Definitions — Electronic Record, Digital Signature, Computer Resource (Section 2)

Every operative provision of the Information Technology Act, 2000 — from the legal recognition of electronic records in Section 4 to the offence of source-code tampering in Section 65 — borrows its precise meaning from the definitions packed into Section 2(1). An examiner testing the IT Act almost always begins here, because a candidate who confuses an electronic record with an electronic form, or a digital signature with an electronic signature, will mis-state every downstream rule. This chapter unpacks the three flagship definitions named in the syllabus — electronic record [s.2(1)(t)], digital signature [s.2(1)(p)] and computer resource [s.2(1)(k)] — and the cluster of allied terms that give them content, grounding each in the bare text and the leading Supreme Court authority on electronic evidence.

The scheme and importance of Section 2

Section 2(1) of the Information Technology Act, 2000 opens with the familiar formula — “In this Act, unless the context otherwise requires” — and then runs through an alphabetised series of clauses from (a) to (zh). These are stipulative definitions: within the four corners of the Act, the listed words carry the meaning Parliament has assigned, regardless of their ordinary or technical usage elsewhere. The opening words “unless the context otherwise requires” build in a narrow escape valve, but courts read it strictly; a defined term is displaced only where applying the statutory meaning would defeat the evident purpose of the provision.

The definitions matter disproportionately for this Act because the IT Act is, at bottom, an attempt to translate a paper-and-ink legal order into bits and bytes. Concepts the law had taken for granted — a “document”, a “signature”, “writing” — had to be re-engineered for the digital medium. Section 2 is where that re-engineering is recorded. A handful of these defined nouns then propagate through the enabling provisions on electronic governance and the penal provisions in Chapters IX and XI. Because the whole edifice rests on them, the definitions are a perennial favourite for one-mark prelims questions and for the “define and distinguish” style of mains question.

A drafting point worth remembering: the clause-lettering was disturbed by the Information Technology (Amendment) Act, 2008, which inserted new definitions (for example “communication device” at (ha), “cyber security” at (nb) and “electronic signature” at (ta)) without re-lettering the whole section. The result is a sequence that runs (a), (b)… then jumps to two-letter clauses such as (ta) and (za). Quote the clause letter exactly as it stands in the amended bare Act.

Electronic record — Section 2(1)(t)

Under Section 2(1)(t), an “electronic record” means “data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.” The definition is deliberately capacious. It catches not only obviously digital artefacts — an e-mail, a Word file, a database entry — but also images, sounds and even micro film and computer-generated microfiche, media that straddle the analogue–digital boundary. The unifying idea is that the content exists in, or is fixed by reference to, an electronic form as separately defined in clause (r).

Three features deserve emphasis. First, the definition is medium-focused, not content-focused: anything from a contract to a photograph to a voice note qualifies so long as it is stored, received or sent in electronic form. Second, the verbs “stored, received or sent” mean an electronic record need not be in transit — a file sitting dormant on a hard disk is as much an electronic record as one travelling across a network. Third, the electronic record is the pivot on which the rest of the Act turns: digital and electronic signatures authenticate electronic records, Section 4 confers legal recognition on them, and Sections 11 to 13 govern their attribution and dispatch.

The judicial gloss on “electronic record” has come chiefly through the law of evidence. In Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473, a three-Judge Bench treated electronic records as a distinct species of evidence governed by the special code in Sections 65A and 65B of the Evidence Act, 1872, holding that secondary evidence of an electronic record is inadmissible without the certificate prescribed by Section 65B(4). In Shamsher Singh Verma v. State of Haryana, (2016) 15 SCC 485, the Supreme Court confirmed that a compact disc is a “document” within Section 3 of the Evidence Act and an electronic record, so that its production as defence evidence could not be shut out at the threshold. Together these decisions establish that the statutory label “electronic record” carries real consequences for how the thing may be proved in court.

Electronic form distinguished from electronic record

Candidates routinely conflate “electronic form” and “electronic record”, but the Act keeps them distinct. Under Section 2(1)(r), “electronic form”, with reference to information, means “any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.” Electronic form is therefore a description of a medium or mode — the state in which information exists. An electronic record under clause (t) is the thing itself — the data, image or sound — that subsists in that form.

The relationship is that of container to content: information in “electronic form”, once it crystallises into an identifiable item of data, record, image or sound, becomes an “electronic record”. The distinction is not merely academic. Section 4 grants legal recognition to information “in electronic form” that is rendered accessible for subsequent reference; many penal provisions, by contrast, speak of an “electronic record” as the object acted upon. Reading the two definitions together prevents the common error of treating every reference to electronics in the Act as interchangeable.

Data and information — the raw material

Beneath “electronic record” sit two further definitions that supply its raw material. Section 2(1)(o) defines “data” as “a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.” The breadth is striking — a computer printout on paper is still “data” because the definition fixes on the formalised representation, not the medium on which it ultimately rests.

