FERA

The Foreign Exchange Regulation Act (FERA) was legislation passed in India in 1973
that imposed strict regulations on certain kinds of payments, the dealings in foreign
exchange (forex) and securities and the transactions which had an indirect impact on the
foreign exchange and the import and export of currency. The bill was formulated with
the aim of regulating payments and foreign exchange.

FERA came into force with effect from January 1, 1974.

FERA was introduced at a time when foreign exchange (Forex) reserves of the country
were low, Forex being a scarce commodity. FERA therefore proceeded on the
presumption that all foreign exchange earned by Indian residents rightfully belonged to
the Government of India and had to be collected and surrendered to the Reserve Bank of
India (RBI). FERA primarily prohibited all transactions not permitted by RBI.

Coca-Cola was India's leading soft drink until 1977 when it left India after a new
government ordered the company to turn over its secret formula for Coca-Cola and
dilute its stake in its Indian unit as required by the Foreign Exchange Regulation Act
(FERA). In 1993, the company (along with PepsiCo) returned after the introduction of
India's Liberalization policy.[

Switch from FERA

FERA did not succeed in restricting activities such as the expansion of Multinational
Corporations. The concessions made to FERA in 1991-1993 showed that FERA was on
the verge of becoming redundant. After the amendment of FERA in 1993, it was decided
that the act would become the FEMA. This was done in order to relax the controls on
foreign exchange in India.

FERA was repealed in 1998 by the government of Atal Bihari Vajpayee and replaced by
the Foreign Exchange Management Act, which liberalised foreign exchange controls and
restrictions on foreign investment.

The buying and selling of foreign currency and other debt instruments by businesses,
individuals and governments happens in the foreign exchange market. Apart from being
very competitive, this market is also the largest and most liquid market in the world as
well as in India. It constantly undergoes changes and innovations, which can either be
beneficial to a country or expose them to greater risks. The management of foreign
exchange market becomes necessary in order to mitigate and avoid the risks. Central
banks would work towards an orderly functioning of the transactions which can also
develop their foreign exchange market. Foreign Exchange Market Whether under FERA
1
or FEMA’s control, the need for the management of foreign exchange is important. It is
necessary to keep adequate amount of foreign exchange from Import Substitution to
Export Promotion.

FEMA served to make transactions for external trade and easier – transactions involving
current account for external trade no longer required RBI’s permission. The deals in
Foreign Exchange were to be ‘managed’ instead of ‘regulated’. The switch to FEMA
shows the change on the part of the government in terms of for the capital.

The Foreign Exchange Management Act (1999) or in short FEMA has been introduced
as a replacement for earlier Foreign Exchange Regulation Act (FERA). FEMA became
an act on the 1st day of June, 2000. FEMA was introduced because the FERA didn’t fit
in with post-liberalisation policies. A significant change that the FEMA brought with it,
was that it made all offenses regarding foreign exchange civil offenses, as opposed to
criminal offenses as dictated by FERA.

The (Foreign Exchange Management Act, 1999) (FEMA) is an Act of the Parliament
of India to consolidate and amend the law relating to foreign exchange with the
objective of facilitating external trade and payments and for promoting the orderly
development and maintenance of foreign exchange market in India. It was passed in the
winter session of Parliament in 1999, replacing the Foreign Exchange Regulation Act
(FERA). This act makes offences related to foreign exchange civil offenses. It extends to
the whole of India.,[2] replacing FERA, which had become incompatible with the pro-
liberalization policies of the Government of India. It enabled a new foreign exchange
management regime consistent with the emerging framework of the World Trade
Organisation (WTO). It also paved the way for the introduction of the Prevention of
Money Laundering Act, 2002, which came into effect from 1 July 2005.

Main Features
 Activities such as payments made to any person outside India or receipts from
them, along with the deals in foreign exchange and foreign security is restricted. It
is FEMA that gives the central government the power to impose the restrictions.
 Without general or specific permission of the MA restricts the transactions
involving foreign exchange or foreign security and payments from outside the
country to India – the transactions should be made only through an authorized
person.
 Deals in foreign exchange under the current account by an authorized person can
be restricted by the Central Government, based on public interest generally.
 Although selling or drawing of foreign exchange is done through an authorized
person, the RBI is empowered by this Act to subject the capital account
transactions to a number of restrictions.
2
 Applicability of FEMA Act:
 exports of any foods and services from India to outside, foreign currency, that is
any currency other than Indian currency,

 foreign exchange,

 foreign security,

 Imports of goods and services from outside India to India,

 securities as defined in Public Debt Act 1994,

 banking, financial and insurance services,

 sale, purchase and exchange of any kind (i.e. Transfer),

 any overseas company that is owned 60% or more by an NRI (Non Resident
Indian) and

 any citizen of India, residing in the country or outside (NRI)

Major Provisions of FEMA Act 1999:

Here are major provisions that are part of FEMA (1999) –

 Free transactions on current account subject to reasonable restrictions that may be

imposed.

 RBI controls over capital account transactions.

 Control over realization of export proceeds.

 Dealing in foreign exchange through authorized persons like authorized dealer or

money changer etc.

 Appeal provision including Special Director (Appeals)

 Directorate of enforcement

 Any person can sell or withdraw foreign exchange, without any prior permission
from RBI and then can inform RBI later.

 Enforcement Directorate will be more investigative in nature

 FEMA recognized the possibility of Capital Account convertibility.

3
  The violation of FEMA is a civil offence.

 FEMA is more concerned with the management rather than regulations or control.

 FEMA is regulatory mechanism that enables RBI and Central Government to pass
regulations and rules relating to foreign exchange in tune with foreign trade policy
of India.

Regulation for Current Account Transaction:

Any person can sell or draw foreign exchange to or from an authorized dealer (if such
sale or withdrawal is a current account transaction) except for certain prohibited
transactions like remittance of lottery winnings, remittance of interest income on funds
held in Non-Resident Special Rupee (NRSR) account scheme, etc.

Besides these cases, there are certain other transactions, for which specific RBI approval
will be required. For instance, Reserve Bank approval is required for importers availing
of Supplier’s Credit beyond 180 days and Buyer’s Credit irrespective of the period of
credit.

Authorized dealers are permitted remittance of surplus freight/passage collections by

shipping/airline companies or their agents, multimodal transport operators, etc. after
verification of documentary evidence in support of the remittance.

: Regulations Relating to Capital Account Transactions:

i. Foreign nationals are not allowed to invest in any company or partnership firm or
proprietary concern, which is engaged in the business of Chit Fund or in Agricultural or
Plantation activates or in Real Estate business (other than development of township,
construction of residential/commercial premises, roads or bridges) or construction of
farm houses or trading in Transferable Development Rights (TDRs). Listing of
permissible classes of Capital account transaction for a person resident in India and also
by a person resident outside India has been provided in the regulations.

ii. Detailed rules and regulations are provided on borrowing and lending in Foreign
Currency as well as India Rupee by a person resident in India form/to a person resident
outside India either on non-repatriation or repatriation basis.

iii. Authorized dealers are now permitted to grant rupee loans to NRIs against security of
shares or immovable property in India, subject to certain terms and conditions.
Authorized dealers or housing finance institutions approved by National Housing Bank
can also grant rupee loans to NRIs for acquisition of residential accommodations subject
to certain terms and conditions.

4
iv. General permission has been granted to Indian company (including Non-Banking
Finance Company) registered with Reserve Bank to accept deposits from NRIs on
repatriation basis subject to the terms and conditions specified in the schedule.

Indian proprietorship concern/firm or a company (including Non-Banking Finance

Company) registered with Reserve Bank can also accept deposits from NRIs on non-
repatriation basis subject to the terms and conditions specified in the schedule.

Regulations relating to export of goods and services:

Export proceeds are required to be realised within a period of 6 months from the date of
shipment. In the case of exports to a warehouse established abroad with the approval of
Reserve Bank, the proceeds have to be realised within 15 months from the date of
shipment.

An enabling provision has been made in this regulation to delegate powers to authorized
dealers to allow extension of time. Export of goods on elongated credit terms beyond six
months requires prior approval of Reserve Bank.

other Regulations:

i. A person resident in India to whom any foreign exchange is due or has accrued is
obligated to take reasonable steps to realise and repatriate to India such foreign exchange
unless an exemption has been provided in the Act or regulations made under the general
or special permission of Reserve Bank.

ii. Any foreign exchange due or accrued as remuneration for services rendered or in
settlement of any lawful obligation or an income on assets held outside India or as
inheritance, settlement or gift to a person resident in India should be sold to an
authorized person within a period of seven days of its receipt and in all other cases
within 90 days of its receipt.

iii. Any person who has drawn exchange for any purpose but has not utilised it for the
same or any other purpose permissible under the provisions of the Act should surrender
such foreign exchange or un-utilised foreign exchange to an authorized person within a
period of 60 days from the date of acquisition.

Where, however, exchange was drawn for travel abroad, the un-utilised exchange in
excess of the limit up to which foreign exchange is permitted to be retained, should be
surrendered to an authorized person within 90 days from the date of return of the’
traveller to India if unspent exchange is in the form of travellers cheques.

iv. The Reserve Bank has specified the limit for possession and retention of foreign
currency by a person resident in India. There is no restriction on possession of foreign
coins by any person. Any person resident in India is permitted to retain in aggregate

5
foreign currency not exceeding US$ 2000 or its equivalent in the form of currency
notes/bank notes or travellers cheques acquired by him from approved sources.

v. The Reserve Bank has granted general permission to any person to receive any
payment:

(a) made in rupees by order or on behalf of a person resident outside India during his
stay in India by converting the foreign exchange into rupees by sale to an authorized
person;

(b) made by means of a cheque drawn on a bank outside India or a bank draft or
travellers cheques issued outside India or made in foreign currency notes directly,
provided the cheques, drafts or foreign currency is sold to an authorized person within
seven days of its receipt;

(c) by means of a postal order or money order issued by a post office outside India.

vi. Reserve bank has also granted general permission to a person resident in India to
make payment in rupees;

(a) for extending hospitality’ to a person resident outside India;

(b) to a person resident outside India for purchase of gold or silver imported by such
person in accordance with the provisions of any order issued by Central Government
under the Foreign Trade (Development and Regulation) Act, 1992 or under any law or
rules or regulations in force.

Key Differences Between FERA and FEMA

The primary differences between FERA and FEMA are explained in the following
points:

1. FERA is an act which is enacted to regulate payments and foreign exchange in India,
is FERA. FEMA an act initiated to facilitate external trade and payments and to
promote orderly management of the forex market in the country.
2. FEMA came out as an extension of the earlier foreign exchange act FERA.
3. FERA is lengthier than FEMA, regarding sections.
4. FERA came into force when the foreign exchange reserve position in the country
wasn’t good while at the time of introduction of FEMA, the forex reserve position
was satisfactory.
5. The approach of FERA, towards forex transaction, is quite conservative and
restrictive, but in the case of FEMA, the approach is flexible.
6. Violation of FERA is a non-compoundable offence in the eyes of law. In contrast
violation of FEMA is a compoundable offence and the charges can be removed.

6
7. Citizenship of a person is the basis for determining residential status of a person in
FERA, whereas in FEMA the person’s stay in India should not be less than six
months.
8. Contravening the provision of FERA may result in imprisonment. Conversely, the
punishment for violating the provisions of FEMA is a monetary penalty, which may
turn into imprisonment if the fine is not paid on time.

INTRODUCTION
SEBI
SEBI has been set up under the SEBI act to (i) protect the interest of the
investors in securities and (ii) promote the development of, and regulate, the securities
market by much measure as it thinks fit. This section discusses SEBI in terms of its
establishment, powers and functions; registration certificate; prohibition of manipulative
devices, insider trading and substantial acquisition of securities/control; penalties and
adjudication; appellate tribunal; and miscellaneous.

Traditionally, Indian capital was well known for its shyness. First of all,
people in India were not having sufficient savings to invest in industries. Even those
who had some surplus for investment were not prepared to offer it to industries for fear
of loss. But the position gradually changed during the seventies and today the Indian
capital is not as shy as it used to be. The capital market in India began to grow rapidly
especially during the latter part of eighties, mainly due to the gradual economic
liberalisation policy of the government. It led to an increase in the price of active shares
and created a boom in the market. It shook the confidence of many lay investors. The
increasing numbers of investors’ complaints and the steadily growing primary and
secondary capital markets in India pointed out the necessity of some regulatory
measures for the protection of investors and the regulation of capital market.

ORIGIN OF SEBI
The government of India set up the Securities and Exchange Board of India
(SEBI) on 12 April, 1988. But for more than three years, it had no statutory powers.
During this period its functions were to:

1. Collect information and advise the government on matters relating to capital

markets;
2. See to the licensing and regulation of merchant banks, mutual funds etc;
3. Prepare the legal drafts for regulatory and developmental roles; and
4. Perform any other functions as may be entrusted to it by the government.

7
 SEBI has been given the statutory powers by an Act of Parliament known as
Securities and Exchange Board of India Act, 1992. After the repeal of the capital issues
(Control) Act, 1947 on 29th May 1992, SEBI has been given the powers so far exercised
by CCI.
ESTABLISHMENT OF SEBI
The SEBI is a body corporate. It consists of

(a) A chairman appointed by the Government,

(b) Two members from amongst officials of the Ministry of Government of India
dealing with finance and administration of the Companies appointed by the
Government,
(c) One member from amongst the officials of, and nominated by the RBI,
(d) Five members of whom at least two should be whole time members nominated by
the Government.

Its general superintendence, direction and management is vested in a Board of

members which may exercise all powers and do all acts/things which may be
exercised/done by the SEBI. The chairman also powers to general superintendence and
direction of its affairs and may also exercise all powers and do all acts/things
exercisable/done by it. The chairman and other members of SEBI should be persons of
ability, integrity and standing who have shown capacity in dealing with problems
relating to the securities market or have special knowledge/experience of law, finance,
economics, accountancy, administration or in any other discipline which, in the opinion
of the Government, would be useful to the SEBI.

DEFINITIONS
In this Act, unless the context otherwise requires, -

(a) "Board" means the Securities and Exchange Board of India established under
section 3;

(b) "Chairman" means the Chairman of the Board;

[(ba) "collective investment scheme" means any scheme of arrangement which

satisfies the conditions specified in Section 11AA;]

(c) "Existing Securities and Exchange Board" means the Securities and Exchange
Board of India constituted under the Resolution of the Government of
8
India in the Department of Economic Affairs No.1 (44)SE/86, dated the 12th day of
April, 1988;

(e) "Fund" means the Fund constituted under Section 14;

(f) "Member" means a member of the Board and includes the Chairman;

(g) "Notification" means a notification published in the Official Gazette;

(h) "Prescribed" means prescribed by rules made under this Act;

(i) "Regulations" means the regulations made by the Board under this Act;

[(ha) "Reserve Bank" means the Reserve Bank of India constituted under section 3 of the
Reserve Bank of India Act, 1934(2 of 1934);]

(j) "Securities" has the meaning assigned to it in section 2 of the Securities Contracts
(Regulation) Act, 1956 (42 of 1956).

OBJECTIVES OF SEBI

The SEBI has been entrusted with both the regulatory and developmental
functions. The objectives of SEBI are as follows:

a. Investor protection, so that there is a steady flow of savings into the Capital
Market.

b. Ensuring the fair practices by the issuers of securities, namely, companies so that
they can raise resources at least cost.

c. Promotion of efficient services by brokers, merchant bankers and other

intermediaries so that they become competitive and professional.
Pending the legislative sanction to SEBI it carried out the functions of supervisory and
advisory body of the Govt. It has initiated the basis for control and regulation of the
market, arranged for the licensing of merchant banks, mutual funds etc. and performed
the advisory functions to the Govt.

9
 The legislation giving powers to SEBI was passed on 4th April 1992 in the
form of the Securities & Exchange Board of India Act to protect the interests of
investors in securities and to promote the development of and to regulate the securities
market and for matters connected therewith or incidental thereto.

ORGANIZATION OF SEBI

SEBI has five departments. They are as follows:

1. Primary Market Department

The primary market department deals with policy matters and regulatory
issues of primary market and the market intermediaries, and the redressal of
investor grievances.

2. Issue Management Intermediaries Department

The issue Management Intermediaries Department looks after vetting of offer
documents, registration, regulation and monitoring of issues related to
intermediaries.

