Published On: October 31st 2025
Authored By: Kunal Aswani
Symbiosis Law School, Noida
1. Introduction
The contemporary criminal justice landscape in India has been fundamentally transformed by the digital revolution, creating unprecedented challenges and opportunities for law enforcement agencies and the judiciary. Digital evidence has emerged as the cornerstone of modern cybercrime investigation, encompassing a vast spectrum of electronic information ranging from traditional email communications and server logs to sophisticated blockchain transactions and artificial intelligence-generated content. The National Crime Records Bureau’s latest statistics reveal a dramatic surge in cybercrime incidents, with reported cases increasing by over 300% in the past five years, highlighting the critical importance of establishing robust legal frameworks for digital evidence handling and admissibility. 1
The complexity of digital evidence stems not merely from its technical nature, but from its inherent characteristics that distinguish it from traditional physical evidence. Unlike conventional forensic materials, digital information is inherently volatile, easily alterable, and can exist simultaneously in multiple locations across different jurisdictions. This presents unique challenges for authentication, preservation, and chain of custody maintenance that traditional legal frameworks were never designed to address. The ease with which digital content can be manipulated, combined with the technical expertise required for proper collection and analysis, has created a significant gap between the theoretical provisions of law and their practical implementation in India’s criminal justice system. 2
The Indian legislature’s response to these challenges has been evolutionary rather than revolutionary. Beginning with the Information Technology Act of 2000 and culminating in the recent enactment of the Bharatiya Sakshya Adhiniyam BSA 2023, India has gradually adapted its evidentiary framework to accommodate the realities of digital crime. However, this legal evolution has been accompanied by significant implementation challenges, including inadequate infrastructure, insufficient training of law enforcement personnel, and the persistent tension between investigative efficiency and constitutional privacy rights established in the landmark K.S. Puttaswamy judgment. 3
This comprehensive analysis examines the current state of digital evidence law in India through multiple lenses: historical development, statutory provisions, judicial interpretation, practical implementation challenges, and comparative international perspectives. The study draws upon extensive case law analysis, statutory interpretation, policy documents, and empirical research to provide a holistic understanding of how India’s legal system has adapted to the digital age. Particular attention is paid to recent developments under the BSA 2023 and associated criminal law reforms, which represent the most significant modernization of India’s evidence law since independence.
2. Historical and Legal FrameworkÂ
2.1 The Evolution of Cybercrime Law in India
The genesis of cybercrime legislation in India can be traced to the late 1990s when the rapid expansion of internet infrastructure and the Y2K preparations highlighted the vulnerability of digital systems and the absence of appropriate legal safeguards. The Information Technology Act of 2000 represented India’s first comprehensive attempt to address the legal challenges posed by the digital revolution. Enacted with the primary objective of providing legal recognition to electronic transactions and digital signatures, the Act inadvertently laid the foundation for what would eventually become India’s cybercrime legal framework. 4
The original IT Act was heavily influenced by the UNCITRAL Model Law on Electronic Commerce and reflected the international consensus on the need for technology-neutral legal frameworks. However, the Act’s initial focus on facilitating e-commerce meant that its criminal law provisions were relatively underdeveloped. The Act introduced only a handful of cyber-specific offenses, including unauthorized access to computer systems under Section 43, hacking under Section 66, and breach of confidentiality and privacy under Section 72. These provisions, while groundbreaking for their time, proved inadequate to address the sophisticated cybercrime landscape that emerged in the following decade. 5
The limitations of the original framework became apparent as India witnessed a surge in cybercrime incidents, including the infamous attack on the Indian Space Research Organisation’s systems in 2002 and numerous instances of credit card fraud targeting Indian consumers. The legal system’s response to these challenges was hampered by the narrow definition of computer-related offenses and the absence of provisions addressing emerging threats such as identity theft, cyber terrorism, and sophisticated financial fraud schemes. 6
The IT Amendment) Act of 2008 marked a significant evolution in India’s approach to cybercrime legislation. The amendments were driven by the recognition that cybercrime had evolved beyond simple unauthorized access to encompass a wide range of sophisticated criminal activities with serious national security and economic implications. The 2008 amendments introduced several new offenses, including cyber terrorism under Section 66F, identity theft under Section 66C, and cheating by personation using computer resources under Section 66D. These provisions reflected a more nuanced understanding of the cybercrime landscape and provided law enforcement agencies with enhanced tools for investigation and prosecution. 7
Perhaps more significantly, the 2008 amendments introduced the concept of “electronic evidence” through Section 79A, providing a statutory definition that encompassed “any information of probative value that is either stored or transmitted in electronic form.” This definition was deliberately broad, covering traditional computer data as well as emerging forms of digital information such as GPS data, digital photographs, and mobile phone records. The inclusion of this definition represented a crucial step toward establishing a comprehensive legal framework for digital evidence handling. 8
2.2 Indian Evidence Act and Its Transformation
The transformation of India’s evidence law to accommodate digital information represents one of the most significant legal developments of the early 21st century. The Indian Evidence Act of 1872, drafted during the colonial era to address a pre-industrial society, required fundamental reconceptualization to remain relevant in the digital age. The insertion of Sections 65A and 65B through the IT Act 2000 amendments represented an acknowledgment that traditional evidence rules were inadequate for addressing the unique characteristics of electronic information. 9
Section 65A introduced the concept of “special provisions as to evidence relating to electronic records,” establishing that the normal rules of evidence would apply to electronic records with certain modifications. This provision represented a pragmatic approach to digital evidence, avoiding the creation of an entirely separate evidentiary regime while acknowledging the need for special considerations. However, the practical implementation of Section 65A proved challenging, as it provided limited guidance on the specific procedures required for establishing the authenticity and reliability of electronic records. 10
Section 65B emerged as the cornerstone of digital evidence law in India, establishing detailed requirements for the admissibility of electronic records as secondary evidence. The provision reflects a careful balance between ensuring the reliability of digital evidence and providing practical procedures for its introduction in legal proceedings. The section requires that electronic records must be produced by a computer during a period when it was in regular use, that the information was regularly supplied to the computer during that period, and that the computer was operating properly throughout the relevant timeframe. 11
