17Appointment of Controller and other officersIT Act-2000
- The Central Government may, by notification in the Official Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers, other officers and employees as it deems fit.
- The Controller shall discharge his functions under this Act subject to the general control and directions of the Central Government.
- The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller under the general superintendence and control of the Controller.
- The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers other officers and employees shall be such as may be prescribed by the Central Government.
- The Head Office and Branch Office of the Office of the Controller shall be at such places as the Central Government may specify, and these may be established at such places as the Central Government may think fit.
- There shall be a seal of the Office of the Controller.
18The Controller may perform all or any of the following functions, namelyIT Act-2000
- exercising supervision over the activities of the Certifying Authorities;
- certifying public keys of the Certifying Authorities
- laying down the standards to be maintained by the Certifying Authorities;
- specifying the qualifications and experience which employees of the Certifying Authorities should possess;
- specifying the conditions subject to which the Certifying Authorities shall conduct their business;
- specifying the content of written, printed or visual material and advertisements that may be distributed or used in respect of a Electronic Signature Certificate and the Public Key;
- specifying the form and content of a Electronic Signature Certificate and the key;
- specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;
- specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;
- facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems;
- specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
- resolving any conflict of interests between the Certifying Authorities and the subscribers;
- laying down the duties of the Certifying Authorities;
- maintaining a data-base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.
19Recognition of foreign Certifying AuthoritiesIT Act-2000
- Subject to such conditions and restrictions as may be specified by regulations, the Controller may with the previous approval of the Central Government, and by notification in the Official Gazette, recognize any foreign Certifying Authority as a Certifying Authority for the purposes of this Act.
- Where any Certifying Authority is recognized under sub-section (1), the Electronic Signature Certificate issued by such Certifying Authority shall be valid for the purposes of this Act.
- The Controller may if he is satisfied that any Certifying Authority has contravened any of the conditions and restrictions subject to which it was granted recognition under sub-section (1) he may, for reasons to be recorded in writing, by notification in the Official Gazette, revoke such recognition.
20Omitted vide Information Technology (Amendment) Act 2008IT Act-2000
21License to issue electronic signature certificatesIT Act-2000
- Subject to the provisions of sub-section (2), any person may make an application, to the Controller, for a license to issue Electronic Signature Certificates.
- No license shall be issued under sub-section (1), unless the applicant fulfills such requirements with respect to qualification, expertise, manpower, financial resources and other infrastructure facilities, which are necessary to issue Electronic Signature Certificates as may be prescribed by the Central Government.
- A license granted under this section shall -
- be valid for such period as may be prescribed by the Central Government;
- not be transferable or heritable;
- be subject to such terms and conditions as may be specified by the regulations.
22Application for licenseIT Act-2000
- Every application for issue of a license shall be in such form as may be prescribed by the Central Government.
- Every application for issue of a license shall be accompanied by-
- a certification practice statement;
- a statement including the procedures with respect to identification of the applicant;
- payment of such fees, not exceeding twenty-five thousand rupees as may be prescribed by the Central Government;
- such other documents, as may be prescribed by the Central Government.
23Renewal of licenseIT Act-2000
An application for renewal of a license shall be -
- in such form;
- accompanied by such fees, not exceeding five thousand rupees, as may be prescribed by the Central Government and shall be made not less than forty-five days before the date of expiry of the period of validity of the license:
24Procedure for grant or rejection of licenseIT Act-2000
The Controller may, on receipt of an application under sub-section (1) of section 21, after considering the documents accompanying the application and such other factors, as he deems fit, grant the license or reject the application:
no application shall be rejected under this section unless the applicant has been given a reasonable opportunity of presenting his case.
25Suspension of LicenseIT Act-2000
- The Controller may, if he is satisfied after making such inquiry, as he may think fit, that a Certifying Authority has -
- made a statement in, or in relation to, the application for the issue or renewal of the license, which is incorrect or false in material particulars;
- failed to comply with the terms and conditions subject to which the license was granted;
- failed to maintain the standards specified in Section 30.
- contravened any provisions of this Act, rule, regulation or order made there under, revoke the license:
- The Controller may, if he has reasonable cause to believe that there is any ground for revoking a license under sub-section (1), by order suspend such license pending the completion of any enquiry ordered by him:
no license shall be suspended for a period exceeding ten days unless the Certifying Authority has been given a reasonable opportunity of showing cause against the proposed suspension.
