THE THREE GENERATIONS OF INDIAN CYBER LAW: ANALYZING THE SHIFT FROM COMMERCE TO CRIME CONTROL TO RIGHTS-BASED GOVERNANCE

INDIAN JOURNAL OF LEGAL REVIEW

8 Apr, 2026

THE THREE GENERATIONS OF INDIAN CYBER LAW: ANALYZING THE SHIFT FROM COMMERCE TO CRIME CONTROL TO RIGHTS-BASED GOVERNANCE

THE THREE GENERATIONS OF INDIAN CYBER LAW: ANALYZING THE SHIFT FROM COMMERCE TO CRIME CONTROL TO RIGHTS-BASED GOVERNANCE

AUTHOR – AKSHITA TRIPATHI* & DR. KAVYA CHANDEL**

* STUDENT AT AMITY LAW SCHOOL LUCKNOW, AMITY UNIVERSITY UTTAR PRADESH LUCKNOW CAMPUS

** ASSISTANT PROFESSOR OF LAW AT AMITY LAW SCHOOL LUCKNOW, AMITY UNIVERSITY UTTAR PRADESH LUCKNOW CAMPUS

BEST CITATION – AKSHITA TRIPATHI & DR. KAVYA CHANDEL, THE THREE GENERATIONS OF INDIAN CYBER LAW: ANALYZING THE SHIFT FROM COMMERCE TO CRIME CONTROL TO RIGHTS-BASED GOVERNANCE, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 6 (4) OF 2026, PG. 333-347, APIS – 3920 – 0001 & ISSN – 2583-2344.

ABSTRACT

This paper provides a comprehensive chronological and thematic analysis of the evolution of India’s cyber legal framework, tracing its development from the unregulated early internet era of the 1990s to the complex data governance regimes of 2023. By examining legislative texts, judicial pronouncements, and institutional mechanisms, the study explores the trajectory of the Information Technology (IT) Act, 2000, and its subsequent regulatory amendments. The core argument posits that Indian cyber law has undergone a three-stage transition: beginning as a “first-generation” commerce-enabling framework primarily driven by the need to legitimize e-commerce, evolving into a “second-generation” crime-control and security-oriented regime following the 2008 amendments, and currently shifting towards a “third-generation” rights-based data governance architecture marked by the Digital Personal Data Protection Act (DPDPA) 2023. Key themes explored include the shifting paradigms of intermediary liability and “Safe Harbour” protections, the jurisprudential complexities of electronic evidence admissibility under Section 65B of the Indian Evidence Act, and the expansion of state surveillance and regulatory compliance mechanisms. Ultimately, this legal evolution reflects a broader global movement from “cyber-libertarianism” to “cyber-sovereignty,” highlighting India’s ongoing efforts to balance technological innovation, national security, and citizen rights in the digital age.

Keywords: Indian Cyber Law, Information Technology Act, 2000, Intermediary Liability, Data Governance, Cyber-Sovereignty

V6I435FDownload

Download Full Article