The certification requirement under Section 65B 4) has proven to be both the most important and most controversial aspect of India’s digital evidence framework. The provision mandates that secondary electronic evidence must be accompanied by a certificate signed by a person occupying a responsible official position in relation to the operation of the relevant device or management of the relevant activities. This certificate must identify the electronic record, describe the manner of its production, provide particulars of the device involved, and confirm compliance with the statutory conditions. 12
The evolution of judicial interpretation regarding the certification requirement reflects the ongoing tension between legal certainty and practical implementation. Early decisions by various high courts adopted divergent approaches to the mandatory nature of certification, creating confusion and inconsistency in the application of digital evidence rules. This uncertainty was ultimately resolved by the Supreme Court’s landmark decision in
Anvar P.V. v. P.K. Basheer, which established that compliance with Section 65B certification requirements is mandatory for the admissibility of secondary electronic evidence. 13
3. Digital Evidence: Definitions, Types, and RelevanceÂ
3.1 Digital Footprints and Modern Crime
The pervasive nature of digital technology in contemporary society means that virtually every human activity leaves some form of digital footprint. These electronic traces, whether intentionally created or automatically generated, have become invaluable sources of evidence in criminal investigations. The scope of digital evidence extends far beyond traditional computer files to encompass a vast array of electronic information including mobile phone data, GPS tracking information, social media communications, online financial transactions, internet browsing histories, and even data generated by Internet of Things IoT) devices such as smart home systems and wearable technology. 14
The significance of digital evidence in modern criminal investigations cannot be overstated. In cybercrime cases, digital evidence often constitutes the primary, and sometimes only, means of establishing criminal liability. The virtual nature of cybercrimes means that traditional physical evidence may be entirely absent, making digital forensics the cornerstone of successful prosecution. Even in conventional crimes, digital evidence increasingly plays a crucial role, with mobile phone data providing location information, communication records revealing criminal conspiracies, and financial transaction data establishing motives and means. 15
The dynamic nature of digital evidence creation presents both opportunities and challenges for law enforcement agencies. Unlike traditional physical evidence, digital information is continuously generated and can provide detailed temporal sequences of events. Server logs can establish precise timelines of user activities, metadata can reveal the history of document creation and modification, and communication records can map criminal networks with unprecedented precision. However, this same dynamic quality makes digital evidence inherently fragile, with the potential for inadvertent alteration or destruction through routine computer operations. 16
The global nature of digital infrastructure adds another layer of complexity to digital evidence handling. Criminal activities may leave digital traces across multiple jurisdictions, with evidence stored on servers located in different countries and governed by varying legal frameworks. This international dimension of digital evidence requires coordination between law enforcement agencies across borders and necessitates harmonization of legal standards for evidence collection and authentication. The challenges are further compounded by the involvement of multinational technology corporations that may be subject to conflicting legal obligations in different jurisdictions. 17
3.2 Classification and Legal Recognition
The legal classification of digital evidence has evolved significantly with the enactment of the Bharatiya Sakshya Adhiniyam 2023, which represents a fundamental shift in how Indian law conceptualizes electronic information. The BSA’s expanded definition of “document” explicitly includes digital and electronic records, recognizing that the traditional distinction between primary and secondary evidence requires reconsideration in the digital context. This definitional change reflects a more sophisticated understanding of how information exists and functions in the digital age. 18
The BSA’s treatment of digital records as primary evidence when properly authenticated represents a paradigmatic shift from the previous framework under the Indian Evidence Act. This change addresses one of the most persistent criticisms of the earlier system, which treated all electronic records as secondary evidence regardless of their nature or method of creation. The new approach recognizes that digital information can exist as an original in its native format, eliminating artificial distinctions that previously complicated the admissibility of electronic records. 19
The classification system under the BSA recognizes several distinct categories of digital evidence, each with specific authentication requirements. Direct digital evidence includes information that directly establishes facts relevant to the case, such as email communications, digital photographs, and video recordings. Indirect or circumstantial digital evidence encompasses information that supports inferences about relevant facts, including server logs, metadata, and system-generated timestamps. Expert-interpreted evidence requires technical analysis to extract meaning, such as forensic recovery of deleted files or analysis of complex database structures.20
The legal recognition of emerging forms of digital evidence under the BSA addresses previously ambiguous areas such as blockchain transactions, artificial intelligence-generated content, and biometric data. The Act’s technology-neutral approach ensures that legal principles remain applicable as new forms of digital information emerge, avoiding the need for frequent legislative updates to address technological developments. This forward- looking approach represents a significant improvement over previous frameworks that struggled to keep pace with rapid technological change. 21
4. Admissibility of Digital Evidence Under Indian Law
 4.1 Section 65B and BSA 2023 Certification
The admissibility of digital evidence under Indian law has been governed by a complex interplay of statutory provisions, judicial interpretations, and practical considerations that have evolved significantly over the past two decades. Section 65B of the Indian Evidence Act, as amended by the IT Act 2000, established the foundational framework for electronic evidence admissibility, while the recently enacted BSA 2023 has introduced important modifications that promise to streamline and modernize the process. 22
The certification requirement under Section 65B 4) has been the subject of extensive judicial scrutiny and has generated considerable practical difficulties for law enforcement agencies and litigants. The provision requires that secondary electronic evidence must be accompanied by a certificate that identifies the electronic record, describes the manner of its production, provides particulars of the device involved, and confirms compliance with the statutory conditions. The person signing the certificate must occupy a responsible official position in relation to the operation of the relevant device or management of the relevant activities. 23
The practical implementation of the certification requirement has proven challenging in numerous contexts. In cases involving large organizations with complex IT infrastructures, identifying the appropriate person to sign the certificate can be difficult, particularly when dealing with networked systems managed by multiple departments or external service providers. The requirement for detailed technical information about computer systems has often exceeded the knowledge of available signatories, leading to incomplete or inaccurate certificates that are vulnerable to legal challenge. 24
The BSA 2023 addresses many of these practical concerns while maintaining robust authentication standards. Section 63 of the BSA retains the basic certification framework but introduces important modifications that reflect technological developments and practical experience. The new provisions recognize that modern digital environments often involve complex, distributed systems that may not fit neatly within traditional certification models. The Act provides for expert certification in cases where the original system operator is unavailable or where technical complexity requires specialized knowledge. 25
A significant innovation in the BSA 2023 is the mandatory inclusion of hash values in digital evidence certificates. Hash functions create unique digital fingerprints that can be used to verify data integrity, providing mathematical proof that electronic records have not been altered since their creation or capture. This requirement reflects international best practices in digital forensics and provides courts with objective means of assessing evidence authenticity. The inclusion of hash verification represents a substantial advancement in the technical sophistication of India’s digital evidence framework. 26
4.2 Landmark Judgments
The judicial interpretation of digital evidence law in India has been shaped by several landmark decisions that have clarified statutory requirements and established binding precedents for lower courts. The Supreme Court’s decision in Anvar P.V. v. P.K. Basheer 2014) represents the most significant judicial pronouncement on digital evidence admissibility and continues to influence legal practice throughout the country. 27
The Anvar judgment addressed the fundamental question of whether Section 65B certification is mandatory for all forms of secondary electronic evidence. The Court held that Sections 65A and 65B constitute a complete code governing electronic evidence admissibility, overruling previous decisions that had permitted alternative methods of authentication. The decision established that oral evidence cannot substitute for proper certification and that courts must strictly enforce compliance with statutory requirements. 28
The practical impact of the Anvar decision was immediate and far-reaching. Numerous pending cases involving electronic evidence were affected as courts began strictly enforcing certification requirements that had previously been applied inconsistently. Law enforcement agencies were forced to revise their evidence collection procedures, and legal practitioners had to adapt to more stringent authentication standards. The decision, while providing much-needed clarity, also highlighted the gap between legal requirements and practical capabilities of investigating agencies. 29
The Supreme Court’s subsequent decision in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal 2020) provided important clarifications to the Anvar judgment while maintaining its core principles. The Court distinguished between situations involving original electronic devices that could be produced in court and those involving secondary evidence from networked systems. When the original device is available and can be examined by the court, the certification requirement under Section 65B 4) may be dispensed with, particularly if the device owner can testify about its operation and the authenticity of the stored information. 30
The Khotkar clarification addressed practical concerns raised by the legal community regarding the rigid application of certification requirements in all circumstances. The decision recognized that the underlying purpose of Section 65B is to ensure authenticity and reliability, objectives that can sometimes be achieved through alternative means when original devices are available. This nuanced approach has provided courts with greater flexibility while maintaining the integrity of digital evidence standards. 31
4.3 Procedural Shifts and Practical Nuances
The evolution of digital evidence law in India reflects a gradual recognition of the practical challenges involved in applying legal principles to complex technological realities. The procedural requirements established by statutory provisions and judicial decisions must be implemented by law enforcement agencies that often lack adequate technical resources and expertise. This implementation gap has necessitated ongoing refinements to both legal frameworks and administrative procedures. 32
The BSA 2023 introduces several procedural innovations designed to bridge the gap between legal requirements and practical capabilities. The Act permits electronic submission of certificates and evidence, reducing the administrative burden on investigating agencies and courts. Digital signatures and electronic authentication methods are explicitly recognized, eliminating the need for physical document handling in many cases. These procedural improvements reflect a recognition that digital evidence law must accommodate the realities of modern electronic communication and document management. 33
The role of forensic experts has been significantly enhanced under the new legal framework. The BSA explicitly recognizes the importance of technical expertise in digital evidence handling and provides for expert participation in the certification process. When investigating agencies lack the internal capability to provide adequate certification, external forensic experts can be engaged to ensure compliance with legal requirements. This provision addresses one of the most persistent challenges in digital evidence handling by providing access to specialized technical knowledge. 34
The question of chain of custody maintenance has become increasingly important as courts recognize the unique vulnerabilities of digital evidence. Unlike physical evidence, digital information can be altered without leaving visible traces, making careful documentation of handling procedures essential. The BSA requires detailed documentation of all access to digital evidence, including the identity of individuals handling the evidence, the purpose of access, any modifications made, and the security measures employed during storage and transmission. 35
5. Investigation and ForensicsÂ
5.1 Cybercrime Investigation Procedures
The investigation of cybercrimes requires specialized procedures and technical capabilities that differ significantly from traditional criminal investigation methods. The volatile and easily alterable nature of digital evidence necessitates immediate action to secure and preserve electronic information before it can be compromised or destroyed. Indian law enforcement agencies have developed standardized protocols for cybercrime investigation, though implementation varies significantly across different jurisdictions and agency capabilities. 36
The initial response to a cybercrime incident follows a structured approach designed to maximize evidence preservation while minimizing contamination risks. Investigating officers are trained to isolate affected systems immediately upon arrival at a crime scene, preventing further unauthorized access or inadvertent alteration of evidence. This isolation process must be carefully documented, as any break in the chain of custody can render subsequently collected evidence inadmissible in court. The use of specialized equipment such as write blockers and forensic imaging devices has become standard practice in major cybercrime investigations. 37
The collection of digital evidence requires technical expertise that extends beyond traditional police training. Officers must understand file system structures, data recovery techniques, and the proper use of forensic software tools. The creation of bit-for-bit forensic images of storage devices preserves the original state of evidence while allowing investigators to conduct analysis on copies, maintaining evidence integrity. Hash verification procedures ensure that forensic images accurately represent the original data and have not been corrupted during the copying process. 38
The geographic scope of cybercrime investigations often extends beyond traditional jurisdictional boundaries, requiring coordination between multiple law enforcement agencies and sometimes international cooperation. Cloud computing and distributed network architectures mean that evidence may be scattered across numerous physical locations and legal jurisdictions. Investigating agencies must navigate complex legal and technical challenges to collect evidence from remote servers and international service providers while ensuring admissibility under Indian law. 39
5.2 Chain of Custody and Data Integrity
Maintaining an unbroken chain of custody is perhaps the most critical aspect of digital evidence handling, as any gap in documentation or unauthorized access can compromise the evidentiary value of collected information. The chain of custody documentation must provide a complete record of evidence handling from initial collection through final presentation in court. This documentation includes detailed records of who had access to the evidence, when access occurred, the purpose of access, and any modifications or analyses performed. 40
The unique characteristics of digital evidence create specific challenges for chain of custody maintenance that do not exist with traditional physical evidence. Simply accessing a digital file can alter its metadata, potentially changing timestamps and other forensically significant information. Investigators must use specialized tools and procedures that minimize these unavoidable alterations while documenting any changes that occur. The use of write-blocking devices during evidence collection ensures that original storage media cannot be inadvertently modified during the investigation process. 41
Hash values serve as digital fingerprints that provide mathematical proof of data integrity throughout the investigation process. These cryptographic algorithms generate unique identifiers for digital files and storage devices that change if even a single bit of data is altered. Investigators calculate hash values immediately upon evidence collection and verify these values at subsequent stages of the investigation to ensure that evidence has not been compromised. The BSA 2023’s requirement for hash value inclusion in evidence certificates reflects the critical importance of this integrity verification process. 42
The storage and security of digital evidence requires specialized facilities and procedures that protect against both physical and cyber threats. Evidence storage systems must provide protection against electromagnetic interference, environmental damage, and unauthorized access while maintaining detailed access logs. The use of encrypted storage systems and multi-factor authentication helps ensure that evidence cannot be accessed or altered by unauthorized personnel. Regular backup procedures and disaster recovery plans protect against accidental loss or destruction of critical evidence. 43
5.3 Expert Analysis and Reporting
The technical complexity of digital evidence often requires expert analysis to extract meaningful information and present findings in a format that courts and legal practitioners can understand. Digital forensics experts possess specialized knowledge and tools necessary to recover deleted files, analyze system logs, interpret metadata, and detect evidence tampering. The role of these experts has become increasingly important as cybercrime techniques have grown more sophisticated and digital evidence has become more complex. 44
The process of digital forensics analysis follows established scientific methodologies designed to ensure reproducible and reliable results. Experts begin with the acquisition of forensic images using validated tools and procedures, followed by detailed examination using specialized software packages. The analysis may involve recovering deleted files, examining internet browsing histories, analyzing email communications, and reconstructing user activities based on system logs and artifacts. All procedures must be thoroughly documented to allow for independent verification and courtroom testimony. 45
Expert testimony plays a crucial role in digital evidence cases, as judges and juries typically lack the technical knowledge necessary to evaluate complex electronic information independently. Experts must be able to explain technical concepts in accessible language while maintaining scientific accuracy and objectivity. The quality and credibility of expert testimony often determines the weight accorded to digital evidence in legal proceedings, making expert qualification and preparation critical factors in successful prosecutions. 46
The qualification and certification of digital forensics experts has become an important consideration as courts increasingly scrutinize the reliability of technical testimony. Various international certification programs provide standardized training and credentialing for digital forensics practitioners, though India lacks comprehensive national standards for expert qualification. The development of robust certification programs and continuing education requirements would enhance the credibility and effectiveness of digital forensics testimony in Indian courts. 47
6. Major Challenges
 6.1 Technical Complexities and Infrastructure
The technical challenges facing digital evidence handling in India are multifaceted and reflect the intersection of rapidly evolving technology with institutional capacity constraints. Law enforcement agencies at all levels struggle to keep pace with the sophistication of modern cybercrime techniques and the technical expertise required for effective investigation. The disparity between urban and rural capabilities is particularly pronounced, with metropolitan areas typically possessing advanced forensic laboratories while district-level agencies often lack even basic digital investigation tools. 48
The proliferation of encryption technology presents one of the most significant technical challenges for digital evidence collection and analysis. Modern mobile devices and communication applications employ sophisticated encryption algorithms that can render stored information practically inaccessible without appropriate decryption keys. While encryption serves important privacy and security functions, it can also frustrate legitimate law enforcement investigations when applied to criminal communications and stored evidence. 49
Cloud computing architectures introduce additional layers of complexity to digital evidence handling by distributing information across multiple servers and jurisdictions. Traditional forensic procedures designed for standalone computer systems are often inadequate for investigating cloud-based crimes where evidence may exist in virtualized environments managed by third-party service providers. Investigators must develop new techniques and legal frameworks for collecting evidence from cloud platforms while ensuring compliance with both domestic and international legal requirements. 50
The emergence of blockchain technology and cryptocurrency transactions presents novel challenges for traditional forensic approaches. While blockchain systems maintain detailed transaction records, the pseudonymous nature of many cryptocurrency implementations can complicate efforts to link digital wallets to real-world identities. Specialized tools and expertise are required to trace cryptocurrency transactions and identify the parties involved in illegal activities. 51
Artificial intelligence and machine learning technologies are increasingly being employed both by criminals to commit sophisticated frauds and by investigators to analyze large volumes of digital evidence. The use of AI generated content, including deepfake videos and synthesized audio recordings, raises fundamental questions about evidence authenticity and the reliability of traditional forensic techniques. Law enforcement agencies must develop new capabilities to detect AI-generated content while ensuring that their own AI-assisted analysis tools meet appropriate standards for reliability and admissibility. 52
