• Which Section of the Information Technology Act Deals With Cyber Terrorism?

    DY Patil University
Item 1 of 1

Section 66F of the Information Technology Act, 2000, is the section that deals with cyber terrorism in India. For anyone searching for which section of the Information Technology Act deals with cyber terrorism, this single provision is the definitive answer. Section 66F was inserted through the Information Technology (Amendment) Act, 2008, and it does three things at once: it defines cyber terrorism, it lists the specific acts that amount to the offence, and it prescribes a punishment that may extend to imprisonment for life. Among the many offences created by the IT Act, cyber terrorism sits at the very top in terms of gravity.

This guide explains, in plain language, what Section 66F actually says, how the law frames cyber terrorism under the IT Act 2000, what the punishment for cyber terrorism in India looks like in practice, how the offence differs from ordinary hacking, and how it connects to related laws such as the Unlawful Activities (Prevention) Act. Readers who want the exact provision, its precise wording, and how it plays out in real cases will find the full text of Section 66F broken down clause by clause, along with real case examples and the agencies that investigate these crimes.

Cyber terrorism in India is dealt with under Section 66F of the Information Technology Act, 2000. It was added by the IT (Amendment) Act, 2008 and came into force on 27 October 2009.

  • Section: Section 66F, Chapter XI of the IT Act, 2000
  • Offence: Cyber terrorism (threatening the unity, integrity, security, or sovereignty of India, or striking terror through a computer resource)
  • Punishment: Imprisonment, which may extend to imprisonment for life
  • Nature: Cognizable and non-bailable offence

Understanding Cyber Terrorism Under the IT Act 2000

Cyber terrorism is the meeting point of two worlds: cyberspace and terrorism. In simple terms, it refers to the use of computers, networks, and the internet to attack a nation, spread fear among its people, or cripple the systems that a country depends on to function. Unlike a financial scam or a data leak driven by profit, cyber terrorism under the IT Act 2000 is defined by a deeper and more dangerous purpose: an intent to threaten national security or to strike terror in the public.

The cyber terrorism definition under the IT Act, therefore, turns on two ingredients working together. First, there must be a wrongful act using a computer resource, such as denying access to a system, breaking into a network without authorization, or introducing a computer contaminant like a virus or malware. Second, that act must be carried out with a specific intent, namely to threaten the sovereignty of India or to terrorise people, or with knowledge that it is likely to harm critical information infrastructure. It is this combination of a harmful act and a grave intent that separates cyber terrorism from every other offence in the statute.

Element of Section 66F What It Means in Plain Language
Wrongful act Denial of access, unauthorised access or penetration of a computer resource, or introducing a computer contaminant (virus, malware, or similar).
Grave intent Intent to threaten the unity, integrity, security, or sovereignty of India, or to strike terror in the people or any section of the people.
Serious consequence Causing death or injury, damage to property, disruption of essential services, or an adverse effect on critical information infrastructure.
Sensitive information route Knowingly accessing restricted data relating to the security of the State or foreign relations, likely to injure India’s interests.

Know More: How to Study Computer Science After 12th: Best Courses and Career Path

Which Section of the Information Technology Act Deals With Cyber Terrorism? A Closer Look at Section 66F

To restate the answer plainly: the section of the Information Technology Act that deals with cyber terrorism is Section 66F. The provision is split into two parts. Sub-section (1) defines the offence and describes the conduct that constitutes it, while sub-section (2) sets out the punishment. The structure is worth understanding because Section 66F does not treat every cyber attack as cyber terrorism. The bar is deliberately high.

Section 66F(1)(A): Attacks that endanger the nation or its people

The first limb covers a person who acts with intent to threaten the unity, integrity, security, or sovereignty of India, or to strike terror, by denying authorised users access to a computer resource, by attempting to penetrate or access a system without authorisation, or by introducing a computer contaminant. Crucially, the conduct must cause, or be likely to cause, death or injury to persons, damage to or destruction of property, disruption of essential services, or an adverse effect on the critical information infrastructure specified under Section 70.

