A Study Of Current Legal Framework On Cyber Law

“Cyber security is no longer just an IT issue, but the responsibility of every individual to ensure trust in this digital world.” 

– Stephane Nappo 

Cyber law includes the rules and regulations about computer technology the internet and digital communications. It deals with many things like data privacy , protection , rights , cybercrimes , online transactions etc. 

On the other hand cyber crime refers to illegal activities involve computer networks , the internet and computers data theft , harrasemnet , hacking and spreading malicious. 

The study includes various types of cybercrimes , also highlighting the challenges of cyber crimes , its jurisdiction, rapid technology and current scenarios in the society. This includes national cyber security , cybercrimes, laws and data protection and privacy regulations and international cooperation framework

KEYWORD-  Privacy, Protection, Cybercrime,  Data Theft, Hacking, Technology

Research Methodology 

This article concentrates on the histories of cybercrime as well as cyber laws in India. I have utilizes both the primary and secondary sources for data information. Primary sources include the Constitution, Acts, and regulations of India, while the secondary sources consist of articles, journals, commentaries, and books. In this research, I have adhered to the citation guidelines outlined in the Bluebook.

Introduction

Background of Cybercrime

The term ‘cybercrime’ is used in knowledge society of 21^st century, and is created by combining 2 terms which are ‘cyber’ and ‘crime’. It is continuously increasing cyber crimes not only into threaten the national security but also to pose a direct threat to the international security. The inventi0n of computers has human life easier, using from individual to the global level at every other organization. Cyber crime are digital and electronically crimes which is prevailing globally. As the time passes at the transactions have been done through e-commerce, e-governance etc. all the legal issues related to the internet crime are dealt under cyber laws. As the number of cyber crimes such as unauthorized access and hacking. As these attacks are increasing rapidly , on the 10^th  United Nations congress conference on the prevention of crime and treatment of offenders , in a workshop devoted to the issues of crimes related to cyber space , cyber crime was divided into 2 categories and defines thus : 

1. Cyber crime is a narrow sense – that is computer crime in which any illegal behavior done by the means of electronic operations that target the security of computer system. 
2. Cyber crime – a broader sense which is computer-related crime and illegal behavior committed by the means of any operating system or network, including such crimes as illegal possession or distributing information by the means of a computer system or network. 

According to the tactical aspect the attacks to digital network for the purpose is to seizing control or even destroying infrastructures that are vital to government and sectors area of crucial importance. 

According to the notion report which is frequency of cyber attacks on Indian assets, with the government and private infrastructure equally exaggerates. In July 2013 the government published national cyber security policy and just after that it was reported that government official’s email has been hacked. The NCSP is far away from answering all nuances of the cyber threat and crimes. It doesn’t maximize its potential for optimum benefits it just only provides guidelines for the standard operating procedure. The crucial point of security concern related to telecom industry which is fully integrated into cyberspace is missing. 

The Need for a Legal Framework in Cyberspace 

Cyber Crime is one of the emerging trends of crime which has the perspective to destroy each and every aspect of the life as it is easy to commit by anyone of the particular knowledge , but it’s really hard to detect and often hard to locate in jurisdiction terms.

There is utmost need for cyber security to protect the evolving ICT. The experts of  group should find and recommend suitable mix for solutions in critical ICT systems and supporting the governance structure of the nation. 

By understanding the treat of the cyber development capacity for offensive action in this cyber domain is sinc quo non. Nations , non-state actors, terrorist,  and individuals pace a challenge to growth which is increasing going to dependent on the cyber domain so there is need to identify technology in this regard. 

Any person who commits malicious act is called adversary. Adversary may be outsider and insider. Insider is the one who authorizes to sensitive operations and outsider is the one who harms the security on purpose. Cyber crime is a multi billion problem. 

Cyber security is one of the major concern in the government also in the private sectors around the world. This has made every other person insecure about the privacy of one’s identity. Cyber threat can be performed in the form of cyber attack, but can also be in result of ‘mistakes’ or even natural disasters which is unidentifiable. So there should be specific approach to that particular problem in the framework of cyber security. There are various challenges which needs to be addressed in cyberspace such as cyber security legal issue , cloud computing legal issues, mobile data law challenges, and social media a legal issue. 

Sussman and Heuston were the first to propose the term ‘cyber crime’ in the year 1995. Cybercrime can not be described as in single definition, it is best to be considered as a collection of acts and conducts. These acts are based on the material offences and object that affect the computer data or systems. The unusual characteristics of cybercrime are that the victims and the offender may never come in direct contact. Cybercriminals often opt to have the  operate from countries with nonexistent or weaker cybercrime laws in order to reduce the chances of detection and prosecution. 