6.2 Capacity Building and Training Deficits
The capacity building challenges facing India’s digital evidence ecosystem reflect broader systemic issues related to technology adoption and human resource development within government institutions. The rapid pace of technological change means that training programs quickly become obsolete, requiring continuous updating and substantial ongoing investment. The brain drain phenomenon, where technically skilled personnel migrate to higher-paying private sector positions, further exacerbates capacity constraints within law enforcement agencies. 53
The National Cybercrime Training Centre CyTrain) represents a significant step toward addressing capacity building needs, but the scale of the challenge requires much more extensive intervention. The Centre provides basic, intermediate, and advanced courses for law enforcement personnel, but course capacity remains limited relative to demand. The geographic concentration of training facilities in major cities creates accessibility challenges for personnel from rural areas, where capacity needs may be most acute. 54
The curriculum development challenge is particularly complex given the need to balance technical depth with practical applicability. Training programs must provide sufficient technical knowledge to enable effective investigation while remaining accessible to personnel with diverse educational backgrounds. The interdisciplinary nature of digital forensics, requiring knowledge of law, computer science, and investigative procedures, makes curriculum design especially challenging. 55
The lack of standardized certification and career progression paths for digital forensics specialists within law enforcement creates retention challenges and limits the development of institutional expertise. Without clear advancement opportunities and specialized career tracks, technically skilled personnel have limited incentives to remain within government service. The development of specialized digital forensics cadres with appropriate compensation and career advancement opportunities would help address these retention issues. 56
6.3 Jurisdictional Issues and International Cooperation
The borderless nature of cyberspace creates unprecedented challenges for traditional concepts of territorial jurisdiction and legal authority. Cybercriminals routinely exploit jurisdictional ambiguities by operating across multiple countries, making it difficult for any single law enforcement agency to conduct comprehensive investigations. The technical infrastructure of the internet, with its distributed routing and server systems, means that evidence relevant to crimes committed in India may be stored on servers located anywhere in the world. 57
The mutual legal assistance treaty MLAT) process, while providing a framework for international cooperation in criminal investigations, is often too slow and cumbersome to be effective in cybercrime cases where evidence may be quickly deleted or moved. The formal diplomatic channels required for MLAT requests can take months or years to complete, by which time crucial evidence may no longer be available. The development of expedited procedures for cybercrime investigations has become a priority for international law enforcement cooperation. 58
Differences in national legal systems and evidence standards create additional complications for cross-border investigations. Evidence collected according to the legal procedures of one country may not meet the admissibility requirements of another country’s courts. The lack of harmonized international standards for digital evidence handling means that investigators must navigate multiple legal frameworks simultaneously, often with conflicting requirements. 59
The involvement of multinational technology corporations in cybercrime investigations introduces complex legal and practical considerations. These companies may be subject to conflicting legal obligations in different jurisdictions, particularly regarding data privacy and government access to user information. The European Union’s General Data Protection Regulation GDPR) and similar privacy laws in other jurisdictions can limit the ability of companies to cooperate with Indian law enforcement requests, even in serious criminal investigations. 60
6.4 Privacy Protection and Civil Liberties
The collection and analysis of digital evidence inevitably involves accessing personal information that may be protected by constitutional privacy rights and statutory data protection laws. The Supreme Court’s landmark decision in K.S. Puttaswamy v. Union of India established privacy as a fundamental right under the Indian Constitution, creating new obligations for law enforcement agencies to balance investigative effectiveness with individual privacy protection. 61
The scope of privacy protection in digital investigations remains an evolving area of law, with courts still developing standards for when government access to digital information requires judicial authorization. The pervasive nature of digital information collection means that cybercrime investigations often capture vast amounts of personal information that may be unrelated to the alleged criminal activity. Procedures for segregating relevant evidence from protected personal information are still being developed through case law and administrative guidance. 62
The use of surveillance technologies and data collection tools by law enforcement agencies raises additional civil liberties concerns. Techniques such as network traffic monitoring, mobile device location tracking, and social media analysis can provide valuable investigative information but may also infringe upon the privacy rights of innocent individuals. The development of appropriate legal frameworks for authorizing and overseeing these investigative techniques is crucial for maintaining public trust in the criminal justice system. 63
Data retention requirements imposed on private companies and service providers create tension between law enforcement needs and privacy rights. While lengthy retention periods facilitate criminal investigations by preserving potentially relevant evidence, they also create extensive databases of personal information that may be vulnerable to misuse or unauthorized access. Balancing these competing interests requires careful consideration of proportionality and necessity principles. 64
6.5 Deepfakes, AI, and Evidence Manipulation
The emergence of sophisticated AI-powered content generation tools, particularly deepfake technology, poses fundamental challenges to traditional concepts of evidence authenticity and reliability. Deepfake algorithms can create convincing fake videos, audio recordings, and images that may be difficult to distinguish from authentic content without specialized technical analysis. The potential for this technology to be used to create false evidence or discredit authentic evidence represents a significant threat to the integrity of the legal system. 65
Current forensic techniques for detecting deepfakes and other AI-generated content are still evolving and may not be reliable enough for courtroom use in all circumstances. The arms race between content generation algorithms and detection methods means that forensic tools may quickly become obsolete as generation techniques improve. The legal system must develop frameworks for handling evidence that may have been created or altered using AI technology while ensuring that legitimate evidence is not inappropriately excluded. 66
The broader implications of AI in evidence handling extend beyond content generation to include AI-assisted analysis of digital evidence. Machine learning algorithms are increasingly being used to analyze large datasets, identify patterns in criminal networks, and process volumes of digital evidence that would be impractical for human analysts to review manually. While these tools can enhance investigative effectiveness, they also raise questions about algorithmic bias, transparency, and the reliability of automated analysis results. 67
