Section 69 of the Information Technology Act grants the Central and State Governments the power to issue directions for the interception, monitoring, or decryption of information generated, transmitted, or stored in any computer resource. These powers are granted only when the government is satisfied that such an action is necessary for national sovereignty, security of the state, public order, or the investigation of an offence. It is one of the most powerful and discussed provisions in Indian cyber law.\n
\n\nGrounds for Lawful Interception\n
\nThe government cannot exercise these powers arbitrarily. There must be reasons recorded in writing, and the action must serve a specific interest, such as preventing a cognizable offence or maintaining friendly relations with foreign states. This legal framework attempts to balance the state's need for surveillance with the citizen's right to privacy. For businesses, this means that any request for data must be accompanied by a valid order issued by an authorized officer.\n
\n\nThe Obligation to Assist with Decryption\n
\nA key component of Section 69 is the requirement for subscribers, intermediaries, or any person in charge of a computer resource to provide technical assistance. This includes providing access to the resource and assisting with the decryption of information. A refusal to provide this assistance is a serious criminal act, punishable by imprisonment for up to seven years and a fine. This has major implications for services that use end-to-end encryption.\n
\n\nProcedures and Safeguards\n
\nThe law mandates specific procedures and safeguards that the government must follow when carrying out interception or monitoring. These rules are designed to prevent the abuse of surveillance powers and ensure that data is handled with confidentiality. Organizations should have a clear protocol for responding to such orders, ensuring that the request is authentic and that only the relevant data is shared. Our data protection and privacy guidance explains how to manage these legal requests while protecting user rights.\n
\n\nManaged Security and Incident Response\n
\nIn many cases, the government's need for interception arises from an active security threat or a large-scale cybercrime. If your organization is targeted as part of a wider investigation, you may be called upon to share traffic logs or decryption keys. Being prepared for such a request is a vital part of your incident response plan. You must be able to verify the legal order quickly and cooperate without compromising the overall security of your network.\n
\n\nManage Your Surveillance Compliance\n
\nHandling government requests for data requires a delicate balance of legal compliance and technical oversight. If your organization operates a communication platform or manages sensitive data, you must understand your obligations under Section 69. Consult with our cyber law specialists to establish a secure and compliant protocol for handling decryption and interception orders.\n