LEGAL ASPECTS of E-BUSINESS THE INFORMATION TECHNOLOGY ACT, 2000 (Cyber Law) Preliminary This Law passed by the

Central Government, recognizes the transactions carried out by means of electronic data inter-change and other means of electronic communication, commonly known as electronic commerce. It provides for electronic filing of documents, and provides for recognition and punishment for certain Crimes (as defined by this law). This law is called the Information Technology Act, 2000. (Sec. 1). This law extends to the whole of India and in certain cases; it applies to any offence or contravention there under committed outside India by any person. (Sec. 2). This law has come into force from 17 October, 2000. (Sec. 3) This law does not apply to: 1) A negotiable Instrument (Cheque, Bill of Exchange etc) 2) A power of attorney. 3) A Trust as defined by Indian Trusts Act, 1882. 4) A will. 5) A contract for the sale or conveyance of immovable property or any interest in such property. Definitions: (Sec. 2): Access: Means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Asymmetric Crypto System: Means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. Certifying Authority: means a person who has been granted a license to issue a Digital Signature Certificate under sec. 24. Computer: means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network. Computer Network: means the interconnection of one or more computers through: (a) the use of satellite, microwave, terrestrial line or other communication media, and (b) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained. Computer Resource: means computer, computer system, computer network, data, computer database or software. Computer System: means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. Cyber Appellate Tribunal: means the Cyber Regulations Appellate Tribunal established under sec. 48. Data: means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is

Page | 1

being processed or has been processed in a computer system or computer network, and may be in any form (including computer punched tapes) or stored internally in the memory of the computer. Digital Signature: means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. Electronic Form: with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer generated microfiche or similar device. Electronic Record: means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. Function: in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer. Information: includes data, text, images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated micro fiche. Intermediary: with respect to any particular electronic message means any person who on behalf of another person receives stores or transmits that message or provides any service with respect to that message. Key Pair: in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key. Law: includes any Act of parliament or of a state legislature, ordinances promulgated by the president or a governor, as the case may be. Originator: means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary. Private Key: means the key of a key pair used to create a digital signature. Public Key: means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate. Secure System: means computer hardware, software and procedure that (a) are reasonably secure from unauthorized access and misuse. (b) Provide a reasonable level of reliability and correct operation. (c) Are reasonably suited to performing the intended functions. And (d) adhere to generally accepted security procedures. Security Procedure: means the security procedure prescribed under Sec. 16 by the central government. Subscriber: means a person in whose name the digital signature certificate is issued. Verify: in relation to a digital signature, electronic record or public key, with its grammatical variations means to determine whether : (a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber. (b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Page | 2

Digital Signature Any subscriber can authenticate an electronic record by affixing his digital signature. (Sec. 3). Electronic Governance Where, by any law it is required that information or any other matter shall be in writing or in the written or printed form, it is permitted when the matter is (a) rendered or made available in an electronic form, and (b) accessible so as to be usable for a subsequent reference. (Sec. 4). Where any law provides that information or any other matter shall be authenticated by affixing the signature or any other document shall be signed or bear the signature of any person then, the affixing of digital signature as prescribed by the central government is a valid signature. (Sec. 5). Where any law provides for : (a) the filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government, (b) the issue or grant of any license, permit, sanction or approval by whatever name called in a particular manner, (c) the receipt or payment of money in a particular manner, then, such filing, issue, etc. by means of an electronic form is permissible. (Sec. 6). Where, any law provides that the documents, records or information shall be retained for any specific period, then this requirement is satisfied if : (a) the information contained remains accessible for a future reference. (b) the electronic record is retained in the format in which it was originally generated. (c) it will be easy to facilitate its identification in future. (Sec. 7). Government official Gazette can be published in electronic form. (Sec. 8). The central government can make rules in respect of Digital Signature. (Sec. 10). Attribution, Acknowledgement and Despatch of Electronic Records The electronic record should be attributed to the Originator. (Sec. 11). Where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement may be given by : (a) any communication by the addressee, automated or otherwise, or (b) any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received. (Sec. 12). The dispatch of an electronic record occurs when it enters a computer resource outside the control of the originator. For the purpose of this section, (a) if the originator or the addressee has more than one place of business, the principal place of business, shall be the place of business. (b) if the originator or the addressee does not have a place of business, his usual place of residence shall be deemed to be the place of business. (c) Usual place of residence, in relation to a body corporate, means the place where it is registered. (Sec. 13). Secure Electronic Records and Secure Digital Signatures When security procedure is agreed to by the parties, digital signature can be verified And if it was (a) unique to the subscriber affixing it (b) capable of identifying such subscriber (c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record, then such digital signature shall be deemed to be a secure digital signature.(Sec. 15). The central government can prescribe the security procedure, including: (a) the nature of the transaction (b) the level of sophistication of the parties with reference to their technological capacity (c) the volume of similar transactions engaged in by other parties (d) the availability of alternatives offered to but rejected by any party (e) the cost of alternative procedures (f) the procedures in general use for similar types of transactions or communications. (Sec. 16). Regulation of Certifying Authorities

