Published On: November 2nd 2025
Authored By: Iksha Sharma
Amity University, Punjab
“Privacy is the constitutional core of human dignity. It is not surrendered when a person is in the digital world.”[1]
INTRODUCTION
The rise of digital technologies has reshaped not only how people interact and conduct business but also how crimes are committed and investigated. In India, we have seen a number of cybercrime cases have been multiplied rapidly in the past decade, ranging from phishing scams and data theft to organised financial fraud and ransomware. Unlike conventional offences, the evidentiary trail in cybercrime is largely digital, consisting of call records, emails, CCTV footage, social media chats, or data retrieved from hard drives and servers.
This dependence on electronic material has forced Indian courts and legislators to reconsider traditional evidentiary principles. While statutory reforms and case laws have provided some clarity, still the challenges remain in balancing the reliability of such records with the rights of individuals. In particular, questions surrounding the authentication of digital material, the role of certification, and the possibility of tampering have created recurring difficulties in trials.
This paper aims to examine how Indian law currently treats digital evidence, to highlight the judicial interpretation of key provisions, and to critically evaluate the difficulties faced in cybercrime investigations. It also situates the Indian position in a comparative perspective and proposes reforms to ensure that electronic records can be used effectively without compromising fairness and due process.
LEGAL FRAMEWORK IN DIGITAL EVIDENCE
The Indian Evidence Act, 1872 originally made no reference to electronic records. With the coming of the Information Technology Act, 2000, the law was amended to insert Sections 65A and 65B. Where Section 65A declared that the contents of electronic records would be proved only in accordance with Section 65B, which became the cornerstone for admissibility. Section 65B laid down that computer outputs, if accompanied by a proper certificate, would be deemed to be documents.[2] The certificate had to identify the device, and explain the manner of production, also needed to confirm that the process had not been tampered with. The intention was clear: since electronic data could easily be altered, it needed an additional safeguard before being accepted in court.
The IT Act also provided the definitional framework. Section 2(1)(t) described an “electronic record” broadly, ensuring that emails, images, databases, and digital files were all covered. [3]Alongside, there are provisions such as Section 67A, which deals with sexually explicit material, and Section 72, which deals with confidentiality and privacy. [4]This linked the criminal aspects of cyber activity with the evidentiary rules under the Evidence Act.
A more recent development has been seen in the Bharatiya Sakshya Adhiniyam, 2023, which replaced the Evidence Act from July 2024. Section 61 of this statute largely mirrors Section 65B, retaining the requirement of certification but updating the language to cover a wider range of devices and storage media. [5]Importantly, it reflects an effort to remain technology-neutral so that admissibility does not depend on the medium, whether it is a physical server, a cloud database, or a smartphone. The Act also retains the relevance of expert opinion, earlier found in Section 45A, by recognising the role of digital forensic experts in confirming authenticity.
JUDICIAL INTERPRETATION
Courts in India have repeatedly been called upon to interpret how strictly the statutory requirements should be applied.
The landmark case is Anvar P.V. v P.K. Basheer (2014), where the Supreme Court ruled that the electronic evidence is admissible only IF it is accompanied by a certificate under Section 65B.[6] Oral testimony or secondary evidence could not substitute this requirement. This decision changed trial practice dramatically by making the certificate indispensable.
The rigidity created by Anvar was briefly relaxed in Shafhi Mohammad v State of Himachal Pradesh (2018), where the Court held that a certificate was unnecessary if the party did not control the device. [7]However, this approach was very short-lived. In Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020), a Constitution Bench reaffirmed that the certificate is mandatory, overruling Shafhi Mohammad.[8] The Bench did clarify that parties could request courts to direct custodians of devices or servers to furnish the certificate, but the condition itself could not be waived.
Other judgments have also contributed to this debate. In Tomaso Bruno v State of UP (2015), the Court stressed the importance of CCTV footage and held that the non-production could lead to an adverse inference.[9] In Jagdeo Singh v State (2015), the Court reiterated that call records require proper certification.[10] Meanwhile, the privacy judgment in the case of K.S. Puttaswamy v Union of India (2017), though not directly about evidence, highlighted the constitutional implications of indiscriminate digital surveillance, which inevitably influence how courts assess the collection of the electronic data.[11]
ONGOING CHALLENGES
Despite having a statutory framework and judicial guidance, India’s digital evidence continues to face serious hurdles.
One major issue is the rigidity of certification. In many cybercrime cases, the evidence comes from social media platforms or email providers based outside India. Obtaining a certificate from these entities is practically impossible, while leaving investigators handicapped. This strict rule often results in otherwise reliable evidence is being excluded.
