Cybercrime Laws in India: Know Your Rights & Steps
Ever clicked a link that looked suspicious or even got a message asking for your bank details? You’re not the only one. As online scams, data leaks, and hacking are growing fast, knowing about cybercrime laws in India has become essential.
The internet is no longer just for fun or business; it’s a space where crimes happen every minute. India has made its cybercrime laws stronger by passing laws like the Digital Personal Data Protection Act, the Information Technology Act, and CERT Guidelines.
In this blog, we’ll talk about what cyber laws are, how they keep you safe, and what to do if you ever become a victim of cybercrime.
What Are Cyber Laws in India?
Cyber laws govern behaviour in the digital space, define how computers and networks can be used, identify misuse, regulate data handling, set platform responsibilities, and prescribe penalties for violations.
In India, many laws come together such as the base tech-law, the data-privacy law, the platform regulation, and the criminal offence laws.
Understanding the Main Cybercrime Laws in India
The IT Act, 2000:
The backbone of digital regulation is the Information Technology Act, 2000 (IT Act).
It covers offences like the unauthorised access to computer systems, hacking, identity theft, cheating by impersonation using computers, as well as the misuse of digital signatures. In short, this law gives you cover when someone hacks your account or uses your identity online.
The Digital Personal Data Protection Act, 2023:
Privacy of your data matters. The Digital Personal Data Protection Act, 2023 (DPDP Act) sets rules on how your digital personal data is collected, stored, used, and shared.
It gives you rights (access, correction, erasure) and puts obligations on those who handle your data (called “data fiduciaries”). If your online account leaks your information or a service uses your data unfairly, this law kicks in.
Platform & Audit Regulation – The CERT Guidelines and Others:
Regulation doesn’t stop at data and users.
This body, known as the Indian Computer Emergency Response Team (CERT-In), issues guidelines and rules for cybersecurity and incident reporting.
Recently, the government issued a guideline requiring organisations that operate digital systems to conduct annual cybersecurity audits. These guidelines aim to standardise cybersecurity practices across various sectors.
Criminal Law Update: The BNS/BSA Framework:
To streamline the offences, India replaced older laws like the Indian Penal Code with the new ones, such as the Bharatiya Nyaya Sanhita, 2023.
Cyber-offences now sit more clearly under these new codes. This matters when someone commits a serious online crime
Common Cybercrime Laws in India: Real-Life Cases
Let’s make this real. What are people actually facing right now?
- Online fraud or phishing: You get a fake message, click a link, and money disappears. Because so many digital payments happen now, this is growing.
- Identity theft/account takeover: Someone steals your credentials, uses your identity to do illegal stuff (loan, account opening).
- The non-consensual sharing of images and child abuse material are forms of online sexual exploitation that Indian law treats with utmost seriousness and strict punishment.
- Harassment/stalking/defamation online: Fake profiles, threatening messages, social media posts aimed at you.
- Mule bank accounts / organised cyber-fraud: Some individuals lend their bank accounts for illegal transactions, which is punishable.
These aren’t hypothetical. According to a recent parliamentary committee report, cybercrime has many forms, and the existing legal framework is complex.
Everyday Cybercrime Red Flag Checklist
- Unknown OTP notifications or attempts to log in
- Unexpected emails resetting passwords
- False courier messages (BlueDart and SpeedPost frauds)
- UPI “payment request” as opposed to payment
- Fake job offers or impersonation on social media
- QR codes sent via WhatsApp
- Bank messages with “KYC suspended”
How to Report and Handle it: Your Step-by-Step Guide
If you suspect you’ve been hit, here’s what you should do:
- Preserve evidence immediately: Gather screenshots, chat logs, bank statements, and timestamps. It matters a lot.
- Report the offence: Go to the national cybercrime portal or call the helpline.
- File an FIR (First Information Report): File your report with the local cybercrime police station (especially for serious cases).
- Cooperate with the investigation: share requested details (so far as safe), and follow up.
- Change credentials & lock down accounts: while police act, you act to protect yourself.
Acting quickly improves your chances of recovery or at least stopping from further harm.
Cybercrime Laws in India: What Businesses and Platforms Should Do
If you run a business, startup or platform, the rules matter to you too:
- Be aware of cybercrime laws in India and make sure your systems are secure, your data handling is up to standard, and you have proper processes to report cybercrime in India.
- Under the DPDP Act, you must have lawful grounds for processing personal data, you must offer rights to users, and you must respond to breaches properly.
- For any entity that manages digital systems, the CERT-In audit guidelines mean you may need to undergo cybersecurity audits and report incidents.
- If you host user uploads, comments or are an intermediary platform, you may have take-down obligations and must heed the intermediary rules (under IT Act and subsequent rules).
Being proactive reduces the risk, both legal and reputational.
Common Cybercrime Penalties in India
| Offence | Applicable Law | Penalty |
|---|---|---|
| Hacking / unauthorised access | IT Act Sec 66 | Up to 3 years jail + fine |
| Identity theft | Sec 66C | Up to 3 years + fine |
| Image misuse / obscene content | Sec 67 / BNS | Imprisonment + heavy fines |
| Online stalking/harassment | BNS | Up to 3 years |
| Financial fraud (UPI / phishing) | IT Act + BNS | Jail + repayment + penalties |
Your 24-Hour If-This-Happens Checklist
If you feel something’s wrong right now, here’s your personal emergency route:
- Stop using the compromised account/device.
- Change passwords, enable two-factor authentication.
- Contact your bank or financial institution (if money or payment info is involved).
- File a report at the cybercrime portal/helpline.
- Save everything: screenshots, emails, messages.
- Inform your close contacts if identity is compromised.
- Consider legal advice if the loss is large or your case involves sensitive data.
Doing this gives you momentum and increases your protection.
Cybercrime Laws in India Made Simple
If you know India’s cybercrime laws, you can keep your money, data, and image safe online. If something goes wrong, you need to move quickly: keep the evidence, make sure your accounts are safe, and report the crime through the right channels.
You can talk to law firms like Kamal and Co. Advocates for help with digital scams, data breaches, or compliance. They can help you get through the process without any stress.
Don’t forget that quick action and the right help can make all the difference.
Recently Asked Question About Cybercrime In India
Can I report a small online fraud, say ₹20,000?
Yes. Many states now allow cybercrime cases under the IT Act even for smaller sums. The threshold has been removed in places.
My photo was shared online without my consent. What law covers it?
There are provisions under the IT Act (for unauthorised sharing of images), and you may also use the DPDP Act if personal data is involved.
I run a small website. Do I need to comply with data law?
If you collect or process digital personal data of users in India, yes. The DPDP Act applies broadly.
How quickly will the police act if I report cybercrime?
It depends on case complexity, evidence, and jurisdiction. But new systems (like e-Zero FIR) can aim to speed up high-value digital fraud cases.