Cyber crimes can also be committed without 0nes involvement in the cyber space, it is not necessary that the cyber criminal sh0uld remain present 0nline software privacy can be taken as an example.  

Advancement 0f technology lead to the rise 0f criminal activity and IT act, 2000 provides the ways to deal with the cyber crime. This model contains the  positive aspect from the prospective of e-commerce but it also doesn’t solves all the problems and issue overnight. 

Objectives of the Study

 Aim of the research are outlined as follows:  

1. To explore the global history of cybercrime.  

2. To analyze the definition of cybercrime and the related cyber laws in India.  

3. To emphasizes the effects of cybercrime on both national and international security.  

4. To examine how cybercrime infringes upon the confidentiality and privacy relevant to National Security.  

Scope of Study 

In this research paper, I have aimed to concentrate on cyber-crime, its various forms, the IT Act, 2000 of India, and conduct comparative analysis with other nations. This article may reference additional laws, rules, or regulations from different countries, but it will not explore them in depth. It will include several cases from India, but there will be no specified time frame for these cases.

Evolution of Cyber Law and International Frameworks

Early Developments in Cyber Law

History of Cybercrime

The first cybercrime was recorded in the year 1920, the primeval type of computer was in Japan , China and India since 3500 b.c. but Charles Babbage’s with his  analytical engine considered as the time of present days computer. In the year 1820, In France a textile manufacturer named j0seph-marie jacquard created the loom. The device allowed a series of steps that was continual within the weaving of special fabrics or materials. This resulted in the exceeding concern among the jacquard’s workers that their livelihoods as well as their traditi0nal employment were being threatened , and prefered to sabotage so that the he gets discourages jacquard so that the new technology cannot be utilized in the future. 

The CyberCrime evolved from morris worm to the ransom ware, many countries including india are working to stop such crimes or attacks , but the attacks were continuously changing and affecting the nation. 

Table for evolution of cyber crime

Year	Types of Attacks
1997	Cyber Crimes and viruses initiated , that includes morris code worm and other.
2004	Malicious code, torjan , Advanced worm etc.
2007	Identifying thieves , phishing etc.
2010	DNS attacks , rise of bonet, SQL attacks etc.
2013	Social engineering , DOS attack , bonnets , malicious emails ransom ware attack etc.
Present	Bank malware , key loggers, bit coin wallets, phone hijacking android hack cyber warfare etc.

In 20^th centaury introduces new requisite and offenses to the law glossary. Legal provisions should provides assertion t0 the users, enforcement agencies and to the criminals , As NIT is very important t0 understand that computer cannot commit a crime unless like act of people. It is the human being not the machine, who abuse demolish , by realizing the needs t0 combat with the cyber violations , the UNICITERAL  ie the united nations commission on international trade law adopted the model law of electronic commerce in 1996. I discharge of its responsibility , government of infia also accepted the need to legislation and has approach with the new legislation IT act, 2000. The major act , which g0t amended after enactment information technology act are Indian penal code prior  to the enactment of a IT act , the electronic records and documents were recognized. 

The act essentially deals with the following issues – 

• Legal identification 0f electronic document 
• Legal identification 0f digital signatures 
• 0ffenses and contraventions justice 
• Dispensati0n system for cyber crimes. 

The IT act 2000 attempt to change the outdated laws and provides way to deal with the cyber crimes as in form of the prospective of e-commerce in India. IT act 2000 contains many other positive aspects like companies shallow be able to carry out e commerce using legal infrastructure for the authentication and origin of electronic communication through digital signatures. But it is considered to be the ambiguous law in the area of jurisdiction in the context of the internet. The term cybercrime at any point even after the amendment by the IT act amendment 2008, there is need to push the cyber laws. 

Various Issues Under Cyber Law Enforcement 

Issues That Are Related With Law

Territorial jurisdicti0n is not satisfactory in the IT act as jurisdiction has been menti0ned in sec 46, 48, 57 and 61 in c0ntext of adjudication process and the appellate procedure connected with and again in sec 80 and a part of the public 0fficer power to enter , search a public place for a cybercrime etc. since the cyber crime are basically computer based crimes and therefore if the mail of someone is hacking and is sitting at one place by accused sitting on another place far in any another state , which is difficult for police any other authority to recognize and investigate due t0 the jurisdictional issues 

Experts are not knowledgeable ,  but also to be provided with the technical hardware and software so that they can be efficiently fight the cyber crime. 