3. Secondary Market Department

The Secondary Market Department is entrusted with policy matters and
regulatory issues of the secondary market such as price monitoring, insider trading
and kerb trading. It also looks after the administration of major stock exchange
and all other related things.

4. Institutional Investment Department

The Institutional Investment Department frames policy for foreign Institutional
investors (FIIs) and mutual funds. It also looks after mergers and acquisition.
5. Advisory Committee
The department of Advisory Committee provides advisory inputs in framing
policies and regulations for primary and secondary markets.

FUNCTIONS OF SEBI

Section 11 of the SEBI Act, 1992 gives the functions to be performed by the
Board. The important functions can be classified as:

1. Regulatory Functions.
2. Developmental Functions.
10
 These are now briefly described.

1. Regulatory functions

SEBI has to perform certain functions to regulate the securities market. They
are:

(a) Registration of brokers and sub-brokers and other players in the market such as
share transfer agents, bankers to an issue, trustees of trust deeds, registrar to an
issue, merchant bankers, underwriters, portfolio managers, and investment
advisors.
(b) Registration and regulation of collective investment schemes and mutual funds.
(c) Regulation of stock exchange and other self-regulatory organisations.
(d) Prevent fraudulent and unfair trade practices relating to securities market.
(e) Control insider trading and takeover bids and impose penalties for such
practices.
2. Developmental Functions

SEBI has to perform certain functions to develop the securities market. They
are:

(a) Promoting investors’ education and training of intermediaries in securities

market.
(b) Promotion of fair practices and a code of conduct for self regulatory
organisations.
(c) Conducting research and publishing information useful to all market
participants.

POWERS DELEGATED TO SEBI UNDER SECURITIES

CONTRACTS (REGULATION) ACT, 1956

SEBI has to perform the above functions and exercise such powers under the
Securities Contracts (Regulation) Act, 1956 as may be delegated to it by the Central
Government. The following are the powers delegated to it under the Act:

1. Call for periodical returns from stock exchanges.

2. Grant approval to any recognised stock exchange to make by-laws for the
regulation on control of contracts.
3. Make or amend by-laws of recognised stock exchange.
11
 4. Compel a public company to list its shares in any stock exchange.
5. Licensing of dealers in securities in certain areas.
6. Appoint any person to make enquiries into the affairs of stock exchange.
7. Suspend business of any recognised stock exchange.
Prohibit contracts in certain cases.

PENALTIES AND ADJUDICATION

A. Penalty for failure to furnish information, return, etc. - If any person, who is
required under this Act or any rules or regulations made there under-

(a) To furnish any document, return or report to the Board, fails to furnish the same,
he shall be liable to a penalty of one lakh rupees for each day during which such
failure continues or one crore rupees, whichever is less for “a penalty not
exceeding one lakh and fifty thousand rupees for each such failure”.

(b) To file any return or furnish any information, books or other documents within the
time specified therefore in the regulations, fails to file return or furnish the same
within the time specified therefore in the regulations, he shall be liable to a
penalty of one lakh rupees for each day during which such failure continues or
one crore rupees, whichever is less.

(c) To maintain books of accounts or records, fails to maintain the same, he shall be
liable to a penalty of one lakh rupees for each day during which such failure
continues or one crore rupees, whichever is less.

B. Penalty for failure by any person to enter into agreement with clients. - If
any person, who is registered as an intermediary and is required under this Act or
any rules or regulations made there under to enter into an agreement with his
client, fails to enter into such agreement, he shall be liable to a penalty of one
lakh rupees for each day during which such failure continues or one crore rupees,
whichever is less.

C. Penalty for failure to redress investors' grievances. - If any listed company or

any person who is registered as an intermediary, after having been called upon by
the Board in writing, to redress the grievances of investors, fails to redress such
grievances within the time specified by the Board, such company or intermediary

12
 shall be liable to a penalty of one lakh rupees for each day during which such
failure continues or one crore rupees, whichever is less.

D. Penalty for certain defaults in case of mutual funds. –

If any person, who is –

(a) Required under this Act or any rules or regulations made there under to obtain a
certificate of registration from the Board for sponsoring or carrying on any
collective investment scheme, including mutual funds, sponsors or carries on any
collective investment scheme, including mutual funds, without obtaining such
certificate of registration, he shall be liable to a penalty of one lakh rupees for
each day during which he sponsors or carries on any such collective investment
scheme including mutual funds, or one crore rupees, whichever is less.

(b) Registered with the Board as a collective investment scheme, including mutual
funds, for sponsoring or carrying on any investment scheme, fails to comply with
the terms and conditions of certificate of registration, he shall be liable to a
penalty of one lakh rupees for each day during which such failure continues or
one crore rupees, whichever is less.

(c) Registered with the Board as a collective investment scheme, including mutual
funds, fails to make an application for listing of its schemes as provided for in the
regulations governing such listing, he shall be liable to a penalty of one lakh
rupees for each day during which such failure continues or one crore rupees ,
whichever is less.

(d) Registered as a collective investment scheme including mutual funds fails to

despatch unit certificates of any scheme in the manner provided in the regulation
governing such despatch, he shall be liable to a penalty of one lakh rupees for
each day during which such failure continues or one crore rupees, whichever is
less.

(e) Registered as a collective investment scheme, including mutual funds, fails to

refund the application monies paid by the investors within the period specified in
the regulations, he shall be liable to pay a penalty of one lakh rupees for each day
during which such failure continues or one crore rupees, whichever is less.
13
(f) Registered as a collective investment scheme, including mutual funds, fails to
invest money collected by such collective investment schemes in the manner or
within the period specified in the regulations, he shall be liable to a penalty of one
lakh rupees for each day during which such failure continues or one crore rupees,
whichever is less.

E. Penalty for failure to observe rules and regulations by an asset management

company. - Where any asset management company of a mutual fund registered
under this Act, fails to comply with any of the regulations providing for
restrictions on the activities of the asset management companies, such asset
management company shall be liable to a penalty of one lakh rupees for each day
during which such failure continues or one crore rupees, whichever is less.

F. Penalty for failure in case of stock brokers.- If any person, who is registered as
a stock broker under this Act, -

(a) Fails to issue contract notes in the form and in the manner specified by the stock
exchange of which such broker is a member, he shall be liable to a penalty not
exceeding five times the amount for which the contract note was required to be
issued by that broker;

(b) Fails to deliver any security or fails to make payment of the amount due to the
investor in the manner within the period specified in the regulations, he shall be
liable to a penalty of one lakh rupees for each day during which such failure
continues or one crore rupees, whichever is less.

(c) Charges an amount of brokerage which is in excess of the brokerage specified in

the regulations, he shall be liable to a penalty of one lakh rupees or five times the
amount of brokerage charged in excess of the specified brokerage, whichever is
higher.

G. Penalty for insider trading. - If any insider who,-

(i) Either on his own behalf or on behalf of any other person, deals in securities of
a body corporate listed on any stock exchange on the basis of any unpublished
price sensitive information; or

14
(ii) Communicates any unpublished price- sensitive information to any person,
with or without his request for such information except as required in the
ordinary course of business or under any law; or

(iii) Counsels, or procures for any other person to deal in any securities of anybody
corporate on the basis of unpublished price-sensitive information, shall be
liable to a penalty of twenty-five crore rupees or three times the amount of
profits made out of insider trading, whichever is higher.

H. Penalty for non-disclosure of acquisition of shares and take-overs.-If any

person, who is required under this Act or any rules or regulations made there
under, fails to,-

(i) Disclose the aggregate of his shareholding in the body corporate before he
acquires any shares of that body corporate; or

(ii) Make a public announcement to acquire shares at a minimum price;

(iii) Make a public offer by sending letter of offer to the shareholders of the
concerned company; or

(iv) Make payment of consideration to the shareholders who sold their shares
pursuant to letter of offer. He shall be liable to a penalty twenty-five crore
rupees or three times the amount of profits made out of such failure, whichever
is higher.

HA. Penalty for fraudulent and unfair trade practices.- If any person
indulges in fraudulent and unfair trade practices relating to securities, he shall
be liable to a penalty of twenty-five crore rupees or three times the amount of
profits made out of such practices, whichever is higher.

HB. Penalty for contravention where no separate penalty has been

provided.- Whoever fails to comply with any provision of this Act, the rules
or the regulations made or directions issued by the Board there under for

15
 which no separate penalty has been provided, shall be liable to a penalty
which may extend to one crore rupees.

I. Power to adjudicate.-

(1) For the purpose of adjudging under sections 15A, 15B, 15C, 15D, 15E, 15F,
15G, [15H, 15HA and 15HB] ,the Board shall appoint any of its officers not
below the rank of a Division Chief to be an adjudicating officer for holding an
inquiry in the prescribed manner after giving any person concerned a
reasonable opportunity of being heard for the purpose of imposing any
penalty.

(2) While holding an inquiry, the adjudicating officer shall have power to
summon and enforce the attendance of any person acquainted with the facts
and circumstances of the case to give evidence or to produce any document
which in the opinion of the adjudicating officer, may be useful for or relevant
to the subject matter of the inquiry and if, on such inquiry, he is satisfied that
the person has failed to comply with the provisions of any of the sections
specified in sub-section (1), he may impose such penalty as he thinks fit in
accordance with the provisions of any of those sections.

J. Factors to be taken into account by the adjudicating officer.-While adjudging

quantum of penalty under section 15 I, the adjudicating officer shall have due
regard to the following factors, namely:

(a) The amount of disproportionate gain or unfair advantage, wherever quantifiable,

made as a result of the default;

(b) The amount of loss caused to an investor or group of investors as a result of the
default;
(c) The repetitive nature of the default.
JA. Crediting sums realized by way of penalties to Consolidated Fund of India.
- All sums realised by way of penalties under this Act shall be credited to the
Consolidated Fund of India.

SEBI GUIDELINES REGARDING THE COMPANIES ACT

SEBI has issued elaborate guidelines on matters relating to public issues,
rights issues, bonus issues, issue of debentures, underwriting, private placement, pricing
of issues etc. Under the new guidelines, the companies don’t require any prior approval
16
of SEBI for raising capital through public issues, rights issues and bonus issues. The
companies are free to approach the market and price their issues. But they must give due
regards to the guidelines and clarifications issued by SEBI on 11 June, 1992 which
related to the following:

1. Free pricing of issues. A new issue can be priced freely provided it is backed by
promoters with a good track record of at least 5 years and its making a
contribution of at least 50% in the equity of the new company. The private and
closely held companies shall be permitted to price their issues freely if they have
earned consistent profits for at least 3 years.
2. Underwriting made mandatory. The new guidelines issued by SEBI have
directed full underwriting of public issue.
3. Adequate disclosures to be made. The guidelines lay great emphasis on the
disclosures to be made by the issuer to SEBI. According to these norms no
bonus issues shall be made within 12 months of any public issues.
4. Issues of shares at par. A new company with no previous track record will be
permitted to issue capital only at par.
5. Promoter’s contribution. It has been fixed at 25% of the total issues of less than
Rs. 100 crore sizes and 20% of the issues above Rs. 100 crore.
6. High and low price. For public issues by the existing listed companies, the
issuer will have to disclose the high and low prices of the shares for the last 2
years.
7. Calls. In the case of issues exceeding Rs. 250 crore, the amount to be called on
application and allotment and on various calls shall not exceed 25% of the total
issue size.

DETAILS OF SEBI GUIDELINES - FOR CAPITAL MARKET

1. SEBI guidelines were issued after the repeal of the CIC Act whereby the CCI
guidelines became out of date. New guidelines by SEBI were issued starting from
the month of June, 1992. Some CCI guidelines were still retained, as in the case of
those for premium fixation.

2. Guidelines for new issues made by new Companies: They have to be issued at
par. Free pricing is permitted only if the new company is promoted by the existing
company with not less than 50% of equity.

3. New issues made by Private Limited Companies and Closely held companies can
be made by free pricing, for listing purposes if such companies have had three
17
 years of track record of consistent profitability out of last 5 years. Not less than
20% of equity is to be offered to the public, in such cases.

4. Public issues by existing listed companies can be made through free pricing, if
they are further issues and if they are disclosed in the prospectus. The NAV and
the market price have to be considered for the last 3 years. The companies with
foreign holding wishing to enhance the limit up to 51% will have to get the prices
approved in the general body meeting by a special resolution under Sec. 81 (A) of
the Companies Act, and subject to RBI approval.

5. Listing of shares on the O.T.C. : If the new issues are made through OTC, normal
guidelines will apply if the sponsor is not taking any share. If the shares are taken
by the sponsor, subsequent offer to the public may be made at such a price as the
sponsor may deem fit. The promoters should retain 25% quota with a lock in
period of 5 years, the sponsor should act as market maker for a period of at least 3
years and also find another market maker for compulsory market making. This
condition was relaxed recently to encourage OTC Listing.

6. Underwriting is optional if the issue is made to the public and should not include
reserved or preferential quota or employees’ quota. If the subscription is not up to
90% of the total issue from the public including contribution of underwriters, the
public should be refunded of their subscription within 120 days from the date of
opening the issue. The compulsory underwriting provision was also waived for
smaller issues.

7. Composite Issues: Issues to the public by existing company can be priced

differently as compared to the rights issued to shareholders.

8. F.C.D. & P.G.D.: The issues of F.C.D.s with a conversion period of more than 36
months will not be permissible unless conversion is optional. In case F.C.D.s is
convertible after 18 months, credit rating is compulsory; credit rating is now made
compulsory for all issues made to public, order than equity; the D.R.R. has to be
created in such issues with a maturity of more than 18 months. In case, the
nonconvertible portion of the P.C.D. is to be rolled over, non-maturing debenture
holders should have option to withdraw from the scheme.

9. New Financial Instruments: The terms and conditions of the new instruments such
as Deep Discount Bonds, debentures with warrants and secured premium notes
18
 etc. should be disclosed clearly so that the investor can assess the risk and return
scenario of the instrument.

10. Reservation in issues: The unreserved portion offered to public should not be less
than the minimum required for listing purposes. Preferential allotment can be
made to promoters, Companies, shareholders of those companies. NRIs,
Employees and Associate Companies of the same group. The allotment shall be
subject to a lock in period of three years, if it is made on firm basis, outside public
issue.

11.Deployment of Issue Proceeds: Where the total proceeds exceed Rs. 250 cores,
the company will voluntarily disclose the arrangements made to utilise proceeds.
When the total issue proceeds exceed Rs. 500 crores, there is need for making
compulsory disclosure and for the financial institutions to monitor the deployment
of funds, to the stock exchanges.

12.Minimum interval between two issues: 12 months should elapse between the
public or rights issue and Bonus issue. The promoters should bring in their share
of the capital before ether public issue.

13.Employee’s Stock Option Scheme: The reservation for employees should not be
more than 10% at present and this quota is non-transferable for 3 years and
subject to a maximum allotment of 200 shares per employee, and the lock in was
removed later.

14.Lock in Period: The Lock in period for Promoters’ quota is 5 years and the lock in
period for preferential allotment for associates and friends is 3 years.

15.Bonus Shares: Bonus issues are to be made out of free reserves, the share
premium collected in cash, Development Rebate Reserves and Investment
Allowance Reserve. Contingent liabilities disclosed in the audited accounts should
be deducted from net profit for calculation of residual reserves Residual reserves
after the bonus issues should be at least 40% of the increased paid-up capital. 30%
of the average profits before tax for the previous 3 years should yield a rate of
dividend of 10% on the expanded capital base. Reserves out of revaluation should
not be used for bonus payment. Bonus issue cannot be made in view of dividends,
and if there are partly paid up shares; no bonus issue is permitted. Expanded paid-
up capital after bonus issue should not exceed authorized share capital. When a
company has P.C.D. or F.C.D., pending conversion, no bonus issue can be made
19
 unless this right is kept open to the holders of F.C.D. and P.C.D. falling due for
conversion within 12 months.

16.Debenture Issues: All debentures which have a life of more than 18 months
should have a D.R.R. created by company out of profits. D.R.R. should be created
only for non-convertible portion of the debentures. Contribution to D.R.R. should
commence from the date of commercial production and when there are profits
after tax, interest and depreciation. The D.R.R. will be considered as a part of the
general reserves for payment of the bonus issues. D.R.R. should be created and
maintained at 50% of the amount of the debentures before repayment starts. Some
liability should have already been redeemed by the company. D.R.R. and the
creation of Debenture Trust are necessary only if the debentures have a maturity
period exceeding 18 months. The Lead Institution for each issue should monitor
the use of debenture funds either from the working capital or from the project
finance. The SEBI now insists on prior licensing of debenture Trustees; Trust
deed should be ready within 6 months from the date of allotment.