Section 66F(1)(B): Stealing secrets that endanger the State

The second limb targets a person who knowingly accesses a computer resource without authorisation and, in doing so, obtains restricted information or data connected to the security of the State or to foreign relations. If that information is likely to be used to injure the sovereignty and integrity of India, the security of the State, or friendly relations with foreign nations, the act falls within the definition of cyber terrorism. This limb recognises that espionage and the theft of sensitive national data can be as dangerous as a direct attack on a network.

Section 66F(2): The punishment

Sub-section (2) is short but severe. It states that whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment, which may extend to imprisonment for life. Notably, the section also punishes conspiracy, which means that planning such an attack can attract the same liability as carrying it out.

Provision Focus Core Requirement
Section 66F(1)(A) Attacks on systems and people Wrongful act plus terrorist intent plus serious harm or risk to critical infrastructure.
Section 66F(1)(B) Theft of restricted State data Unauthorised access to protected information likely to injure national interests.
Section 66F(2) Punishment Imprisonment which may extend to imprisonment for life; conspiracy is also punishable.

Know More: Software Developer, Programmer, and IT Salary in India: A Complete 2026 Guide

The IT (Amendment) Act, 2008, and the Origin of Section 66F

The original Information Technology Act of 2000 did not contain a dedicated provision on cyber terrorism. The gap became impossible to ignore as digital systems grew central to banking, power, transport, and defence, and as national security concerns intensified in the late 2000s. Parliament responded with the IT (Amendment) Act, 2008, which was passed in December 2008, received presidential assent in February 2009, and came into force on 27 October 2009. Section 66F was one of its most significant additions.

The IT (Amendment) Act 2008 cyber terrorism provision was drafted broadly on purpose. It captures attacks on infrastructure, the introduction of malicious code, denial of service, and the theft of sensitive State information, all under a single umbrella. The same amendment also strengthened the wider framework by refining offences such as hacking under Section 66 and by reinforcing the protection of critical systems under Section 70. In short, 2008 marked the point at which Indian cyber law formally recognised that a keyboard could be turned into a weapon against the State.

Punishment for Cyber Terrorism Under Section 66F

The Section 66F punishment is the harshest that the IT Act provides. While most offences under the statute carry imprisonment of two or three years, cyber terrorism carries imprisonment that may extend to life. This reflects the seriousness of an offence that can, in theory, disrupt hospitals, power grids, financial systems, or defence networks.

Two further points matter for the punishment for cyber terrorism in India. First, cyber terrorism is a cognizable offence, which means the police can register a case and begin investigating without prior approval from a court. Second, it is non-bailable, so bail is not granted as a matter of right and rests within the court’s discretion. It is worth noting that Section 66F(2) itself specifies imprisonment and does not, in its own words, prescribe a separate fine; a court may still impose fines under general sentencing powers depending on the case.

Offence IT Act Section Punishment
Cyber terrorism Section 66F Imprisonment, which may extend to imprisonment for life.
Computer-related offences (hacking) Section 66 Up to 3 years imprisonment, or a fine up to Rs 5 lakh, or both.
Identity theft Section 66C Up to 3 years imprisonment and a fine up to Rs 1 lakh.
Cheating by personation Section 66D Up to 3 years imprisonment and a fine up to Rs 1 lakh.
Access to a protected system Section 70(3) Up to 10 years imprisonment and a fine.

Figures for fines are indicative of the statutory position and should be verified against the current Bare Act before publication.

Know More: B.Tech Cyber Security Colleges in Maharashtra: Everything You Need to Know Before Applying (2026 Guide)

Cyber Terrorism vs Hacking Under the IT Act

A common source of confusion is the difference between cyber terrorism vs hacking under the IT Act. The two can look identical on a technical level because both may involve unauthorised access to a system. The law, however, draws the line at intent and impact. Ordinary hacking is dealt with under Section 66 and is about unauthorised access or damage, often for money, mischief, or curiosity. Cyber terrorism under Section 66F requires something far graver: an intent to threaten the sovereignty of India or to terrorise the public, usually aimed at critical systems.

