Analyzing Dispute resolution framework under the Information Technology Act, 2000

Disputes arise because of perceived differences in interests. If there is an interaction between two or more people or companies, and one believes that his or her interests are not identical to those of the other, there will be a dispute. The best way to prevent disputes from arising is to make sure that each party knows what the other party wants, and to capture in clear, unambiguous writing any agreements between the parties. Increasing each party’s knowledge about the other decreases the chance of a dispute arising because of a possible misunderstanding. Similarly, relying on business practices that are universally used in a certain industry or region will reduce the number of disputes. Disputes can easily arise when the parties do not know each other well, when they are engaging in new forms of business, or when they come from different cultures.A number of interpersonal, family, community or business disputes could arise in cyber-space in much the same way as they do in physical space. The new types of disputes that arise specifically from new technologies include: ·

domain names (there are dispute resolution processes established through the Internet Corporation for Assigned Names and Numbers (ICANN);

complaints in relation to privacy and security of on-line communications infrastructure complaints and disputes, especially in relation to telecommunications carriers;

performance and project disputes;

disputes over trademarks and copyright;

dispute arising over the circulation of information, or illegal or inappropriate content, over the Internet;

e-commerce disputes, including those between businesses (B2B), between businesses and consumers (B2C), and between consumers and consumers (C2C);

workplace conflicts arising out of changes in employment, personnel and work practices, generated by new technology.

The question of what court or tribunal may resolve a particular controversy often arises with respect to conflicts in real space. Efforts to answer it have generated several venerable and formidable bodies of legal doctrine: personal jurisdiction, subject-matter jurisdiction; venue; and the collection of rules and policies collected under the umbrella of alternative dispute resolution.

                                            KEY DETAILS OF THE FRAMEWORK

The scope of the framework is limited; it only applies to disputes that relate to the violations listed in the IT Act .There are two categories of violations under the IT Act: (i)contraventions relating to damage to computer, computer systems; protection of data; failure to furnish information, violation of any provision, rule, regulation or direction under the Act; and (ii) offences including cyber terrorism, violation of privacy and cheating. Only disputes relating to contraventions can be resolved through the dispute resolution framework . Offences are criminal in nature, they are dealt with under the criminal laws of India.

The IT Act is applicable to persons and entities both within and outside India . Once a cyber-dispute is adjudicated as per the dispute resolution framework of the IT Act, the same dispute cannot be taken up by a civil court .

                              THE PROCESS OF ADJUDICATION UNDER THE IT ACT

The power to adjudicate is given to an ‘Adjudicating Officer’ (“AO”) appointed by the central government . As per the Ministry of Electronics and Information Technology (“MeitY”), the secretary of the department of information technology of each state is appointed as the AO for that state by default. The AO is a quasi-judicial body, as it has dual-powers to: (i) order investigation i.e. hold inquiry into the violation of the IT Act on the basis of evidence produced before it ; and (ii) adjudicate i.e. it decides the quantum of compensation or penalty to be awarded in case of a violation . The AO can exercise its jurisdiction over matters in which the claim for compensation or damage does not exceed INR 5 crore.The AO is entitled to order investigation into a complaint at any time from the receipt of a  complaint by it . This investigation is conducted by an officer in the Office of Controller of Certifying Authorities or CERT-In, or by a Deputy Superintendent of Police.


Orders issued by an AO are appealable before the Telecom Disputes Settlement and Appellate Tribunal (“TDSAT”) . A party can appeal against AO’s order before the TDSAT within 45 days of receiving the order . The right to appeal is not available to the parties if the adjudication order was passed with the consent of the parties.

The TDSAT may confirm, modify or set the adjudication order appealed against, after giving the parties a reasonable opportunity to be heard. The TDSAT has the same powers as are vested in a civil court to summon the parties, order production of documents and to review its decisions. A party can file an appeal against TDSAT’s order to the High Court, within 60 days of receiving the order


The framework may look promising in theory, but it has not been as effective in practice. There is hardly any reportage on a cyber-dispute and there is no data available on the number of cases adjudicated upon by officers or the tribunal. We have identified certain issues that highlight the lacunae in the system:

Possibility of conflicting orders passed by AOs:

They AOs enjoy wide powers. They can adjudicate on violation  of any provision, rule, regulation or direction passed under the IT Act. AOs have sometimes passed orders with significant ramifications. For example, in one case, an AO held a bank liable for not exercising due diligence to prevent phishing . The AO referred to the prevailing RBI guidelines  on internet banking to arrive at this conclusion. Thus, AOs can play a significant role in interpreting the IT Act.There are multiple AOs, who address similar kind of issues, at the same time. This results in the problem of conflicting opinions on the same issue.  For instance, in a case , the AO had held that Section 43 of the IT Act was not applicable to the bank as it was a body corporate. However, AOs in other states had held otherwise. In multiple cases, Section 43 has been invoked against body corporate. This can make it difficult for an entity to comply with the IT Act, as it may have to consider the opinion of multiple AOs to function across India.