Page | 3

The Central Government appoints a controller of Certifying authorities; there will be Deputy and Assistant Controllers as required. (Sec. 17). Functions of Controller: Following are the functions of the Controller: (a) exercising supervision over the activities of the certifying authorities (b) certifying public Keys of the Certifying Authorities (c) laying down the standards to be maintained by the certifying authorities (d) specifying the qualifications and experience which the employees of the certifying authorities should possess (e) specifying the conditions subject to which the certifying authorities shall conduct their business (f) specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key (g) specifying the form and content of a Digital Signature Certificate and the key (h) specifying the form and manner in which accounts shall be maintained by certifying authorities (i) specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them (j) facilitating the establishment of any electronic system by the certifying authority.(k) specifying the manner in which the certifying authorities shall conduct their dealings with the subscribers (l) resolving any conflict of interests between the certifying authorities and the subscribers (m) laying down the duties of certifying authorities (n) maintaining a data base containing the disclosure record of every certifying authority containing such particulars as may be specified by regulations.(Sec. 18). The central government may recognize foreign certifying authorities. (Sec. 19). The controller shall be the repository of all Digital Signature Certificates issued under this Act. The controller shall : (a) make use of hardware, software and procedures that are secure from intrusion and misuse (b) observe such other standards as may be prescribed by the central government. (Sec. 20). Any person may make an application to the Controller, for a license to issue Digital Signature Certificates. A license shall: (a) be valid for such period as may be prescribed by the central government (b) not to be transferable or heritable (c) be subject to such terms and conditions as may be specified by the regulations. (Sec. 21). An application for issue of a license shall be in such a form as may be prescribed by the central government. The application shall be accompanied by: (a) a certification practice statement (b) a statement including the procedures with respect to identification of the applicant (c) payment of the fees prescribed (d) other documents which may be prescribed. (Sec. 22). Application for renewal of the license should be made before 45 days of the expiry of existing license. (Sec. 23). The controller may grant or reject the application for license, after giving reasonable opportunity to the applicant for presenting his case. (Sec. 24). If it is found that the certifying authority has : (a) made a false statement in relation to issue or renewal of a license. (b) failed to comply with the terms and conditions subject to which the license was granted. (c) failed to maintain the standards specified. (d) contravened the provisions of this Act or other regulations., the license can be revoked. (Sec. 25). Notice of suspension or revocation of license should be available through a web site which shall be accessible round the clock. (Sec. 26). The controlle may delegate his powers to the Deputy Controller or Assistant Controller. (Sec. 27). The Controller or any officer authorized by him can investigate any contraventions of the provisions of this Act. He has similar powers like Income Tax authorities under the Income Tax Act, 1961. (Sec. 28). For the purpose of search to be made, the controller and other authorized officers will have easy access to the computers and data. (Sec. 29). Every certifying authority will have to follow certain procedures. (Sec. 30). Every certifying authority will disclose the useful information easily accessible. (Sec. 34).

Page | 4

Digital Signature Certificates The certifying authority will issue the Digital Signature Certificate after receipt of the application and due inquiry. The authority will have to check as to : that the applicant holds the private key corresponding to the public key to be listed in the Digital Signature Certificate. (Sec. 35). A certifying authority while issuing Digital Signature Certificate shall certify that : (a) it has complied with the provisions of this Act, and other rules & regulations. (b) it has published the digital signature certificate to such person relying on it and the subscriber has accepted it. (c) the subscriber holds the private key corresponding to the public key, listed in the DSC. (d) the subscribers public key and private key constitute a functioning key pair. (e) the information contained in DSC is accurate. And (f) there are no material misstatements.(Sec. 36). The certifying authority can suspend the certificate on request of the subscriber or in public interest. (Sec. 37). A certifying authority can revoke the DSC when the subscriber makes such request, on death of the subscriber, on the dissolution of the firm or winding up of the company, where the subscriber is a firm or a company. The certifying authority may revoke the certificate, if it is of the opinion that : (a) a material fact represented in the DSC is false or has been concealed. (b) a request for issuance of the DSC was not satisfied. (c) the certifying authoritys private key or security system was compromised in a manner materially affecting the DSC reliability. (d) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a company, which has been dissolved, wound up or otherwise ceased to exist. (Sec. 38). Duties of Subscribers The subscriber should generate the pair of private key and public key. (Sec. 40). The subscriber of DSC is supposed to know the contents and correctness of the Digital Signature Certificates, which he publishes or authorize the publication of the same. (Sec.41). The subscriber is supposed to exercise due care and control over the private key. (Sec. 42). Penalties and Adjudication If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network : (a) accesses or secures access to such computer, computer system or computer network. (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium. (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network. (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network. (e) disrupts or causes disruption of any computer, computer system or computer network. (f) denies or causes denial of access to any person authorized to access any computer, computer system or computer network by any means. (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under. (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network. WILL be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.(Sec. 43). As per this Act, when any person is required to furnish any document, report or return to the controller or certifying authority, and if he fails to do so, is liable to pay per day penalty of Rs. Ten thousand. (Sec. 44). For any other contravention, the penalty shall be not exceeding Rs. Twenty five thousand. (Sec. 45). The Central Government has the power to inquire and adjudicate for any contraventions of the provisions of this Act. For this purpose, it may appoint any person not below the rank of a Director to the Government of India or any Officer of a State Government, and having requisite qualifications and

Page | 5

experience. The adjudicating officer shall have the powers of a civil court which are conferred on the Cyber Law Appellate Tribunal, and : (a) all proceedings before it shall be deemed to be judicial proceedings within the meaning of Section 193 and 228 of Indian Penal Code, 1860. (b) shall be deemed to be a civil court for the purpose of sections 345 and 346 of the Code of Criminal Procedure, 1973. (Sec. 46). While adjudicating the quantum of compensation under this chapter, the adjudicating officer shall have due regard to the following factors, namely : (a) the amount of gain of unfair advantage, whoever quantifiable, made as a result of the default. (b) the amount of loss caused to any person as a result of the default. (c) the repetitive nature of the default. (Sec. 47). The Cyber Regulations Appellate Tribunal The Central Government shall establish one or more appellate tribunals to be known as Cyber Regulations Appellate Tribunal. It will also specify the matters and places in relation to which the Cyber Law Appellate Tribunal may exercise jurisdiction. (Sec. 48). A person shall not be qualified for appointment as the presiding officer of CRAT unless he : (a) is, or has been, or is qualified to be, a judge of a High Court, or (b) is or has been a member of the Indian Legal Service and is holding or has held a post in GRADE I of that service for at least three years. (Sec. 50). The term of office of the presiding officer will be five years (till he/she attains the age of 65 years). (Sec. 51). Cyber Regulations Appellate Tribunal will have requisite officers/staff who will discharge their functions under general superintendence of the presiding officer. (Sec. 56). Any person aggrieved by an order made by controller or an adjudicating officer under this Act may prefer an appeal to a CRAT having jurisdiction in the matter. When the order is passed by adjudicating officer with the consent of both the parties, no appeal will be allowed. The appeal should be filed within 45 days from the receipt of the order. After hearing the parties, the CRAT will pass relevant appellate order. (Sec. 57). The CRAT will not be bound by procedures laid down by the Code of Civil Procedure, 1908. It will have its own procedures. For the purpose of discharging its duties, CRAT will have all the powers of a civil court as provided in CPC, 1908, namely : (a) summoning and enforcing the attendance of any person and examining him on oath. (b) requiring the discovery and production of documents or other electronic records. (c) receiving evidence on affidavits. (d) issuing commissions for the examination of witnesses or documents. (e) reviewing its decisions. (f) dismissing an application for default or deciding it ex parte. (g) any other matter which may be prescribed. Every proceeding before CRAT shall be deemed to be a judicial proceeding as per Sec. 193, 196 and 228 of Indian Penal Code, 1860., and CRAT is considered to be a civil court for the purpose of Sec. 195 of Cr.P.C., 1973. (Sec. 58). The appellant may either appear in person or authorize one or more legal practitioners to present his case before the CRAT. (Sec. 59). For appeals, the provisions of Limitation Act, 1963 will apply. (Sec.60). The Civil Courts will not have jurisdiction to entertain any matter or appeal under this Act. The adjudicating officer and Cyber Regulation Appellate Tribunal only will have the relevant jurisdiction. Civil Courts are also not empowered to grant any injunction for cyber law matters. (Sec. 61) Against the order of CRAT, an aggrieved party can file in an appeal in the High court, within sixty days. (Sec. 62). Any contravention under this chapter can be compounded by the Controller or other Officer appointed by the government. However, when any contravention is committed again within three years of earlier contravention, no compounding is permitted. (Sec. 63).

Page | 6

When any penalty is imposed under this Act, if it is not paid, it can be recovered as arrears of Land Revenue. The license granted for Digital Signature Certificate will be suspended till the penalty is paid. (Sec. 64). Offences Tampering with computer source documents : Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. (Sec. 65). Hacking with Computer System : Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. Whoever commits hacking is punishable with imprisonment up to three years, or with fine which may extend up to two lakhs rupees, or with both. (Sec. 66). Publishing of information which is obscene in electronic form : Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to be prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punishable on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees. (Sec. 67). The Controller may issue suitable directions for compliance of the provisions of this Act. Whoever does not follow these directions is punishable with imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or with both. (Sec. 68). If the Controller is satisfied that it is necessary or expedient so to do in the interest of sovereignty or integrity of India, the security of the state, public order, preventing any commission of any cognizable offence, may direct any agency of the Government to intercept any information transmitted through any computer resource. If any agency does not obey such orders, may be punishable with imprisonment which may extend to seven years. (Sec. 69). The appropriate government may declare that any computer, computer system or computer network to be a protected system. Anybody not obeying this direction may be punished with imprisonment of any description (simple or regirous) for a term which may extend to ten years and shall also be liable to fine. (Sec. 70). Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punishable with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. (Sec. 71). When any person has access with permission to any electronic record, book, register, correspondence, information, document or other material and if he/she breaks the confidentiality and privacy, may be punished with imprisonment which may extend to two years, or with fine which may extend to one lakh rupees, or with both. (Sec. 72). No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that : (a) the Certifying Authority listed in the certificate has not issued it, or (b) the subscriber listed in the certificate has not accepted it, or (c) the certificate has been revoked or suspended, (unless for verification purpose ). Any person contravening the provision can be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. (Sec. 73).

Page | 7

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent purpose, is punishable with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. (Sec. 74). The provisions of this Act will apply also to any offence or contravention committed outside India by any person irrespective of his nationality, if it involves a computer, computer system or computer network located in India. (Sec. 75). Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provisions of this Act, rules, orders or regulations made there under has been or is being contravened, shall be liable to confiscation. However, If the court is of the opinion that any person is not responsible for such matters, it can pass suitable orders. (Sec. 76). No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other alw for the time being in force. (Sec. 77). A police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act. (Sec. 78). Network service providers not to be liable in certain cases No person providing any service as a network service provider shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without the knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. (Sec. 79). Miscellaneous Any Police Officer not below the rank of a Deputy Superintendent of Police, or any officer of the central government or a state government authorized by the central government in this behalf may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act. When any such person is arrested, he should be presented before a magistrate having jurisdiction in the case, or before an officer-in-charge of a police station, without unnecessary delay. (Sec. 80). The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. (Sec. 81). The controller, deputy controller and assistant controllers are public servants within the meaning of Sec. 21 of the Indian Penal Code, 1860. (Sec. 82). The Central Government may give directions to any state government as to the carrying into execution in the state of any of the provisions of this Act or of any rule, regulation or order made there under. (Sec. 83). The Controller, officer of CRAT or any staff member with reference to this Act, will not be prosecuted (victimized) for any official action taken by them. (Sec.84). Where a Company commits contravention of any provisions of this Act, or rule or direction or order made there under, the company as well as the officer in charge, director, manager, secretary will be held guilty and punishable accordingly. Where any contravention is made with the consent of the director or manager of the company, they will be held liable and punishable accordingly. (Sec. 85). The central government is empowered to make any rules to carry out the provisions of this Act. The rules will be published in the official gazette or the Electronic Gazette, for the matters like : (a) the manner in which any information or matter may be authenticated by means of digital signature under Sec. 5. (b) the electronic form in which filling, issue, grant or payment shall be effected under Sec. 6(1). (c) the manner and format in which electronic records shall be filed, or issued and the method of payment under Sec. 6(2). (d) the matters relating to the type of digital signature, manner and format in which it may be affixed under Sec. 10. (e) the security procedure for the purpose of creating secure