Another concern is the chain of custody. Unlike physical evidence, the electronic files can be copied, edited, or transferred with little trace. Without robust forensic protocols, it is difficult to prove that a piece of digital evidence has remained intact from the time of seizure until it is presented in court.
The threat of tampering and deepfakes also added a new dimension. Courts now face the possibility of videos or images being fabricated using artificial intelligence, raising questions about the reliability of visual evidence.
Privacy remains a sensitive issue. Accessing private chats, emails, or call records directly interferes with an individual’s right to privacy under Article 21. The Pegasus spyware controversy demonstrated how investigative practices can come into conflict with constitutional rights.
Finally, there are capacity gaps. India still lacks sufficient digital forensic laboratories, and investigating officers often have limited training in handling electronic material. These gaps lead to delays and weaken the quality of prosecutions.
COMPARATIVE PERSPECTIVE
If we look abroad, we can find that the other jurisdictions have adopted a more flexible approach. In the United States, the Federal Rules of Evidence do not insist on certificates but focus on authenticity.[12] Testimony from a witness familiar with the system, combined with forensic analysis, is usually enough.
In the United Kingdom, the Civil Evidence Act 1995 similarly relies on reliability assessments by the court, without imposing rigid procedural barriers.[13]
The European Union, through its eIDAS Regulation, emphasises trust services and electronic signatures, ensuring legal recognition for a wide range of digital transactions.[14]
The contrast with India is striking: while Indian law still remains tied to the certificate requirement, while the international practice suggests that reliability and chain of custody should matter more than formal compliance.
WHAT DO I SUGGEST?
For digital evidence to be both reliable and practical, we certainly need the necessary reforms.
First, the Bharatiya Sakshya Adhiniyam should clarify that the alternative methods, such as forensic hash verification, can serve the purpose of authentication when certificates cannot be obtained.
Second, there must be investment in forensic infrastructure. Every state should have well-equipped digital forensic laboratories, and police officers, as well as trial judges, should undergo training in handling of electronic evidence.
Third, India needs to improve its international cooperation. Whether through joining the Budapest Convention on Cybercrime or negotiating bilateral arrangements with major technology companies, getting access to data located overseas must become quicker and more reliable.
Finally, reforms must respect privacy and due process. Expanding investigative powers without checks risks abuse. Strong data protection legislation, coupled with judicial oversight of surveillance, and ensures that electronic evidence is gathered in a constitutionally sound manner.
CONCLUSION
Digital evidence has become indispensable in both criminal and civil proceedings. India has made important strides, from amending the Evidence Act in 2000 to enacting the Bharatiya Sakshya Adhiniyam in 2023. The Supreme Court has clarified the law, but perhaps at the cost of excessive rigidity.
The way forward is to combine authenticity with practicality. A reliability-oriented approach, supported by better forensic capacity and respect for constitutional rights, will allow electronic records to contribute meaningfully to justice. If, India can strike this balance, digital evidence will not merely be admissible in theory but genuinely effective in practice.
REFERENCES
[1]Justice K.S. Puttawamy (Retd.) v. Union of India, (2017) 10 S.C.C. 1, 499 (India), https://indiankanoon.org/doc/127517806/ (last visited Sept. 09, 2025)
[2] Indian Evidence Act, 1872, § 65B, available at https://legislative.gov.in/ (last visited Sept. 09, 2025)
[3] Information Technology Act, 2000, § 2(1)(t), available at https://www.meity.gov.in/ (last visited Sept. 09, 2025)
[4] Information Technology Act, 2000, §§ 67A, 72, available at https://www.meity.gov.in/ (last visited Sept. 09, 2025)
[5] Bharatiya Sakshya Adhiniyam, 2023, § 61, available at https://egazette.nic.in/ (last visited Sept. 11, 2025).
[6] Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[7] Shafhi Mohammad v. State of Himachal Pradesh, (2018) 2 SCC 801, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[8] Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, (2020) 7 SCC 1, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[9] Tomaso Bruno v. State of U.P., (2015) 7 SCC 178, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[10] Jagdeo Singh v. State, (2015) 6 SCC 768, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[11] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1, available at https://www.scconline.com/ (last visited Sept. 11, 2025)
[12] Fed. R. Evid. 901 (U.S.), available at https://www.law.cornell.edu/rules/fre/rule_901 (last visited Sept. 11, 2025)
[13] Civil Evidence Act 1995, § 8 (UK), available at https://www.legislation.gov.uk/ukpga/1995/38/contents (last visited Sept. 11, 2025)
[14] Regulation (EU) No. 910/2014 of the European Parliament and of the Council (eIDAS Regulation), available at https://eur-lex.europa.eu/ (last visited Sept. 11, 2025)