- No Certifying Authority whose license has been suspended shall issue any Electronic Signature Certificate during such suspension.
no license shall be revoked unless the Certifying Authority has been given a reasonable opportunity of showing cause against the proposed revocation.
26Notice of suspension or revocation of licenseIT Act-2000
- Where the license of the Certifying Authority is suspended or revoked, the Controller shall publish notice of such suspension or revocation, as the case may be, in the data-base maintained by him.
- Where one or more repositories are specified, the Controller shall publish notices of such suspension or revocation, as the case may be, in all such repositories.
the data-base containing the notice of such suspension or revocation, as the case may be, shall be made available through a web site which shall be accessible round the clock
that the Controller may, if he considers necessary, publicize the contents of the data-base in such electronic or other media, as he may consider appropriate.
27Power to delegateIT Act-2000
The Controller may, in writing, authorize the Deputy Controller, Assistant Controller or any officer to exercise any of the powers of the Controller under this Chapter.
28Power to investigate contraventionsIT Act-2000
- The Controller or any officer authorized by him in this behalf shall take up for investigation any contravention of the provisions of this Act, rules or regulations made there under.
- The Controller or any officer authorized by him in this behalf shall exercise the like powers which are conferred on Income-tax authorities under Chapter XIII of the Income-tax Act, 1961 and shall exercise such powers, subject to such limitations laid down under that Act.
29Access to computers and dataIT Act-2000
- Without prejudice to the provisions of sub-section (1) of section 69, the Controller or any person authorized by him shall, if he has reasonable cause to suspect that any contravention of the provisions of this chapter made there under has been committed, have access to any computer system, any apparatus, data or any other material connected with such system, for the purpose of searching or causing a search to be made for obtaining any information or data contained in or available to such computer system.
- For the purposes of sub-section (1), the Controller or any person authorized by him may, by order, direct any person in charge of, or otherwise concerned with the operation of the computer system, data apparatus or material, to provide him with such reasonable technical and other assistant as he may consider necessary.
30Certifying Authority to follow certain proceduresIT Act-2000
Every Certifying Authority shall-
(a) make use of hardware, software, and procedures that are secure from intrusion and misuse:
(b) provide a reasonable level of reliability in its services which arc reasonably suited to the performance of intended functions;
(c) adhere to security procedures to ensure that the secrecy and privacy of the Electronic Signature are assured
(ca) be the repository of all Electronic Signature Certificates issued under this Act
(cb) publish information regarding its practices, Electronic Signature Certificates and current status of such certificates; and
(d) observe such other standards as may be specified by regulations.
31Certifying Authority to ensure compliance of the Act, etc.IT Act-2000
Every Certifying Authority shall ensure that every person employed or otherwise engaged by it complies, in the course of his employment or engagement, with the provisions of this Act, rules, regulations and orders made there under.
32Display of licenseIT Act-2000
Every Certifying Authority shall display its license at a conspicuous place of the premises in which it carries on its business.
33Surrender of licenseIT Act-2000
- Every Certifying Authority whose license is suspended or revoked shall immediately after such suspension or revocation, surrender the license to the Controller.
- Where any Certifying Authority fails to surrender a license under sub-section (1), the person in whose favour a license is issued, shall be guilty of an offense and shall be punished with imprisonment which may extend up to six months or a fine which may extend up to ten thousand rupees or with both.
- Every Certifying Authority shall disclose in the manner specified by regulations
- its Electronic Signature Certificate
- any certification practice statement relevant thereto;
- notice of revocation or suspension of its Certifying Authority certificate, if any; and
- any other fact that materially and adversely affects either the reliability of a Electronic Signature Certificate, which that Authority has issued, or the Authority's ability to perform its services
- Where in the opinion of the Certifying Authority any event has occurred or any situation has arisen which may materially and adversely affect the integrity of its computer system or the conditions subject to which a Electronic Signature Certificate was granted, then, the Certifying Authority shall-
- use reasonable efforts to notify any person who is likely to be affected by that occurrence; or
- act in accordance with the procedure specified in its certification practice statement to deal with such event or situation.