Put simply, hacking a private company’s server to steal customer records is a serious crime, but it is not cyber terrorism unless it is done with the intent and impact described in Section 66F. The presence of terrorist intent and the targeting of national security or critical information infrastructure is what transforms a cyber offence into cyber terrorism.

Aspect Hacking (Section 66) Cyber Terrorism (Section 66F)
Typical motive Financial gain, curiosity, revenge, or mischief. Threatening national security or striking terror in the public.
Required intent Dishonest or fraudulent intent to access or damage. Intent to threaten the sovereignty of India or to terrorise people.
Usual target Individuals, businesses, or ordinary systems. Critical infrastructure, government, defence, or State data.
Punishment Up to 3 years and/or fine. Up to imprisonment for life.
Bail Generally bailable. Cognizable and non-bailable.

Know More: Best BTech CSE Colleges in Mumbai 2026: Which One Should You Choose for High-Paying Tech Careers?

Section 66F and Related IT Act Sections on Cybercrime

Section 66F does not operate alone. It is part of a family of IT Act sections on cybercrime that together cover the full range of digital offences, from petty data theft to attacks on national infrastructure. Understanding where Section 66F sits within this framework helps clarify why it is reserved for the gravest cases. The table below maps the most important provisions.

Section Offence It Covers Punishment (Indicative)
Section 43 Damage to computer or data (civil liability). Compensation to the affected person.
Section 66 Hacking and computer-related offences. Up to 3 years and/or a fine up to Rs 5 lakh.
Section 66B Dishonestly receiving stolen computer resources. Up to 3 years and/or a fine up to Rs 1 lakh.
Section 66C Identity theft. Up to 3 years and a fine up to Rs 1 lakh.
Section 66D Cheating by personation using a computer. Up to 3 years and a fine up to Rs 1 lakh.
Section 66E Violation of privacy (capturing private images). Up to 3 years and/or a fine up to Rs 2 lakh.
Section 66F Cyber terrorism. Up to imprisonment for life.
Section 67 Publishing obscene material in electronic form. Imprisonment and fine, higher on repeat offence.
Section 70 Access to a protected system (critical infrastructure). Up to 10 years and fine.

Critical Information Infrastructure and Section 70

Section 66F repeatedly refers to critical information infrastructure, and to understand the offence fully, that term must be read alongside Section 70. The IT Act defines critical information infrastructure as any computer resource whose incapacitation or destruction would have a debilitating impact on national security, the economy, public health, or safety. Under Section 70, the appropriate government may declare such a resource a protected system by notification, after which unauthorised access carries imprisonment of up to ten years.

Two related provisions complete the picture. Section 70A establishes a national nodal agency for the protection of critical information infrastructure, a role performed by the National Critical Information Infrastructure Protection Centre (NCIIPC), notified in January 2014. Section 70B establishes CERT-In, the Indian Computer Emergency Response Team, as the national agency for cyber security incident response. In practice, banks, power utilities, and payment systems have been declared protected systems, which is exactly why an attack on them can escalate from ordinary hacking to cyber terrorism under Section 66F.

Provision Role in Protecting Critical Systems
Section 70 Empowers the government to declare a computer resource a protected system; unauthorised access is punishable with up to 10 years’ imprisonment and a fine.
Section 70A Creates the national nodal agency (NCIIPC) for critical information infrastructure protection, research, and coordination.
Section 70B Establishes CERT-In as the national incident-response agency, issuing alerts, advisories, and coordinating responses to cyber attacks.

