The Information Technology Act in India is
an ever-evolving document, progressing on all
fronts. Business must be in sync with it.
The proliferation of digital media in every
aspect of business has been changing the
way businesses run. The spread of networks
and easy access to the Internet has brought a
common denominator to the world. Companies
have gone global with business partners and
customers spread around the globe. This has
resulted in newer compliance requirements
and, consequently, legal implications in the case
of shortcomings. Over the last decade, Asian
countries have emerged as major contributors
to globalized businesses. With one-third of the
world’s population living in Asia, it also offers an
opportunity to tap a bigger customer market.
Much has been said about the growth of
India’s IT service sector—–from 1. 2 percent in
1998 to 8 percent of its gross domestic product
(GDP) in 2012-13.1 Outsourcing to Indian
companies has been popular for several years. In
addition to outsourcing, many firms have set up
their own shops in India for back-office services,
development, health care and engineering, among
others. Furthermore, many enterprises have joint
ventures and subsidiaries doing business in India.
It is important to know that India has been
progressing on the cyberfront in many ways.
E-commerce has been provided legal recognition.
The governments—central and state—have
offered e-filing facilities for businesses and
individuals. Copyrights, patents and trademarks
have been officially supported through
international cooperation. All of this has become
possible because of the legal framework of India’s
Information Technology Act 2000 and other
allied Acts.
This article addresses the vital components
of this structure and brings forth the compliance
requirements.
THE LEGAL FRAMEWORK AND ITS AIM
The legislation that encompasses cyberspace
in India is the Information Technology Act,
2000. It came into force on 17 October 2000
and has since been updated by the Information
Technology (Amendment) Act 2008 and further
rules, orders and notifications issued from time
to time. Together these are referred to as the
Information Technology Act 2000 (ITA-2000).
Internationally the Act aligns with the United
Nations Commission on International Trade
Law (UNCITRAL) Model Law on Electronic
Commerce, 1996.
ITA-2000 seeks to:
• Provide legal recognition for electronic
records and digital/electronic signatures, thus
facilitating e-commerce
• Facilitate e-governance and encourage the use
and acceptance of filing of electronic records
with government agencies
• Identify cybercrime and provide penalties
ITA-2000 covers e-commerce, e-governance,
e-records, digital signatures and electronic
signatures. In keeping with this, the following
Acts were amended:
• Indian Evidence Act
• Bankers Books Evidence Act
• India Contract Act
With electronic records granted legal
recognition, the Indian Government has also
amended the Indian Penal Code, thus bringing
the offences against electronic records within
the purview of ITA-2000. Further, considering
the significance of digital assets, those are now
covered under the following acts (amended):
• The Copyright Act 1957
• The Patents Act 1970
• The Design Act 2000
• The Trade and Merchandise Marks Act 1958
SCOPE OF ITA-2000—ITS JURISDICTION
ITA-2000 is applicable to the whole of India,
i.e., all states and union territories. All acts
committed using computer resources in India
are covered by this Act. The term “computer
resource” includes, for example, all computers,
Anil Vaidya, DBA, CISA,
CISM, has been an IT
management professional for
the past three decades. He is
the professor of information
management at S. P. Jain
Institute of Management &
Research in Mumbai, India.
He can be reached at
anvvaidya@gmail.com.
Doing Business in India Requires
Digital Compliance
Do you have
something
to say about
this article?
Visit the Journal
pages of the ISACA
web site ( www.isaca.
org/journal), find the
article, and choose
the Comments tab to
share your thoughts.
Go directly to the article:
