Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
How BNS 2023 cyber sections and BSA 2023 Section 63 frame electronic evidence in Indian trials, with Anvar PV, Arjun Pandit Rao Khotkar and Shafhi Mohammad mapped onto practice.
Two statutes carry most of the substantive cyber-relevant work in an Indian trial after 1 July 2024. The Bharatiya Nyaya Sanhita 2023 (BNS) provides the general offences that are routinely added to IT Act charges in a cyber FIR: stalking, cheating, forgery, criminal intimidation, defamation, sexual harassment. The Bharatiya Sakshya Adhiniyam 2023 (BSA) provides the evidence rules under which any electronic record (a screenshot, a CDR, a server log, a forensic image) is produced and proved. The renumbering from IPC and IEA is the easiest part. The hard part is knowing which section to charge in parallel with the IT Act, and how to package an electronic record so that it survives the Section 63 BSA certificate test at trial.
The thing most candidates miss is that BNS does not have a cyber-only chapter. Cyber offences sit inside the general offence sections, with the medium (computer, mobile, network) doing the work of attracting the section. Stalking under BNS Section 78 explicitly covers electronic monitoring; cheating under BNS Section 318 covers OTP fraud and online cheating without needing a separate provision; forgery under BNS Sections 336 to 338 applies to electronic records because BSA expanded the "document" definition. A working examiner reads a fact pattern and reaches for two layers: the IT Act section for the cyber-specific offence and the BNS section for the underlying general offence. The dual-charging pattern is what most cyber chargesheets actually look like.
The medium attracts the section; the section does the work.
BNS structures offences by harm, not by medium. There is no chapter titled "Cyber Offences" because the drafters chose to fold cyber-relevant fact patterns into the general offence sections by either expanding the definition or expressly mentioning the electronic mode. Stalking under Section 78 names "monitoring the use by a woman of the internet, email or any other form of electronic communication" as a mode of the offence. Cheating under Section 318 captures any dishonest inducement, which covers OTP fraud, online cheating and pig-butchering without a special section. Forgery under Sections 336 to 338 applies to electronic records because BSA expanded the "document" definition to expressly include electronic records.
| BNS 2023 section | Subject matter | Cyber fact pattern it picks up |
|---|---|---|
| Section 75 | Sexual harassment | Online sexual remarks, unwelcome sexually coloured messages, demand for sexual favour through electronic means. |
| Section 78 | Stalking | Physical and electronic stalking; expressly covers monitoring of internet, email or electronic communication by a woman. |
| Section 196 | Promoting enmity between groups | Communal hate speech, including online posts; read with Section 197 mob lynching when violence follows. |
| Section 197 |
Two statutes, one fact pattern, complementary work.
The clearest way to think about this is by sorting offences into three buckets. Some are IT Act only because they require a computer resource by definition (cyber terrorism under Section 66F is the cleanest example). Some are BNS only because the medium is incidental (a defamation on paper and a defamation on Twitter both sit under BNS Section 354). Most cyber FIRs sit in the third bucket where both apply, and the prosecution charges both.
| Fact pattern | IT Act section | BNS 2023 section | Why both |
|---|---|---|---|
| Phishing email that drains a bank account | 66C, 66D | 318 | IT Act captures the credential abuse and the personation through a computer resource; BNS 318 captures the underlying cheating. |
| Doctored screenshot circulated on WhatsApp to defraud a buyer | 66D where personation is present | 318, 336 to 338 | IT Act for the computer-resource cheating; BNS for forgery of an electronic record. |
| Online stalking and monitoring of a woman's email | 67 only if obscene content was sent | 78 | BNS 78 expressly covers electronic monitoring; IT Act 67 family only attracts on obscene content. |
| Ransomware against a hospital |
Same substance as 65B IEA, new section number, same trap.
Section 63 BSA is the rule that decides whether a screenshot, a CDR printout, a server-log export, or a forensic image is admitted at trial. The substance is materially the same as IEA Section 65B. The provision says that any copy or output of an electronic record produced from a "computer system" is admissible only if it is accompanied by a certificate that identifies the electronic record, describes the manner of its production, particulars of the device involved, and is signed by a person occupying a responsible official position in relation to the operation of the relevant device.
Three judgments, one settled rule.
The certificate jurisprudence has moved through three leading cases that every forensic candidate should be able to summarise in two sentences each.
A three-judge bench of the Supreme Court held that any electronic record produced as secondary evidence must be accompanied by a Section 65B IEA certificate. The judgment overruled the earlier State (NCT of Delhi) v Navjot Sandhu line that had treated 65B as one of multiple routes to admit electronic evidence. After Anvar, the certificate became the only route for secondary electronic evidence. The proposition transfers cleanly onto Section 63 BSA.
A two-judge bench held that the certificate requirement could be relaxed where the party producing the record was not in possession of the device that produced it. The decision was widely cited for the proposition that a strict certificate rule could defeat justice in cases where the device belonged to a third party (a telecom operator, a social media platform). The relief was always meant to be interim.