Section 66F Case Laws and Real-World Examples

Because the threshold for cyber terrorism is so high, reported convictions purely under Section 66F remain rare, and courts have approached the section with caution. Still, several incidents illustrate how Section 66F case laws and investigations have unfolded in India. When interpreting terms such as striking terror, courts tend to draw on established jurisprudence from anti-terror laws. One point deserves emphasis: invoking Section 66F in a First Information Report is not the same as a conviction, and the intent element must ultimately be proved.

Incident or Case What Happened Why It Matters
BSE and NSE threat email A threatening email was sent to the Bombay Stock Exchange and the National Stock Exchange, challenging security agencies. An early instance of Section 66F being invoked over threats to financial systems.
Andhra Pradesh attack (2012) Suspected cross-border attempts to breach government websites linked to internal security. Highlighted the vulnerability of government systems to hostile actors.
Rajkot CCTV footage case (2025) Hackers accessed CCTV systems using foreign VPNs and circulated private footage; police invoked Section 66F(2). Shows the section being invoked in newer cases, while its terrorist-intent threshold is tested.
Shreya Singhal v. Union of India (2015) The Supreme Court struck down Section 66A as unconstitutional. Often confused with 66F; it clarifies that 66A, not 66F, was the provision struck down.

Case details are drawn from public reporting and are summarised for context; individual case outcomes should be verified before publication.

How Section 66F Connects to Other Laws

Cyber terrorism rarely sits in a single legal box. In serious cases, investigators often invoke Section 66F alongside other laws to cover every angle of the offence. The most important companion is the Unlawful Activities (Prevention) Act, 1967 (UAPA), India’s principal anti-terrorism statute, whose definition of a terrorist act overlaps with the intent element of Section 66F. General criminal law also applies: since 1 July 2024, the Bharatiya Nyaya Sanhita, 2023 (BNS) has replaced the Indian Penal Code, and cyber-enabled offences are frequently charged under both the BNS and the IT Act together.

Other laws round out the framework. The Official Secrets Act, 1923 protects classified information, while the Bharatiya Sakshya Adhiniyam, 2023 (which replaced the Indian Evidence Act) governs how digital evidence is admitted in court. It is worth noting that a comprehensive replacement for the IT Act, often referred to as the Digital India Act, has been under discussion for several years but has not yet been enacted, which means the cyber terrorism law in India continues to rest on Section 66F of the IT Act.

Law Relevance to Cyber Terrorism
IT Act, 2000 (Section 66F) The primary provision defining and punishing cyber terrorism.
UAPA, 1967 India’s main anti-terror law; its definition of a terrorist act overlaps with Section 66F.
Bharatiya Nyaya Sanhita, 2023 Replaced the Indian Penal Code (from 1 July 2024); covers cyber-enabled offences and organised crime.
Official Secrets Act, 1923 Protects classified State information often targeted in cyber-espionage cases.
Bharatiya Sakshya Adhiniyam, 2023 Governs the admissibility of electronic and digital evidence in court.

Digital Evidence, CERT-In, and Investigating Cyber Terrorism

Prosecuting cyber terrorism is difficult, and the difficulty usually lies in the evidence. A cyber attack leaves electronic traces rather than physical ones, so investigators depend on server logs, metadata, intercepted communications, and forensic images of devices. This digital evidence must be collected and preserved with a strict chain of custody, because a break in that chain can weaken an otherwise strong case.

Several agencies coordinate the response. CERT-In analyses incidents and issues alerts, and its directions require certain cyber incidents to be reported within a short window of a few hours. The NCIIPC guards the nation’s protected systems, while state police cyber cells and the Indian Cyber Crime Coordination Centre handle registration and field investigation. In recent years, CERT-In has reported handling a very large volume of incidents annually, running into the millions, a scale that underlines why cybersecurity agencies and skilled professionals are in such high demand. A further challenge is attribution, since a denial of service (DoS) attack or intrusion may be routed through servers in several countries, complicating both investigation and prosecution.

Building a Career at the Frontline of Cyber Defence

Laws such as Section 66F are only as strong as the people who enforce and support them. Defending a nation against cyber terrorism calls for two kinds of expertise working side by side: technologists who can secure networks, investigate intrusions, and protect critical information infrastructure, and legal professionals who understand how statutes like the IT Act apply to digital conduct. Both paths begin with the right education.