17. By a recent amendment to Listing Agreement, the Companies have been asked to
provide unabridged Balance Sheet to Shareholders. The companies have to give
the disposition of the funds raised in public issues and compare the actual with
targets every six months, when they present balance sheet to investors.

SEBI REFORMS ON STOCK EXCHANGES

The SEBI regulation of stock exchanges and their members had started as
early as February 1992 and the reforms later introduced have been on a continuous basis.
It was started with the licensing and registration of brokers and sub-brokers in the
recognised stock exchanges. This was later extended to underwriters, portfolio managers
and other categories of players in the stock market including foreign securities firms,
FFIs, OCBs, FFIs, Debenture Trustees, Collecting bankers, etc.

THE OTHER REFORMS ARE BRIEFLY SUMMARISED BELOW:

1. Compulsory audit and inspection of stock exchanges and their member brokers
and their accounts.

2. Transparency in the prices and brokerage charged by brokers by showing them in

their contract notes.

20
 3. Broker accounts and client accounts are to be kept separated clients’ money are to
be separately maintained in bank’s accounts and the same to be reported to the
stock exchanges.

4. Board of Directors of stock exchanges has to be reconstituted so as to include

non-brokers, public representative, and Govt. representatives to the extent of 50%
of the total number of members.

5. Capital adequacy norms have been laid down for members of various stock
exchanges separately and depending on their turnover of trade and other factors.

6. Guidelines have been laid down for dealings of FFIs and Foreign broker firms in
the Indian stock exchanges through Indian brokers.

7. Badla and carry forward business which was banned on major exchanges early in
1995 was reintroduced in October 1996 and renewal business was also subject to
close scrutiny, for cash shares.

8. New guidelines for corporate members have been laid down with limited liability
of directors and opening up of their membership to more than one stock of
directors and opening up of their membership to more than one stock exchange
without the limiting requirement of experience of five years in one exchange, as
imposed earlier.

The term “Investor Protection” is a wide term encompassing various measures

designed to protect the investors from malpractices of companies, brokers, merchant
bankers, issue managers, Registrars of new issues, etc. “Investors Beware” should be the
watchword of all programmes for mobilisation of savings for investment. As all
investments have some risk element, this risk factor should be borne in mind by the
investors and they should take all precautions to protect their interests in the first place.
If caution is thrown to the winds and they invest in any venture without a proper
assessment of the risk, they have only to blame themselves. But if there are malpractices
by companies, brokers etc., they have every reason to complain. Such grievances have
been increasing in number in more recent years.

The complaints of investors come from two major sources:

i. Against member broker of Stock Exchanges;

ii. Against companies listed for trading on the Stock Exchanges.

21
 Besides, there can be complaints against sub-brokers, agents, merchant
bankers, issue managers, etc., which cannot be entertained by the stock exchanges as per
their rules

COMPLAINTS AGAINST MEMBERS

Investors have complaints against brokers regarding the price, quantity etc. at
which transactions are put through, defective delivery or delayed delivery, delayed
payment or non-payment etc., non-settlement of vyaj badla dues, non-payment of agreed
brokerage to authorized assistants, etc. In the event of default of a member broker, the
dues of clients are also to be looked into. There is a Grievance Cell in all Stock
Exchanges which attends to investor complaints. Of the total, nearly 95% are against
companies and they are more difficult to settle, as many companies do not attend to the
complaints promptly despite reminders and warnings by the stock exchange, in view of
the fact that penal powers of the Exchange are limited.

The grievance procedure in respect of complaints against members is as

follows:

a. Joint meeting of members vis-a-vis the clients for an amicable settlement.

b. Arbitration proceedings by the committee under the byelaws.

c. Special committee appointed by the Executive Director for settlement.

d. Disciplinary proceedings including warnings, fines, penalties, etc. particularly in

cases of fraud, cheating etc. by the members.

GRIEVANCES CELL

Complaints against members were in the nature of non-payment of sale

proceeds, non-settlement of accounts etc. Of the total complaints against members,
about 85% settled during the year, itself

COMPLAINTS AGAINST COMPANIES

The complaints against companies are in the nature of non-receipt of allotment
letters, refund orders, non-receipt of dividends, interest etc., and delay in transfer of
shares and in splitting and consolidation. The clearance of these complaints is also
attended to by the Cell by writing to the companies, follow-up telexes, etc. and finally
by warning to delist the companies concerned. But the clearances of these complaints
are slow due to the non-compliance or slow compliance by the companies to the
references made by the Cell. The powers of the Stock Exchange are limited to warnings

22
and delisting of shares and as such compliance by the companies as poor. SEBI has now
powers to penalise companies violating the listing norms.

CUSTOMER’S PROTECTION FUND

The Customer’s Profession Fund is constituted by the Stock Exchanges to

safeguard the interests of the investor clients from default of the stock brokers. The Fund
is financed by way of a levy on the turnover of members and from out of the listing fees,
earmarked by the Exchanges.

The Fund is being administered by the Stock Exchange for the benefit of the clients of
the member brokers, in case of a default of a member. The compensation of any single
client is, however, limited to Rs. 2 lakh in BSF at present. When a member is declared a
defaulter, the net assets in the hands of the defaulter’s Committee after defraying costs,
charges, expenses etc., relating to the realisation of the assets will be used to meet the
claims of the Exchange, clearing house and then the admitted claims of the members of
the Exchange against the defaulter. After meeting all these claims, if anything is left
over, the claims of the clients of the defaulting member will be satisfied. If nothing is
left over, the genuine claims of clients can be met from the Customer’s Protection Fund.
This is the same procedure adopted by other Exchanges also where this Fund was set up.

Investors Beware

Investors in stock and capital markets need a word of caution. Firstly, these
investments are more risky, returns are uncertain and share values are subject to wide
fluctuations. Secondly, such investments require an art and expertise to pick up the right
stocks, failing which the investors would burn their fingers. Thirdly, the players in the
market, namely, brokers and issuers of securities, namely, companies, are not rated high
for their honesty with the result that investor complaints against stockbrokers and
companies have been increasing over the years. It would, therefore, be necessary for
investors to prepare themselves well before entering this market.

Specific Goals

The investor should be clear in his objectives of income, capital appreciation,

short-term gains or long-term gains, etc. He should have made already enough
investment in housing and for a regular income to meet his minimum needs and
comforts of life. Even if all the stock market investments are wiped out due to market
crash continued bearishness as in 1997 and 1998, the investor should not be a pauper on
the streets. Besides, if the investor spends sleepless nights on the fall of share prices, he

23
cannot be a good stock market investor. Nor can be gloat over a sporadic success and be
a spendthrift.

Pre-requisites of Investor

The investor should have abundant common sense and a strong heart to
withstand the vicissitudes of fortune. He need not be a holder of high academic degrees
like an MBA from Harvard or a finance graduation from the Wharton School. Nor does
he need to have hereditary characteristics or family tradition of investment. The only
requirements he school have an abundant logic and common sense and strong nerves and
develop the art of investment on a scientific basis. Although Peter Lynch’ calls it an art
and is sceptical of the application of academic scientific theories, the fact remains that he
attributes the success of investors to personal preparation, hard work involved in the
collection of relevant information, knowledge and research and analysis. This shows that
it is expertise combined with intuition that plays a vital role in this game on the Dalal
Street. Unlike a chess game which requires intelligence or a football game which needs
physical prowess, the stock market game requires both an art and a scientific technique.

Preparing to Invest

Investors desiring to invest in stocks require a lot of preparation. The weak-

hearted and risk-averter should first make an entry by buying only debentures,
particularly convertible debentures of good companies, or subscribe to new issues of
promising and well-established companies. After sufficient study and preparation, the
investor should act like rag-pickers in the market, picking up scripts on a selective basis.
That means selected companies from promising and growing industries should be picked
up after collection of all relevant information. The undervalued scripts should be
purchased at the right time with the help of technical analysis. Rumours and advice of
so-called consultants have to be carefully scrutinized. As the market investment is both a
science and an art, it requires both expertise and intuition. There is need for prior
preparation and a lot of home works before investments are undertaken. A high degree
of caution and planning is necessary but the scientific basis and knowledge are to be
acquired by a proper study.

Balance Sheet Study

Investors entering the stock market should also get into the habit of detailed
and careful study of the balance sheets of companies in which they wish to invest.
Similarly, they should examine carefully the detailed prospectus before subscribing to
the new issues of companies. The habit of relying on rumours, or advice of brokers or
friends should be replaced by the habit of self study of balance sheets and prospectus of

24
companies. The factors which should be looked into and ratios that should be analysed
and the aspects that should be examined are set out under fundamental analysis.

Choice of a Broker

Investors should as far as possible deal only with registered members of

recognised stock exchanges. In place where there are no stock exchanges, they may deal
with those sub-brokers who have connections with registered brokers. An honest and
dependable broker is to be chosen through proper introduction and orders should be
placed with him in a proper manner with limits on price at which sales or purchases can
be made. As and when a transaction is completed, he should insist on a contract note in
due time.

Protection in the New Issues Market

The main source of information on which investors depend in the new issues
market is the prospectus, which should contain correct statements of facts. Any false
statements, fraud, etc. are punishable under the Companies act. Under Section 56 of the
Companies Act, the Directors are subject to civil liability for any misstatement of facts
or untrue statements. Under Section 63 and 68 of the Companies Act, the Directors are
also liable criminally for any fraud of false statements in the prospectus. Companies’
liability for misstatements arises from untrue statements and statements which are
material for investors and particulars on which investors depend to make investments.
The directors or promoters of the company are thus subject to both criminal and civil
liability under the Act for any misstatements is the prospectus. Even so, the small
investors cannot afford to go to court and, should therefore, carefully read and examine
the prospectus for viability of the project and marketability of the product and for the
integrity and dependability of the promoters. The investors have also a responsibility to
assess the prospects and the risk involved in the project before making any investment.

Protection for Fixed Deposits

Section 58A of the Companies Act deals with the subject of Fixed Deposits.
There are some rules which apply to nonbanking companies, private and public limited
companies, who wish to raise deposits from the public. The Stock Exchange and SEBI
have however no Jurisdiction on the company deposits. No deposits can be invited from
investors or the public unless the companies follow the rules and guidelines made by the
Department of Company Affairs in consultation with the RBI. Interest rates, maturity
period of deposits, and the amount permissible to be raised by the companies are all
given in the form of guidelines by the Department of Company Affairs. The companies
have to follow these guidelines while accepting deposits from the public. Renewal and

25
repayment are also regulated by the Companies Act and the rules framed by the
Department of Company Affairs. When a company falls to repay the deposit, the
depositor can complain to the Company Law Board (CLB) in the specified form duly
filled in, together with the fees for non-payment of interest or non-repayment of deposit.
The order of the CLB is final and binding on the company and the company has to
comply with it. Any noncompliance with the order of the CLB or violation of the
provisions of the company law would (CLB) in the specified form duly filled in,
together with the fees for non-payment of interest or non-repayment of deposit. The
order of the CLB is final and binding on the company and the company has to comply
with it. Any non-compliance with the order of the CLB or violation of the provisions of
the company law would invite penalty of imprisonment and fine. This provision
however does not apply to sick companies. The business of NBFCs is now being
controlled by RBI after they are registered with the RBI, since Jan. 1999

GUIDELINES TO INVESTORS
1. Deal with a registered member of the stock exchange. If you are dealing with a
sub-broker, make sure that all bills and contracts are made in the name of a
registered broker.

2. Insist that all your deals are done in the trading ring, or electronically recorded.

3. Give specific orders to buy or sell within the fixed price limits and/or time periods
within which orders have to be executed.

4. Insist on contract notes to be passed on to you on the dates, when the orders are
executed.

5. Make sure that your deal is registered with the stock exchange in a Souda Block
Book or recorded electronically.

6. In the case of a dispute, this will help trace the details of the deal easily.

7. Collect a settlement table from the stock exchange mentioning the pay-in and pay-
out days. Each stock exchange has its own trading periods which are called
settlements. All transactions done within this period are settled at the end of it. All
payments for shares bought and there deliveries take place on the pay-in day. An

26
 awareness of pay-in and pay-out days is useful when a broker tries to make
excuses.

8. Keep separate records of dealings in specified shares (Group A) and non-

specified shares (Group B1, and B2). The settlement for ace is on different days.

9. Execute periodic settlements of dues and delivery of shares to avoid accumulation

of transactions.

10. Insist on delivery. If the company returns your papers and shares with objections,
contact your broker immediately.

11.Ensure that shares bought are transferred in your name before the company’s book
closure date. This is necessary to make sure that you receive benefits like
dividend, interest and bonus shares. All companies have to book closure date on
which the list of shareholders in the company is finalised.
12. Complain if the broker does not deliver the shares bought in your name. Proceed
to contact another broker with the bill/contract given to you by the earlier broker,
and the earlier broker, and the Exchange authorities and the latter will purchase
the shares on your behalf. In such an event, the first broker will have to pay the
shares on your behalf. In such an event, the first broker will have to pay the
difference in price. Do not sell shares that are not transferred in your name after
the book closure as these are not valid in the market.

13. Do not sell/deal in shares where any one of the holders has passed away. In cases
where the holder has died, a succession certificate is necessary. In cases where
one of the joint shareholders passes away, the surviving holder should send the
shares along with the death certificate to the company. Only after the name of the
deceased has been deleted from the shares, can they be transferred.

14. Do not expect the money for shares to come immediately. It will take at least a
fortnight at present from the date of transaction.

15. Unless you have a special arrangement with the broker, do not expect the
adjustment of purchases and sales against one another. One pays first and receives
later.

27
 16. Do not take delays or harassment lying down. You have to complain to the
Grievance Cell of the stock exchange or the Securities and Exchange Board of
India (SEBI) in case of delay or harassment.

HIGHLIGHTS OF SEBI PERFORMANCE

Since the enactment of the SEBI Act in 1992, financial institutions, agencies,
and market intermediaries mentioned above are now being governed by the guidelines,
rules, and regulations notified by the SEBI from time to time. Due to lack of spare, it is
not possible to present their exhaustive list here. We give below only the major policy
measures and reforms introduced by the SEBI during 1992 to 1996.

(i) PRIMARY SECURITIES MARKET

 The issues of capital by companies no longer require any consent from any
authority either for making the issue or for pricing it.
 Efforts have been made to raise the standards of disclosures in public
issues and enhance their transparency. The SEBII has accepted and
implemented almost all the recommendations of Malegam Committee
appointed by it in 1994-95 in this connection.
 The offer document is now made public even at the draft stage.
 Companies making their first public issue are eligible to do so only if they
have three years of dividend-paying track record preceding an issue. Those
not meeting this requirement can still make an issue if their projects are
appraised by banks of FIs with minimum 10 per cent participation in the
equity capital of the issuer, or if their securities are listed on the OTCEI
(Over-the-Counter Exchange of India).
 For issues above Rs. 100 crore, book building requirement has been
introduced.
(ii) SECONDARY MARKET AND INTERMEDIARIES
 The governing boards and various committees of Stock Exchanges (SEs)
have been recognised, restructured and board-based.
 Inspection of all 22 SEs has been carried out to determine, inter alia, the
extent of compliance with the directives of the SEBI.
 Computerised or screen-based trading has been achieved on almost all
exchanges except some of the smaller ones.
 Corporate membership of SEs is now allowed, encouraged, and preferred.
The Articles of Association of SEs have been amended so as to increase
their membership.

28
  All the SEs has been directed to establish either a clearing house or a
clearing corporation.
 The Bombay Stock Exchange (BSE) has been asked to reduce trading
period or settlement cycle from 14 to 7 days for B group shares.
 A process through which investor grievances against brokers may find
redressal through a complaint to the SEBI has been put in place.
(iii)MUTUAL FUNDS
As on March 31, 1996, 26 Mutual Funds (MFs) excluding the UTI were
registered with the SEBI. MFs are required to have a board of trustees or Trustee
Company separate from the asset management company, and securities belonging
to the various schemes are required to be kept with an independent custodian. There
has to be an arms-length relationship between the trustees, the asset management
company, and the custodian. The SEBI (Mutual Funds) regulations, 1993 were
revised to provide for portfolio disclosure, standardisation of accounting policies,
valuation norms for determining net asset value and pricing.

