By Akash Yadav
Cybercrime has significantly expanded in recent years, including phishing, identity theft, and fraud. The number of cyberattacks on India increased by 37% in just the preceding year. Future predictions indicate that cybercrime will spread more widely. This highlights the need for tougher laws and more effective, deterrent legal systems to combat cybercrime. In this case, examining the nation’s current cybersecurity laws to see if they offer sufficient defence against these crimes becomes intriguing, if not essential. The current article examines cyber laws in India, shedding insight on the Information Technology Act, 2000’s (IT Act, 2000) dispute resolution procedures in particular. With the rapid expansion of the digital landscape, disputes related to cybercrimes, data breaches, online defamation, and intellectual property violations have become increasingly prevalent. In this context, Alternative Dispute Resolution (ADR) mechanisms are playing a crucial role in resolving conflicts efficiently and cost-effectively within the Cyber regulations are especially important in nations like India, where the internet is widely utilised. Cyber laws are in place to regulate the digital exchange of information, software, information security, e-commerce, and monetary transactions. India’s cyber laws have paved the way for electronic commerce and electronic governance in the nation, as well as increased the scope and use of digital media, by ensuring optimum connection and reducing cybersecurity risks. But there are several detriments that walk along with the existing laws as well.
There are predominantly four cyber laws that India embraces:
Information Technology Act, 2000 The Information Technology Act, which was enacted in 2000, governs Indian cyber legislation. The main goal of this Act is to provide eCommerce with trustworthy legal protection by making it easier to register real-time information with the government. However, as cyber attackers became more cunning, coupled with the human predisposition to misuse technology, a number of adjustments were made.
Companies Act, 2013
The Companies Act, 2013 gave the SFIO (Serious Frauds Investigation Office) the authority to prosecute Indian corporations and their directors on account of cyber frauds. SFIOs have also become much more stringent and harsh in this area after the promulgation of the Companies Inspection, Investment, and Inquiry Rules, 2014. All regulatory compliances, including cyber forensics, e-discovery, and cybersecurity diligence, are well- covered by the law. The Companies (Management and Administration) Rules, 2014 establishes robust requirements for corporate directors and executives in terms of cybersecurity obligations and responsibilities.
Indian Penal Code (IPC), 1860
The Indian Penal Code (IPC), 1860, along with the Information Technology Act, 2000 are both used to prosecute identity theft and related cyber offences. False documentation (Section 464), forgery (Section 465), forgery pre-planned for defrauding (Section 468), reputation harm (Section 469) and presenting a forged document as real (Section 471), are the main provisions of the IPC that concern cyber scams.
Cybersecurity Framework (NCFS)
The most trusted worldwide certifying organization, the National Institute of Standards and Technology (NIST) has approved the Cybersecurity Framework (NCFS), which provides a standardized approach to cybersecurity. The NIST Cybersecurity Framework includes all necessary rules, standards, and best practices for effectively managing cyber-related risks. The flexibility and cost-effectiveness of this system are top priorities.
Among the aforementioned laws, the Informational Technology Act, 2000 remains much in discussion owing to being the only data protection law India carried with it for several years now. When we talk about the dispute resolution mechanism, it is this Act that comes into the discussion, as for others, Dispute resolution mechanism under the IT Act, 2000
The Information Technology Act, 2000 created quasi-judicial bodies, such as adjudicating officers, to resolve disputes (civil as well as criminal). The adjudicating officer has the power to award compensation as a civil remedy as well as impose fines for violations of the law, giving him civil and criminal rights similar to those of a court. The Cyber Court of Appeal is the first level of appeal, with its chairman and any additional members appointed by the central government. A second appeal may be filed with the competent High Court within 60 days from the date of the decision of the Cyber Appellate Tribunal.
Referee officer
The central government appoints an “Adjudicating Officer” (AO) who has the power to take decisions. According to the Ministry of Electronics and Information Technology (“MeitY”), the Secretary of the Information Technology Department of each state is by default designated as the AO of that state. The AO is a quasi-judicial entity because it has the ability to:
- Order an inquiry, i.e., conduct an investigation into the violation of the IT Act, 2000 on the basis of the evidence presented; And
- The judge, that is, determines the amount of compensation or penalty that will be given in case of violation.
