Landmark Judgments on Electronic Records

Indian courts grappled with the admissibility of electronic records from the moment the Information Technology Act 2000 introduced the concept of electronic evidence. The Indian Evidence Act 1872 was amended in 2000 to add Sections 65A and 65B, which created a special regime for electronic records: they were classified as secondary evidence, and Section 65B prescribed the conditions under which they could be admitted. A certificate signed by a responsible official was required, stating that the computer producing the record was in regular use, that it was functioning properly, and that the record was produced in the ordinary course of the computer's activity.

Before Anvar, courts differed on whether Section 65B was the only route to admissibility or whether a party could produce an electronic record under the general provisions for documents (Sections 63 and 65 of the old Act). Several High Courts permitted electronic records to be tendered without a certificate on the basis that a computer printout was a copy of an original electronic document and therefore admissible as secondary evidence under the general secondary evidence rules. This created uncertainty for practitioners and litigants alike.

Anvar P.V. v. P.K. Basheer, decided by a three-judge bench of the Supreme Court of India in 2014, ended that uncertainty. The court held that Sections 65A and 65B constitute a complete code for the admissibility of electronic records. An electronic record cannot be admitted under the general secondary evidence provisions. If a party does not produce the certificate required by Section 65B, the electronic record is inadmissible, regardless of how clearly relevant or reliable it appears. The court expressly overruled an earlier two-judge bench decision, State (NCT of Delhi) v. Navjot Sandhu (2005), which had permitted electronic records without a certificate under the primary evidence route.

Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, decided by a three-judge bench in 2020, answered questions that Anvar had left open. The court confirmed that the certificate is a condition precedent: a court has no power to waive it or to accept the electronic record without it. But the court also held that a party who needs the certificate and cannot obtain it can apply to the court to direct the person responsible for the computer to furnish one. This is significant for parties who do not themselves control the computer system from which the record comes, such as a prosecution relying on records held by a telecom company.

The Bharatiya Sakshya Adhiniyam 2023 (BSA) replaced the Indian Evidence Act 1872 with effect from 1 July 2024. The BSA carries forward the essential structure of Sections 65A and 65B under a new numbering: Section 63 of the BSA is the functional equivalent of Section 65B. The certificate requirement is preserved. The BSA also introduces a broader definition of electronic record to cover cloud-stored data, messages on end-to-end encrypted platforms, and other modern forms of digital information that were not clearly addressed by the 2000 amendments.

The practical compliance requirements under Section 63 of the BSA are: the certificate must identify the electronic record, state the device or computer on which it was stored or processed, confirm that the device was in regular use during the period the record was created, and confirm that the record was produced in the ordinary course of the device's activities. The certificate must be signed by a person occupying a responsible position in relation to the operation of that device. For a forensic practitioner producing an extract from a seized mobile phone, this typically means the certifying person is the head of the forensic laboratory or a senior officer designated for that purpose.

The Bharatiya Nagarik Suraksha Sanhita 2023 (BNSS), which replaced the Code of Criminal Procedure, also addresses the handling of electronic evidence during investigation and trial. Section 94 of the BNSS allows a court to compel production of electronic records. The BNSS reinforces the certificate requirements by requiring that electronic records seized during investigation be accompanied by documentation of the seizure process, including the device details and the hash values of forensic copies made at the time of seizure.

The United States does not have a statutory certificate equivalent to the Indian rule. Authentication of electronic records is governed by Federal Rule of Evidence 901, which requires that evidence be supported by evidence sufficient to support a finding that the item is what the proponent claims it is. Rule 901(b) provides a non-exhaustive list of authentication methods, including testimony by a witness with knowledge, evidence of distinctive characteristics, and opinion or expert testimony.

For electronic records, courts have applied Rule 901 by looking at a combination of factors: metadata showing the time, date, and origin of a file; chain of custody documentation from the point of seizure; hash value comparisons showing the file has not been altered; and, where relevant, testimony from a qualified forensic examiner about the acquisition process. United States v. Vayner (2d Cir. 2014) is one of the clearer appellate statements of what Rule 901 demands for social media evidence: the proponent must produce evidence beyond the content of the record itself. A screenshot of a social media post is not authenticated merely by its content.

The Federal Rules do not require that a computer be proved to be functioning correctly as a precondition for admission. Instead, questions about the reliability of a computer system go to the weight of the evidence rather than its admissibility. This is a different allocation of the burden compared to both the old English approach and the current Indian approach. A party wishing to challenge the reliability of a computer system in US federal court does so in cross-examination and closing argument, not by objecting to admission.