At Ramrao Adik Institute of Technology (RAIT), a constituent institute of DY Patil Deemed to be University, Navi Mumbai, students can build exactly this kind of technical depth. The M.Tech in Information Technology develops advanced skills in areas closely tied to cyber defence, from network and systems security to data-driven analysis. For those drawn specifically to security and investigation, the B.Tech in Cyber Security and Digital Forensics covers cryptography, ethical hacking, malware analysis, and cyber law. Aspirants interested in the legal side of technology can explore the programmes offered by the DY Patil University School of Law. As one of the strong private and deemed university options in the Mumbai region, DY Patil, Navi Mumbai, combines industry-aligned curricula with hands-on laboratories. Prospective candidates are encouraged to contact the admissions office for current fees, eligibility, and intake details.

Frequently Asked Questions (FAQs)

  1. Which section of the Information Technology Act deals with cyber terrorism?

    Section 66F of the Information Technology Act, 2000, deals with cyber terrorism in India. It defines the offence, describes the acts that constitute it, and prescribes punishment that may extend to imprisonment for life.

  2. What is the punishment for cyber terrorism under Section 66F?

    The Section 66F punishment is imprisonment, which may extend to imprisonment for life. The offence is cognizable and non-bailable, and conspiracy to commit cyber terrorism is also punishable.

  3. When was Section 66F added to the IT Act?

    Section 66F was inserted by the IT (Amendment) Act, 2008. It received presidential assent in 2009 and came into force on 27 October 2009.

  4. Is cyber terrorism under Section 66F a bailable offence?

    No. Cyber terrorism under Section 66F is a cognizable and non-bailable offence, so bail is not granted as a matter of right and is decided by the court.

  5. What is the difference between cyber terrorism and hacking under the IT Act?

    Hacking under Section 66 usually involves unauthorised access for gain or mischief. Cyber terrorism under Section 66F requires intent to threaten national security or strike terror, and typically targets critical information infrastructure.

  6. Does Section 66F require actual damage, or is intent enough?

    Section 66F can apply even where physical damage does not occur, provided the required intent is present and the act is likely to cause the harm described, such as an adverse effect on critical information infrastructure.

  7. What is critical information infrastructure under Section 70?

    It is any computer resource whose incapacitation or destruction would have a debilitating impact on national security, the economy, public health, or safety. Section 70 lets the government declare such a resource a protected system.

  8. Which agencies investigate cyber terrorism in India?

    CERT-In handles incident response, the NCIIPC protects critical information infrastructure, and state police cyber cells along with the Indian Cyber Crime Coordination Centre investigate cases and collect digital evidence.

  9. Can Section 66F apply alongside the UAPA or the BNS?

    Yes. In serious cases, Section 66F is often invoked with the Unlawful Activities (Prevention) Act and, since 1 July 2024, the Bharatiya Nyaya Sanhita, which replaced the Indian Penal Code.

  10. How can students build a career in fighting cyber terrorism?

    Students can pursue technology programmes such as an M.Tech in Information Technology or a B.Tech in Cyber Security, or study cyber law. These paths build the technical and legal skills needed to defend digital systems.

Conclusion

To close where this guide began: the answer to which section of the Information Technology Act deals with cyber terrorism is Section 66F. Introduced by the IT (Amendment) Act, 2008, it defines cyber terrorism, sets the highest threshold of intent in the statute, and prescribes punishment that can reach imprisonment for life. As critical systems become ever more connected, the importance of this provision, and of the skilled professionals who help enforce it, will only grow. For students who want to be part of that mission, an education in information technology, cyber security, or cyber law is a powerful first step, and institutions such as DY Patil University, Navi Mumbai, offer programmes designed to build exactly those capabilities.

Published on July 11, 2026

Contact us

DY Patil University