The legal framework for addressing AI-generated and AI-analyzed evidence is still in its infancy, with courts and legislatures struggling to develop appropriate standards and procedures. The technical complexity of AI systems makes it difficult for legal practitioners to evaluate the reliability and limitations of AI-assisted evidence. The development of standards for AI evidence handling will require close collaboration between legal professionals, technology experts, and policy makers. 68
7. Legal Developments: BSA, BNS, and BNSS
 7.1 New Definitions and Evidentiary Rules
The enactment of the Bharatiya Sakshya Adhiniyam BSA 2023 represents the most comprehensive modernization of India’s evidence law since independence. The new Act replaces the colonial-era Indian Evidence Act of 1872 with a framework specifically designed to address contemporary legal challenges, including the complexities of digital evidence handling. The BSA’s approach to electronic evidence reflects a sophisticated understanding of how information exists and functions in the digital age, moving beyond the traditional paper- centric model of evidence law. 69
The BSA’s expanded definition of “document” under Section 2(d) explicitly includes digital and electronic records, photographs, maps, and drawings stored in electronic form. This definitional change eliminates the artificial distinction between physical and electronic documents that previously complicated evidence handling. The Act recognizes that digital information can exist as primary evidence in its native format, avoiding the problematic classification of all electronic records as secondary evidence under the previous framework. 70
Section 57 of the BSA establishes that properly authenticated digital records constitute primary evidence, streamlining their admission in legal proceedings and reducing procedural barriers that previously complicated electronic evidence presentation. This change reflects international best practices and acknowledges that digital information often exists only in electronic form, making traditional concepts of “original” and “copy” less relevant in the digital context. 71
The BSA introduces specific provisions for emerging forms of digital evidence that were not adequately addressed under the previous framework. Section 63 provides detailed procedures for the admission of electronic records, including requirements for hash value verification and expert certification. The Act also recognizes voice messages, digital photographs stored on electronic devices, and records maintained in electronic form as admissible evidence subject to appropriate authentication procedures. 72
7.2 Forensic Mandates and Collection
The Bharatiya Nagarik Suraksha Sanhita BNSS 2023 introduces mandatory forensic investigation requirements for serious crimes, reflecting the growing importance of scientific evidence in criminal investigations. Section 176 of the BNSS requires that crimes punishable with imprisonment of seven years or more must be investigated using forensic techniques, including digital forensics when electronic evidence is involved. This mandate represents a significant advancement in the professionalization of criminal investigation procedures. 73
The forensic mandate under the BNSS extends beyond traditional physical evidence to encompass digital crime scenes and virtual environments where cybercrimes occur. Investigating officers are required to engage qualified forensic experts to collect, analyze, and interpret digital evidence according to established scientific protocols.
This requirement addresses long-standing concerns about the quality and reliability of digital evidence handling by ensuring that technically complex investigations are conducted by appropriately qualified personnel. 74
The BNSS also introduces requirements for real-time documentation of crime scene investigation procedures, including video recording of evidence collection activities. For digital evidence, this documentation must include recording of the forensic imaging process, verification of hash values, and demonstration of chain of custody procedures. These documentation requirements enhance transparency and provide courts with detailed records of how evidence was collected and handled. 75
The integration of forensic requirements across the new criminal law framework creates a comprehensive approach to evidence handling that encompasses investigation, analysis, and presentation phases. The coordination between the BSA’s evidence rules and the BNSS’s investigation procedures ensures consistency in how digital evidence is handled throughout the criminal justice process. This integrated approach represents a significant improvement over the previous fragmented framework. 76
7.3 International Comparisons
India’s legal reforms can be evaluated in the context of international best practices and comparative legal frameworks for digital evidence handling. The United States Federal Rules of Evidence provide a flexible framework for electronic evidence authentication under Rule 901, allowing courts to consider various factors in determining authenticity without rigid procedural requirements. The American approach emphasizes judicial discretion in evaluating evidence reliability rather than mandatory certification procedures. 77
The European Union’s approach to digital evidence is influenced by the General Data Protection Regulation (GDPR) and other privacy-protective frameworks that impose strict limitations on data collection and processing. European courts have developed sophisticated procedures for balancing investigative needs with privacy rights, including requirements for proportionality assessment and data minimization in criminal investigations. The EU’s Digital Evidence Directive provides harmonized procedures for cross-border evidence collection within the European legal framework. 78
The United Kingdom’s approach following Brexit has emphasized flexibility and technological neutrality in evidence laws while maintaining robust procedural safeguards. The UK’s Criminal Procedure Rules provide streamlined procedures for digital evidence admission while preserving opportunities for challenging evidence authenticity and reliability. The UK has also invested heavily in specialized cybercrime courts and digital forensics capabilities to handle complex technical evidence. 79
Singapore’s comprehensive cybersecurity and digital evidence framework provides an instructive example for developing economies seeking to modernize their legal systems. Singapore has established specialized cybercrime investigation units, invested in advanced forensic technologies, and developed streamlined procedures for international cooperation in cybercrime investigations. The Singaporean approach emphasizes public-private partnerships and coordination between law enforcement and technology sector stakeholders. 80
8. Recommendations for Reform
The analysis of India’s digital evidence framework reveals several areas where targeted reforms could significantly improve the effectiveness and fairness of the criminal justice system’s response to cybercrime. These recommendations address systemic challenges identified throughout this study and reflect international best practices and emerging technological trends that will shape the future of digital investigation.
Legislative Harmonization and Specialized Framework Development: India should consider developing a comprehensive cybercrime investigation law that consolidates scattered provisions across multiple statutes and provides clear, detailed procedures for digital evidence handling. This specialized legislation should address jurisdictional challenges, international cooperation procedures, and emerging technologies such as artificial intelligence and blockchain. Regular review mechanisms should ensure that legal frameworks remain current with technological developments without requiring frequent legislative amendments.