“Information” is defined inclusively in Section 2(1)(v) as including “data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.” Because the definition is framed with “includes” rather than “means”, it is illustrative and open-ended, allowing courts to bring novel digital artefacts within its scope. The constitutional significance of “information” under this Act emerged in Shreya Singhal v. Union of India, (2015) 5 SCC 1, where the Supreme Court struck down Section 66A — which penalised sending “information” that was grossly offensive or menacing through a computer resource or communication device — as void for vagueness and as an unconstitutional restriction on Article 19(1)(a). The case shows that however widely “information” is defined, the provisions deploying it remain subject to constitutional discipline.

Digital signature — Section 2(1)(p)

Section 2(1)(p) defines a “digital signature” as “authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.” Three elements are built in: the act is one of authentication; the actor is a subscriber; and the method must satisfy Section 3, which prescribes authentication by affixing a digital signature using an asymmetric crypto system and hash function. A digital signature is thus not a scanned image of a handwritten signature; it is a cryptographic transformation of the electronic record that binds the signatory to its contents.

The technical machinery is supplied by allied definitions. Section 2(1)(f) defines “asymmetric crypto system” as “a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.” Section 2(1)(x) defines “key pair”, in an asymmetric crypto system, as “a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.” The private key is defined in Section 2(1)(zc) as “the key of a key pair used to create a digital signature”, and the public key in Section 2(1)(zd) as “the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.” A “Digital Signature Certificate” is itself defined in Section 2(1)(q) as a certificate issued under sub-section (4) of Section 35.

The signatory is the “subscriber”, defined in Section 2(1)(zg) as “a person in whose name the Electronic Signature Certificate is issued.” The chain therefore runs: a subscriber holds a key pair; the private key creates the digital signature on an electronic record; the public key, vouched for by a Digital Signature Certificate issued by a Certifying Authority, allows any recipient to verify it.

Digital signature distinguished from electronic signature

The 2008 amendment introduced technology-neutrality by adding the broader concept of an “electronic signature”. Section 2(1)(ta) defines “electronic signature” as “authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature.” The relationship is one of genus and species: every digital signature is an electronic signature, but not every electronic signature is a digital signature. A “digital signature” is the specific asymmetric-cryptography technique of Section 3; an “electronic signature” is any technique listed in the Second Schedule (which the Central Government may amend), and it expressly subsumes the digital signature.

This drafting choice future-proofs the Act: as new authentication technologies emerge — biometric, Aadhaar e-KYC based e-signatures and the like — they can be brought in by amending the Second Schedule without rewriting the substantive provisions, all of which were also recast to read “electronic signature” wherever they had earlier read “digital signature”. For the purpose of Section 2, the examiner's point is precise: digital signature is the narrower, cryptographically defined term; electronic signature is the wider, technology-neutral umbrella that includes it. The interaction between the two, and the role of secure electronic records and signatures under Sections 14 to 16, is developed in the companion chapters.

Computer resource — Section 2(1)(k)

Section 2(1)(k) defines “computer resource” to mean “computer, computer system, computer network, data, computer data base or software.” The definition is an aggregating one: rather than describe a single thing, it gathers six already-defined or readily understood components under one umbrella term. Its purpose is economy of drafting — many operative provisions (for example Sections 43, 66 and 79) need to refer to the entire digital environment without listing its parts each time, and “computer resource” does that work.

The component terms are themselves defined. “Computer” under Section 2(1)(i) means “any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses” together with its connected facilities. “Computer system” under Section 2(1)(l) covers a device or collection of devices containing computer programmes, electronic instructions and input/output data that performs such functions. “Computer network” under Section 2(1)(j) means the interconnection of one or more computers or computer systems or communication devices through satellite, microwave, terrestrial line, wire, wireless or other communication media. “Data” is as defined in clause (o) above.

The breadth of “computer” — and therefore of “computer resource” — was tested in Syed Asifuddin v. State of Andhra Pradesh, 2005 CriLJ 4314, where the Andhra Pradesh High Court held that a mobile handset answers the definition of a “computer” under the IT Act, so that tampering with the Electronic Serial Number pre-programmed into it amounted to altering computer source code under Section 65. The decision confirms that the definitional terms are read functionally: any high-speed data-processing device, including a phone, is caught. This expansive reading is what allows the Act's penal provisions on hacking, data theft and tampering to keep pace with new devices.

Originator, addressee and intermediary

Three relational definitions identify the human and corporate actors in an electronic transaction. Section 2(1)(za) defines “originator” as “a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary.” Section 2(1)(b) defines “addressee” as “a person who is intended by the originator to receive the electronic record but does not include any intermediary.” Both definitions pointedly exclude the intermediary, marking it off as a conduit rather than a party to the communication. These two terms drive the attribution and despatch rules examined in attribution, acknowledgment and dispatch of electronic records under Sections 11 to 13.