England and Wales had, until 1999, one of the most demanding admissibility regimes for computer-generated evidence. Section 69 of the Police and Criminal Evidence Act 1984 required a party relying on computer evidence to produce a certificate or other evidence showing that the computer was operating properly at the material time and that there was no reason to doubt the proper operation of the computer in any relevant respect. This was an affirmative burden: the proponent had to prove the computer worked, not merely assert it.

Section 69 was repealed by the Youth Justice and Criminal Evidence Act 1999, following the Law Commission's recommendation that the provision was both too onerous in simple cases and insufficient in complex ones. The current position in England and Wales is based on the common law presumption that computers function correctly, subject to rebuttal. If a party wishes to challenge the reliability of a computer system, it must produce evidence of malfunction. The courts have addressed this in several cases, including R v. Cochrane (1993, decided before the repeal but influential in establishing the reliability presumption) and, more recently, in civil contexts involving banking records and trading platform data.

The Post Office Horizon scandal, in which hundreds of subpostmasters were wrongfully convicted based on erroneous data produced by a faulty computer system, has prompted significant reconsideration of the reliability presumption. The Horizon Issues Judgment in the Post Office Group Litigation (2019) found systematic and serious bugs in the Horizon accounting software that produced incorrect shortfall figures. Parliament passed the Post Office (Horizon System) Offences Act 2024 to quash the convictions. The case is now used internationally as a warning about the dangers of an unexamined presumption that computers work correctly, and courts in England and Wales have become more willing to interrogate the basis of computer evidence even without affirmative evidence of malfunction.

Beneath the procedural differences, the cases across jurisdictions grapple with the same core problems. First, digital files can be altered without visible trace, which is not true of paper documents in the same way. Second, the person who created or stored the file is often not the person who produces it in court: a telecom company holds call records; a cloud provider holds email; a forensic laboratory holds a forensic copy of a seized device. Third, the judge and often the jury lack the technical knowledge to evaluate claims about digital integrity without guidance.

The three jurisdictions have answered these problems differently. India requires a statutory certificate from a responsible person, placing the burden of proof on the proponent and creating a clear exclusionary rule. The United States uses a flexible authentication standard that can accommodate a wide range of authentication methods, but does not mandate any specific one, leaving more to judicial discretion. England and Wales uses a rebuttable presumption that simplifies admission while leaving the door open for challenges where there is actual evidence of unreliability.

The EU eIDAS Regulation (Regulation 910/2014, updated by eIDAS 2.0) takes a different approach: it deals with the legal effect of electronic signatures and qualified electronic timestamps across member states, rather than prescribing how courts must treat digital evidence in criminal or civil proceedings. A qualified electronic signature under eIDAS has the same legal effect as a handwritten signature; a qualified timestamp creates a presumption that the data existed at the stated time. These rules feed into evidence law in EU member states but do not create a uniform criminal evidence framework.

The certificate and authentication requirements impose specific obligations on forensic practitioners that go beyond the technical work of examining a device. A forensic examiner who produces a technically excellent report but does not ensure that the certificate or authentication foundation is in place may find their work excluded. In Indian proceedings, the examiner or a designated senior colleague must be prepared to sign the Section 63 BSA certificate at the time the report is filed. The certificate covers the forensic system used to produce the output, not just the original device, so the laboratory's own computers and acquisition tools are within its scope.

In US proceedings, the examiner must be prepared to testify about the acquisition process, the tools used, the hash values computed at acquisition and at trial, and any anomalies observed. The ACPO Good Practice Guide for Digital Evidence (now superseded by the College of Policing Digital Media Investigations guidance in England and Wales) and the NIST guidelines for mobile device forensics in the US both address documentation requirements that map onto the authentication standards courts apply. Following those guidelines produces the documentation that satisfies Rule 901.

The cases also signal that courts will not excuse a failure to comply with admissibility requirements simply because the evidence is compelling. Arjun Khotkar is explicit: the certificate is mandatory, and relevance or reliability do not substitute for it. This places a premium on early engagement between the forensic practitioner and the legal team, so that any certificate, chain of custody documentation, or authentication evidence is gathered and filed before it is needed rather than scrambled for at trial. See also the discussion of admissibility standards around the world for a broader comparative treatment.