The UTI has been organised under the UTI Act, 1963, and it has evolved as a
distinct institution. Therefore, certain special dispensations have been provided to it
under the SEBI regulatory framework. Subject to this, the UTI also has been
brought under the SEBI since July 1994. As a result, new schemes of the UTI also
now fall under the jurisdiction of the SEBI.

(iv) MISCELLANEOUS
 FIIs are also required to be registered with the SEBI. The total numbers
of them so registered were 367 as of March 31, 1996.
 It is required that the capital of companies to be registered as
depositories must be Rs 100 crore. Similarly custodians are required to
have a net worth of Rs 50 crore, and they are to get their systems and
procedures evaluated externally.
 Venture capital funds (VCFs) allowed investing in unlisted companies,
to finance turnaround companies, and to provide loans.
 As per the approved modified takeover code recommended by the
Bhagwati Committee, the minimum public offer of 20 per cent
purchase, when the threshold limit of 10 per cent equity is crossed, is
made mandatory. Those in control are permitted to 2 per cent of shares
per annum up to a maximum of 51 per cent. The acquires have to
deposit a certain value of cash and assets in an escrow account. The
escrow deposits have to be higher for conditional public offers unless
the acquirer agrees to buy a minimum of 20 per cent.
29
 (v) INVESTOR PROTECTION MEASURES
The SEBI has introduced an automated complaints handling system to deal
with investor complaints. To create awareness among the issuers and intermediaries
of the need to redress investor grievances quickly, the SEBI has been issuing
fortnightly press release publishing the names of the companies against whom
maximum number of complaints have been received. To help investors in respect
of delay in receiving refund orders in case of oversubscribed issues, a facility in the
form of stock invest has been introduced. To ensure that no malpractice takes place
in the allotment of shares, a representative of the SEBI supervises the allotment
process. It has also accorded recognition to several genuine, active investor
associations. It issues advertisements from time to time to guide and enlighten
investors on various issues related to the securities market and of their rights and
remedies.
Classification of Complaints
The complaints received by the SEBI are categorised in five types:

 Type I: Non-receipt of refund orders/allotment letters/stock invest

 Type II: Non-receipt of dividend.
 Type III: Non-receipt of share certificates/bonus shares.
 Type IV: Non-receipt of debenture certificates/interest on
debentures/redemption amount of debentures/interest on delayed
payment of interest.
 Type V: Non-receipt of annual reports, rights issue forms/interest on
delayed receipt of refund orders/dividends.

INTRODUCTION
CYBER LAW
Cyber Law is the law governing cyber space. Cyber space is a very wide term and
includes computers, networks, software, data storage devices (such as hard disks, USB
disks etc), the Internet, websites, emails and even electronic devices such as cell phones,
ATM machines etc.

 Law encompasses the rules of conduct:

1. Tat have been approved by the government, and

2. Which are in force over a certain territory, and

3. Which must be obeyed by all persons on that territory.

30
Violation of these rules could lead to government action such as imprisonment or fine or
an order to pay compensation.

Cyber law encompasses laws relating to:

1. Cyber Crimes

2. Electronic and Digital Signatures

3. Intellectual Property

4. Data Protection and Privacy

Cybercrimes are unlawful acts where the computer is used either as a tool or a
target or both. The enormous growth in electronic commerce (e-commerce) and online
share trading has led to a phenomenal spurt in incidents of cyber crime. These crimes are
discussed in detail further in this chapter. A comprehensive discussion on the Indian law
relating to cyber crimes and digital evidence is provided in the ASCL publication titled
“Cyber Crimes & Digital Evidence – Indian Perspective”.

Electronic signatures are used to authenticate electronic records. Digital signatures are
one type of electronic signature. Digital signatures satisfy three major legal requirements
– signer authentication, message authentication and message integrity. The technology
and efficiency of digital signatures makes them more trustworthy than hand written
signatures. These issues are discussed in detail in the ASCL publication titled
“Ecommerce – Legal Issues”.

Intellectual property is refers to creations of the human mind e.g. a story, a song, a
painting, a design etc. The facets of intellectual property that relate to cyber space are
covered by cyber law. These include:

1. Copyright law in relation to computer software, computer source code, websites, cell
phone content etc.

2. Software and source code licenses,

3. Trademark law with relation to domain names, meta-tags, mirroring, framing, linking
etc.

4. Semiconductor law which relates to the protection of semiconductor integrated

circuits design and layouts,

5. Patent law in relation to computer hardware and software.

31
 These issues are discussed in detail in the ASCL publication titled “IPR &
Cyberspace - the Indian Perspective”. Data protection and privacy laws aim to achieve a
fair balance between the privacy rights of the individual and the interests of data
controllers such as banks, hospitals, email service providers etc. These laws seek to
address the challenges to privacy caused by collecting, storing and transmitting data
using new technologies.

Jurisprudence of Cyber Law

Jurisprudence studies the concepts of law and the effect of social norms and
regulations on the development of law.

Jurisprudence refers to two different things.

1. The philosophy of law, or legal theory

2. Case Law

Legal theory does not study the characteristics of law in a particular country (e.g. India
or Canada) but studies law in general i.e. those attributes common to all legal systems.

Legal theory studies questions such as:

1. What is law and legal system?

2. What is the relationship between law and power?

3. What is the relationship between law and justice or morality?

4. Does every society have a legal system?

5. How should we understand concepts like legal rights and legal obligations or duties?

6. What is the proper function of law?

7. What sort of acts should be subject to punishment, and what sort of punishments
should be permitted?

8. What is justice?

9. What rights do we have?

32
10. Is there a duty to obey the law?

11. What value does the rule of law have?

Case law is the law that is established through the decisions of the courts and other
officials.

Case law assumes even greater significance when the wordings of a particular law are
ambiguous. The interpretation of the Courts helps clarify the real objectives and
meaning of such laws.

Jurisprudence of Indian Cyber Law

 The primary source of cyber law in India is the Information Technology Act, 2000
(IT Act) which came into force on 17 October 2000.
 The primary purpose of the Act is to provide legal recognition to electronic
commerce and to facilitate filing of electronic records with the Government.
 The IT Act also penalizes various cyber crimes and provides strict punishments
(imprisonment terms up to 10 years and compensation up to Rs-1crore).
 Minor errors in the Act were rectified by the Information Technology (Removal
of Difficulties) Order, 2002 which was passed on 19 September 2002.
 An Executive Order dated 12 September 2002 contained instructions relating
provisions of the Act in regard to protected systems and application for the issue
of a Digital Signature Certificate.
 The IT Act was amended by the Negotiable Instruments (Amendments and
Miscellaneous Provisions) Act, 2002. This introduced the concept of electronic
cheques and truncated cheques.
 Information Technology (Use of Electronic Records and Digital Signatures)
Rules, 2004 has provided the necessary legal framework for filing of documents
with the Government as well as issue of licenses by the Government.
 It also provides for payment and receipt of fees in relation to the Government
bodies.
 On the same day, the Information Technology (Certifying Authorities) Rules,
2000 also came into force.
 These rules prescribe the eligibility, appointment and working of Certifying
Authorities (CA). These rules also lay down the technical standards, procedures
and security methods to be used by a CA.

These rules were amended in 2003, 2004 and 2006.

o Information Technology (Certifying Authority) Regulations, 2001 came

into force on 9 July 2001. They provide further technical standards and
procedures to be used by a CA.
o Two important guidelines relating to CAs were issued. The first are the
Guidelines for submission of application for license to operate as a

33
 Certifying Authority under the IT Act. These guidelines were issued on 9th
July 2001.
o Next were the Guidelines for submission of certificates and certification
revocation lists to the Controller of Certifying Authorities for publishing in
National Repository of Digital Certificates. These were issued on
16thDecember 2002.

The Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 also came into
force on 17th October 2000.

o These rules prescribe the appointment and working of the Cyber

Regulations Appellate Tribunal (CRAT) whose primary role is to hear
appeals against orders of the Adjudicating Officers.
o The Cyber Regulations Appellate Tribunal (Salary, Allowances and other
terms and conditions of service of Presiding Officer) Rules, 2003 prescribe
the salary, allowances and other terms for the Presiding Officer of the
CRAT.
o Information Technology (Other powers of Civil Court vested in Cyber
Appellate Tribunal) Rules 2003 provided some additional powers to the
CRAT.

On 17th March 2003, the Information Technology (Qualification and Experience of

Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 were passed.

o These rules prescribe the qualifications and experience of Adjudicating

Officers, whose chief responsibility under the IT Act is to adjudicate on
cases such as unauthorized access, unauthorized copying of data, spread of
viruses, denial of service attacks, disruption of computers, computer
manipulation etc.
o These rules also prescribe the manner and mode of inquiry and adjudication
by these officers.
 The appointment of adjudicating officers to decide the fate of multi-crore cyber
crime cases in India was the result of the public interest litigation filed by students
of Asian School of Cyber Laws (ASCL).
 The Government had not appointed the Adjudicating Officers or the Cyber
Regulations Appellate Tribunal for almost 2 years after the passage of the IT Act.
This prompted ASCL students to file a Public Interest Litigation (PIL) in the
Bombay High Court asking for a speedy appointment of Adjudicating officers.
 The Bombay High Court, in its order dated 9 th October 2002, directed the Central
Government to announce the appointment of adjudicating officers in the public

34
 media to make people aware of the appointments. The division bench of the
Mumbai High Court consisting of Hon’ble Justice A.P. Shah and Hon’ble Justice
Ranjana Desai also ordered that the Cyber Regulations Appellate Tribunal be
constituted within a reasonable time frame.

Following this the Central Government passed an order dated 23rd March 2003
appointing the “Secretary of Department of Information Technology of each of the
States or of Union Territories” of India as the adjudicating officers.

 The Information Technology (Security Procedure) Rules, 2004 came into force on
29th October 2004. They prescribe provisions relating to secure digital signatures
and secure electronic records.
 Also relevant are the Information Technology (Other Standards) Rules, 2003.
 An important order relating to blocking of websites was passed on 27 th February,
2003.
 Computer Emergency Response Team (CERT-IND) can instruct Department of
Telecommunications (DOT) to block a website.
 The Indian Penal Code (as amended by the IT Act) penalizes several cyber
crimes. These include forgery of electronic records, cyber frauds, destroying
electronic evidence etc.
 Digital Evidence is to be collected and proven in court as per the provisions of the
Indian Evidence Act (as amended by the IT Act).
 In case of bank records, the provisions of the Bankers’ Book Evidence Act (as
amended by the IT Act) are relevant.
 Investigation and adjudication of cyber crimes is done in accordance with the
provisions of the Code of Criminal Procedure and the IT Act.
 The Reserve Bank of India Act was also amended by the IT Act.

Need for Cyber Law

There are various reasons why it is extremely difficult for conventional law to cope with
cyberspace. Some of these are discussed below.

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using

conventional law.

2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India

could break into a bank’s electronic vault hosted on a computer in USA and transfer
millions of Rupees to another bank in Switzerland, all within minutes. All he would
need is a laptop computer and a cell phone.

35
3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed
every minute and billions of dollars are electronically transferred around the world by
banks every day.

4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can

have a live chat session with an eight-year-old in Bali without any regard for the
distance or the anonymity between them.

5. Cyberspace offers enormous potential for anonymity to its members. Readily

available encryption software and stenographic tools that seamlessly hide information
within image and sound files ensure the confidentiality of information exchanged
between cyber-citizens.

6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of

software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.

7. Electronic information has become the main object of cyber crime. It is characterized
by extreme mobility, which exceeds by far the mobility of persons, goods or other
services. International computer networks can transfer huge amounts of data around the
globe in a matter of seconds.

8. A software source code worth crores of rupees or a movie can be pirated across the
globe within hours of their release.

9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic
records are copied quickly, inconspicuously and often via telecommunication facilities.
Here the “original” information, so to say, remains in the “possession” of the “owner”
and yet information gets stolen.

Acts of cyber law

Information Technology Act, 2000

The term information technology' (IT) is not having a precise meaning. It is

generally applied to broad area of activities and technologies associated with the use of
computers and communication. We can explain IT as an application of computers to
create, store, process and use of information particularly in the field of commerce.
Basically, IT enables the corporate management to have access to timely, accurate and
relevant data, with the use of computers, communication, telephone, Internet, etc., which
helps in informed decision making, minimises the response time and enables better
36
coordination in the organisation resulting in reduced costs or increased profits.

Rationale Behind the IT ACT, 2000

The "Statement of Objects and Reasons" appended to the "Information

Technology Bill, 2000," explains the rationale behind the IT Act, 2000. Excerpts from
the said statement are given below:

"New communication systems and digital technology have made dramatic changes in
the way we live. A revolution is occurring in the way people transact business.
Businesses and consumers are increasingly using computers to create, transmit and store
information in the electronic form instead of traditional paper documents. Information
stored in electronic form has many advantages. It is cheaper, easier to store, retrieve and
speedier to communicate. Although people are aware of these advantages, they are
reluctant to conduct business or conclude any transaction in the electronic form due to
lack of appropriate legal framework. The two principal hurdles which stand in the way
of facilitating electronic commerce and electronic governance are the requirements as to
writing and signature for legal recognition. At present many legal provisions assume the
existence of paper based records and documents which should bear signatures. The law
of evidence is traditionally based upon paper based records and oral testimony. Since
electronic commerce eliminates the need for paper based transactions, hence to facilitate
e-commerce, the need for legal changes have become an urgent necessity. International
trade through the medium of e-commerce is growing rapidly in the past few years and
many countries have switched over from traditional paper based commerce to e-
commerce."

"There is a need for bringing in suitable amendments in the existing laws in our country
to facilitate e-commerce. It is, therefore, proposed to provide for legal recognition of
electronic records and digital signatures. This will enable the conclusion of contracts and
the creation of rights and obligations through the electronic medium."

'With a view to facilitate Electronic Governance, it is proposed to provide for the use
and acceptance of electronic records and digital signatures in the Government offices
and its agencies."

Information Technology Act, 2000

The law relating to "information technology" is contained in the Information

Technology (IT) Act, 2000 which came into force on 17th October, 2000. It is the first
Cyber Law in India. It is mainly based on the UNNCITRAL Model Law. The United
Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law
on Electronic Commerce in 1996. This Model Law provides for equal legal treatment of
users of electronic communication and paper based communication.

The Information Technology (IT) Act, 2000 has been design to give boost to Electronic

37
Commerce (e-commerce), e-transactions and similar activities associated with
commerce and trade, and also to facilitate Electronic Governance (e- governance) by
means of reliable electronic records. With a view to making the citizens interaction with
the Government offices hassle free, the IT Act provides for the use and acceptance of
electronic records and digital signatures in the Government offices. To prevent the
possible misuse arising out of the transactions and other dealings concluded over the
electronic medium. The IT Act also provides for a regulatory regime to supervise the
Certifying Authorities issuing Digital Signature Certificates. Briefly stated, it may be
said that IT Act mainly contains provisions relating to e-commerce, e-governance,
electronic record and digital Signature.

The term Electronic Commerce (e-commerce) refers to the business transactions

electronically. In common usage, the term refers to the trading of goods over the
Internet. It is on-line Sale and purchase of goods and services for value by using internet
technologies, such as internet processing, e-mail and World Wide Web (www) or just
web browsing. E-commerce in its present form is in the stage of infancy in India. During
the six years of post IT Act period, the increase in e-commerce is taking place at a slow
rate mainly because the IT Act is silent on all aspects of payment. There is no concept of
e-payment or digital money.

The term Electronic Governance (e- Governance) refers to the application of information
technology to the processes of government functioning in order to bring about Simple,
Moral, Accountable, Responsive and Transparent (SMART) governance. It involves
electronic filling of documents with the government agencies and creating a network of
e-services and e-administration. Electronic Governance (e-governance) is fast catching
up and more and more government processes are going online resulting in less
bureaucracy, more transparency and openness. Companies will be able to file any form,
application or any other document in the electronic form and get Licenses/Certificates
online.

Evolution of key terms and concepts

To understand the jurisprudence of cyber law, it is essential to examine how the
definitions of key terms and concepts have developed.

1. Computer

According to section 2(1)(i) of the IT Act "computer" means any electronic magnetic,
optical or other high-speed data processing device or system which performs logical,
arithmetic, and memory functions by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage, computer software, or
communication facilities which are connected or related to the computer in a computer
system or computer network;

Simply put, a computer has the following characteristics:

38
1. It is a high-speed data processing device or system.

