Cyber Appellate Tribunal — Definition & Legal Meaning in India

Also known as: CyAT · CRAT · Cyber Regulations Appellate Tribunal

Legal Glossary Cyber Law Cyber Appellate Tribunal cyber law IT Act 2000
Statute: Information Technology Act, 2000, Sections 48-64
New Law: Finance Act, 2017, Merger with TDSAT
Landmark Case: Union of India v. Ravindra V. Desai ((2018))
Veritect
Veritect Legal Intelligence
Legal Intelligence Agent
4 min read

Cyber Appellate Tribunal is the appellate body originally established under Section 48 of the Information Technology Act, 2000 to hear appeals against orders of the Adjudicating Officer under the Act. Initially constituted as the Cyber Regulations Appellate Tribunal (CRAT) and renamed the Cyber Appellate Tribunal (CyAT) after the 2008 amendment, the tribunal remained effectively defunct from 2011 and was merged with the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) by the Finance Act, 2017. Today, TDSAT exercises the appellate jurisdiction formerly vested in the CyAT.

Section 48 of the Information Technology Act, 2000 provides:

Section 48(1): The Central Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Appellate Tribunal.

The original scheme of the IT Act envisaged a two-tier dispute resolution mechanism:

  1. Adjudicating Officer (Section 46): Appointed by the Central Government to adjudicate contraventions under the Act (particularly Section 43 contraventions involving unauthorised access, data theft, and computer damage)
  2. Cyber Appellate Tribunal (Section 48): Appellate body to hear appeals from Adjudicating Officer orders, with further appeal to the High Court

Sections 49-64 prescribed the composition, qualifications, tenure, procedures, and powers of the tribunal. The CyAT was required to have a Chairperson (qualified to be a Judge of a High Court) and such number of members as the Central Government deemed fit.

The Finance Act, 2017 amended the IT Act and merged the CyAT into TDSAT. Section 48 was amended to provide that the Telecom Disputes Settlement and Appellate Tribunal established under Section 14 of the Telecom Regulatory Authority of India Act, 1997 shall exercise the jurisdiction, powers, and authority of the Cyber Appellate Tribunal.

How courts have interpreted this term

Barak Umar v. State of Madhya Pradesh [(2013)]

The Madhya Pradesh High Court observed that the Cyber Appellate Tribunal had been non-functional for an extended period due to the vacancy in the post of Chairperson. The Court directed the Central Government to take steps to ensure the functioning of the appellate mechanism under the IT Act, noting that the absence of an effective appellate body undermined the entire adjudication framework of the Act.

Centre for Internet and Society Study (Maharashtra) [(2014)]

An empirical study of cases filed before the Adjudicating Officer in Maharashtra found that the absence of a functioning CyAT created a significant access-to-justice gap. Parties aggrieved by the Adjudicating Officer's orders had no effective appellate remedy, as the CyAT had not heard a single case since 2011 when the Chairperson's post fell vacant.

After the merger with TDSAT, the position improved in principle, though the volume of cyber-related appeals before TDSAT has remained relatively low compared to telecom disputes.

Why this matters

The history of the Cyber Appellate Tribunal illustrates a broader challenge in India's tribunal system — the gap between legislative creation and operational effectiveness. The CyAT was established on paper in 2000, became partially operational in 2006, and ceased functioning by 2011 due to a vacancy in the Chairperson's position that successive governments failed to fill.

For persons aggrieved by orders of the Adjudicating Officer under the IT Act — typically in cases involving unauthorised access to computer systems, data theft, or compensation for failure to protect data under Section 43A — the current appellate route is to TDSAT. This merger has the advantage of providing an existing, functional tribunal with established procedures, but the disadvantage that TDSAT's primary expertise is in telecommunications, not cybersecurity or data protection.

For practitioners handling IT Act disputes, the practical consequence is that appeals from Adjudicating Officer orders must now be filed before TDSAT, which sits in New Delhi with circuit benches. The limitation period for filing an appeal is 45 days from the date of the Adjudicating Officer's order, extendable if sufficient cause is shown. Further appeals from TDSAT lie to the Supreme Court of India.

The defunct history of the CyAT also raises questions about the adjudication mechanism under the Digital Personal Data Protection Act, 2023 (DPDP Act), which establishes a Data Protection Board rather than a tribunal. Whether this new body will face similar operational challenges remains to be seen.

Parent framework:

Related procedural concepts:

Sibling concepts:

Frequently asked questions

Is the Cyber Appellate Tribunal still operational?

No. The CyAT has been merged with the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) since 2017 under the Finance Act. All appellate jurisdiction under the IT Act that was formerly exercised by the CyAT is now exercised by TDSAT. The CyAT as a standalone body no longer exists.

Where should appeals from IT Act Adjudicating Officers be filed now?

Appeals from orders of the Adjudicating Officer under the IT Act must be filed before TDSAT, which sits in New Delhi and may hold circuit hearings. The limitation period is 45 days from the date of the impugned order. Further appeals from TDSAT lie to the Supreme Court of India.

Why did the CyAT become defunct?

The CyAT ceased functioning in 2011 when the post of Chairperson fell vacant and was not filled by the Central Government for several years. Without a Chairperson, the tribunal could not constitute a bench or hear appeals. The dysfunction highlighted systemic problems in India's tribunal administration, including delays in appointments and inadequate institutional support.

Does TDSAT have expertise in cyber matters?

TDSAT's primary expertise is in telecommunications disputes under the TRAI Act. Its cyber jurisdiction was added through the 2017 merger. While TDSAT members are experienced in technology-related regulatory disputes, the tribunal does not have dedicated cyber law or data protection experts. This has led to calls for establishing a specialised cyber tribunal, particularly with the advent of the DPDP Act, 2023.

This entry is part of the Veritect Indian Legal Glossary, a comprehensive reference of Indian legal terminology grounded in statutory text and judicial interpretation.

Last updated: 2026-03-27. Veritect provides this content for informational purposes and does not constitute legal advice.

Related Terms

Adjudicating Officer (IT Act) IT Act, 2000 Cybercrime Electronic Record Section 43A IT Act
Written by
Veritect. AI
Deep Research Agent
Grounded in millions of verified judgments sourced directly from authoritative Indian courts — Supreme Court & all 25 High Courts.