Cyber Law in India: Types, Penalties, DPDPA, Reporting, and Regulations

Learn about cyber law in India, types of cybercrimes, DPDPA 2023, reporting methods, business compliance, and key regulatory bodies like CERT-In and NCIIPC.
CHECK ELIGIBILITY
Lawyer Loan
CHECK ELIGIBILITY
4 min
14 May 2025
With the growing dependence on digital platforms, cyber threats have become increasingly frequent and sophisticated. From financial frauds and identity theft to data breaches and ransomware attacks, India has witnessed a sharp rise in cybercrime cases. To combat this, cyber law in India has evolved significantly, covering various aspects of digital transactions, data privacy, and online conduct. Whether you're an individual, a business owner, or a legal professional, understanding your rights and responsibilities under Indian cyber law is vital to staying secure in today’s digital age.

What is cyber law in India?

Cyber law in India refers to the legal framework that governs crimes, frauds, and disputes occurring in cyberspace. It outlines the rules for electronic communication, digital transactions, data storage, and protection against cybercrimes. It also addresses the legal responsibilities of individuals, businesses, and government bodies in maintaining cybersecurity.

The Information Technology Act, 2000, is the principal legislation governing digital operations in India. It defines offences, prescribes penalties, and lays down procedures for investigation and enforcement. Updates such as the Digital Personal Data Protection Act (DPDPA) 2023 further strengthen the legal ecosystem for digital governance.

Types of cyber crimes and penalties

Cybercrimes in India cover a wide spectrum of offences. Below are some common types and the corresponding legal consequences:

  • Hacking: Unauthorised access to systems is punishable with imprisonment of up to 3 years and/or a fine under Section 66 of the IT Act.
  • Identity theft: Using someone else's personal data fraudulently carries imprisonment of up to 3 years and fines under Section 66C.
  • Cyberstalking: Persistent digital harassment or following is punishable under IPC Section 354D, with imprisonment and/or fines.
  • Phishing and email frauds: Misleading emails to extract sensitive data are covered under Sections 419 and 420 of the IPC.
  • Data breaches: Failure to protect user data may attract penalties under both the IT Act and the DPDPA 2023.
  • Cyber terrorism: Covered under Section 66F, this offence is punishable with life imprisonment for attacks affecting national security.

Data protection laws in India

Data privacy has become a core component of what is cyber law in India. The DPDPA 2023 is India’s dedicated law for protecting personal data of individuals and ensuring responsible data handling by organisations.

  • DPDPA 2023: Replaces older guidelines and focuses on consent-based data collection, limited retention, and cross-border data rules.
  • Data fiduciaries: Businesses collecting personal data are required to follow stringent safety measures and transparency norms.
  • User rights: Individuals have the right to access, correct, and erase their data from a business’s database.
  • Penalties: Non-compliance can attract penalties up to Rs.250 crore for data breaches, especially if negligence is proven.
  • Applicability: The law applies to government and private entities processing digital personal data in India.

How to report cyber crimes in India?

Victims of cybercrime can seek recourse through multiple channels. Here’s how to report such incidents effectively:

  • Cyber crime portal: Visit www.cybercrime.gov.in to file a complaint online. It caters to offences like financial fraud, online abuse, and cyberstalking.
  • Local police station: File an FIR under relevant sections of the IT Act or IPC.
  • Cyber cells: Every major city has a cybercrime unit under state police that specialises in digital offences.
  • Helpline 1930: This national helpline is dedicated to reporting financial cyber frauds like UPI or card fraud.
  • Documentation: Always retain evidence such as screenshots, email headers, or transaction details while reporting.

Role of regulatory bodies (CERT-In, NCIIPC)

India has two primary agencies tasked with cybersecurity enforcement and infrastructure protection.

CERT-In (Indian Computer Emergency Response Team):

  • Functions under the Ministry of Electronics and Information Technology.
  • Monitors cyber threats and issues alerts.
  • Coordinates responses to incidents like ransomware and phishing attacks.
  • Mandates reporting of significant breaches within 6 hours.
NCIIPC (National Critical Information Infrastructure Protection Centre):

  • Works under the National Technical Research Organisation.
  • Focuses on protecting critical infrastructure in sectors like banking, energy, and defence.
  • Provides threat intelligence and incident response guidance to strategic organisations.
These agencies work in tandem to build a secure digital environment for citizens and enterprises.

