Section 85 of the Information Technology Act establishes the principle of corporate liability for cyber offences. It ensures that when a company commits a violation, the individuals responsible for its business conduct are held as accountable as the entity itself.\n
\n\nThe Scope of Vicarious Liability\n
\nIn the digital economy, many offences are committed by large organizations rather than single actors. Section 85 states that if a company commits a contravention, every person who was in charge of and responsible to the company at that time is deemed guilty. This includes directors, managers, and secretaries if it is proven that the offence happened with their consent, connivance, or neglect. This provision forces a culture of accountability at the top. For senior executives, staying informed about your organization's security posture is not just a business task—it is a legal necessity. Our cyber security consulting services help boards understand their specific risks under the IT Act.\n
\n\nThe \"Due Diligence\" Defense\n
\nThe law provides a critical shield for directors and managers who act responsibly. A person will not be liable if they can prove that the contravention took place without their knowledge, or that they exercised all due diligence to prevent it. This makes the existence of a robust, documented security framework your strongest legal protection. Simply having a policy is not enough; you must show that it was enforced and monitored. Aligning your corporate governance with data privacy and cybersecurity standards provides the evidence of diligence required to defend against Section 85 allegations.\n
\n\nNeglect and Connivance in Corporate Breaches\n
\nThe most dangerous area for corporate officers is \"neglect.\" Even if a director did not actively conspire to commit a crime, a failure to implement mandatory security measures can be treated as a punishable offence. This includes ignoring vulnerabilities found in audits or failing to report breaches to the authorities. When a company is investigated, the state looks for the \"person in charge.\" Having a clear trail of security approvals, budgets, and audit responses can be the difference between a corporate fine and personal criminal liability.\n
\n\nAudit Your Corporate Liability Exposure\n
\nIs your leadership team protected by a verifiable trail of due diligence? If your company manages digital assets or personal data in India, you are subject to the strict requirements of Section 85. Don't wait for a legal inquiry to check your compliance. Contact our legal and security team for a priority audit of your corporate governance and security frameworks.\n