Browse Definitions :

Information Technology Amendment Act 2008 (IT Act 2008)

What is the Information Technology Amendment Act 2008 (IT Act 2008)?

The Information Technology Amendment Act 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act 2000.

The Information Technology Amendment Act was passed by the Indian Parliament in October 2008 and came into force a year later. The act is administered by the Indian Computer Emergency Response Team (CERT-In) and corresponds to the Indian Penal Code.

The Information Technology Amendment Act has been widely hailed as a progressive step forward in protecting India's cyber infrastructure and citizens.

It is one of the most comprehensive pieces of legislation addressing IT-related issues and sets a strong precedent for other countries working to update their own laws.

Why was the Information Technology Amendment Act created?

The original version of the act was developed to promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime.

However, it also sought to foster security practices within India that would serve the country in a global context.

In addition, the Information Technology Amendment Act established the office of the Cyber Appellate Tribunal to hear appeals from any person aggrieved by an order made under the act.

What does the Information Technology Amendment Act cover?

The Information Technology Amendment Act 2008 has nine chapters and 117 sections and covers a wide range of topics related to IT, cybercrime and data protection.

The act includes provisions for the following

Amendments to the act have been created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

How has the Information Technology Amendment Act been updated?

Changes to the amendment over the years have included the following:

  • redefining terms such as communication devices to reflect current use;
  • validating electronic signatures and contracts;
  • making the owner of a given IP address responsible for content accessed or distributed through it; and
  • making corporations responsible for implementing effective data security practices and liable for data breaches.

In recent years, the IT Act has also been updated to include provisions for the regulation of intermediaries, penalties for cybercrime and restrictions on certain types of speech.

These changes included expanding the definition of cybercrime and adding new penalties for offenses such as identity theft, publishing private images without consent, cheating by impersonation, and sending offensive messages or those containing sexually explicit acts through electronic means.

types of cyber attacks

Who does the Information Technology Amendment Act apply to?

The Information Technology Amendment Act is applicable to any person, company or organization that uses computer systems, computer networks or other information technology in India.

This includes but is not limited to the following:

This includes foreign companies and organizations with a presence in India, as well as Indian companies and organizations with operations outside of India.

What are the penalties for violating the Information Technology Amendment Act?

Penalties for violating the Information Technology Amendment Act can range from a fine of 1 lakh rupees (approximately $1,250) to imprisonment for up to three years.

More serious offenses can result in a person being liable to pay damages up to 5 lakh rupees (approximately $6,300) and include imprisonment of up to seven years.

Cyberterrorism offenses are punishable by imprisonment of up to 10 years.

In addition to these penalties, the court can also order the offender to pay compensation to the victim of the offense.

Challenges with the Information Technology Amendment Act

The amendment has been criticized for decreasing the penalties for some cybercrimes and for lacking sufficient safeguards to protect the civil rights of individuals.

Subsection 69, for example, authorizes the Indian government to intercept, monitor, decrypt and block data at its discretion.

According to Pavan Duggal, a cyber law consultant and advocate at the Supreme Court of India: "The Act has provided the Indian government with the power of surveillance, monitoring and blocking data traffic. The new powers under the amendment act tend to give Indian government a texture and color of being a surveillance state."

information technology components and functions
Information Technology Amendment Act 2008 is one of the most comprehensive pieces of legislation addressing IT-related issues.

Still, the IT Act has been instrumental in developing a comprehensive legal framework for IT in India.

It has been successful in establishing procedures for electronic governance and the prevention of cybercrime.

The act will likely continue to be amended as needed to reflect the ever-changing landscape of IT.

See also: CERT-In (the Indian Computer Emergency Response Team).

This was last updated in July 2022

Continue Reading About Information Technology Amendment Act 2008 (IT Act 2008)

  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • intrusion detection system (IDS)

    An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is ...

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is data privacy?

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • What is an outbound call?

    An outbound call is one initiated by a contact center agent to prospective customers and focuses on sales, lead generation, ...

  • What is lead-to-revenue management (L2RM)?

    Lead-to-revenue management (L2RM) is a set of sales and marketing methods focusing on generating revenue throughout the customer ...

  • What is relationship marketing?

    Relationship marketing is a facet of customer relationship management (CRM) that focuses on customer loyalty and long-term ...