Law enforcement officers are lacking of tools as the old laws are not capable enough for the crimes being committed in the current scenarios, new laws hadn’t quite caught up to what was happening . There is back log of cooperation between the law enforcement agencies and computer professionals.

The Indian penal Code doesn’t reveal any term ‘cyber crime’ at any point even after the IT act 2008.

Unlike of the other statutes , police are passed by the Indian legislation which are not enforceable or binding but also merely to provide the guidelines for a standard operating procedure. In this regard NCSP doesn’t maximize its potential for optimum benefit. 

Issues Which Are Related With The Technology 

New technologies like cloud computing is one of the big concerns of cyber threat as for the purpose of e-governance and storing data cloud computing is used by most of the users . The measure taken are not successful to face challenge and the  risk of cloud computing are like: 

1. Risk 0f inappropriate access to the  personal and confidential information of any user 
2. Risk of compromising of confidential information and intellectual property 
3. Appropriate privacy and security measures need to be in the apporopriate place. 

Another emerging trend in the technology, which is highly in use, is big data has to be the critical security and privacy issues. From point of business many words were carried out focusing on business, applications and information processed from big data. It is now  facing many challenges, such as efficient encrypted information retrieval, reliability and integrity of big datas . 

The Role of International Organizations 

According to the international law c0mmission , an international organization is defined as an “0rganization established by  treaty or any other instrument governed by international law and possessing its 0wn international legal personality. “ The members are comprise of various states , but also the other entities may also be a part of that . Majorly international organization plays a vital role in global functioning including the united nations UN , the world health organization WHO , the north Atlantic treaty organization, NATO etc. 

In the simple words , a cybercrime may be stated as the criminal activity involving  computer and the network with these tools being a means or a target. Definition of cybercrime involves an “ act of violation of laws” , which is perpetrating in using information and communication technology to either target networks , systems , data , website and technology or facilitate a crime including almost all features covered in the most definitions. 

The following are few of  major distinguishing features of cybercrimes :

• Involve digital technology – cybercrime inevitably involve some form of digital technology, ranging from the smart phone or desktop computer or encrypted data or secure networks. 
• Borderless – they are not limited by any border , an attackers may target an unknowing the victim next door or in any  another continent. 
• Lack of physical evidence – unlike traditional crimes , cybercrimes do not involve the usual crime scene . the crime may even go undetected for a significant period of time . 
• Negative impact – a one time cybercrime can also result in serve long term damage to any extended section or even entire countries. 

Here are five key points regarding role of international organizations in the fight against cybercrimes:

1. Policy Creation and Legal Structures – Entities like the UN, INTERPOL, and the Council of Europe play a vital role in establishing global legal frameworks, such as the Budapest Convention on Cyber crime , to create uniform laws and enhance cooperation among countries.

2. International Law Enforcement Collaboration – Cybercrimes frequently span various jurisdictions. Organizations like INTERPOL and Europol aid in synchronizing efforts among law enforcement agency globally to effectively investigate and prosecute cyber offenders.

3. Skills Development and Education – Organization such as the International Telecommunications Union (ITU) and the World Economic Forum offer training programs, workshops, and resources to empower nation in boosting their cyber security capabilities.

4. Sharing Cyber Threat Intelligence – Groups like the Global Forum on Cyber Expertise (GFCE) and the Cybercrime Convention Committee (T-CY) promote immediate information sharing, enabling nations to remain proactive against emerging cyber threats.

5. Collaborative Efforts with the Private Sector – International organizations collaborate with technology firms, financial institutions, and cyber security companies to create innovative solutions, exchange intelligence, and develop strategies for global cybercrime prevention.

Comparative Analysis of Cyber Law Approaches in Different Jurisdictions 

The 21st century has experienced significant rise of the use of technology and internet, giving rise to the “Cyber Revolution.” The importance of this cyber revolution in the contemporary world is immense. That include a broad array of elements that affect individuals, communities, economies, and governments. A Cyber revolutions promotes the growth and implementation 0f new technologies such as Artificial Intelligences and Block chain technologies. These innovations have the capacity to transform industries, enhance efficiency, and stimulate progress across different sectors. The cyber revolutions has significantly influencing  world, and it is repercussions will continue to be felt for many of years ahead. It has created new avenues for innovation and collaboration, yet it has also introduced new challenges and risk the society should confront.