2. It may be electronic, magnetic, optical etc.

3. It performs logical, arithmetic, and memory functions

4. These functions are performed by manipulations of electronic, magnetic or optical

impulses.

Computer includes:

1. All input facilities,

2. All output facilities,

3. All processing facilities,

4. All storage facilities,

5. All computer software facilities, and

6. All communication facilities which are connected or related to the computer in a

computer system or network.

Let us examine the important terms used in this definition:

According to American law, electronic means relating to technology having electrical,

digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.

Magnetic means having the properties of a magnet; i.e. of attracting iron or steel e.g.
parts of a hard disk are covered with a thin coat of magnetic material.

Simply put, an optical computer uses light instead of electricity to manipulate, store and
transmit data. Development of this technology is still in a nascent stage.

Optical data processing can perform several operations simultaneously (in parallel)
much faster and easier than electronics.

Optical fibre is the medium and the technology associated with the transmission of
information as light pulses along a glass or plastic wire or fibre.

Optical fibre carries much more information than conventional copper wire and is in
general not subject to electromagnetic interference.

A data processing device or system is a mechanism that can perform pre-defined

operations upon information.

39
The following are illustrations of functions in relation to a conventional desktop
personal computer.

• Saving information on a hard disk,

• Logging on to the Internet,

• Retrieving stored information,

• Calculating mathematical formulae.

Logical functions, simply put, refer to non-arithmetic processing that arranges numbers
or letters according to a predefined format e.g. arranging numbers in ascending order,
arranging words alphabetically etc.

Arithmetic functions, simply put, are operations concerned or involved with

mathematics and the addition, subtraction, multiplication and division of numbers.

Memory functions, simply put, refer to operations involving storage of data.

Input facilities are those which transfer information from the outside world into a
computer system. E.g. keyboard, mouse, touch screen, joystick, microphone, scanner
etc.

Output facilities are those which transfer data out of the computer in the form of text,
images, sounds etc to a display screen, printer, storage device etc.

Hard disks, USB disks, floppies act as both input and output facilities.

Processing facilities primarily refers to the Central Processing Unit (CPU) of a

computer. Referred to as the “brain” of the computer, the CPU processes instructions
and data.

Storage facilities include hard disks and other data storage facilities. This term would
also include the physical cabinet in which a computer is housed.

Computer software facilities refer to the operating system and application software that
are essential for a computer to function in a useful manner.

Communication facilities include the network interface cards, modems and other
devices that enable a computer to communicate with other computer

2. Data

According to section 2(1)(o) of the IT Act “data” means a representation of information,

knowledge, facts, concepts or instructions which are being prepared or have been
40
prepared in a formalised manner, and is intended to be processed, is being processed or
has been processed in a computer system or computer network, and may be in any form
(including computer printouts magnetic or optical storage media, punched cards,
punched tapes) or stored internally in the memory of the computer;

Simply put, data is

1. A representation of information, knowledge, facts, concepts or instructions,

2. Prepared or being prepared in a formalized manner,

3. Processed being processed or sought to be processed in a computer.

3. Computer Software

Computer software is a general term that describes a collection of:

1. Computer programs,

2. Procedures and

3. Documentation.

Computer hardware, on the other hand, consists of the physical devices that can store
and execute computer software.

Analogy

An oil company drills for oil on the sea bed. This oil is then processed and provided to
the customer in the form of petrol for his car. Here the petrol is like the application
software – it helps the user to run his car. The oil company is like the system software –
it enables the petrol to be taken to the user

System software can be of various types such as:

1. Operating systems which form the platform for all other software on a computer,

2. Device drivers which allow computer programs to interact with a hardware devices
such as printers, scanners etc,

3. Programming tools which help programmers to develop and test other programs,

4. Compilers which compile the source code into the object code,

5. Linkers which link object code files (and libraries) to generate an executable file,

41
6. Utility software that helps manage and tune the computer hardware, operating
system or application software.

Application software include

1. Word processors (e.g. Microsoft Word),

2. Spreadsheets (e.g. Microsoft Excel)

3. Presentation software (e.g. Microsoft PowerPoint)

4. Media players (e.g Microsoft Windows Media Player)

5. Games (e.g. Need for Speed, Age of Empires)

6. Forensic software (e.g. Winhex, X-Ways Forensics)

7. Encryption software (e.g. PGP)

8. Internet browsers (e.g. Mozilla Firefox)

9. FTP clients (e.g. FireFTP) and hundreds of other types of software.

4. Computer System

According to section 2(1) (l) of the IT Act "computer system" means a device or
collection of devices, including input and output support devices and excluding

calculators which are not programmable and capable of being used in conjunction with
external files, which contain computer programs, electronic instructions, input data and
output data, that performs logic, arithmetic, data storage and retrieval, communication
control and other functions.

Simply put, a computer system has the following characteristics:

1. It is a device or collection of devices which contain data or programs,

2. It performs functions such as logic, storage, arithmetic etc,

3. It includes input and output support systems,

4. It excludes non-programmable calculators.

5 Computer Network

According to section 2(1) (j) of the IT Act "computer network" means the
interconnection of one or more computers through:

42
(i) The use of satellite, microwave, terrestrial line or other communication media and

(ii) Terminals or a complex consisting of two or more interconnected computers whether

or not the interconnection is continuously maintained.

Simply put, a computer network is the interconnection of one or more computers

through:

• Satellite

Satellite Internet connection is an arrangement in which the outgoing and incoming data
travels through a satellite. Each subscriber’s hardware includes a satellite dish antenna
and a transceiver (transmitter / receiver). The dish antenna transmits and receives
signals.

• Microwave

The term microwave refers to electromagnetic waves of a particular frequency.

Microwave frequencies are used in radars, Bluetooth devices, radio astronomy, GSM
mobile phone networks, broadcasting and telecommunication transmissions etc.

• Terrestrial line

Terrestrial lines include fibre optic cables, telephone lines etc.

• Other communication media

Communication media refers to any instrument or means that facilitates the transfer of
data, as between a computer and peripherals or between two computers.

Other ways in which two computers can be connected include cables, hubs, switches etc.

SCHEME OF THE IT ACT, 2000

The Information Technology Act, 2000 consists of 13 Chapters divided into 94 Sections.
Chapters I to VII are mostly digital signature related. Chapters IX to XIII are regarding
penalties, offences, etc. The Act has four Schedules on consequential amendments in
respect of certain other Acts.

The First Schedule makes amendments to the Indian Penal Code, 1860, and the second
Schedule makes amendments to Indian evidence act, 1872 to provide for necessary
changes in the various provisions which deal with offences relating to documents and
paper based transactions. The, Third Schedule makes amendments to the bankers' Books
Evidence Act, 1891to give legal sanctity for books of account maintained in the
electronic form by the banks. The fourth Schedule makes amendments to the. Reserve
Bank of India Act, 1934 to facilitate electronic fund transfers between the financial
43
institutions and banks.

Exceptions [Sec. 1(4)].The provisions of the IT Act, 2000 shall not apply to the
following documents:

1. Execution of a Negotiable Instrument (other than a cheque) under the Negotiable

Instruments Act., 1881.
2. Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
3. Creation of a Trust under Indian Trusts Act, 1882.
4. Execution of a 'Will' under the Indian Succession Act, 1925 including any other
testamentary disposition by whatever name called.
5. Entering into a contract for the sale or conveyance of immovable property or any
interest in such property.
6. Execution of such class of documents or transactions as may be notified by the
Central Government in the Official Gazette.

The reason for excluding the above mentioned documents from the purview of the Act is
that such documents are required to be authenticated only by the handwritten signatures.
Moreover, these require special attestation and/or registration formalities, which also
explain their exclusion

DIGITAL SIGNATURE

The Law of Information Technology recognises the digital signature so that the Internet
contract is authenticated and becomes binding on the parties. These are the electronic
equivalent of the handwritten signatures. In an electronic message or transaction affixing
handwritten signature is not possible. Authentication of the record has to be achieved by
some electronic or digital method. "Affixing digital signature" has been defined in
Section 2(1) (d) of the Act to mean adoption of any methodology or procedure by a
person for the purpose of authenticating an electronic record by means of "digital
signature".

The expression "digital signature" has been defined in Section 2(1)(p) of the Act to mean
authentication of any electronic record by a subscriber, i.e., a person in whose name the
"Digital Signature Certificate" is issued, by means of an electronic method or procedure
in accordance with the provisions of Section 3.

Authentication of Electronic Records (Sec. 3)

Any subscriber may authenticate an electronic record by fixing his digital signature. The
authentication of the electronic record shall be effected by the use of 'asymmetric crypto
system' and. 'hash function' which envelop and transform the initial electronic record
into another electronic record.

Explanation: For the purposes of this sub-section, "hash function" means an algorithm
mapping or translation of one sequence of bits into another: generally smaller, set known
44
as "hash result" such that an electronic record yields the same hash result every time the
algorithm is executed with the same electronic record as its input making it
computationally infeasible:

(a) To derive or reconstruct the original electronic record from the hash result produced
by the algorithm;
(b) Electronic records can produce the same hash result using the algorithm.

Verification: Any person by the use of a public key of the subscriber can verify the
electronic record. The private key and the public key are unique to the subscriber and
constitute a functioning key pair.

In the case of electronic transmission of business or legal message/documents, it is

necessary to ensure that these are authentic and have not been tampered with by any
person during transmission. With this end in view, the above stated Section 3 provides
that authentication of the electronic record is to be effected by the use of "asymmetric
crypto system", i.e., by using 'encryption' (coding) and 'decryption' (decoding)
methodologies and software tools.

An 'encryption software program' takes the normal, readable text message ("plaintext")
and scrambles the· message into "clip her text". The recipient then uses another software
program (the corresponding decryption program) to decrypt such clip her text back into
normal plaintext. Anyone who intercepts the message will, therefore, not be able III
read or tamper with the message, unless he has the key, i.e., the corresponding
decryption program, thereby rendering it secure.

In "asymmetric crypto system", each person will have two corresponding and matched
keys-()ne called the 'private key' which is always kept secure with such person, and the
other called the 'public key' which the person shares with others and makes available to
others on specialised databases called 'repositories' or through Certification Authorities.
These two keys, public key' and private key, are used to encrypt and decrypt the
message respectively. The sender uses the intended receiver's public key (which he can
freely obtain from the receiver or download from a public repository) to encrypt the
message. The receiver, on receiving the coded message, uses his corresponding private
key (which is available only with him) to decrypt the encrypted message. The public key
and the private key of any person or entity would be so mathematically linked that a
message encrypted using one key can only be decrypted by using the corresponding
other.

The various expressions used above have been defined in the Act as follows:

Asymmetric cryptosystem [Sec. 2(1)(t)]. It means a system of a secure key pair

consisting of a private key for creating a digital signature and a public key to verify the
digital signature.
45
Electronic record [Sec. 2(1)(t)]. It means data, record or data generated, image or sound
stored, received or sent in an electric form or microfilm or computer generated micro-
fiche.

Key pair [Sec. 2(l)(x)]. In an asymmetric crypto system, "key pair" means a private key
and its mathematically related public key, which are so related that the public key can
verify a digital signature created by the private key.

Private key [Sec. 2(1)(1£)]. It means the key of a key pair used to create a digital
signature.

Public key [Sec. 2(1)(zd)]. It means the key of a key pair used to verify a digital
signature and listed in the Digital Signature Certificate.

Subscriber [Sec. 2(1)(zg)]. It means a person in whose name the Digital Signature
Certificate is issued.

Verify [Sec. 2(1)(zh)]. "Verify" in relation to a digital signature, electronic record or

public key, with the grammatical variations and cognate expressions means to determine
whether:

(a) The initial electronic record was affixed with the digital signature by the use of
private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such
electronic record was so affixed with the digital signature.

ELECIRONIC GOVERNANCE

With a view to facilitating electronic governance, IT Act, 2000 accords legal recognition
to electronic records, digital signatures and electronic form of dealing with Government
offices and its agencies. The retention of information in electronic format has also been
accorded legal recognition provided the information remains accessible and usable in
future. The Act contains the following provisions to facilitate e-governance:

1. Legal Recognition of Electronic Records (Sec. 4)

Where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained is such law, such
requirement shall be deemed to have been satisfied if such information or matter is:

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference.

2. Legal Recognition of Digital Signatures (Sec. 5)

46
Where any law provides that information or any other matter shall be authenticated by
affixing the signature or any document shall be signed or bear the signature of any
person then, notwithstanding anything contained in such law, such requirement shall be
deemed to have been satisfied, if such information or matter is authenticated by means
of digital signature affixed in such manner as may be prescribed by the Central
Government.

Explanation: For the purposes of this Section, "signed", with its grammatical variations
and cognate expressions, shall, with reference to a person, mean affixing of his
handwritten signature or any mark on any document and the expression "signature" shall
be construed accordingly.

3. Use of Electronic Records and Digital Signatures in Government and its

Agencies (Sec. 6)

Where any law provides for:

(a) The filing of any form, application or any other document with any office, authority;
body or agency owned or controlled by the appropriate Government in a particular
manner;
(b) The issue or grant of any license, permit, sanction or approval by whatever name
called in a particular manner;
(c) The receipt or payment of money in a particular manner,

then, notwithstanding anything contained in any other law for the time being in force,
such requirement shall be deemed to have been satisfied in such filling, issue of grant,
receipt or payment, as the case may be is effected by means of such electronic form as
may be prescribed by the appropriate Government.

The appropriate Government may, by rules, prescribe:

(a) The manner and format in which such electronic records shall be filed created or
issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue
of any electronic record under clause (a) stated above.

It may be observed that this Section lays down the foundation of electronic governance.

4. Retention of Electronic Records (Sec. 7)

Where any law provides that documents, records or information shall be retained for
47
specific period, then, that requirement shall be deemed to have been satisfied if such
documents, records or information are retained in the electronic form, if:

(a) The information contained therein remains accessible so as to be usable for a

subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated,
sent or received or in a format which can be demonstrated to represent accurately the
information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and
time of despatch or receipt of such electronic record are available in the electronic
record.

However, the above rule does not apply to any information which is automatically
generated solely for the purpose of enabling an electronic record to be despatched or
received. Further, the Section shall not apply to any law that expressly provides for the
retention of documents, records or information in the form of electronic records.

Legal requirement for retaining record is generally laid down for accounting and tax
purposes.

5. Publication of Rules, Regulations, etc., in Electronic Gazette (Sec. 8)

Where any law provides that any rule, regulation, order, bye-law, notification or any
other matter' shall be published in the Official Gazette, then such requirement shall be
deemed to have been satisfied if such rule, regulation order, bye-law, notification or any
other matter is published in the Official Gazette or electronic Gazette.

Provided that where any rule, regulation, order, bye-law, notification or any other matter
is published in the Official Gazette or Electronic Gazette, the date of publication shall be
deemed to be the date of the Gazette which was first published in any form.

Electronic Gazette means Official Gazette published in the electronic form [Sec.2(1)(s)].

6. No Right to insist that the Document should be accepted in

Electronic Form (Sec. 9)

Sections 6, 7 and 8 shall not confer a right upon any person to insist that any Ministry or
Department of the Central Government or the State Government or any authority or
body established by or under any law or controlled or funded by the Central or State
Government should accept, issue, create, retain and preserve any document in the form
of electronic records or effect any monetary transaction in the electronic form.

48
7. Central Government empowered to make Rules in respect of Digital Signature
(Sec. 10)

The Central Government is empowered to make rules in respect of digital signature

prescribing:

(a) The type of digital signature;

(b) The manner and format in which the digital signature shall be affixed;

(c) The manner or procedure which facilitates identification of the person affixing the
digital signature;

(d) Control processes and procedures to ensure adequate integrity, security and
confidentiality of electronic records or payments; and

(e) Any other matter which is necessary to give legal effect to digital signatures.

The Central Government has notified the "Information Technology (Certifying

Authorities) Rules, 2000. Rule 3 of these Rules provides the manner in which the
information is to be authenticated by means of digital signature. Rule 4 provides the
manner of creation of digital signature, and Rule 5 provides the manner of verification of
digital signature.

The IT Act, 2000 has defined the various expressions used above as follows:

Information [Sec. 2(1)(v)]. It includes data, text, images, sound, voice, codes, computer
programmes, software and databases or micro-film or computer generated micro-fiche.

