Compliance Requirements under Information Technology Act, 2000

1. Retention of records in E-form (Section 7)

If a law requires documents or records to be retained for a specific period, the requirement is met when they are kept in electronic form, provided the information remains accessible for future reference, the record is preserved in its original or an accurately reproducible format, and it includes details identifying the origin, destination, date, and time of sending or receiving. This does not apply to data generated automatically only to enable electronic transmission. This section also does not apply where a law specifically requires records to be retained as electronic records.

2. Attribution of the electronic records to the originator (Section 11)

An electronic record shall be attributed to the originator—

(a) if it was sent by the originator himself;

(b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) by an information system programmed by or on behalf of the originator to operate automatically.

3. Secure Electronic Records Using Security Procedures (Section 14)

An electronic record becomes a secure electronic record from the moment a security procedure is applied to it and remains so until it is verified.

Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall he deemed to be a secure electronic record from such point of time to the time of verification.

4. Secure Electronic Signature Using Approved Security Procedure (Section 15)

An electronic signature shall be deemed to be a secure electronic signature if—

(i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and

(ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed.

Explanation.– In case of digital signature, the ―signature creation data‖ means the private key of the subscriber.

5. Prohibition on tampering with computer source documents (Section 65)

No person shall knowingly or intentionally conceal, destroy or alter or intentionally or knowingly cause another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force

Explanation.–For the purposes of this section, ―computer source code‖ means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

6. Prohibition on commission of any acts causing damage to computer, computer system etc (Section 43)

Any person who, without permission of the owner or person in charge of a computer, computer system, computer network or computer resource:

(a) accesses or secures access to it;

(b) downloads, copies, or extracts any data, database, or information, including that stored in removable media;

(c) introduces any computer contaminant or virus;

(d) damages any computer, system, network, data, database, or programs;

(e) disrupts any computer, system, or network;

(f) denies access to any authorised person;

(g) assists anyone in gaining unauthorised access in violation of this Act or its rules;

(h) charges services used by one person to another’s account by tampering with any computer, system, or network;

(i) destroys, deletes, or alters information in a computer resource or diminishes its value or utility; or

(j) steals, conceals, destroys, or alters computer source code with intent to cause damage, shall be liable to pay damages by way of compensation to the affected person.