Introduction
India’s new
criminal law structure — the Bharatiya Nyaya Sanhita, 2023 and the Bharatiya
Nagarik Suraksha Sanhita, 2023— has replaced the old IPC and CrPC with a
framework that’s designed for the digital age. Unlike their
predecessors, these codes consciously incorporate the idea of territorial,
extraterritorial, and technological jurisdiction, acknowledging that modern
crimes — especially cybercrimes — rarely stay within one country’s
borders.
Let’s look at these provisions in detail.
📘
1. Bharatiya Nyaya Sanhita (BNS), 2023 — Section 1(5): Extension of
Jurisdiction Beyond India
Section 1(5), BNS, 2023:
"It extends to the whole of India and applies
also to any offense committed by—
(a) any citizen of India in any place without and beyond India;
(b) any person on any ship or aircraft registered in India wherever it may be;
and
(c) any person in any place without and beyond India committing offense
targeting a computer resource located in India."
🧾
Explanation:
This provision is a jurisdictional expansion clause,
ensuring that Indian criminal law applies not only within the national
territory but also to certain offenses committed outside India.
Let’s break down each part:
(a) Offenses by Indian Citizens Abroad
This means if an Indian citizen commits a cyber
offense — such as hacking, phishing, or online fraud — while physically
present in another country, Indian authorities can still prosecute that person
under Indian law.
For example:
If an
Indian national in Dubai hacks into the data servers of an Indian company, the
act is punishable under the BNS because the citizen’s nationality
connects him to India.
Note: This principle
mirrors the Nationality Principle of international law — a state can
exercise jurisdiction over its citizens anywhere in the world.
(b) Offenses on Indian Ships or Aircraft
This clause continues the protective principle
of law — that Indian-registered vessels, ships, and aircraft are treated as floating
territories of India.
So, a cyberattack or data theft committed on an Air India flight or Indian
merchant vessel can be prosecuted under the BNS, regardless of where the
vehicle was located when the act occurred.
Example: A passenger hacks
into the aircraft’s digital entertainment system or steals passenger data while
the plane is over international waters — India retains jurisdiction.
(c) Cyber Offenses Targeting Indian
Computer Resources
This is the most modern and cyber-specific
innovation in Section 1(5).
It explicitly recognizes cyber targeting — meaning, if a person outside
India commits a crime that affects Indian computer systems, data, or
networks, India can assert jurisdiction.
This aligns with Section 75 of the Information
Technology Act, 2000, which similarly gives extraterritorial reach to
Indian cyber law.
Example:
A person in China launches a ransomware attack on an Indian hospital’s database
in Mumbai. Even though the attacker is abroad, India’s courts can claim
jurisdiction, since the effect and harm occurred in India.
💡
Significance:
Section 1(5) of the BNS ensures that India’s criminal
law travels beyond borders — a crucial step when dealing with cybercrimes
that are transnational, decentralized, and remote-controlled.
In short:
The BNS gives Indian courts the power to pursue offenders who are abroad but
target Indian digital assets — reinforcing the principle of effects-based
jurisdiction in cyberspace.
📘 2. Bharatiya Nagarik Suraksha Sanhita
(BNSS), 2023 — Procedural Provisions Governing Jurisdiction
The BNSS, 2023, which replaces the old Criminal
Procedure Code (CrPC), 1973, provides detailed procedural guidance on where
a case should be tried and which court or police station has territorial
authority — both critical for cyber law.
Below are the key sections relevant to jurisdiction in
cybercrimes.
⚖️ Section
197 — Ordinary Place of Inquiry and Trial
A
case is normally tried by the court in whose area the crime occurred.
This is the fundamental territorial rule —
jurisdiction usually lies where the act occurred. However, in
cyberspace, determining where an “act” occurred is complex — was it where the
message was sent, received, stored, or caused harm?
Hence, courts interpret this rule flexibly in cyber
cases, guided by effects and impact, not just the physical origin
of the act.
Cyber view:
For digital crimes, the “place” could mean where the
message or data was sent, received, stored, or where loss or harm occurred.
If a fraudulent message is sent from Pune and the
victim loses money in Delhi, both places can claim jurisdiction.
⚖️ Section
198 — Place of Trial When It Is Uncertain Where Offense Was Committed
“Where it is uncertain in which of several local areas
an offense was committed, or where it was committed partly in one area and
partly in another, the case may be tried by a court having jurisdiction over
any of such areas.” In other words, If it’s unclear where a crime
happened, or if it happened partly in several places, continued over time
across different locations, or involved multiple acts in multiple areas—any
court connected to those places can try the case.
🧾
Explanation:
This clause ensures that cyber offenses are not
dismissed for lack of territorial clarity.
