Detailed summary chart of Chapters VI, VII, VIII, IX, and X of the Information Technology (IT) Act, 2000:
Chapter VI – Regulation of Certifying Authorities (Sections 17-34)
| Section | Provision | Summary |
|---|
| 17 | Appointment of Controller and Officers | Central Government appoints the Controller of Certifying Authorities (CCA) and other officers. |
| 18 | Functions of Controller | The CCA regulates Certifying Authorities (CAs), lays down standards, certifies public keys, and ensures compliance. |
| 19 | Recognition of Foreign CAs | Allows recognition of foreign Certifying Authorities (CAs) under specific regulations. |
| 21 | License to Issue Electronic Signature Certificates | Any entity seeking to issue electronic signature certificates must apply for a license from the Controller. |
| 22 | Application for License | The license application requires a certification practice statement and other necessary documents. |
| 23 | Renewal of License | A license must be renewed at least 45 days before expiry. |
| 24 | Grant or Rejection of License | The Controller can approve or reject an application based on compliance requirements. |
| 25 | Suspension of License | The Controller may suspend a license if the CA violates conditions. |
| 26 | Notice of Suspension or Revocation | If a license is revoked, the Controller must notify the public via a central repository. |
| 27 | Power to Delegate | The Controller may delegate powers to Deputy/Assistant Controllers. |
| 28 | Power to Investigate | The Controller has powers similar to Income Tax Authorities to investigate violations. |
| 29 | Access to Computers and Data | Authorizes investigation officers to access computers and gather evidence of contraventions. |
| 30 | Compliance by Certifying Authorities | CAs must ensure security of digital signatures and comply with legal obligations. |
| 31 | Duty of Certifying Authorities | CAs must ensure that their employees follow IT Act regulations. |
| 32 | Display of License | Certifying Authorities must display their licenses at business premises. |
| 33 | Surrender of License | If a CA’s license is revoked, it must immediately surrender it to the Controller. |
| 34 | Disclosure Obligations | CAs must publicly disclose their certificates, terms, and suspension/revocation notices. |
Chapter VII – Electronic Signature Certificates (Sections 35-39)
| Section | Provision | Summary |
|---|
| 35 | Issuance of Electronic Signature Certificate | Certifying Authorities (CAs) issue electronic signature certificates after verifying identity. |
| 36 | Representations on Issuance | CA must ensure that the electronic signature certificate is issued accurately and securely. |
| 37 | Suspension of Certificates | The CA may suspend an electronic signature certificate upon request from the subscriber or if required in the public interest. |
| 38 | Revocation of Certificates | Certificates may be revoked upon request, death, insolvency, or fraud. |
| 39 | Notice of Suspension/Revocation | The CA must notify the public when an electronic signature certificate is suspended or revoked. |
Chapter VIII – Duties of Subscribers (Sections 40-42)
| Section | Provision | Summary |
|---|
| 40 | Generation of Key Pair | Subscribers must generate and maintain their public-private key pair for digital signatures. |
| 40A | Duties of Subscriber | Subscribers must ensure security and compliance of their electronic signature certificates. |
| 41 | Acceptance of Digital Signature Certificate | A subscriber is deemed to have accepted a certificate if they publish or authorize its use. |
| 42 | Control of Private Key | Subscribers must protect their private keys and immediately report if compromised. |
Chapter IX – Penalties, Compensation, and Adjudication (Sections 43-47)
| Section | Offence | Penalty |
|---|
| 43 | Damage to Computer Systems | Unauthorized access, hacking, introducing viruses, data theft |
| 43A | Failure to Protect Data | Negligence in handling sensitive data by companies |
| 44 | Failure to Furnish Information | Not submitting reports to authorities |
| 45 | Residuary Penalty | General penalty for violations not covered elsewhere |
| 46 | Power to Adjudicate | Adjudicating officers handle IT-related penalty and compensation cases |
| 47 | Factors for Compensation | Compensation is determined based on loss suffered, unfair gain, and frequency of default |
Chapter X – Appellate Tribunal (Sections 48-62)
| Section | Provision | Summary |
|---|
| 48 | Establishment of Appellate Tribunal | The Telecom Disputes Settlement and Appellate Tribunal (TDSAT) serves as the appellate body for IT-related disputes. |
| 49-56 | [Omitted Sections] | Sections related to the Cyber Appellate Tribunal were removed in 2017. |
| 52D | Decision by Majority | If Tribunal members disagree, the Chairperson decides. |
| 55 | Finality of Tribunal Orders | Tribunal decisions are final and cannot be challenged due to procedural issues. |
| 57 | Appeal to Appellate Tribunal | Appeals against adjudicating officer decisions can be made to the TDSAT. |
| 58 | Tribunal’s Procedure and Powers | The Tribunal has civil court powers to summon witnesses, examine evidence, and pass orders. |
| 59 | Right to Legal Representation | Parties may hire lawyers or be represented before the Tribunal. |
| 60 | Limitation Period | Appeals must be filed within 45 days of an adjudicating officer’s order. |
| 61 | Civil Court Jurisdiction Barred | Civil courts cannot handle cases assigned to the Tribunal. |
| 62 | Appeal to High Court | Tribunal decisions can be appealed in High Court within 60 days. |
Conclusion:
These chapters cover regulation of certifying authorities, digital signatures, subscriber responsibilities, penalties, and appellate mechanisms. Chapter X ensures IT-related disputes can be resolved through the TDSAT instead of traditional courts.
Comments
Post a Comment