Electronic form [Sec. 2(1)(r)]. ''Electronic form," with reference to information, means
any information generated, sent, received or stored in media, magnetic, optical,
computer memory, micro-film, computer generated micro-fiche or sin1ilar device.

Accessibility or Access [Sec. 2(1)(a)]. It means gaining entry into, instructing or

communicating with the logical, arithmetical or memory function resources of a
computer, computer system or computer network.

The various expressions used in the above definitions have been defined in the Act as
follows:

Computer [Sec. 2(1)(i)]. It means any electronic, magnetic, optical or other high speed
data processing device or system which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic or optical impulses, and includes all
input, output, processing, storage, computer software, or communication facilities which
are connected or related to the computer in a computer system or computer network.

49
Computer network [Sec. 2(1)(j)]. It means the interconnection of one or more
computers through:

(i) The use of satellite, microwave, terrestrial line or other communication media; and

(ii) Terminals or a complex consisting of two or more interconnected computers

whether or not the interconnection is continuously maintained.

Computer resource [Sec. 2(l)(k)]. It means computer, computer system. computer

network, data, computer database or software.

Computer system [Sec. 2(1)(1)]. It means a device or collection of devices, including

input and output support devices and excluding calculators which are not programmable
and capable of being used in conjunction with external files, which contain computer
programmes, electronic instructions, input data, and output data, that performs logic,
arithmetic, data storage and retrieval, communication control and other functions.

Data [Sec. 2(1)(0)]. It means a representation of information, knowledge, facts, concepts

or instructions which are being prepared or have been prepared in a formalised manner,
and is intended to be processed, is being processed or has been processed in a computer
system or computer network and may be in any form (including computer printouts,
magnetic or optical storage media, punched cards, punched tapes) or stored internally in
the memory of the computer.

Function [Sec. 2(1)(u)). In relation to a computer, it includes logic, control, arithmetical

process, deletion, storage and retrieval and communication or telecommunication from
or within a computer.

ATTRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC

RECORDS

Under this heading, the IT Act, 2000 contains provisions regarding-

(a) When the transmission of an electronic record shall be attributed to the originator?

(b) Would the addressee/receiver be bound to acknowledge the receipt of that electronic
record? and

(c) How to determine the time and place of dispatch and receipt of electronic record?

Attribution of Electronic Records (Sec. 11)

An electronic record shall be attributed to the originator, if it was sent:

(a) By the originator himself;

50
(b) By a person who had the authority to act on behalf of the originator in respect of that
electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate

automatically.

Originator [Sec. 2(l)(za)]. It means a person who sends, generates, stores or transmits
any electronic message or causes any electronic message to be sent, generated, stored or
transmitted to any other person but does not include an intermediary.

Intermediary [Sec. 2(l)(w)]. Intermediary, with respect to any particular electronic

message, means any person who on behalf of another person receives, stores or transmits
the message or provides any service with respect to that message.

Addressee [Sec. 2(1)(b )]. It means a person who is intended by the originator to receive
the electronic record but does not include any intermediary.

Acknowledgement of Receipt (Sec. 12)

No agreement: Where the originator has not agreed with the addressee that the
acknowledgement of receipt of electronic record be given in a particular form or by a
particular method, an acknowledgement may be given by:

(a) Any communication by the addressee, automated or otherwise; or

(b) Any conduct of the addressee, sufficient to indicate to the originator that the
electronic record has been received [Sec. 12(1)].

Stipulation by the originator: Where the originator has stipulated that the electronic
record shall be binding only on receipt of an acknowledgement of such electronic record
by him, then unless acknowledgement has been so received, the electronic record shall
be deemed to have been never sent by the originator [Sec. 12(2)].

No stipulation by the originator: Where the originator has not stipulated that the
electronic record shall be binding only on receipt of such acknowledgement, and the
acknowledgement has not been received by the originator within the time specified or
agreed or, if no time has been specified or agreed to within a reasonable time, then the
originator may give notice to the addressee stating that no acknowledgement has been
received by him and specifying a reasonable time by which the acknowledgement must
be received by him and if no acknowledgement is received within the aforesaid time
limit, he may after giving notice to the addressee, treat the electronic record as though it
has never been sent [Sec. 12(3)].

Time and Place of Dispatch and Receipt of Electronic Record (Sec. 13)

Save as otherwise agreed to between the originator and the addressee, the dispatch of an
51
electronic record occurs when it enters a computer resource outside the control of the
originator [Sec. 13(1)].

Save as otherwise agreed between the originator and the addressee, the time of receipt of
an electronic record shall be determined as follows, namely:

(a) If the addressee has designated a computer resource for the purpose of receiving
electronic records:

(i) Receipt occurs at the time when the electronic record enters the designated
computer resource; or

(ii) If the electronic record is sent to a computer resource of the addressee that is
not the designated computer resource, receipt occurs at the time when the
electronic record is retrieved by the addressee;

(b) If the addressee has not designated a. computer resource along with specified
timings, if any, receipt occurs when the electronic record enters the computer resource of
the addressee [Sec. 13(2)].

Save as otherwise agreed to between the originator and the addressee, an electronic
record is deemed to be despatched at the place where the originator has his place of
business, and is deemed to be received at the place where the addressee has his place of
business [Sec. 13(3)].

The provisions of sub-section (2) shall apply notwithstanding that the place where the
computer resource is located may be different from the place where the electronic record
is deemed to have been received under subsection (3) [Sec. 13(4)].

For the purposes of this Section:

(a) If the originator or the addressee has more than one place of business. the principal
place of business, shall be the place of business;

(b) If the originator or the addressee does not have a place of business, his usual place of
residence shall be deemed to be the place of business;

(c) “usual place of residence", in relation to a body corporate, means the place where it
is registered [Sec. 13(5)]

SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES

In view of the fact that the communicated electronic records and messages must be
secure and reliable for giving boost to e-commerce, the IT Act, 2000 lays down the
legal presumptions as to when the 'electronic record' and 'digital signature' are deemed
secure.
52
Secure Electronic Record (Sec. 14)

Where any security procedure has been applied to an electronic record at a specific point
of time, then such record shall be deemed to be a secure electronic record from such
point of time to the time of verification.

Secure Digital Signature (Sec. 15)

If, by application of a security procedure agreed to by the parties concerned, it can be

verified that a digital signature, at the time it was affixed, was:

(a) Unique to the subscriber affixing it;

(b) Capable of identifying such subscriber;

(c) Created in a manner or using a means under the exclusive control of the subscriber
and is linked to the electronic record to which it relates in such a manner that if the
electronic record was altered the digital signature would be invalidated, then such digital
signature shall be deemed to be a secure digital signature.

Security Procedure (Sec. 16)

The Central Government shall for the purposes of this Act prescribe the security
procedure having regard to commercial circumstances prevailing at the time when the
procedure was used, including:

(a) The nature of the transaction;

(b) The level of sophistication of the parties with reference to their technological
capacity;

(c) The volume of similar transactions engaged in by other parties;

(d) The availability of alternatives offered to but rejected by any party;

(e) The cost of alternative procedures; and

(f) The procedures in general use for similar types of transactions or communications.

The Central Government has prescribed the "Information Technology Security

Guidelines" in Schedule IT of the "Information Technology (Certifying Authorities)
Rules, 2000.

53
 REGULATION OF CERTIFYING AUTHORITIE
With a view to creating regulations for certification, the IT Act, 2000 provides for the
appointment, functions, powers and duties of "Controller of Certifying Authorities" and
other officers. The procedure for issuing a license to a "Certifying Authority", as well as
the procedure for suspension or revocation or renewal of the license has also been laid
down. The Act also provides for the functions and duties of Certifying Authorities.

Appointment of Controller and other Officers (Sec. 17)

(l) The Central Government may, by notification in the Official Gazette, appoint a
Controller of Certifying Authorities for the purposes of this Act and may also by the
same or subsequent notification appoint such number of Deputy Controllers and
Assistant Controllers as it deems fit.

(2) The Controller shall discharge his functions under this Act subject to the general
control and directions of the Central Government.

(3) The· Deputy Controllers and Assistant Controllers shall perform the functions
assigned to them by the Controller under the general superintendence and control of the
Controller.

(4) The qualifications, experience and terms and conditions of service of Controller,
Deputy Controllers and Assistant Controllers shall be such as may be prescribed by the
Central Government.

(5) The Head Office and Branch Office of the office of the Controller shall be at such
places as the Central Government may specify, and these may be established at such
places as the Central· Government may think fit.

(6) There shall be a seal of the Office of the Controller.

Functions of Controller (Sec, 18)

The Controller may perform all or any of the following functions, namely:

(a) Exercising supervision over the activities of the Certifying Authorities;

(b) Certifying public keys of the Certifying Authorities;

(c) Laying down the standards to be maintained by the Certifying Authorities;

(d) Specifying the qualifications and experience which employees of the Certifying
Authorities should possess;

(e) Specifying the conditions subject to which the Certifying Authorities shall conduct
54
their business;

(f) Specifying the contents of written, printed or visual materials and advertisements that
may be distributed or used in respect of a Digital Signature Certificate and the public
key;

(g) Specifying the form and content of a Digital Signature Certificate and the key;

(h) Specifying the form and manner in which accounts shall be maintained by the
Certifying Authorities;

(i) Specifying the terms and conditions subject to which auditors may be appointed and
the remuneration to be paid to them;

(j) Facilitating the establishment of any electronic system by a Certifying Authority

either solely or jointly with other Certifying Authorities and regulation of such systems;

(k) Specifying the manner in which the Certifying Authorities shall conduct their
dealings with the subscribers;

(l) Resolving any conflict of interests between the Certifying Authorities and 'the
subscribers;

(m) Laying down the duties of the Certifyrig Authorities;

(n) Maintaining a database containing the disclosure record of every Certifying

Authority containing such particulars as may be specified by regulations which shall be
accessible to public.

Recognition of Foreign Certifying Authorities (Sec. 19)

Subject to such conditions and restrictions as may be specified by regulations, the

Controller may with the previous approval of the Central Government, and by
notification in the Official Gazette, recognize any foreign Certifying Authority as a
Certifying Authority for the purposes of this Act [Sec. 19(1)].

Where any Certifying Authority is recognized under sub-section (l), the Digital
Signature Certificate issued by such Certifying Authority shall be valid for the purposes
of the Act [Sec. 19(2)].

Revocation of recognition The Controller may if he is satisfied that any Certifying

Authority has contravened any of the conditions and restrictions subject to which it was
granted recognition under sub-section(l) he may, for reasons to be recorded in writing,
by notification in the Official Gazette, revoke such recognition [Sec. 19(3)].

55
Controller to Act as Repository (Sec. 20)

A 'repository' is an online database of Digital Signature Certificates and other related

information useful for those who conduct their business operations through the medium
of computer internet or e-commerce.

The Controller shall be the repository of all Digital Signature Certificates issued under
this Act [Sec. 20(1)].

To ensure that the secrecy and security of the digital signatures are assured the
Controller shall:

(a) Make use of hardware, software and procedures that are secure from intrusion and
misuse;

(b) Observe such other standards as may be prescribed by the Central Government [Sec.
20(2)].

The Controller shall maintain a computerized database of all public keys in such a
manner that such database and the public keys are available to any member of the public
[Sec. 20(3)].

Grant of License to Certifying Authorities to Issue Digital Signature Certificates

(Sec. 21)

Any person may make an application, to the Controller, for a license to issue Digital
Signature Certificate, provided he fulfils such requirements with respect to qualification,
expertise, manpower, financial resources and other infrastructure facilities, which are
necessary to issue Digital Signature Certificates as may be prescribed by the Central
Government [Sec. 21 (1 )(2)].

A license granted under this Section shall:

(a) Be valid for such period as may be prescribed by the Central Government;

(b) Not be transferable or heritable;

(c) Be subject to such terms and conditions as may be specified by the regulations [Sec.
21(3)].

Application for license (Sec.22)

Every application for issue of a license shall be in such form as may be prescribed by the
Central Government. The application for issue of a license shall be accompanied by:

(a) A certification practice statement;

56
(b) A statement including the procedures with respect to identification of the applicant;

(c) Payment of such fees, not exceeding twenty-five thousand rupees as may be
prescribed by the Central Government;

(d) Such other documents, as may be prescribed by the Central Government.

Certification practice statement [Sec. 2(l)(h)]

"It means a statement issued by a Certifying Authority to specify the practices that it
employs in issuing Digital Signature Certificates." This statement specifies a set of rules
and requirements which are to be followed by a Certifying Authority (CA) in its
operation and issuing certificates.

Procedure for Grant or Rejection of license (Sec. 24)

The Controller may, on receipt of an application for a license to issue Digital Signature
Certificate, after considering the documents accompanying the application and such
other factors, as he deems fit, grant the license or reject the application. However, no
application shall be rejected under this Section unless the applicant has been given a
reasonable opportunity of presenting his case.

Renewal or license (Sec. 23).

An application for renewal of a license shall be:

(a) In such form;

(b) Accompanied by such fees, not exceeding five thousand rupees, as may be
prescribed by the Central Government and shall be made not less than forty-five days
before the date of expiry of the period of validity of the license.

Suspension or license (Sec. 25). The Controller may, if he is satisfied after making an
inquiry, revoke the license where a Certifying Authority has:

(a) Made a statement in, or in relation to, the application for the issue or renewal of the
license, which is incorrect or false in material particulars; (b) failed to comply with the
terms and conditions subject to which the license was granted;

(c) Failed to maintain the standards specified by the Central Government; (d)
contravened any provisions of this Act, rule, regulation or order made there under.

However, no license shall be revoked unless the Certifying Authority has been given a
reasonable opportunity of showing cause against the proposed revocation [Sec. 25(1)].

The Controller may, if he has reasonable cause to believe that there is any ground for
57
revoking a license under sub-section (1), by order suspend such license pending the
completion of any inquiry ordered by him. However, no license shall be suspended for a
period exceeding ten days unless the Certifying Authority has been given a reasonable
opportunity of showing cause against the proposed suspension [Sec. 25(2)]. Further, no
Certifying Authority whose license has been suspended shall issue any Digital Signature
Certificate during such suspension [Sec. 25(3)].

Notice or suspension or revocation of license (Sec. 26)

Where the license of the Certifying Authority is suspended or revoked, the controller
shall publish notice of such suspension or revocation, as the case may 'be, in the
database maintained by him. Where one or more repositories are specified, the
Controller shall publish notices of such suspension or revocation, as the case may be, in
all such repositories. However, the database containing the notice of such suspension or
revocation, as the case may be, shall be made available through a website which shall be
accessible round the clock.

Powers of Controller

The Controller of Certifying Authorities has the following powers:

1. Power to authorize, in writing, the Deputy or the Assistant Controller or any officer
to exercise any of his powers (Sec. 27).
2. Power to take up for investigation any contravention of the Act or rules or
regulations made there under. He may authorize any officer also in this behalf [Sec.
28(1)].
3. Power to exercise himself or through an authorized officer like powers which are
conferred on Income-tax Authorities under Chapter xɪɪɪ of the Income-tax Act, 1,961
[Sec. 28(2)]. A few such powers are briefly stated below:

(i) Powers as are vested in the Court when trying a suit in respect of matters relating
to inspection, enforcing attendance of any person and examining him on oath,
compelling the production of books of account, etc.
(ii) Power to enter and search any building, place, etc., where books of account,
documents or valuables are believed to be kept, and seize them.
(iii) Power to requisition books of account or assets from any officer possessing
them.
(iv) Power to call for information.
(v) Power to inspect and take copies of any Register of Members or Debenture
holders.

58
 (vi) Power to make enquiries.

4. Power to direct, by order, a Certifying Authority or any employee of such Authority

to take such measures or cease carrying on such activities a<; specified in the order, if
those are necessary to ensure compliance with the provisions of the Act, rules or any
regulations made there under [Sec. 68(1)].
5. Power to direct, by order, any agency of the Government to intercept any information
transmitted through any "computer resource" (i.e., computer, computer system and
computer network, etc.), if it is necessary or expedient in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with
foreign States or public order or for preventing incitement to the commission of any
cognizable offence [Sec. 69(1)].

Access to Computers and Data (Sec. 29)

If the Controller has reasonable cause to suspect that any contravention of the provisions
of this Act, rules or regulations made there under has been committed, the Controller or
any other person authorized by him shall have access to any computer system, any
apparatus, data or any other material connected with such system, for the purpose of
searching or causing a search to be made for obtaining any information or data contained
in or available to such computer system. He may also, by order, direct any person in
charge of, or otherwise concerned with the operation of, the computer system, data
apparatus or material, to provide him with such reasonable technical and other assistance
as he may consider necessary.