Even if the exact location of the digital act cannot be pinpointed — as in
cases involving VPNs or encrypted servers — courts can still assume
jurisdiction if there’s any reasonable connection to their area.
Example:
A
ransomware attack routed through multiple foreign servers hides the true
origin.
Still, if the victim system is in India, Indian courts can validly take up the
case.
When Location of Offence Is Uncertain or Spreads
Across Areas
Essence:
⚖️ Section
199 — Offence Triable Where Act Is Done or Consequence Ensues
If
an act becomes an offence because of both what was done and the result it
caused, either place—the act’s origin or where the effect occurred—can take
jurisdiction.
Cyber view:
Say malicious code is uploaded from Chennai and it
crashes systems in Gurugram. Both Chennai (the act) and Gurugram (the
consequence) have jurisdiction.
⚖️ Section
200 — Offence by Relation to Another Offence
When one
offence is linked to another—say, aiding, abetting, or concealing—it may be
tried wherever either act happened.
Cyber view:
If someone in Delhi helps launder money stolen through
a phishing scam operated from Bengaluru, both Delhi and Bengaluru courts can
handle the case.
⚖️ Section
201 — Special Rules for Certain Offences
Specific
crimes like theft, misappropriation, or kidnapping can be tried where the act
occurred, where the property or victim was moved, or where stolen property was
found.
Cyber view:
For data theft or digital fraud, courts may look at:
- where the data was taken,
- where it was stored or transferred,
- or where the benefit was received.
Example: stolen data
stored on a server in Noida but sold online to a buyer in Ahmedabad—both
locations qualify.
⚖️ Section
202 — Offences by Electronic Communications, Letters, or Messages
If
deception or cheating is done through electronic means—emails, messages, or
calls—the case can be tried where the message was sent or received, or where
the deceived person handed over or the accused received the property.
Cyber view:
This is the key section for cyber-fraud. A scammer
emailing from Mumbai to a victim in Delhi (who transfers money to an account in
Jaipur) gives all three places jurisdiction: send, receive, and benefit.
⚖️ Section
203 — Offence Committed on Journey or Voyage
This
section applies to crimes occurring during movement or digital transmission —
such as data interception, packet sniffing, or mid-transit tampering of emails
or messages.
It allows jurisdiction both where the message was sent and where it was
intercepted or altered.
Cyber view:
Applies to data “in transit.”
If an email sent from Kolkata to Delhi is intercepted
through a compromised router in Lucknow, all three courts can take cognizance.
⚖️ Section
204 — Place of Trial for Offences Triable Together
When
multiple connected offences or accused can be tried in one trial, the case may
be taken up by any court competent for any of them.
Cyber view:
If a
hacking group commits several connected offences—phishing, identity theft, and
extortion—the entire set can be tried in one court covering any one of the
acts.
⚖️ Section
205 — Power to Transfer Cases to Another Sessions Division
The
State Government may direct that certain cases be tried in a different sessions
division, provided this doesn’t conflict with any order of a higher court.
Cyber view:
Useful for complex cyber-cases involving multiple
regions—say, centralising trial in one cyber-crime court for convenience or
security.
⚖️ Section
206 — High Court to Decide Jurisdiction When Doubt Exists
If
two or more courts take up the same offence, the High Court decides which one
should proceed.
Cyber view:
Prevents
confusion when multiple police units or cyber-cells register overlapping cases
about the same online fraud.
⚖️ Section
207 — Summons or Warrant for Offence Beyond Local Jurisdiction
A
Magistrate may act if someone within their area committed an offence outside
it—inside or outside India—and can send that person to the proper court or take
bond for appearance.
Cyber view:
If an accused living in Chennai committed an online
crime targeting victims in another state or abroad, the local magistrate can
start the process and forward the case to the right jurisdiction.
⚖️ Section
208 — Offence Committed Outside India
Crimes
committed abroad by Indian citizens, or on Indian-registered ships or aircraft,
can be tried in India—with prior Central Government sanction.
Cyber view:
If an Indian tech worker in Singapore hacks an Indian
bank’s server, Indian authorities can prosecute once the person is within
Indian reach—after the required sanction.
⚖️ Section
209 — Evidence for Offences Committed Outside India
When trying
an offence under Section 208, the Central Government may allow depositions or
exhibits recorded abroad—physically or electronically—to be used as evidence in
Indian courts.
Cyber view:
In international cybercrime, this allows data logs,
forensic reports, or witness statements from foreign jurisdictions to be
admitted lawfully in Indian proceedings.
⚖️
Conclusion
The combined framework of BNS, BNSS, and the IT Act
equips India with one of the most forward-looking legal structures for
cyberspace. By recognizing both territorial and extraterritorial jurisdiction,
it empowers Indian authorities to pursue global offenders while aligning with
international legal norms.