Cyber law for businesses

Every business operating online or storing customer data must comply with India’s cyber laws. Here's what that entails:

  • Mandatory disclosures: Companies must report any data breach to CERT-In within specified timelines.
  • Privacy policies: Websites and apps must provide clear privacy statements on data usage and storage.
  • User consent: Data processing must be consent-based under the DPDPA 2023.
  • Vendor agreements: Businesses must ensure third-party vendors handling data also comply with the law.
  • Cyber audits: Regular audits and risk assessments are advisable for financial, health, and tech-based businesses.
  • Employee training: Staff should be trained to follow digital security protocols and incident reporting procedures.
Failing to comply with these requirements can lead to heavy penalties and reputational loss.

Recent cyber law amendments

India’s cyber law ecosystem is evolving in response to rising threats. Key recent developments include:

  • Introduction of DPDPA 2023: A comprehensive personal data protection law replacing fragmented guidelines.
  • CERT-In directives (2022-23): Mandatory incident reporting, stricter VPN and cloud data logging requirements.
  • Draft Digital India Act (Pending): Meant to replace the IT Act, it aims to bring AI, deepfakes, and social media under regulation.
  • Faster adjudication mechanism: Proposals to set up specialised cyber benches in high courts for faster case resolution.
These updates aim to make India’s cyber legal framework more robust, agile, and user-centric.

Conclusion

Cyber law in India has become central to safeguarding digital transactions, personal data, and organisational security. Whether it’s the IT Act or the newly introduced DPDPA 2023, staying compliant and informed is crucial for both individuals and businesses. From understanding what cyber law is in India to learning how to report offences or adopt compliance measures, awareness is your first line of defence.

If you’re a legal professional planning to specialise in cyber law or expand your firm’s expertise, a lawyer loan can provide the financial support you need.

Frequently asked questions

What is the scope of cyber law?
Cyber law covers a wide range of legal areas, including digital crimes, online privacy, e-commerce, data protection, and internet governance. It applies to individuals, companies, and government agencies involved in digital activity.

What are the advantages of cyber law?
Cyber law helps secure digital transactions, protects users’ privacy, deters cybercrimes, and creates legal accountability for online misconduct. It promotes trust in the digital economy.

What are the five basic principles of cyber law?
The five key principles include the legality of digital contracts, data privacy, authentication of electronic records, prevention of unauthorised access, and accountability for digital misconduct.

What is IPR in cyber law?
Intellectual Property Rights (IPR) in cyber law protect digital assets like software, domain names, content, and databases. It ensures creators' rights are legally safeguarded in the online environment.

Show More Show Less

Bajaj Finserv App for All Your Financial Needs and Goals

Trusted by 50 million+ customers in India, Bajaj Finserv App is a one-stop solution for all your financial needs and goals.

You can use the Bajaj Finserv App to:

Apply for loans online, such as Instant Personal Loan, Home Loan, Business Loan, Gold Loan, and more.

  • Explore and apply for co-branded credit cards online.
  • Invest in fixed deposits and mutual funds on the app.
  • Choose from multiple insurance for your health, motor and even pocket insurance, from various insurance providers.
  • Pay and manage your bills and recharges using the BBPS platform. Use Bajaj Pay and Bajaj Wallet for quick and simple money transfers and transactions.
  • Apply for Insta EMI Card and get a pre-approved limit on the app. Explore over 1 million products on the app that can be purchased from a partner store on Easy EMIs.
  • Shop from over 100+ brand partners that offer a diverse range of products and services.
  • Use specialised tools like EMI calculators, SIP Calculators
  • Check your credit score, download loan statements, and even get quick customer support—all on the app.
Download the Bajaj Finserv App today and experience the convenience of managing your finances on one app.

Do more with the Bajaj Finserv App!

UPI, Wallet, Loans, Investments, Cards, Shopping and more

GET THE APP

Disclaimer

1. Bajaj Finance Limited (“BFL”) is a Non-Banking Finance Company (NBFC) and Prepaid Payment Instrument Issuer offering financial services viz., loans, deposits, Bajaj Pay Wallet, Bajaj Pay UPI, bill payments and third-party wealth management products. The details mentioned in the respective product/ service document shall prevail in case of any inconsistency with respect to the information referring to BFL products and services on this page.

2. All other information, such as, the images, facts, statistics etc. (“information”) that are in addition to the details mentioned in the BFL’s product/ service document and which are being displayed on this page only depicts the summary of the information sourced from the public domain. The said information is neither owned by BFL nor it is to the exclusive knowledge of BFL. There may be inadvertent inaccuracies or typographical errors or delays in updating the said information. Hence, users are advised to independently exercise diligence by verifying complete information, including by consulting experts, if any. Users shall be the sole owner of the decision taken, if any, about suitability of the same.

Related videos