“Intermediary” is defined in Section 2(1)(w), with respect to any particular electronic record, as “any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record”, and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes. The intermediary's separate status is the doctrinal foundation of the “safe harbour” in Section 79. In Shreya Singhal v. Union of India, (2015) 5 SCC 1, the Supreme Court read down Section 79 and the Intermediary Guidelines, holding that an intermediary is obliged to take down content only on receipt of a court order or a government notification, not on the mere demand of a private complainant. The case shows how the definition of “intermediary” cabins liability for third-party content.

Communication device and other amendment-era terms

The 2008 amendment added several definitions to reflect the spread of mobile and converged devices. Section 2(1)(ha) defines “communication device” as “cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image.” The term is significant because several provisions — including the now-struck-down Section 66A and the surviving provisions on intermediaries and cyber security — expressly reach communication devices, ensuring that conduct carried out through a smartphone is not outside the Act merely because a smartphone is not, in ordinary speech, a “computer”.

Other amendment-era additions worth knowing are “cyber security” in Section 2(1)(nb), meaning “protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction”, and “electronic signature” in clause (ta) discussed above. The recurring appearance of “computer resource” and “communication device” inside these later definitions illustrates how the foundational nouns of Section 2 are re-used as building blocks for newer concepts — a strong reason to master the core definitions first.

How the definitions shape electronic evidence

The practical bite of these definitions is felt most acutely in the courtroom, where the question is how an “electronic record” may be proved. The governing authority is Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473, which held that an electronic record is a species of documentary evidence governed by the special provisions of Sections 65A and 65B of the Evidence Act, and that, where the original is not produced, secondary evidence of it is admissible only on production of the certificate under Section 65B(4). In so holding, Anvar expressly overruled the contrary view in State (NCT of Delhi) v. Navjot Sandhu, (2005) 11 SCC 600 (the Parliament Attack case), which had allowed electronic records to be proved under the general secondary-evidence provisions of Sections 63 and 65.

A period of doctrinal uncertainty followed. In Shafhi Mohammad v. State of Himachal Pradesh, (2018) 2 SCC 801, a two-Judge Bench “clarified” that the Section 65B(4) certificate could be dispensed with where the party tendering the evidence was not in possession of the device. That clarification was disapproved by a three-Judge Bench in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, (2020) 7 SCC 1, which restored and reinforced Anvar, holding the certificate to be a mandatory condition precedent to the admissibility of an electronic record adduced as secondary evidence, while carving out a practical exception for cases where the certificate is genuinely unobtainable. Arjun Panditrao also held that the observations on CCTV evidence in Tomaso Bruno v. State of Uttar Pradesh, (2015) 7 SCC 178, were per incuriam. The lesson for the definitions chapter is that whether a thing is an “electronic record” is the gateway question; once it is, the Section 65B regime, not the ordinary law of documents, controls its proof.

The definitions and the IT Act as a special code

Because the definitions carve out a self-contained vocabulary, they also help mark the boundary between the IT Act and the general criminal law. In Sharat Babu Digumarti v. Government (NCT of Delhi), (2017) 2 SCC 18, the Supreme Court held that where an alleged offence relates to publishing or transmitting obscene material in electronic form, the special provisions of the IT Act (Sections 67, 67A and 67B) constitute a complete code and exclude the general obscenity provision in Section 292 of the Penal Code. The Court reasoned that once the conduct is tied to an electronic record, the IT Act's specialised scheme — including the protections it affords — must prevail over the general statute by force of Section 81 and the maxim generalia specialibus non derogant.

The doctrinal point reaches back to Section 2: it is precisely because terms like “electronic record” and “electronic form” are defined with technical precision that the Act can be recognised as a special code occupying a distinct field. A candidate who understands the definitions can therefore reason confidently about which statute governs a given digital fact pattern — a frequent theme in mains problem questions.

Exam pointers and common traps

For revision, fix the three flagship clause numbers in memory: electronic record at 2(1)(t), digital signature at 2(1)(p) and computer resource at 2(1)(k). Examiners love to swap the clause letters, so rote-learn them. Remember the genus–species pairs: electronic signature (genus, clause ta) includes digital signature (species, clause p); and computer resource (clause k) aggregates computer, computer system, computer network, data, computer database and software.

Watch three recurring traps. First, do not equate “electronic form” (clause r, a mode) with “electronic record” (clause t, a thing). Second, do not say a digital signature is a scanned signature — it is a cryptographic operation under Section 3 using an asymmetric key pair. Third, do not forget that originator (za) and addressee (b) both exclude the intermediary (w). On case law, keep the evidence trilogy straight: Anvar P.V. (2014) laid down the rule and overruled Navjot Sandhu (2005); Shafhi Mohammad (2018) diluted it; and Arjun Panditrao Khotkar (2020) restored it and held the Section 65B(4) certificate mandatory. For the wider scheme of the Act, see the introduction chapter and the subject hub page.