Addressing Cyberterrorism Through Legislation

I. EUR0PEAN UNI0N

Countries within the European Union (EU) have established their National Laws to tackle cyber terr0rism. For instance, during its membership in the EU, the United Kingdom had its own legal framework. The Convention on Cybercrime, referred to as the Budapest Convention, is an international agreement that targets various types of cybercrime, including cyber terrorism. Established in 2001 by the Council of Europe, the Convention on Cybercrime became the first global treaty addressing offenses related to the Internet and computer systems, coming into effect in July 200425. The goal of treaty was to “Harmonize National law” and facilitate cooperation among law enforcement to align their efforts.26 It primarily targeted some of the most prevalent and concerning Internet offenses, such as copyright violations, frauds, child exploitation, hate crime, and the financial crimes. Most EU member states have signed the treaty, which offers a framework for collaborative efforts in the investigation and prosecution of cybercrimes. The European Union Council has developed a detailed strategy aimed at preventing, protecting against, pursuing, and responding to acts of cyber terrorism. Currently, beside the Hague Programme, community policy and the effective Internet surveillance are also emphasized as the part of a cohesive strategy.

II. UNITED STATES OF AMERICA  

In 1990, the national academy of Sciences issued a report on computer security, declaring that America is in danger. As reliance on computers continues to grow, a future terrorist may inflict more harm using the keyb0ard than a bomb. The phrase “electronic Pearl Harbor” emerged around the same time, associating the potential for a computer attack with a significant and tragic moment in American history. One might argue that while bin Laden may be actively engaged in terrorism, future generations could be wielding a computer mouse, as suggested by a widely cited statement from the 0ffice of Homeland Security. It is conceivable that future terrorists may find cyber terrorism to be more effective than current terrorist methods. Moreover, the next wave of terrorists is being shaped in a digital landscape where hacking to0ls are likely t0 evolve in power, ease of use, and availability. For example, a terrorist group could set off bomb at a train station while simultaneously executing cyber attack on the communications infrastructure, thereby intensifying the impact of the event. If the systems are not secured with utmost diligence in the most advanced country in the world, it may soon become as easy to the inflict physical harm online as it is to breach a website today.

III. INDIA  

In India, the approach to cyber terrorism falls under the Information Technology (IT) Act of 2000, which was revised in 2oo8. There is no dedicated legislation specifically targeting cyber terrorism in India. Section 66F was introduced as part of the 2oo8 amendment to the IT Act of 2ooo to specifically tackle cyber terrorism. These law and regulations work alongside existing legal frameworks found in both general law and laws pertaining to terrorism. The sole provision that addresses actions intended to threaten India’s unity, integrity, security, or sovereignty, as well as those that encourage terrorism through various means such as denial-of-service (D0S) attack , the introduction of malicious software, unauthorized access to computer systems, and the theft of sensitive information or any data that could endanger India’s sovereignty or integrity, security, and friendly relation. The IT Act characterizes cyber terrorism as any terrorist act conducted through a computer resource or a communication device.  

Under the I T Act, engaging in cyber terrorism is considered criminal offense, with penalties that can include imprisonment for  life and fines. The Act also establishes a Cyber appellate Tribunal, which is authorized to hear appeals against any decision made by the adjudicating officer under the legislation. The Act als0 contains provisions relating t0 unauthorized access to a computer system, hacking, and the dissemination of offensive or menacing messages through communication devices. These offenses are punishable including  imprisonment for a term of up to 3 years, along with fines. 

Onto the international cooperation and collaboration among nations in sharing information, intelligence, and joint efforts to combat cyber terrorism is the need of the hour. Cyber terrorism is often transnational in nature, and cross-border collaborations is crucial in addressing the global threat. Every country is preparing for the digital age and the widespread adoption of IT technology. The risk is that once virus programs are sold in the open market, they can be purchased and used by hackers anywhere in the world. This is because it is getting easier to conceal one’s identity online. Concluding, combating cyber terrorism by the state requires a multi-layered and proactive approach that involves strong cyber security measures, effectively information sharing, capacity building, international cooperati0n, legal and regulatory framework, public-private partnership, incident response planning, cyber awareness and education, offensive cyber operations, and continuous monitoring and the adaptation. Implementing these strategies collectively can significantly enhance a state’s ability to detect, prevent, and respond to cyber  terrorism effectively. 