A three-judge bench of the Supreme Court overruled Shafhi Mohammad and restored Anvar P V as the settled rule. The certificate is mandatory. Where the party producing the record cannot itself sign the certificate (because the device belongs to a third party), the party must apply to the court for production of the certificate from the third party under Section 165 IEA, now Section 168 BSA. The certificate must accompany the electronic record at the time it is produced; a certificate filed later is admissible only if the court permits the late filing on cause shown.
| Case | Year | Holding | Status in 2026 |
|---|---|---|---|
| Anvar P V v P K Basheer | 2014 |
The technical record that backs the legal one.
The Section 63 BSA certificate is a legal document, but its credibility rests on the technical record an examiner builds at the time of acquisition. The standard discipline is to acquire a forensic image with a tool that produces a verified hash, store the source hash and the image hash side by side, and document every subsequent operation against the image (not the original). The hash chain is what tells the trial court that the bit-for-bit copy analysed at the FSL is the bit-for-bit copy seized at the scene.
What cross-examination tests, and how to survive it.
Section 39 BSA is the provision under which the examiner is admitted as an expert and the report is admitted as evidence of the opinion stated. The cross-examination then probes the expert's qualifications, the methods used, the chain of custody, and the limits of the opinion. A digital forensic expert in an Indian trial court should expect a recognisable script.
The examiner who has built a clean Section 63 BSA certificate, a documented hash chain and a report that distinguishes between observation and inference will spend less time on cross-examination than one who has not. The same skill set transfers to depositions under Section 39 BSA in any forensic discipline, but it is in electronic evidence that the documentary record is most explicit and the cross-examination most technically demanding.
Under BSA 2023, which section governs the admissibility of a copy of an electronic record?
| Imputations and assertions prejudicial to national integration |
| Online incitement, mob-mobilising messages, communally targeted forwards. |
| Section 318 | Cheating | OTP fraud, fake-investment scam, pig-butchering, online cheating without the personation element; the workhorse with IT Act 66D. |
| Sections 336 to 338 | Forgery | Electronic-record forgery, fake screenshots used to defraud, doctored chat logs; BSA's expanded 'document' brings electronic records in. |
| Section 351 | Criminal intimidation | Cyber-bullying, online threats, doxxing-with-threats. Subsections grade the seriousness. |
| Section 354 | Defamation | Online defamation, defamatory tweets, defamatory WhatsApp forwards. The medium does not change the section. |
The investigative consequence is that an examiner whose work supports a cyber chargesheet should expect questions on both layers. The defence will challenge the IT Act provision on technical grounds (was a computer resource actually used? Was the credential actually impersonated?) and the BNS provision on classical grounds (was there dishonest inducement? Was there intent to cause harm?). The artifact set has to support both attacks.
| 66, 66F if critical-care systems threatened |
| 318 if extortion is alleged |
| IT Act for the offence; BNS for the underlying cheating or extortion; CERT-In and DPDP layers on top. |
| Defamatory tweet | No specific IT Act section after 66A struck down | 354 | Shreya Singhal struck down 66A; defamation now sits under BNS 354 with no IT Act overlay. |
| Cyber terrorism (attack on critical infrastructure) | 66F | Often added: BNS terrorism provisions where applicable | IT Act 66F is cyber-specific; BNS terrorism captures the broader act if facts support. |
The investigative practice is that the IO drafts the FIR with the IT Act sections, the local court (the JMFC for cyber crimes in most states, or a designated cyber court where one exists) takes cognisance, and the FSL or state cyber cell examiner is asked for opinion on both layers in the chargesheet. Section 39 BSA is what authorises the examiner to give expert opinion on the electronic evidence; the underlying offences then sit on a mix of IT Act and BNS sections.
The "computer system" definition in BSA is broader than the original IEA definition. It includes any data processing device or system, which means a smartphone, a tablet, a network switch, a CCTV DVR and a vehicle telematics unit all qualify. This matters because the certificate is required for any output from any of these devices, not just for outputs from desktop or server machines.
| 65B certificate mandatory for secondary electronic evidence; overruled Navjot Sandhu |
| Good law; carries over to Section 63 BSA |
| Shafhi Mohammad v State of HP | 2018 | Certificate requirement relaxable where party not in possession of device | Overruled by Arjun Pandit Rao |
| Arjun Pandit Rao Khotkar v Kailash Kushanrao Gorantyal | 2020 | Overruled Shafhi Mohammad; certificate mandatory; must accompany record at production | Good law; the settled rule under Section 63 BSA |
This work overlaps directly with the chain-of-custody discipline covered in Chain of Custody and with the acquisition discipline in Digital First Responder: Volatility, Seizure, Imaging. The hash chain is the technical record; the seizure and forwarding memos are the procedural record; the Section 63 BSA certificate is the courtroom-facing document that pulls both together.