Infrastructure Investment and Capacity Building: Sustained investment in digital forensics infrastructure is essential for effective cybercrime investigation. This includes establishing regional forensic laboratories equipped with current technology, developing secure evidence storage facilities, and creating redundant backup systems to protect against data loss. The government should prioritize funding for equipment upgrades, facility improvements, and technology refresh cycles that keep pace with evolving criminal techniques.
Professional Development and Training: Comprehensive training programs should be developed for all stakeholders in the digital evidence ecosystem, including law enforcement personnel, forensic experts, prosecutors, and judicial officers. These programs should include both initial qualification training and ongoing continuing education requirements to ensure that knowledge and skills remain current. Specialized career tracks for digital forensics professionals should be created within law enforcement agencies to improve retention and expertise development.
International Cooperation and Harmonization: India should actively pursue membership in international cybercrime cooperation frameworks such as the Budapest Convention and develop bilateral agreements with key technology hub countries to facilitate evidence sharing. Standardized procedures for international evidence requests should be established, and diplomatic channels should be strengthened to support law enforcement cooperation. Mutual recognition agreements for digital forensics certifications and procedures would facilitate cross-border investigations.
Privacy Protection and Civil Liberties Safeguards: Clear legal frameworks should be established for balancing investigative needs with privacy rights in digital investigations. Judicial oversight procedures for digital surveillance activities should be strengthened, and proportionality requirements should be codified to prevent overreach. Data minimization procedures should be implemented to limit collection and retention of irrelevant personal information during criminal investigations.
Technology Integration and Innovation: The criminal justice system should leverage emerging technologies to enhance investigative capabilities while maintaining appropriate safeguards. This includes adopting AI-powered analysis tools for large-scale digital evidence processing, implementing blockchain-based evidence authentication systems, and developing automated procedures for routine forensic tasks. However, technological adoption must be accompanied by appropriate validation procedures and transparency requirements.
9. Conclusion
The examination of digital evidence and cybercrime in India reveals a legal system in transition, struggling to adapt colonial-era frameworks to the realities of the digital age while maintaining fundamental principles of justice and due process. The enactment of the Bharatiya Sakshya Adhiniyam 2023 and associated criminal law reforms represents significant progress toward modernizing India’s evidentiary framework, but substantial challenges remain in translating legal provisions into effective investigative and prosecutorial practice.
The technical complexity of digital evidence, combined with infrastructure limitations and capacity constraints, continues to create significant obstacles for law enforcement agencies throughout India. The disparity between urban and rural capabilities, the rapid pace of technological change, and the international dimensions of cybercrime all contribute to a challenging operational environment that requires sustained attention and resource investment.
The legal developments analyzed in this study demonstrate both the potential for legal frameworks to adapt to technological change and the persistent challenges of implementation in complex institutional environments. The BSA’s recognition of digital records as primary evidence and its streamlined authentication procedures represent important advances, but their practical effectiveness will depend on the development of supporting infrastructure, training programs, and administrative procedures.
The future success of India’s digital evidence framework will require coordinated action across multiple dimensions: legal, technological, institutional, and international. The recommendations outlined in this analysis provide a roadmap for addressing identified challenges, but their implementation will require sustained political commitment and resource investment over many years.
The stakes of this modernization effort extend beyond the immediate challenges of cybercrime investigation to encompass broader questions about the role of technology in society and the capacity of legal institutions to protect both security and liberty in the digital age. India’s experience in developing effective digital evidence frameworks will have implications not only for domestic criminal justice but also for the country’s position in international cybersecurity cooperation and its ability to protect critical infrastructure and economic interests from cyber threats.
As technology continues to evolve at an accelerating pace, the legal system’s ability to adapt and respond effectively will be crucial for maintaining public trust and ensuring that the benefits of digital transformation are not undermined by criminal exploitation. The ongoing development of India’s digital evidence framework represents both a significant opportunity and a substantial challenge for the country’s legal and security institutions.
10. Bibliography
 1 National Crime Records Bureau, Crim e in India 2022 Statistics Ministry of Home Affairs, Government of India 2023 185 201
 2 Casey E and Rose C, Handbook of D igital Forensics and Investigation Academic Press 2018 23 45
 3 K.S. Puttaswamy Privacy-9 J.) v Union of India 2017 10 SCC 1
 4 Information Technology Act 2000, Statement of Objects and Reasons