Poor availability of orders passed by AOs:

To access adjudication orders passed under the IT Act, one has to search through websites of state governments which are not easy to navigate. There is no reportage of these disputes by popular legal databases as well. There should be a central database for adjudication orders. This will enable officers and other stakeholders to refer to these adjudication orders while dealing with violations under the IT Act. It will also enable businesses to keep a track of cyber disputes.

C.   Excessive burden on department secretaries appointed as AOs:

Secretaries of the department of information technology of the states are AOs by virtue of an old Merit Order from 2003. They are responsible for the administration of their department, and are actively involved in the governance of the state, in addition to performing their duties as AOs. The dual-aspect of their job is extremely burdensome. Considering the high amount of cyber-offences in the country, there is a need to revamp this system for appointment of AOs. There are other Indian laws where AOs are given independent roles for adjudicating violations. For instance, the Prevention of Money Laundering Act, 2002 (“PMLA”) lays down a similar adjudication procedure for offences. However, instead of appointing AOs, the PMLA has established an ‘Adjudicating Authority’. This authority comprises of a chairperson and two other members. This authority is only involved in adjudication of offences, it is also allowed to have its own staff for assistance. The IT Act could adopt a mechanism similar to the other laws to ensure efficacy and speedy disposal of adjudications.

Need for capacity building in adjudication of cyber offences:

There is a need to build the capacity of AOs. The Crown Prosecution Service of the United Kingdom has issued ‘Cybercrime-prosecution guidance’. This guidance has defined major kinds of cybercrimes like hacking, social media related offences, etc. They provide basic principles for adjudication of cybercrimes. A guidance of a similar nature should be introduced in India to ensure better handling of complaints.

Investigation and appreciation of evidence during the adjudication process

Investigation into violations is conducted by an officer in the Office of Controller of Certifying Authorities or CERT-IN; or by the Deputy Superintendent of Police. However, the capacity of these bodies to conduct cyber investigations is questionable.Most cyber-offences are reported to the police departments, as the National Cyber Crime Portal functions under the domain of the Ministry of Home Affairs. Complaints on this portal are referred to the police department of the state in which the alleged cyber-offence was committed. The police personnel are not equipped to deal with cybercrimes; they may not have the requisite expertise in areas like cyber forensics and investigation. They often appoint private firms to investigate into such matters.

There is no guiding document under the Indian regulatory framework on cyber investigation or cyber forensics. The Information Technology (Amendment) Act, 2008 has established a body called the “Examiner of Electronic Evidence”. This body provides expert opinion on electronic evidence. The Merit has appointed various forensic science laboratories as the examiner . These laboratories hold expertise in conducting cyber investigation. However, the Holding of Enquiry Rules, 2003 have not been updated post the coming of the 2008 amendment act. The rules must be amended to give AOs the power to order such examiners to investigate into the matters before them.

There should be guidelines or principles on investigation of cyber offences to better equip the police and other investigating agencies to handle such cases. For instance, the United States Department of Justice had issued a guide on ‘Electronic Crime Scene Investigation’ in 2001 . This is a comprehensive guide which sets out investigation techniques for different kinds of cyber violations like frauds, identity theft etc. A similar national guideline on cyber investigations must be issued in India. A cybercrime investigation manual was launched by the Data Security Council of India. Steps must be taken by the central government to notify such guidelines.

Aishwarya Says:

I have always been against Glorifying Over Work and therefore, in the year 2021, I have decided to launch this campaign “Balancing Life”and talk about this wrong practice, that we have been following since last few years. I will be talking to and interviewing around 1 lakh people in the coming 2021 and publish their interview regarding their opinion on glamourising Over Work.

If you are interested in participating in the same, do let me know.

Do follow me on FacebookTwitter  Youtube and Instagram.

The copyright of this Article belongs exclusively to Ms. Aishwarya Sandeep. Reproduction of the same, without permission will amount to Copyright Infringement. Appropriate Legal Action under the Indian Laws will be taken.

If you would also like to contribute to my website, then do share your articles or poems at

In the year 2021, we wrote about 1000 Inspirational Women In India, in the year 2022, we would be featuring 5000 Start Up Stories.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.