1 Short title, extent, commencement and application
3 Authentication of Electronic Records
3A Electronic Signature
4 Legal Recognition of Electronic Records
5 Legal recognition of Electronic Signature
6 Use of Electronic Records and Electronic Signature in Government and its agencies
6A Delivery of Services by Service Provider
7 Retention of Electronic Records
7A Audit of Documents etc in Electronic form
8 Publication of rules, regulation, etc, in Electronic Gazette
9 Sections 6, 7 and 8 Not to Confer Right to insist document should be accepted in electronic form
10 Power to Make Rules by Central Government in respect of Electronic Signature
10A Validity of contracts formed through electronic means
11 Attribution of Electronic Records
12 Acknowledgement of Receipt
13 Time and place of despatch and receipt of electronic record
14 Secure Electronic Record
15 Secure Electronic Signature
16 Security procedures and Practices
17 Appointment of Controller and other officers
18 The Controller may perform all or any of the following functions, namely
19 Recognition of foreign Certifying Authorities
20 Omitted vide Information Technology (Amendment) Act 2008
21 License to issue electronic signature certificates
22 Application for license
23 Renewal of license
24 Procedure for grant or rejection of license
25 Suspension of License
26 Notice of suspension or revocation of license
27 Power to delegate
28 Power to investigate contraventions
29 Access to computers and data
30 Certifying Authority to follow certain procedures
31 Certifying Authority to ensure compliance of the Act, etc.
32 Display of license
33 Surrender of license
35 Certifying Authority to issue Electronic Signature Certificate
36 Representations upon issuance of Digital Signature Certificate
37 Suspension of Digital Signature Certificate
38 Revocation of Digital Signature Certificate
39 Notice of suspension or revocation
40 Generating Key Pair
40A Duties of subscriber of Electronic Signature Certificate
41 Acceptance of Digital Signature Certificate
42 Control of Private key
43 Penalty and Compensation for damage to computer, computer system, etc
43A Compensation for failure to protect data
44 Compensation for failure to protect data
45 Residuary Penalty
46 Power to Adjudicate
47 Factors to be taken into account by the adjudicating officer
48 Establishment of Cyber Appellate Tribunal
49 Composition of Cyber Appellate Tribunal
50 Qualifications for appointment as Chairperson and Members of Cyber Appellate Tribunal
51 Term of office, conditions of service etc of Chairperson and Members
52 Salary allowance and other terms and conditions of service of Chairperson and Member
52A Powers of superintendence, direction, etc
52B Distribution of Business among Benches
52C Powers of the Chairperson to transfer cases
52D Decision by majority
53 Filling up of vacancies
54 Resignation and removal
55 Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings
56 Staff of the Cyber Appellate Tribunal
57 Appeal to Cyber Regulations Appellate Tribunal
58 Procedure and Powers of the Cyber Appellate Tribunal
59 Right to legal representation
61 Civil court not to have jurisdiction
62 Appeal to High court
63 Compounding of Contravention
64 Recovery of Penalty or compensation
65 Tampering with Computer Source Documents
66 Computer Related Offences
66A Punishment for sending offensive messages through communication service, etc
66B Punishment for dishonestly receiving stolen computer resource or communication device
66C Punishment for identity theft
66D Punishment for cheating by personation by using computer resource
66E Punishment for violation of privacy
66F Punishment for cyber terrorism
67 Punishment for publishing or transmitting obscene material in electronic form
67A Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form
67B Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form
67C Preservation and Retention of information by intermediaries
68 Power of Controller to give directions
69 Powers to issue directions for interception or monitoring or decryption of any information through any computer resource
69A Power to issue directions for blocking for public access of any information through any computer resource
69B Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security
70 Protected system
70A National nodal agency
70B Indian Computer Emergency Response Team to serve as national agency for incident response
71 Penalty for misrepresentation
72 Breach of confidentiality and privacy
72A Punishment for Disclosure of information in breach of lawful contract
73 Penalty for publishing electronic Signature Certificate false in certain particulars
74 Publication for fraudulent purpose
75 Act to apply for offence or contraventions committed outside India
77 Compensation, penalties or confiscation not to interfere with other punishment
77A Compounding of Offences
77B Offences with three years imprisonment to be cognizable
78 Power to investigate offences
79 Exemption from liability of intermediary in certain cases
79A Central Government to notify Examiner of Electronic Evidence
80 Power of Police Officer and Other Officers to Enter, Search, etc
81 Act to have Overriding effect
81A Application of the Act to Electronic cheque and Truncated cheque -
82 Chairperson, Members, Officers and Employees to be Public Servants
83 Power to Give Direction
84 Protection of Action taken in Good Faith
84A Modes or methods for encryption
84B Punishment for abetment of offences
84C Punishment for attempt to commit offences
85 Offences by Companies.
86 Removal of Difficulties
87 Power of Central Government to make rules
88 Constitution of Advisory Committee
89 Power of Controller to make Regulations
90 Power of State Government to make rules