Certifying Authority to follow certain Procedures (Sec. 30)

The person to whom a license has been granted by the Controller to issue Digital
Signature Certificates is termed as a Certifying Authority [Sec. 2(I)(g)).

Every Certifying Authority shall follow certain procedures relating to security of system,
in performance of its services. It is required, to:

(a) Make use of hardware, software, and procedures that are secure from intrusion and
misuse;

(b) Provide a reasonable level of reliability in its services which are reasonably suited to
the performance of intended functions;

(c) Adhere to security procedures to ensure that the secrecy and privacy of the digital
signatures are assured; and

(d) Observe such other standards as may be specified by regulations.

59
Duties of Certifying Authority

The Certifying Authority has the following duties:

1. To ensure that every person employed or otherwise engaged by it complies, in the

course of his employment or engagement, with the provisions of the Act, rules,
regulations and orders made thereunder (Sec. 31).
2. To display its license at a conspicuous place of the premises in which it carries on its
business (Sec. 32).
3. To surrender the license to the Controller immediately after its suspension or
revocation [Sec. 33(1).
4. To disclose in the manner specified by the regulations:

(a) Its Digital Signature Certificate which contains the public key corresponding to
the private key used by the Certifying Authority to digitally sign another Digital
Signature Certificate;
(b) Any certification practice statement relevant thereto;
(c) Notice of the revocation or suspension of its Certifying Authority certificate, if
any; and
(d) Any other fact that materially and adversely affects either the reliability of a
Digital Signature Certificate, which that Authority has issued, or the Authority's
ability to perform its services [Sec. 34(1)].

5. To make reasonable efforts to notify any person who is likely to be affected by the
occurrence of any event which, in the opinion of the Certifying Authority, may
materially and adversely affect the integrity of its computer system or the conditions
subject to which a Digital Signature Certificate was granted. He may also act in
accordance with the procedure specified in its 'certification practice statement' to deal
with such event or situation [Sec. 34(2)].

It may be noted that the Central Government has notified 3 the "Information Technology
(Certifying Authorities) Rules, 2000" which may be referred with advantage. Schedule
ill of these Rules prescribes the "Security Guidelines for Certifying Authorities".

DIGITAL SIGNATURE CERTIFICATES

The purpose of a digital signature certificate is to authenticate the/identity of an

individual. It ensures that the purported sender is in fact the person who sent the
message. It is signed digitally by the Certifying Authority.

Certifying Authority to Issue Digital Signature Certificate (Sec. 35) Application Any
60
person may make an application to the Certifying Authority for the issue of a Digital
Signature Certificate in such form as may be prescribed by the Central Government. The
application shall be accompanied:

(a) By such fee not exceeding twenty-five thousand rupees as may be prescribed by the
Central Government. However, different fees may be prescribed for different classes of
applicants;

(b) By a 'certification practice statement' or where there is no such statement, a statement

containing such particulars, as may be specified by regulations.

Grant of certificate On receipt of an application for the issue of Digital Signature

Certificate, the Certifying Authority may, after consideration of the 'certification practice
statement' or the other statement referred above and after making such enquiries as it
may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in
writing, reject the application. However, no Digital Signature Certificate shall be granted
unless the Certifying Authority is satisfied that:

(a) The applicant holds the private key corresponding to the public key to be listed in the
Digital Signature Certificate;

(b) The applicant holds a private key, which is capable of creating a digital signature;

(c) The public key to be listed in the certificate can be used to verify a digital signature
affixed by the private key held by the applicant.

Representations upon Issuance of Digital Signature Certificate (Sec. 36)

While issuing a Digital Signature Certificate, the Certifying Authority certifies that the
information contained in it is accurate and that:

(a) It has complied with the provisions of this Act and the rules and regulations made
there under;

(b) It has published the Digital Signature Certificate or otherwise made it available to
such person relying on it and the subscriber has accepted it; (c) the subscriber holds the
private key corresponding to the public key, listed in the Digital Signature Certificate;

(d) The subscriber's public key and private key constitute a functioning key pair; and

(e) It has no knowledge of any material fact, which if it had been included in the Digital
Signature Certificate would adversely affect the reliability of the representations made in
clauses (a) to (d).

61
Suspension of Digital Signature Certificate (Sec. 37)

The Certifying Authority which has issued a Digital Signature Certificate may suspend
such Digital Signature Certificate:

(a) On receipt of a request to that effect from:

(i) The subscriber listed in the Digital Signature Certificate; or

(ii) Any person dilly authorized to act on behalf of that subscriber.

(b) If it is of opinion that the Digital Signature Certificate should be suspended in public
interest.

A Digital Signature Certificate shall not be suspended for a period exceeding fifteen
days unless that subscriber has been given an opportunity of being heard in the matter.
Further, on suspension of a Digital Signature Certificate under this Section, the
Certifying Authority shall communicate the same to the subscriber.

Revocation of Digital Signature Certificate (Sec. 38)

A Certifying Authority may revoke a Digital Signature Certificate issued by it:

(a) Where the subscriber or any other person authorized by him makes a request to that
effect; or

(b) Upon the death of the subscriber; or

(c) Upon the dissolution of the firm or winding up of the company where the subscriber
is a firm or a company.

The Certifying Authority may also revoke a Digital Signature Certificate which has been
issued by it at any time, if it is of opinion that:

(a) A material fact represented in the Digital Signature Certificate is false or has been
concealed;

(b) A requirement for issuance of the Digital Signature Certificate was not satisfied;

(c) The Certifying Authority's private key or security system was compromised in a
manner materially affecting the Digital Signature Certificate's reliability;

(d) The subscriber has been declared insolvent or dead or where a subscriber is a firm or
a company, which has been dissolved, wound-up or otherwise ceased to exist.

A Digital Signature Certificate shall not be revoked unless the subscriber has been given
an opportunity of being heard in the matter. Further, on revocation of a Digital Signature
62
Certificate under this Section, the Certifying Authority shall communicate the same to
the subscriber.

Notice of suspension or revocation (Sec. 39)

Where a Digital Signature Certificate is suspended or revoked under Section 37 or

Section 38, the Certifying Authority shall publish a notice of such suspension or
revocation, as the case may be, in the repository specified in the Digital Signature
Certificate for publication of such notice. Where one or more repositories are specified,
the Certifying Authority shall publish notices of such suspension or revocation, as the
case may be, in dl such repositories.

DUTIES OF SUBSCRIBERS

The IT Act, 2000 lays down the following duties of the subscribers who have obtained
the Digital Signature Certificate from some Certifying Authority:

1. Generating key pair (Sec. 40) Where any Digital Signature Certificate, the public key
of which corresponds to the private key of that subscriber which is to be listed in the
Digital Signature Certificate, has been accepted by a subscriber, then, the subscriber
shall generate the key pair by applying the security procedure.

2. Acceptance of digital signature certificate (Sec. 41) A subscriber shall be deemed to

have accepted a Digital Signature Certificate if he publishes or authorizes its
publication:

(a) To one or more persons; relevant information contained in the

(b) In a repository; or If he otherwise Certificate are true;

demonstrates his approval in any (c) All information in the Certificate that
manner. Subscriper representation By
accepting a Digital Signature Certificate is within his knowledge is true.
the subscriber certifies to all who
reasonably rely on the information
contained therein that:

(a) He holds the private key

corresponding to the public key listed in
the Digital Signature Certificate and is
entitled to hold the same;
(b) All his representations to the
Certifying Authority and all material

63
3. Control of Private Key (Sec. 42). Every subscriber shall exercise reasonable
care to retain control of the private key corresponding to the public key listed in
his Digital Signature Certificate and take all steps to prevent its disclosure to a
person not authorized to affix his digital signature.

If the private key corresponding to the public key listed in the Digital Signature
Certificate has been compromised, then, the subscriber shall communicate the
same without any delay to the Certifying Authority in the prescribed manner.
Till so communicated, he shall be liable.

PENALITIES AND ADJUDICATION

In spite of security measures adopted by an owner of the computer, computer

system and computer network, there are theft and intrusion. Legal protection
has therefore been provided against the wrongdoers. Under the Act penalty is
imposed by way of damages to be paid as compensation to the affected party for
damage caused to any computer, computer network etc. by introduction of
computer virus, unauthorized access and other types of mischief.

Penalty for Damage to Computer, Computer System, etc. (Sec. 43)

If any person indulges in any of the following acts, without permission of the
owner or any other person who is in charge of a computer, computer system or
computer network, he shall be liable to pay damages by way of compensation
not exceeding one crore rupees to the person so affected:

(a) Accesses or secures access to such computer, computer system or computer

network;

(b) Downloads, copies or extracts any data, computer database or information

from such computer, computer system or computer network including
information or data held or stored in any removable storage medium;

(c) Introduces or causes to be introduced any computer contaminant or

computer virus into any computer, computer system or computer network; (d)
damages or causes to be damaged any computer, computer system or computer
network, data, computer database or any other programmes residing in such
computer, computer system or computer network;

(e) Disrupts or causes disruption of any computer, computer system or computer

network;

(f) Denies or causes the denial of access to any person authorized to access any
computer, computer system or computer network by any means;

64
(g) Provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions of this
Act, rules or regulations made there under;

(h) Charges the services availed of by a person to the account of another person
by tampering with or manipulating any computer, computer system, or
computer network.

Explanation: For the purposes of this Section:

(l) "Computer contaminant" means any set of computer instructions that are
designed:

(a) To modify, destroy, record, transmit data or programme residing within a

computer, computer system or computer network; or

(b) By any means to usurp the normal operation of the computer, computer
system, or computer network;

(ii) "computer database" means a representation of information, knowledge,

facts, concepts or instructions in text, image, audio, video that are being
prepared or have been prepared in a forma1ised manner or have been produced
by a computer, computer system or computer network and are intended for use
in a computer, computer system or computer network;

(iii) "computer virus" means any computer instruction, information, data or

programme that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another computer
resource and operates when a programme, data or instruction is executed or
some other event takes place in that computer resource;

(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any
computer resource by any means.

Penalty for Failure to Furnish Information, Return, etc. (Sec. 44)

If any person who is required under this Act or any rules or regulations made
there under to:

(a) Furnish any document, return or report to the Controller or the Certifying
Authority fails to furnish the same, he shall be liable to a penalty not exceeding
one lakh and fifty thousand rupees for each such failure;

(b) File any return or furnish any information, books or other documents within

65
the time specified therefore in the regulations fails to file return or furnish the
same within the time specified therefore in the regulations, he shall be liable to
a penalty not exceeding five thousand rupees for every day during which such
failure continues;

(c) Maintain books of account or records fails to maintain the same, he shall be
liable to a penalty not exceeding ten thousand rupees for every day during
which the failure continues.

Penalty Where No Specific Penalty is Provided Elsewhere in the Act (Sec. 45)
Whoever contravenes any rules or regulations made under this Act, for the
contravention of which no penalty has been separately provided, shall be liable
to pay a compensation not exceeding twenty-five thousand rupees to the person
affected by such contravention or a penalty not exceeding twenty-five thousand
rupees.

Adjudication-Appointment of Adjudicating Officer (Sec. 46)

For the purpose of adjudging whether any person has committed a

contravention of any of the provisions of this Act or of any rule, regulation,
direction or order made there under the Central Government shall appoint any
officer not below the rank of a Director to the Government of India or an
equivalent officer of a State Government to be an Adjudicating Officer for
holding an inquiry in the manner prescribed by the Central Government.
However, no person shall be appointed as an Adjudicating Officer unless he
possesses such experience in the field of Information Technology and legal or
judicial experience as may be prescribe d by the Central Government.

The Adjudicating Officer shall, after giving the person referred to above, give a
reasonable opportunity for making representation in the matter and if, on such
inquiry, he is satisfied that the person has committed the contravention, he may
impose such penalty or award such compensation as he thinks fit in accordance
with the provisions of that Section.

Where more than one Adjudicating Officers are appointed, the Central
Government shall specify by order the matters and places with respect to which
such officers shall exercise their jurisdiction.

Powers Every Adjudicating Officer shall have the powers of a civil court which
are conferred on the Cyber Appellate Tribunal under sub-section (2) of Section
58, and:

(a) All proceedings before it shall be deemed to be judicial proceedings within

the meaning of Sections 193 and 228 of the Indian Penal Code, 1860;

66
(b) Shall be deemed to be civil court for the purposes of Sections 345 and 346
of the Code of Criminal Procedure, 1973.

Factors to be taken into Account by the Adjudicating Officer (Sec. 47)

While adjudging the quantum of compensation, the Adjudicating Officer shall

have due regard to the following factors, namely:

(a) The amount of gain of unfair advantage, wherever quantifiable, made as a

result of the default;

(b) The amount of loss caused to any person as a result of the default; (c) the
repetitive nature of the default.

THE CYBER REGULATIONS APPELLATE TRIBUNAL

Here the IT Act, 2000 deals with the establishment of one or more Appellate
Tribunals to be known as Cyber Regulations Appellate Tribunal or Cyber
Appellate Tribunal to exercise jurisdiction, powers and authority as conferred
under the Act.

Establishment of Cyber Appellate Tribunal (Sec. 48)

The Central Government shall, by notification, establish one or more appellate

tribunals to be known as the Cyber Regulations Appellate Tribunal. It shall also
specify, in the notification the matters and places in relation to which the Cyber
Appellate Tribunal may .exercise jurisdiction.

Composition of Cyber Appellate Tribunal (Sec. 49) A Cyber Appellate Tribunal

shall consist of one person only (hereinafter referred to as the Presiding Officer
of the Cyber Appellate Tribunal) to be appointed, by notification, by the Central
Government.

Orders constituting Appellate Tribunal to be final and not to invalidate its

proceedings (Sec. 55) No order of the Central Government appointing any
person as the Presiding Officer of a Cyber Appellate Tribunal shall be called in
question in any manner and no act or proceeding before a Cyber Appellate
Tribunal shall be called in question in any manner on the ground merely of any
defect in the constitution of a Cyber Appellate Tribunal.

Staff of the Cyber Appellate Tribunal (Sec. 56) The Central Government shall
provide the Cyber Appellate Tribunal with such officers and employees as that

Government may think fit. The officers and employees of the Cyber Appellate

67
Tribunal shall discharge their functions under general superintendence of the
Presiding Officer. The salaries and allowances and other conditions of service
of the officers and employees of the Cyber Appellate Tribunal shall be such as
may be prescribed by the Central Government.

Qualifications for appointment as Presiding Officer of the Cyber Appellate

Tribunal (Sec. 50) A person shall not be qualified for appointment as the
Presiding Officer of a Cyber Appellate Tribunal unless he:

(a) Is, or has been, or is qualified to be, a Judge of a High Court; or

(b) Is or has been a member of the Indian Legal Service and is holding or has
held a post in Grade I of the Service for at least three years.

Term of Office (Sec. 51) The Presiding Officer of a Cyber Appellate Tribunal
shall hold office for a term of five years from the date on which he enters upon
his office or until he attains the age of sixty five years, whichever is earlier.

Salary, allowances and other terms and conditions of service of Presiding

Officer (Sec. 52) The salary and allowances payable to, and the other terms and
conditions of service including pension, gratuity and other retirement benefits
of, the Presiding Officer of a Cyber Appellate Tribunal shall be such as may be
prescribed. Further, the salary and allowances and the other terms and
conditions of service of the Presiding Officer shall not be varied to his
disadvantage after appointment.

Filling up of vacancies (Sec. 53) If, for reason other than temporary absence,
any vacancy occurs in the office of the Presiding Officer of a Cyber Appellate
Tribunal, then the Central Government shall appoint another person in
accordance with the provisions of this Act to fill the vacancy and the
proceedings may be continued before the Cyber Appellate Tribunal from the
stage at which the vacancy is filled.

Resignation [Sec. 54(1)] The Presiding Officer of Cyber Appellate Tribunal

may, be notice in writing under his hand addressed to the Central Government,
resign his office. However, he shall, unless he is permitted by the Central
Government to relinquish his office sooner, continue to hold office until the
expiry of three months from the date of receipt of such notice or until a person
duly appointed as his successor enters upon his office or until the expiry of his
term of office, whichever is the earliest.

