Cybercrime and Law Enforcement in India: Compliance & Legal Framework
Explore India’s cybercrime reporting, enforcement agencies, digital forensics, and legal frameworks. A practical guide for compliance and financial risk professionals.
CRCGS
0
1
Indian cybercrime is expanding both in scope and complexity with the growth of business and the increasing use of the internet in the private and government sectors. Even though threats have emerged in the form of phishing and ransomware to complex monetary frauds, Indian enforcement must also be agile and current. Effective investigation and enforcement are as much a matter of operation-based interagency coordination and application of digital forensic methods as remedies through law. This article addresses reporting and investigation of cybercrime in India, the primary institutions like CERT-In, CBI, and FIU-IND, and digital evidence management as per the Indian law.
Mechanisms for Reporting Cybercrime
Indian citizens are now able to report cybercrime with increased citizen-friendly e-governance from the government. Home Ministry's National Cyber Crime Reporting Portal (https://cybercrime.gov.in) is an interface for victims to lodge online complaints of cybercrime against internet-based financial fraud, impersonation, and harassment. The victims also have an emergency helpline number 1930 to utilise, which has been especially designed to report financial cyber fraud.
State and local police stations continue to be public access points. State police have formed specialised cyber units, mostly in urban belts. Enforceability, however, can vary enormously from state to state, especially in rural or semi-urban areas with minimal or no cyber capacity. In prosecuting cybercrimes, the law enforcement agencies are using provisions of the Indian Penal Code (IPC), 1860, and the Information Technology (IT) Act, 2000. Sections that would be used include IPC Sections 420 (cheating) and 468 (forgery), and IT Act Sections 66C (identity theft) and Section 66D (impersonation) (Ministry of Home Affairs, 2023).
Enforcement Agencies and Their Jurisdictional Roles
India's cybercrime policing is multi-agency in character, and operations range depending on the intensity and character of the crime. Local and state police stations are the first point of contact for the majority of the complaints of cybercrime, particularly those related to cyberbullying, phishing, or defamation. State cyber cells are being equipped with at least a minimum forensic kit and manpower trained for electronic evidence collection to a greater extent.
The Central Bureau of Investigation (CBI) addresses the jurisdiction of transnational or international issues. Cybercrimes against national critical infrastructure, government data, or the nature of economic cybercrime on a mass scale with cross-border effects, and those with cross-border effects specifically, are addressed by the CBI Cyber Crime Unit (CBI, 2024). The CBI works with Interpol, foreign law enforcement agencies, and central forensic science laboratories.
Another highly satisfying institution is the Indian Computer Emergency Response Team (CERT-In). CERT-In is located in the Ministry of Electronics and Information Technology (MeitY) and is the national nodal agency for cybersecurity. CERT-In issues advisories, disseminates incident responses, and collaborates with the public and private sector stakeholders. Organisations have to notify CERT-In of an incident of a cybersecurity incident within six hours of its occurrence under the CERT-In Directions, 2022 (CERT-In, 2023).
FIU-IND is one of the key agencies involved in the detection of financial cybercrime. It is controlled by the Ministry of Finance and is also tasked with receiving and examining reports of suspicious transactions (STRs), cross-border flows of funds, and financial abuse of cryptocurrency. It possesses a central enforcement role in the Prevention of Money Laundering Act (PMLA), 2002, against cases of money laundering, financing of terror activities, and economic cyber frauds (FIU-IND, 2024).
Legal Foundation for Cybercrime Investigation
The Indian system of enforcing cybercrime consists of a two-tier judicial system comprising substantive law and procedural law. The Information Technology Act, 2000, as modified in 2008, has offences of the kind of theft of data, hacking, cyberterrorism, and Internet-based fraud. This is supported by the Indian Penal Code, 1860, where traditional crimes of the kind involving electronic media, i.e., forgery, criminal intimidation, and defamation, are enumerated.
Acceptability of electronic evidence in courts is governed under Section 65B of the Indian Evidence Act, 1872, which subjects any electronic document presented as proof to the certificate of authenticity. Section 65B has been the subject matter of concern for the majority of the judgments passed by courts, particularly in respect of economic offences. Code of Criminal Procedure, 1973, sets forth legal standards of search, seizure, and arrest in cybercrime crimes. Procedure procedures continue to be a condition precedent so that investigations could be subjected to the acid test of prosecution and judicial scrutiny.
Digital forensics is a vital component of the current cybercrime investigation with the development of banking, insurance, and e-governance. Digital forensics involves the detection, collection, examination, and representation of digital evidence in a legal and forensic acceptable manner.
The standard process of digital forensics includes hard drive imaging, recovery of deleted files, log and network examination, and metadata examination. Law enforcement and compliance examiners primarily utilise FTK, EnCase, Autopsy, and Wireshark forensic tools to track attack vectors and build evidence. Forensic integrity is involved here; the investigators must have a tamper-evident chain of custody in the sense that they should be able to guarantee that the evidence would be admissible as per Section 65B of the Indian Evidence Act.
Computer forensic experts are also being used more in regulatory cases, particularly where there is a secure public network or financial networks involved. Collaboration from incident response teams, particularly from CERT-In or corporate SOCs (Security Operations Centres), is required in such interventions.
Case Studies and Enforcement Illustrations
INTERPOL collaborated with the Timor-Leste government and CERT-In in July 2025 to recover over USD 40 million from a BEC foreign Business Email Compromise fraud. Early warning, blockchain tracing, and global cooperation enabled freezing funds and keeping the criminals in custody. Cyber tracing and police liaison were enabled by Indian law enforcement agencies, i.e., CBI and CERT-In (INTERPOL, 2025).
In yet another significant case, an unsubscribed multi-level returns marketing platform busted a ₹100 crore cryptocurrency fraud investment in 2024. FIU-IND has raised alarm on suspicious transactional behaviour of crypto accounts, and CBI has choreographed the digital asset seizure. Blockchain investigative gear assisted in tracing money flows from other platforms.
These cases indicate the need for real-time reporting, cross-border legal mechanisms for prosecuting cybercrime, and interagency coordination.
Compliance Consequences and Evolving Expectations
Banks, fintech, and authorised participants will need to ensure a strong framework of cybersecurity compliance regulations in tandem with industry sector norms by sector regulators such as RBI, SEBI, and IRDAI. Recent CERT-In Directions include six-hour reporting and logs for at least 180 days. Non-adherence will attract regulatory penalties, loss of reputation, and revocation of licensing rights.
Astringent compliance regimes incorporate stringent KYC practices, anti-money laundering practices, cyber incident response planning and regular internal audits. Banks are also being compelled to facilitate special threat units and have a nodal agency liaison like CERT-In and FIU-IND. Employee capacity building and periodic penetration testing, and cyber drills are part of an aggressive compliance agenda.
Conclusion
India's cybercrime investigation and enforcement are governed by a harmonious mix of national cybersecurity agencies, financial intelligence agencies, law enforcement agencies, and forensic experts. End-to-end smooth comprehension of report procedures, judicial admissibility of electronic evidence, and coordination among agencies are essential to ensure maximum compliance and risk mitigation. Because cyber attacks evolve by the minute, firms must stay one step ahead of the game, apply the most effective digital forensic best practices and remain aligned with evolving regulatory needs in order to make sure that they do not run legal risks.
