of compliance for start-ups. 

All of these will prevent the concentration of power and gatekeeping and promote the start-up India via non-discriminatory access to digital services. It will further help safeguard the innovations and promote digital governance. However, to achieve this goal, the Competition Act 2002 needs to be updated. 

  1. Online Safety and Trust: The acts major goal will be to safeguard the users against cyber threat like revenge porn, defamation, and cyberbullying on the internet as well as the dark web.

 Additionally, it will support age gating and obligatory “do not track” policy to prevent using kids’ data for targeted advertising, etc.

It seeks to filter bogus news on social media platforms keeping in mind the constitutional rights guaranteed by the constitution which is right to freedom of speech and expression. 

 Advance digital rights like the Right to Digital Inheritance and the Right to Be Forgotten, which allow digital assets to be passed down to selected recipients.

  1. Accountable Internet: The act also work towards establishing legal procedures for handling complaints, defending constitutional rights in cyberspace, algorithmic transparency and regular risk assessments, and disclosure standards for information gathered by intermediaries,  


  1. OUTDATED : From the time the IT Act of 2000 was enacted, there have been several amendments, it has also faced criticisms for being outdated and inadequate in terms of new-age technologies. 
  2. INSUFFICIENCY: The current regulatory landscape of the IT Act 2000 includes Intermediary Guidelines and Digital Media Ethics Code; Sensitive Personal Data or Information (SPDI) Rules; Certifying Authorities Rules; Indian Computer Emergency Response Team (CERT) and Cyber Appellate Tribunal. However, these tend to be insufficient when it concerns the regulation of new-age technologies.
  3. DEALING WITH ILL EFFECTS OF AI : While the old IT Act does not mention the word Internet, Rajeev Chandrasekhar, Minister of State for electronics and Information Technology of India have mentioned that the new act will deal with the ill effects of Artificial Intelligence and will regulate AI as an ecosystem.  
  4. NEW AGE CYBER ATTACKS:  Cyber-attacks today are evolving making it important for the legislature to bring out new laws. this includes social engineering attacks like baiting, scareware, pretexting. phishing remains one of the widest spared for of social engineering attack 


1. FREEDOM OF EXPRESSION: The act must strike a delicate balance between regulating harmful content and safeguarding the fundamental right to freedom of expression. Care should be taken to avoid overreach, ensuring that legitimate speech is not unduly restricted.

2. INTERMEDIARY LIABILITY: The act should clarify the liability of intermediaries, such as social media platforms and online marketplaces, to strike a fair balance between protecting user rights and holding platforms accountable for illegal content. Ambiguities may lead to unnecessary censorship or unjust burdens on intermediaries. The DIA tries to differentiate different types of intermediaries such as e-commerce, digital media, AI, OTT platforms, Ad Tech etc. The Act calls for a separate rule for each of these intermediaries. This paves way to ponder upon questions like whether obligations may be expected from internet-based entities that are not necessarily performing intermediary functions and whether intermediaries performing and facilitating different functions will be under pressure to abide by multiple regulation

3. SURVEILLANCE AND PRIVACY CONCERNS: Critics argue that certain provisions of the act may grant excessive surveillance powers to the government, potentially compromising privacy rights. 

4.  BURDENSOME COMPLIANCE REQUIREMENTS: The act’s regulations may place a significant burden on businesses, particularly small and medium-sized enterprises (SMEs). Simplified compliance procedures and provisions for capacity-building programs should be considered to alleviate these concerns.


The country’s digital environment enters a new phase with the passage of the Digital India Act of 2023. It promotes a more safe, responsible, and creative online environment by resolving the drawbacks of earlier laws and adding flexibility for upcoming developments. This legislation creates a foundation for a prosperous digital India, empowers individuals, and encourages responsible online behaviour. The DIA is still in the planning stages, but its emphasis on these areas indicates that it will provide a more stable and flexible legal foundation for India’s digital future. It’s crucial to remember that the DIA’s final provisions have not yet been revealed.

NAME: Ankita Bhattacharjee 

COLLEGE NAME: Campus Law Centre, University of Delhi