Removal [Sec. 54(2)(3)]. The Presiding Officer of a Cyber Appellate Tribunal

shall not be removed from his office except by an order by the Central
Government on the ground of proved misbehavior or incapacity after an inquiry

68
made by a Judge of the Supreme Court in which the Presiding Officer
concerned has been informed of the charges against him and given a reasonable
opportunity of being heard in respect of these charges. The Central Government
may, be rule~, regulate the procedure for the investigation of misbehavior or
incapacity of the aforesaid Presiding Officer.

Appeal to Cyber Regulations Appellate Tribunal (Sec. 57)

Any person aggrieved by an order made by Controller or an Adjudicating

Officer under this Act may prefer an appeal to a Cyber Appellate Tribunal
having jurisdiction in the matter. However, no appeal shall lie from an order
made by an Adjudicating Officer with the consent of the parties.

Period allowed for appeal. Every appeal shall be filed within a period of forty-
five days from the date on which a copy of the order made by the Controller or
the Adjudicating Officer is received by the person aggrieved and it shall be in
such form and be accompanied by such fee as may be prescribed. However, the
Cyber Appellate Tribunal may entertain an appeal after the expiry of the said
'period of forty-five days if it is satisfied that there was sufficient cause for not
filing it within that period.

Order by Cyber Appellate Tribunal. On receipt of an appeal, the Cyber

Appellate Tribunal may, after giving the parties to the appeal, an opportunity of
being heard, pass such orders thereon as it thinks fit, confirming, modifying or
setting aside the order appealed against. The appeal shall be dealt with by it as
expeditiously as possible and Endeavour shall be made by it to dispose of the
appeal finally within six months from the date of receipt of the appeal. The
Cyber Appellate Tribunal shall send a copy of every order made by it to the
parties to the appeal and to the concerned Controller or Adjudicating Officer.

The appellant may either appear in person or authorize one or more legal
practitioners or any of its officers to present his or its case before the Cyber
Appellate Tribunal (Sec. 59).

Powers of the Cyber Appellate Tribunal (Sec. 58)

The Cyber Appellate Tribunal shall not be bound by the procedure laid down by
the Code of Civil Procedure,. 1908. It shall, however, be guided by the
principles of natural justice, provisions of the Act and rules made there under.
Natural justice means to act in good faith, fairly, justly and impartially and
never arbitrarily. It shall have powers to regulate its own procedure including
the place at which it shall have its sittings.

The Cyber Appellate Tribunal shall have, for the purposes of discharging its

69
functions under this Act, the same powers as are vested in a civil court under the
Code of Civil Procedure, 1908, while trying a suit, in respect of the following
matters, namely:

(a) Summoning and enforcing the attendance of any person and examining him
on oath;
(b) Requiring the discovery and production of documents or other electronic
records;
(c) Receiving evidence on affidavits;
(d) Issuing commissions for the examination of witnesses or documents;
(e) Reviewing its decisions;
(f) Dismissing an application for default or deciding it ex-parte;
(g) Any other matter which may be prescribed.

Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a

judicial proceeding within the meaning of Sections 193 and 228, and for the
purposes of Section 1 % of the Indian Penal Code and the Cyber Appellate
Tribunal shall be deemed to be a civil court for the purposes of Section 195 and
Chapter XXVI of the Code of Criminal Procedure, 1973.

The Central Government has notified4 the "Cyber Regulations Appellate

Tribunal (Procedure) Rules, 2000."

Civil Court not to have Jurisdiction (Sec. 61)

The Adjudicating Officer and the Cyber Appellate Tribunal have exclusive
jurisdiction to decide specific issues for which they have been empowered.
Section 61 provides that:

(a) No court shall have jurisdiction to entertain any suit or proceeding in respect
of any matter which an Adjudicating Officer appointed under this Act or the
Cyber Appellate Tribunal constituted under this Act is empowered by or under
this Act to determine; and

(b) No injunction shall be granted by any court or other authority in respect of

any action taken or to be taken in pursuance of any power conferred by or under
this Act. Injunction is a specific order of the court directing the defendant to
refrain from doing certain act.

70
Appeal to High Court (Sec. 62)

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal
may file an appeal to the High Court within sixty days from the date of
communication of the decision or order of the Cyber Appellate Tribunal to him
on any question of fact or law arising out of such order. However, the High
Court may, if it is satisfied that the appellant was prevented by sufficient cause
from filing the appeal within the said period, allow it to be filed within a further
period not exceeding sixty days.

Compounding of Contraventions (Sec. 63)

Any contravention under the Act may, either before or after the institution of
adjudication proceedings, be compounded by the Controller or such other
officer as may be specially authorized by him in this behalf or by the
Adjudicating Officer, as the case may be, subject to such conditions as he may
impose. However, the compounded sum shall not, in any case, exceed the
maximum amount of the penalty which may be imposed under this Act for the
contravention so compounded.

The above provision shall not apply to a person who commits the same or
similar contravention within a period of three years from the date on which the
first contravention committed by him, was compounded.

Explanation For the purposes of this Section, any second or subsequent

contravention committed after the expiry of a period of three years from the
date on which the contravention was previously compounded shall be deemed
to be a first contravention.

Where any contravention has been compounded, no proceeding or further

proceeding, as the case may be, shall be taken against the person guilty of such
contravention in respect of the contravention so compounded.

Recovery of Penalty (Sec. 64)

A penalty imposed under this Act, if it is not paid, shall be recovered as an

arrear of land revenue and the license or the Digital Signature Certificate, as the
case may be, shall be suspended till the penalty is paid.

OFFENCES

The Information Technology Act provides civil and criminal penalties for the
violation of its provisions. Sections 43 to 47 dealing with civil penalty have
already been discussed under the heading "Penalties and Adjudication".

71
Sections 65 to 76 dealing with criminal penalty are discussed hereunder. In all
cases severe penalty is provided which is criminal in nature, i.e., either
imprisonment for the offence or imposition of fine or both.

Tampering with Computer Source Documents (Sec. 65)

If any person knowingly or intentionally conceals, destroys or alters or

intentionally or knowingly causes another to conceal, destroy or alter any
computer source code used for a computer, computer programme, computer
system or computer network, when the computer source code is required to be
kept or maintained by law for the time being in force, he shall be punishable
with imprisonment up to three years, or with fine up to two lakh rupees, or with
both.

Explanation For the purposes of this Section, "computer source code" means the
listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form.

Hacking with Computer System (Sec. 66)

Whoever with the intent to cause or knowing that he is likely to cause wrongful
loss or damage to the public or any person destroys or deletes or alters any
information residing in a computer resource or diminishes its value or utility or
affects it injuriously by any means, commits hacking. Whoever commits
hacking shall be punished with imprisonment up to three years, or with fine
upto two lakh rupees, or with both.

Publishing of Information which is Obscene in Electronic Form (Sec. 67)

Whoever publishes or transmits or causes to be published in the electronic form,

any material which is lascivious or appeals to the prurient interest or if its effect
is such as to tend to deprave and corrupt persons who are likely, having regard
to all relevant circumstances, to read, see or hear the matter contained or
embodied in it, shall be punished. On first conviction he shall be punishable
with imprisonment up to five years and with fine up to one lakh rupees. In the
event of a second or subsequent conviction he shall be punishable with
imprisonment up to ten years and also with fine up to two lakh rupees.

It may be noted that it is only the publishing or transmitting of obscenity which

is an offence, and not its possession.

Securing Unauthorized Access to Protected System (Sec. 70)

The Government, may, by notification in the Official Gazette declare that any

72
computer, computer system or computer network to be a protected system. It
may also, by order in writing, authorize persons to have access to it. Any person
who secures or attempts to secure unauthorized access to a protected system
shall be punished with imprisonment which may extend to ten years and shall
also b6liable to fine.

Penalty for Misrepresentation (Sec. 71)

Whoever makes any misrepresentation to, or suppresses any material fact from,
the Controller or the Certifying Authorize for obtaining any license or Digital
Signature Certificate, as the case may be, shall be punished with imprisonment
for a term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.

Penalty for Breach of Confidentiality and Privacy (Sec. 72)

If any person who, in pursuance of any of the powers conferred under this Act,
rules or regulations made there under, has secured access to any electronic
record, book, register, correspondence, information, document or other material
without the consent of the person concerned discloses such electronic record,
book, register, correspondence, information, document or other material to any
other person, he shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with
both. Thus, Section 72 prohibits unauthorized disclosure of the contents of
electronic record.

Penalty for Publishing Digital Signature Certificate False in Certain Particulars

(Sec. 73)

No person shall publish a Digital Signature Certificate or otherwise make it

available to any other person with the knowledge that:

(a) It has not been issued by the Certifying Authority; or

(b) it has not been accepted by the subscriber; or

(c) The certificate has been revoked or suspended.

However, if the publication is for the purpose of verifying a digital signature

created prior to such suspension or revocation, this rule will not apply.

Any person, who contravenes the above provisions, shall be punished with
imprisonment for a term which may extend to two years, or with fine which
may extend to one lakh rupees, or with both.

73
Publication for Fraudulent Purpose (Sec. 74)

Whoever knowingly creates, publishes or otherwise makes available a Digital

Signature Certificate for any fraudulent or unlawful purpose shall be punished
with imprisonment for a term which may extend to two years, or with fine
which may extend to one lakh rupees, or with both.

Act to Apply for Offence or Contravention Committed Outside India (Sec. 75)
The provisions of this Act shall apply also to any offence or contravention
committed outside India by any person irrespective of his nationality, if the act
or conduct constituting the offence or contravention involves a computer;
computer system or computer network located in India.

Confiscation (Sec. 76)

Section 76 provides for confiscation of any computer, computer system,

floppies, compact disks, tape drives or any other accessories related thereto, in
respect of which there is contravention of any provision of this Act.

However, where it is established to the satisfaction of the court adjudicating the

confiscation that the person who is in possession, power or control of these
articles is not responsible for the contravention, the court may, instead of
making an order for confiscation, make such other order as it may think fit.

Penalties and Confiscation not to interfere with Other Punishments (Sec.

77)

Any penalty imposed or confiscation made under this Act shall not interfere
with other punishments provided under any other law for the time being in
force.

Power to Investigate Offences (Sec. 78)

A police officer not below the rank of Deputy Superintendent of Police is

empowered to investigate any offence under the Act.

Network Service Providers not to be Liable in Certain Cases (Sec. 79)

For the removal of doubts, it is hereby declared that no person providing any
service as a network service provider shall be liable under this Act, rules or
regulations made thereunder for any third party information or data made
available by him if he proves that the offence or contravention was committed
without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention.

74
Explanation For the purposes of this Section:

(a) "Network service provider" means an intermediary;

(b) "Third party information" means any information dealt with by a network
service provider in his capacity as an intermediary.

Offences by Companies (Sec. 85)

Where a person committing a contravention of any of the provisions of this Act

or of any rule, direction or order made there under is a company, every person
who, at the time the contravention was committed, was in charge of, and was
responsible to, the company for the conduct of business of the company as well
as the company, shall be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly, unless he proves that the
contravention took place without his knowledge or that he exercised all due
diligence to prevent such contravention. If it is proved that the contravention
has taken place with the consent or connivance of, or is attributable to any
neglect on the part of, any director, manager, secretary or other officer of the
company, such person shall also be deemed to be guilty of the contravention
and shall be liable to be proceeded against and punished accordingly.

Explanation For the· purposes of this Section:

(i) "Company" means anybody corporate and includes a firm or other
association of individuals; and
(ii) "Director" in relation to a firm, means a partner in the firm.

Constitution of Advisory Committee (Sec. 88)

The Central Government shall, as soon as maybe after the commencement of

this Act, constitute a Committee called the Cyber Regulations Advisory
Committee. It shall consist of a Chairperson and such number of other official
and non-official members representing the interests principally affected or
having special knowledge of the subject-matter as the Central Government may
deem fit. There shall be paid to the non-official members of such Committee
such travelling and other allowances as the Central Government may fix.

The Cyber Regulations Advisory Committee shall advise:

(a) The Central Government either generally as regards any rules or for any
other purpose connected with the Act;
(b) The Controller in framing the regulations under this Act.

75
The Central Government has notified the constitution of "Cyber Regulations
Advisory Committee" consisting of 21 members including the Chairperson vide
Notification No. GSR 790 (E), dated 17th October, 2000.

Power of Controller to Make Regulations (Sec. 89)

The Controller may, after consultation with the Cyber Regulations Advisory
Committee and with the previous approval of the Central Government, by
notification in the Official Gazette, make regulations consistent with the Act
and the rules made thereunder to carry out the purposes of the Act. In particular,
such regulations may provide for all or any of the following matters, namely:

(a) The particulars relating to maintenance of database containing the disclosure

record of every Certifying Authority under Section 18(m);
(b) The conditions and restrictions subject to which the Controller may
recognise any foreign Certifying Authority under Section 19(1);
(c) The terms and conditions subject to which a license may be granted under
Section 21(3)(c);
(d) Other standards to be observed by a Certifying Authority under Section
3O(d);
(e) The manner in which the Certifying Authority shall disclose the matters
specified in Section 34(1);
(f) The particulars of statement which shall accompany an application under
Section 35(3);
(g) The manner by which the subscriber communicates the compromise of
private key to the certifying Authority under Section 42(2).

76
 SOME SPECIAL CASES

Publishing cyber pornography:

Actions covered Publishing, causing to be published

and

Transmitting cyber pornography.

Penalty First offence: Simple or rigorous

imprisonment

up to 5 years and fine up to Rs 1 lakh

Subsequent offence: Simple or

rigorous

imprisonment up to 10 years and fine

up to Rs

2 lakh

Relevant authority Court of Session

Appeal lies to High Court

Investigation 1. Controller of Certifying

Authorities (CCA)
Authorities
2. Person authorized by CCA

3. Police Officer not below the rank

of

Deputy Superintendent

77
 Points to mention in 1. Complainant details

complaint 2. Suspect details

3. How and when the contravention

was

discovered and by whom

4. Other relevant information

Unauthorized Access to Protected System

Actions covered Unauthorized access to protected

system (or attempt thereof)

Penalty Imprisonment up to 10 years and fine

(this may be rigorous or simple
imprisonment i.e. with or without
hard labour)

Relevant authority Court of Session

Appeal lies to High Court

Investigation 1. Controller of Certifying

Authorities (CCA)
Authorities
2. Person authorized by CCA

3. Police Officer not below the rank

of

Deputy Superintendent

Points to mention in 1. Complainant details

complaint 2. Suspect details

3. Details of gazette notification and

78
 Government order

4. How and when the contravention

was

discovered and by whom

5. Other relevant information

Tampering with computer source code

Actions covered Knowingly or intentionally

concealing, altering

or destroying computer source code

(or causing someone else to do so).

Penalty Imprisonment up to 3 years and / or

fine up to Rs 2 lakh

Relevant authority Judicial Magistrate First Class

Appeal lies to Court of Session

Investigation 1. Controller of Certifying

Authorities (CCA
Authorities
2. Person authorized by CCA

3. Police Officer not below the rank

of

79
 Deputy Superintendent

Points to mention in 1. Complainant details

complaint 2. Suspect details

3. How and when the contravention

was

discovered and by whom

4. Damage suffered

5. Other relevant information

80
 CONCLUSION
The economic policy of liberalisation was first time introduced in India in the
year 1991 that opened gates for foreign investment in many sectors. In the year
1997, the Tarapore Committee recommended changes in the present legislation
that regulate foreign exchange in the country. After which FERA was replaced
by FEMA in the country.

SEBI by its guidelines, regulations and directions, statutorily promoted

disclosure of all relevant information has strengthened the securities market.
Still there exist some worries among investors. Their biggest worry is ‘too much
volatility’. The next major worry is ‘too much price manipulation of stocks’.
They also worry about ‘fraudulent company managements’ and ‘unfair practices
of brokers’. However, they are not that much worried about the cost of
dematerialization.

The Cyber Law defined as a thoughtful group conversation about core values
and distinct benefits to the Society will persist. But it will not, could not, and
should not be the same law as that applicable to physical, geographically
defined territories

81
 REFERENCES:

1. TEXT BOOK OF BUSINESS LEGISLATION FOR MANAGEMENT;

By M.C.KUCHHAL & DEPA PRAKASH.
2. http://www.corecentre.co.in/Database/Docs/DocFiles/india_cyber.pdf
3. http://asclonline.com/images/c/cc/7_years_of_Indian_Cyber_Law.pdf
4. http://www.witsa.org/papers/McConnell-cybercrime.pdf

82
83