Page | 8

electronic record and secure digital signature under Sec. 16. (f) the qualifications, experience and terms and conditions of service of controller, deputy controllers and assistant controllers under Sec. 17. (g) other standards to be observed by the controller under Sec. 20 (2-b). (h) the requirements which an applicant must fulfil under Sec. 21(2). (i) the period of validity of license granted under Sec. 21 (3-a). (j) the form in which an application for license may be made under Sec. 22 (1). (k) the amount of fees payable under Sec. 22 (2-c). (l) such other documents which shall accompany an application for license under Sec. 22 (2-d). (m) the form and the fee for renewal of a license and the fee payable thereof under Sec. 23. (n) the amount of late fee payable under the proviso to Sec. 23. (o) the form in which application for issue of a digital signature certificate may be made under Sec. 35 (1). (p) the fee to be paid to Certifying Authority for issue of a digital signature certificate under Sec. 35(2). (q) the manner in which the adjudicating officer shall hold inquiry under Sec. 46(1). [r] the qualification and experience which the adjudicating officer shall possess under Sec. 46(2). (s) the salary, allowances and the other terms and conditions of service of the Presiding Officer under Sec. 52. (t) the procedure for investigation of misbehavior or incapacity of the Presiding Officer under Sec. 54(3). (u) the salary and allowances and other conditions of service of other officers and employees under Sec. 56(3). (v) the form in which appeal may be filed and the fee thereof under Sec. 58(2-g). (w) any other power of a civil court required to be prescribed under Sec. 58 (2-g). (x) any other matter which is required to be, or may be prescribed. (Sec. 87). The Central Government shall constitute a Committee called Cyber Regulations Advisory Committee. The Chairperson and the other members shall have special knowledge of the subject matter as the central government may deem fit. The CRAC shall advice : (a) the central government either generally as regards any rules or for any other purpose connected with this Act. (b) the Controller in framing the regulations under this Act. (Sec. 88). The Controller may after consulting the Central Government and Cyber Regulations Advisory Committee, make relevant rules and regulations to carry out the purposes of this Act. The rules may relate to the matters like : (a) the particulars relating to maintenance of data base containing the disclosure record of every Certifying Authority under Sec. 18(m). (b) the conditions and restrictions subject to which the Controller may recognize any foreign Certifying Authority under Sec. 19 (1). (c) the terms and conditions subject to which a license may be granted under Sec. 21 (3-c). (d) other standards to be observed by a certifying authority under Sec. 30 (d). (e) the manner in which the certifying authority shall disclose the matters specified in Sec. 34(1). The particulars of statement which shall accompany an application under Sec. 35(3). (g) the manner by which the subscriber communicate the compromise of private key to the Certifying Authority under Sec. 42(2). All such regulations so made are to be presented in both the houses of the Parliament. (Sec. 89). The State Governments are authorized to make rules to carry out the purposes of this Act. Particularly, relating to : (a) the electronic form in which filing, issue, grant, receipt or payment shall be effected under Sec. 6(1). (b) for matters specified in Sec. 6(2). (c) any other matter which is required to be provided by rules by State Government. Every such regulations should be presented before the House of State Legislature. (Sec. 90). Amendment Amendment Amendment Amendment of of of of Indian Penal Code, 1860. (Sec. 91). (The First Schedule.) Indian Evidence Act, 1872. (Sec. 92).(The Second Schedule.) The Bankers Books Evidence Act, 1891.(Sec.93).(The Third Schedule.) The Reserve Bank of India Act, 1934.(Sec. 94).(The Fourth Schedule.) *******

Page | 9