Decision-making process according to the provisions of the IT Law 2000
The selection process under the Information Technology Act, 2000 has been discussed in the following directions:
File a complaint with the AO.
The AO issued notice to the concerned parties regarding the date and time of the first hearing.
On the date specified in the notice, the AO explains the alleged violations to the accused party. Three possible cases are then given below:
The accused pleads guilty, or the accused person shows cause why an investigation should not be conducted against that person, or The accused did not appear. In that case, the AO conducts the investigation in the absence of that person. If the situation described in point (a) arises, the consequence will be imposition of penalty or compensation as prescribed by the IT Act, 2000 of the AO.
If the case at point (b) occurs, the results are as follows:
The AO decides based on the parties’ reports and/or the preliminary investigation to determine whether there is sufficient cause to request an investigation. The AO will fix another date for furnishing documents or evidence and then finally pass an order based on the evidence produced. The AO dismissed the complaint for lack of sufficient grounds to pursue the complaint.
The AO has jurisdiction over cases where compensation or loss is less than INR 5 crore. The AO has the power to order an investigation of a complaint at any time after receipt of the complaint. An officer from the Office of the Controller of Certifying Entities, or (CERT-In), or a deputy police chief leads the investigation.general civil and criminal procedures are abided by. realm of cyber law.
Ineffective dispute resolution mechanism of cybercrime law in India
Although the cybersecurity law dispute resolution mechanism framework, as discussed above, appears promising in principle, it has not been proven to be effective in practice. Cyber conflicts receive little news coverage and there are no statistics on the number of cases heard by the police or courts. Possible gaps in the resolution mechanism have been presented below:
The AO is given immense power. They have jurisdiction over any law, rule, regulation or direction issued under the IT Act, 2000. At the same time, there are several AOs who are dealing with the same challenges. This leads to conflicting views on the same topic. For example, in the case of Rajendra Prasad Yadav v. ICICI Bank (2011), the AO concluded that since the bank is a legal entity, Section 43 of the IT Act is not applicable to it. On the other hand, AOs from other countries reached different conclusions. Section 43 has been used against companies in a number of situations. This may make it difficult for an organization to comply with the IT Act, 2000 as it may have to take into account the views of various AOs to operate across India.
To get an arbitration order passed under the IT Act, 2000, one has to visit the difficult-to- navigate websites of the state government. This issue is also not reported in major legal databases. The arbitration order must be stored in a central database so that officials and other stakeholders can refer to it when dealing with violations of the Information Technology Act, 2000. This will also enable Allows businesses to monitor online conflicts. According to the old MeitY decree from 2003, secretaries of state agencies responsible for information technology are considered AOs. In addition to carrying out their responsibilities as AOs, they are also responsible for managing their departments and are actively involved in working with the state government to which they are assigned. The dual nature of their work is extremely burdensome. Considering the increasing number of cyber crimes in the country, there is a need to restructure the AO appointment system.
The capacity of the AO must be increased. The UK Prosecution Service has drawn up a “Cyber Crime Prosecution Guide” which identifies the main types of cyber crime, such as computer hacking and social media offences, thus closing role as a guide for the trial of cybercrime cases. In India, similar guidelines need to be developed and implemented to ensure better complaints handling. There is no guidance document on cyber forensics or cyber forensics in the Indian regulatory environment. The “Electronic Evidence Examination Authority” was established under the Information Technology (Amendment) Act, 2008. This organization provides expert advice on electronic evidence. Various forensic laboratories have been appointed as examiners by MeitY. These labs are well versed in the field of cyber forensics. In contrast, the Investigation Rules 2003 have not been amended since the 2008 amendment legislation. The regulations need to be amended to allow AOs to require these inspectors to consider matters before them more efficient and effective. To better equip the police and other investigative agencies to handle such cases, it is necessary to establish rules or guidelines for cybercrime investigation.
As the digital landscape continues to evolve, so too does the role of ADR in cyber law. ADR mechanisms provide a valuable means of efficiently and effectively resolving disputes arising from online activities. By embracing ADR in the realm of cyber law, stakeholders can navigate the complexities of the digital world while promoting fair and accessible dispute resolution.
—Akash Yadav is a fifth-year BA. LL.B. student