Introduction
In today’s digital age, the importance of cyberlaw cannot be overstated. As the use of technology and the internet has grown, so too has the need for laws that govern cyberspace. Cyberlaw, primarily focused on legal issues related to the internet, digital data, and online activities, plays a crucial role in maintaining order and protecting individuals and businesses from cybercrimes.
One of the most significant legal frameworks in this domain is the Information Technology Act, 2000 (IT Act), which aims to regulate electronic commerce, digital signatures, and cybercrimes in India. Section 70 of the IT Act stands out as a key provision, offering protection for critical information infrastructure and defining penalties for unauthorized access.
Understanding the role of cyberlaw and the IT Act is vital for ensuring the security and integrity of digital systems in an increasingly interconnected world.
What Is Section 70 Of IT Act, 2000?
Section 70 of the Information Technology (IT) Act, 2000 empowers the government to declare certain computer systems as Protected Systems. This step is crucial for securing Critical Information Infrastructure (CII). The declaration is made through an official notification in the Official Gazette.
CII refers to computer resources where damage, destruction, or compromise can severely impact national security, economy, public health, or safety. Protecting these systems is vital for national resilience.
Under Section 70(2), the government can authorize specific individuals to access protected systems via written orders. Unauthorized access, or even attempting to access these systems, is a serious offense.
Section 70(4) directs the Central Government to frame policies for security of such critical information. These practices are designed to protect declared systems from cyber threats. The goal is to boost the overall security and reliability of India’s critical digital infrastructure.
What Is Section 70A of the IT Act, 2000?
Section 70A of the Information Technology Act, 2000 mandates the creation of a dedicated national nodal agency to protect Critical Information Infrastructure (CII). The Central Government holds the power to appoint any government body for this role.
Once appointed, the agency must develop and enforce a robust CII protection framework. This includes launching Research and Development (R&D) initiatives to strengthen infrastructure resilience.
Authorities will prescribe how the agency carries out its duties. This ensures a uniform and standardized approach to safeguarding CII across all sectors.
What Is Section 70B of IT Act, 2000?
Section 70B of the Information Technology Act, 2000 defines the role of the Indian Computer Emergency Response Team (CERT-IN) as the national cybersecurity incident response agency. The Central Government officially appoints CERT-IN through a formal notification.
CERT-IN handles multiple key responsibilities. It collects, analyzes, and shares information on cyber incidents. This section issues forecasts and alerts about potential cybersecurity threats. It also coordinates emergency actions to tackle cyberattacks.
Additionally, CERT-IN provides guidelines, advisories, and vulnerability notes. These help organizations adopt strong and secure information security practices.
How The Census, NPR Declared ‘Protected Systems’ Under IT Act?
The Indian government has declared the Census and National Population Register (NPR) systems as “Protected Systems” under the IT Act, 2008.
On November 7, 2022, the Registrar General of India (RGI) issued a notification under Section 70 of the Act. It designates key Census and NPR computer resources as “Critical Information Infrastructure.”
This move covers all related websites, databases, and applications. These include the Census Monitoring & Management System (CMMS), Self Enumeration (SE) portal, Civil Registration System (CRS), and mobile apps for House Listing (HL) and Population Enumeration (PE).
It also applies to the NPR Updation system, Census and NPR databases, and the Civil Registration database. Data centers at Delhi, Bengaluru, and Lucknow are also protected.
Any unauthorized access or tampering with these systems will lead to strict penalties. Offenders face up to 10 years of imprisonment.
What Are The Penalties Under Section 70 of the Information Technology Act, 2000?
If someone gains unauthorized access to a protected system, they may face imprisonment for up to ten years.
In addition to jail time, the offender must also pay a fine. The Act does not mention a specific amount, so the court decides the fine based on the case.
This offense is both cognizable and non-bailable. Police can arrest the accused without a warrant. Also, bail is not granted as a right and depends on court discretion.
While other IT Act sections define fine limits, Section 70 focuses more on imprisonment and judicially decided penalties.
What Is The Definition of Critical Information Infrastructure (CII) Under Section 70 of the IT Act, 2000?
The explanation under Section 70 defines CII as computer resources whose failure or destruction can severely impact national security, the economy, public health, or safety.
India has identified several sectors and systems as Critical Information Infrastructure, including:
UIDAI’s Central Identities Data Repository (CIDR)
Email systems of the National Informatics Centre (NIC)
Banking networks – ICICI, HDFC, SBI, NPCI, PNB, Axis Bank, and others
Telecommunication infrastructure
Transportation networks, such as railways and metro systems
Power grid systems
Defense communication and operations
Mobile network frameworks
Water supply management systems
These infrastructures are vital to national functioning. Any disruption can lead to major risks, which is why they are declared protected under the IT Act.
Conclusion
Section 70 ensures legal safeguards for these assets, reinforcing cyber security at the national level. It serves as a legal shield for critical information infrastructure. By restricting access and imposing strict penalties for unauthorized use, the law ensures that vital systems remain secure and functional. As India advances digitally, the enforcement of this section remains pivotal in defending against cyber vulnerabilities and preserving national digital sovereignty.