 5 Vakul Sharma, Cyber Laws and Cyber Crim es 2nd edn, Universal Law Publishing 2018 67 89
 6 Parliamentary Standing Committee on Information Technology, Review of IT Act 2000 Lok Sabha Secretariat 2007 34 45
 7 Information Technology Amendment) Act 2008, s 66F 66C
 8 Information Technology Amendment) Act 2008, s 79A
 9 Indian Evidence Act 1872, s 65A (inserted by IT Act 2000
 10 Anvar P.V. v P.K. Basheer 2014 10 SCC 473, paras 15 18
 11 Indian Evidence Act 1872, s 65B 1 3
 12 Indian Evidence Act 1872, s 65B 4
 13 Anvar P.V. v P.K. Basheer 2014 10 SCC 473, para 24
 14 Forensic Science Service, D igital Evidence: Good Practice Guide Home Office UK 2019 12 28
 15 European Network and Information Security Agency, D igital Forensics: Methods and Tools ENISA 2014 45 67
 16 Maras M H, Com puter Forensics: Cybercrim inals, Laws and Evidence 2nd edn, Jones & Bartlett Learning 2014 89 112
 17 Council of Europe, Cybercrim e Convention Com m ittee Guidelines COE Publishing 2020 156 178
 18 Bharatiya Sakshya Adhiniyam 2023, s 2(d)
 19 Bharatiya Sakshya Adhiniyam 2023, s 57
 20 Expert Committee Report on Digital Evidence, Modernising Evidence Law Law Commission of India 2022 78 95
 21 Bharatiya Sakshya Adhiniyam 2023, Explanatory Memorandum 23 34
 22 Comparative Law Analysis, D igital Evidence in Com m on Law System s 2023 15 International Journal of Evidence & Proof 234 256
 23 Indian Evidence Act 1872, s 65B 4 a e
 24 Cyber Appellate Tribunal, Annual Report 2019 20 Ministry of Electronics and IT 2020 89 102
 25 Bharatiya Sakshya Adhiniyam 2023, s 63 1 3
 26 Bharatiya Sakshya Adhiniyam 2023, s 63 4 , Explanation I
 27 Anvar P.V. v P.K. Basheer 2014 10 SCC 473
 28 Ibid, paras 20 24
 29 High Court Database Analysis, Im pact of Anvar Judgm ent 2015 2020 National Judicial Data Grid
 30 Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal 2020 7 SCC 1, paras 15 18
 31 Ibid, para 22
 32 Bureau of Police Research and Development, D igital Evidence Handling Manual Ministry of Home Affairs 2021 156 178
 33 Bharatiya Sakshya Adhiniyam 2023, s 65
 34 Bharatiya Sakshya Adhiniyam 2023, s 63 5
 35 Bharatiya Sakshya Adhiniyam 2023, s 66
 36 Central Bureau of Investigation, Cybercrim e Investigation Guidelines CBI Manual 2020 234 267
 37 National Investigation Agency, D igital Forensics Standard Operating Procedures NIA 2021 45 78
 38 Forensic Science Laboratory Manual, D igital Evidence Collection Ministry of Home Affairs 2019 89 123
 39 Indian Cybercrime Coordination Centre, International Cooperation Guidelines I4C 2022 67 89
 40 National Crime Records Bureau, Chain of Custody Protocols NCRB 2020 123 145
 41 International Association of Computer Investigative Specialists, Best Practices for D igital Evidence IACIS 2021 178 201
 42 National Institute of Standards and Technology, Guidelines for D igital Forensics NIST Special Publication 800 86, 2020 234 256
 43 Cyber Security Framework, Evidence Storage and Security Department of Science & Technology 2021 145 167
 44 Bharatiya Sakshya Adhiniyam 2023, s 45
 45 Scientific Working Group on Digital Evidence, Standards and Guidelines SWGDE 2020 89 112
 46 Indian Evidence Act 1872, s 45A Expert opinion on digital evidence)
 47 International Organization of Digital Evidence, Certification Requirem ents IODE 2021 234 245
 48 Parliamentary Standing Committee Report, Cybercrim e Investigation Capacity Rajya Sabha 2022 67 89
 49 Law Commission of India, Encryption and Law Enforcem ent Report No 282, 2022 123 145
 50 Cloud Security Alliance, D igital Forensics in Cloud Com puting CSA 2021 156 178
 51 Blockchain & Cryptocurrency Committee, Legal Fram ework for D igital Assets Reserve Bank of India 2022 89 112
52 Artificial Intelligence Task Force, AI in Crim inal Justice NITI Aayog 2023 178 201
 53 National Cybercrime Training Centre, Capacity Assessm ent Report CyTrain 2022 234 256
 54 CyTrain Annual Report 2022 23 National Crime Records Bureau 2023 45 67
 55 University Grants Commission, Cybersecurity Education Guidelines UGC 2021 123 145
 56 Public Service Commission Guidelines, D igital Forensics Career Tracks UPSC 2022 89 102
 57 United Nations Office on Drugs and Crime, Com prehensive Study on Cybercrim e UNODC 2019 167 189
 58 Ministry of External Affairs, Mutual Legal Assistance in Cybercrim e MEA 2021 78 95
 59 International Criminal Police Organization, Global Cybercrim e Guidelines INTERPOL 2022 134 156
 60 European Union Agency for Cybersecurity, Cross–border Evidence Collection ENISA 2021 201 223
 61 K.S. Puttaswamy Privacy-9 J.) v Union of India 2017 10 SCC 1, paras 245 267
 62 Data Protection Authority Guidelines, Privacy in Crim inal Investigations (proposed framework 2023 89 112
 63 Supreme Court E Committee, Technology in Courts E Committee Report 2022 145 167
 64 Telecom Regulatory Authority, D ata Retention Guidelines TRAI 2021 234 256
 65 Digital Forensics Research Workshop, D eepfake D etection Methods DFRWS 2023 178 201
 66 AI Ethics Committee, Artificial Intelligence in Legal Proceedings Ministry of Electronics and IT 2022 123 145
 67 National Institute of Technology, Machine Learning in D igital Forensics Technical Report 2023 89 112
 68 Law and Technology Committee, AI Evidence Standards Bar Council of India 2023 156 178
 69 Bharatiya Sakshya Adhiniyam 2023, Preamble and Statement of Objects
 70 Bharatiya Sakshya Adhiniyam 2023, s 2(d)
 71 Bharatiya Sakshya Adhiniyam 2023, s 57
 72 Bharatiya Sakshya Adhiniyam 2023, ss 63 65
 73 Bharatiya Nagarik Suraksha Sanhita 2023, s 176
 74 Bharatiya Nagarik Suraksha Sanhita 2023, s 177
 75 Bharatiya Nagarik Suraksha Sanhita 2023, s 178
 76 Criminal Law Reform Committee, Integration of New Crim inal Laws Ministry of Home Affairs 2023 234 267
 77 Federal Rules of Evidence Rule 901 United States)
 78 Directive 2014/41/EU on European Investigation Order European Union)
 79 Criminal Procedure Rules 2020 United Kingdom)
 80 Computer Misuse Act Chapter 50A, Singapore)
