Section 69 of the Information Technology Act, 2000 empowers the Central or State Government to direct any agency to intercept, monitor, or decrypt any information generated, transmitted, received, or stored in any computer resource, on specified grounds including sovereignty and integrity of India, defence, security of the State, and prevention of cognizable offences. Under Indian law, it operates through the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, which prescribe procedural safeguards including authorisation by the competent authority and review by a Review Committee.
Legal definition
Section 69 of the IT Act, as amended in 2008, provides:
Section 69(1): Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
Section 69(3): The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to — (a) provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or (b) intercept, monitor, or decrypt the information.
Section 69(4): The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.
The 2009 Rules prescribe that interception orders must be issued by the competent authority (Secretary, Ministry of Home Affairs at the Central level or Secretary, Home Department at the State level), must be reviewed by a Review Committee within 7 working days, and that intercepted data must be destroyed within 6 months unless required for legal proceedings.
How courts have interpreted this term
K.S. Puttaswamy v. Union of India [(2017) 10 SCC 1]
The nine-judge bench of the Supreme Court unanimously held that the right to privacy is a fundamental right under Article 21 of the Constitution. While the Court did not specifically adjudicate the validity of Section 69, the Puttaswamy framework establishes that any state surveillance measure — including interception under Section 69 — must satisfy the tests of legality (prescribed by law), legitimate aim (a valid state interest), proportionality (the least restrictive means), and procedural safeguards (adequate checks against abuse). This judgment fundamentally strengthened the constitutional framework within which Section 69 must operate.
PUCL v. Union of India [(1997) 1 SCC 301]
Though predating the IT Act, this Supreme Court judgment on telephone tapping under Section 5(2) of the Indian Telegraph Act, 1885 established that surveillance powers must satisfy two preconditions — "public emergency" and "interest of public safety" — and must be accompanied by procedural safeguards. The Court prescribed guidelines including that interception orders must be issued by the Home Secretary, and must be reviewed by a Review Committee. These principles were later incorporated into the IT (Interception) Rules, 2009.
Facebook Inc. v. Union of India [(2019) — Supreme Court]
In the context of traceability of messages on encrypted platforms, the Supreme Court observed that easy availability of decryption could defeat fundamental rights and that decryption powers should be relied upon only in special circumstances ensuring that the privacy of individuals is not invaded. The case highlighted the tension between Section 69 surveillance powers and end-to-end encryption technology.
Why this matters
Section 69 represents the most significant government surveillance power in Indian cyber law. It authorises real-time interception and monitoring of digital communications, access to stored electronic data, and decryption of encrypted information. In an era where virtually all communication — personal, commercial, and professional — occurs through digital channels, the scope of this power is vast.
For individuals, Section 69 affects the privacy of all digital communications. While the 2009 Rules provide procedural safeguards (competent authority authorisation, Review Committee oversight, 6-month destruction requirement), critics argue that these safeguards are insufficient — the authorising authority and the review committee are both within the executive, with no independent judicial oversight at the authorisation stage. The Puttaswamy proportionality framework provides the constitutional standard against which any exercise of Section 69 powers can be challenged.
For intermediaries and technology companies, Section 69(3) creates a mandatory assistance obligation — failure to provide access or technical assistance for interception carries imprisonment of up to 7 years. This obligation has significant implications for companies offering end-to-end encrypted services, as compliance with decryption orders may be technically impossible without undermining the encryption architecture for all users.
For legal practitioners, defending against surveillance requires understanding both the procedural requirements of the 2009 Rules and the constitutional framework established by Puttaswamy and PUCL. Any interception order that fails to meet the prescribed procedural safeguards, or that is disproportionate to the legitimate aim pursued, is vulnerable to constitutional challenge.
Related terms
Parent framework:
Related provisions:
Related concepts:
Frequently asked questions
Who can authorise interception under Section 69?
Interception orders must be issued by the competent authority — the Secretary, Ministry of Home Affairs (for central agencies) or the Secretary, Home Department (for state agencies). In unavoidable circumstances, a Joint Secretary-level officer may issue orders, but these must be confirmed by the competent authority within 7 days. The authorised interception agencies are notified by the Central Government — currently 10 agencies have been authorised.
Is there any judicial oversight of interception orders?
Not at the authorisation stage. The 2009 Rules provide for review by a Review Committee (chaired by the Cabinet Secretary at the Central level) within 7 working days. However, there is no requirement for prior judicial authorisation (court order). Critics argue this is constitutionally insufficient after Puttaswamy. Individuals may challenge interception orders before the High Court or Supreme Court under Articles 226 and 32 after becoming aware of surveillance.
Can encrypted messages be intercepted under Section 69?
Section 69 includes the power to direct "decryption" of information, and Section 69(3) requires intermediaries to "extend all facilities and technical assistance" including to "decrypt the information." However, end-to-end encrypted platforms argue that they technically cannot decrypt messages without breaking encryption for all users. This tension remains unresolved — the Supreme Court in Facebook Inc. v. Union of India acknowledged the difficulty but did not issue a definitive ruling.
What is the penalty for refusing to assist with interception?
Under Section 69(4), any subscriber, intermediary, or person in charge of a computer resource who fails to assist the authorised agency shall be punished with imprisonment up to 7 years and a fine. This is one of the most severe penalties in the IT Act and creates a strong legal obligation for technology companies to comply with lawful interception orders.
This entry is part of the Veritect Indian Legal Glossary, a comprehensive reference of Indian legal terminology grounded in statutory text and judicial interpretation.
Last updated: 2026-03-27. Veritect provides this content for informational purposes and does not constitute legal advice.