Legal Framework in India

1. Copyright (Amendment) Act, 2012:
   • Aligned India’s laws with international treaties like the WIPO Copyright Treaty (1996), extending protection to digital works.
   • Introduced penalties for digital infringement and clarified liabilities for internet service providers (ISPs)
2. Judicial Precedents:
   In UTV Software Communication Ltd v. 1337x, Indian courts ruled that online infringement holds the same legal weight as physical violations, reinforcing digital copyright enforcement.
3. Rights Management:
   • Technological Protection Measures (TPMs): Tools like encryption to prevent unauthorized access.
   • Rights Management Information (RMI): Metadata identifying creators and usage terms, protected under law.

Challenges in Enforcing IP Laws in the Digital Age

• Cross-Border Issues: Cybercrimes often span multiple countries, making enforcement difficult.
• Evolving Technologies: Emerging technologies like blockchain and AI create new IP challenges.
• Intermediary Compliance: Ensuring global platforms comply with Indian IP laws is complex.
• Lack of Awareness: Many businesses and legal professionals are unaware of how the IT Act can help protect IP.

A. Google LLC v. CNIL (2019)

In this landmark case, the Court of Justice of the European Union (CJEU) addressed the scope of the “right to be forgotten.” The French data protection authority (CNIL) had ordered Google to delist personal information not only within the EU but also globally. However, the CJEU ruled that Google is not required to apply the right to be forgotten worldwide, limiting the reach of European law and recognizing jurisdictional boundaries in online content regulation.

B. British Airways Data Breach (2018)

One of the first major GDPR enforcement cases, British Airways was fined £20 million by the UK Information Commissioner’s Office (ICO) after the personal data of over 400,000 customers was compromised due to inadequate security measures. The decision emphasized the need for robust cybersecurity frameworks and rapid response to vulnerabilities.

C. Facebook (Meta) v. Bundeskartellamt (2020)

This German case dealt with Facebook’s collection of user data across multiple services and third-party sites. The Federal Cartel Office ruled that Facebook’s data aggregation practices violated data protection laws and amounted to exploitative abuse of a dominant market position. The ruling reflected the intersection of competition law and data privacy.

D. Amazon Europe Core S.a.r.l (2021)

Luxembourg’s data protection authority fined Amazon €746 million for processing personal data in violation of GDPR, particularly with regard to advertising targeting without valid consent. This case underscored the significance of consent management in digital advertising and data-driven business models.

In an era increasingly defined by digital connectivity and technological innovation, the legal landscape must continuously evolve to address novel challenges posed by cyberspace. This research has explored critical dimensions of cyber law, including online defamation, data protection, intermediary liability, jurisdictional complexities, and landmark case laws. It has become evident that while significant strides have been made in regulating online conduct and protecting digital rights, substantial gaps and inconsistencies remain within national and international cyber legal frameworks.

The complexity and technical nature of cyber cases often result in prolonged litigation. Key reforms include:

• Establishment of dedicated cyber benches or e-courts for expedited handling.
• Continuous training for judges on emerging digital legal issues.
• Use of digital evidence management systems to streamline proceedings and improve evidentiary standards.

As cyber threats become more sophisticated and digital environments more complex, a resilient, adaptive, and collaborative legal framework is essential. Strengthening cyber law is not solely a legislative task—it requires a multi-stakeholder approach involving governments, tech companies, civil society, and the public. Proactive regulation, informed policymaking, and technological foresight will ensure that cyber laws remain effective, just, and future-ready.

Bibliography 

1. Information Technology Act, 2000
   Government of India. Available at: https://www.meity.gov.in
2. Indian Penal Code, 1860
   Sections related to cybercrimes (e.g., Sections 66, 67, 420, 463, 468, and 469). Available at: https://legislative.gov.in
3. Syed Asifuddin and Others v. State of Andhra Pradesh, 2005 (Criminal Appeal No. 252 of 2004).
   Andhra Pradesh High Court.
4. Bhim Sen Garg v. State of Rajasthan, 2006.
   Rajasthan High Court. Available on Indian Kanoon: https://indiankanoon.org
5. Google Inc. v. Visakha Industries and Others, 2014.
   Supreme Court of India judgment on intermediary liability.
6. Ritu Kohli Case, 2001.
   First reported cyberstalking case in India, Delhi Police.
7. The Cyber Express – “Top 10 Data Breaches in India”
   Available at: https://www.thecyberexpress.com
8. STL Digital – “10 Biggest Cybersecurity Attacks in Indian History”
   Available at: https://www.stldigital.tech
9. NDTV News – https://www.ndtv.com/topic/cyber-crime-in-india

---

About Author

Reeta Sharma is a 5th year law student at AMITY UNIVERSITY, NOIDA , UTTARPRADESH.