CROSS-BORDER CYBER CRIME PROSECUTION

Jashleen, Chandigarh University

CROSS-BORDER CYBER CRIME PROSECUTION

The rapid growth of cyber technology and digitalisation worldwide has transformed social capabilities, which has led to difficulties in implementing laws beyond national borders. These advancements have led to new criminal threats in the form of cybercrime that go beyond the borders of any particular country. Cybercrime threats have evolved in their complexity and are growing in their scope, no. of attacks, and phishing of financial statements and the justice system is failing. 

  Cross-border cybercrimes are criminal offences committed using digital means like phishing, ransomware, security breaches, identity theft, and the distribution of malicious software launches.  In these cases, the perpetrator does not particularly affect the victims from one particular country; these victims are from various countries across the world. 

Unlike typical crimes, these crimes do not respect the traditional geographical restrictions or boundaries and exploit the indefinite and infinite internet access. This borderless access to the internet makes the investigation and prosecution of these crimes difficult because of differences in national laws, complex jurisdiction issues, and difficulties in collecting evidence across borders. 

INDIAN LEGAL FRAMEWORKS

India’s cross-border cybercrime framework for prosecution and investment is fundamentally built on 2 important statutes, namely the Information Technology (IT) Act, 2005 and the freshly formulated Bhartiya Nyaya Sanhita (BNS), 2023, which has replaced the IPC, 1872.

 Section 75 of the IT Act, 2005, primarily deals with the prosecution of cybercrimes that transcend the geographical borders of India, yet affect the software system in India, or crimes that occur across the world, but involve the use of Indian computer systems, addressing the borderless nature of cyber threats. This provision grants the Indian judicial system an extraterritorial jurisdiction to investigate cybercrime matters concerning India in any form.  

Complementing this, the newly enacted Bhartiya Nyaya Sanhita 2023, which has replaced the Indian Penal Code, 1872, has incorporated various provisions regarding digital crimes prevailing in the contemporary world and which weren’t addressed by the IPC, 1872, imposing stringent penalties up to life imprisonment. The key provisions include:

• Section 78 (stalking via electronic means)
• Section 303 (theft of data or computer resources)
• Section 317 (possession of stolen property, including digital property)
• Section 318 (cheating, including general cyber frauds) 
• Section 336 (deals with forgery by false document or false electronic records) 
• Section 351 (criminal intimidation by anonymous communication)
• Section 353 (disinformation and public mischief by publishing false information) 
• Section 111(cybercrime as an organised crime if committed by any syndicate or jointly by 2 or more persons) 

The IT Act, 2005, mandates an enforcement mechanism Indian Computer Emergency Response Team (CERT-In), under section 70B, to coordinate responses to cyber incidents, issue advisories, and facilitate international information sharing.  

Complementing this, the Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs in Jan 2020. This was designed to provide a framework and ecosystem for law enforcement agencies to deal with cybercrime in a coordinated and comprehensive manner. The main objective of I4C is to curb the cybercrimes committed against women and children, to act as a nodal point to curb cybercrime in the country and to spread public awareness about cybercrime. 

However, there exist some procedural limits while dealing the cases involving cross-border cyber offences, chiefly the need for a foreign corporation due to the transnational nature of such offences. Even though the IT Act, 2005, provide extraterritorial jurisdiction to the Indian judicial system, the investigation of such offences, like gathering evidence, identifying suspects, and executing legal orders beyond Indian territory, requires assistance from concerned foreign authorities. This cooperation typically occurs through Mutual Legal Assistance Treaties (MLATs), which formalise procedures for exchanging evidence and information. However, in practice, it is a lengthy bureaucratic procedure that extends investigations by months and years, undermining timely prosecutions. 

 JURISDICTION HURDLES 

Cross-border cybercrime challenges the traditional principle of jurisdiction. The main challenge is to determine where the offence is committed and where it is to be prosecuted, whether at the perpetrator’s location, or where the victim resides, or from where the resources are sourced. India applies the “effect doctrine”, stating that if the cyber offences affect India or its citizens who are the victims in Indian entities, then the Indian courts have an extraterritorial jurisdiction to investigate and prosecute these offences under the IT Act, 2005. Yet practically, it is not as easy and workable as it seems. 

Moreover, the courts also face the principle of “forum non conveniens”, where they may decline to take cognizance of a case if the jurisdiction overlaps with any other court or with the jurisdiction of another country.  A notable example is multi-jurisdictional hacking incidents where foreign servers hosting malicious content block Indian investigative agencies from probing, citing sovereignty. 

Another hurdles are the constitutional principles of the country, i.e sovereignty and political implication, which may hinder the enforcement process, requiring cooperation through Mutual Legal Assistance Treaties (MLATs). India has signed this agreement with over 40 countries as of 2025. The treaties facilitate international cooperation in preventing, suppressing, investigating, and prosecuting crime by helping to collect evidence and serve legal documents across borders. 

These hurdles undermine the urgency of enhanced international legal compliance and cooperation, harmonisation of cyber laws, and fast-track mechanisms to overcome jurisdictional obstacles in prosecuting cross-border cybercrimes in India.  

BUDAPEST CONVENTION

The Budapest Convention is only legally binding multinational treaty. India remains a non-party to the Budapest Convention on Cybercrime as of 2025, despite its global prominence as the first binding international treaty addressing cyber offenses. Ratified by over 80 countries, the Convention facilitates harmonized definitions, extradition, and evidence sharing among signatories through streamlined mutual legal assistance. India’s reluctance stems from concerns over national sovereignty, data localization mandates under its DPDP Act, and exclusion from the treaty’s drafting process, which it views as Euro-centric and insufficiently reflective of developing nations’ priorities like terrorism and state-sponsored threats.

This non-alignment limits India’s access to efficient cross-border probes, forcing reliance on slower MLATs and bilateral agreements. For contrast, Budapest parties benefit from 24/7 contact points for urgent cyber incident response and standardized procedures for electronic evidence preservation. India prefers a UN-led framework, actively participating in drafting the United Nations Convention against Cybercrime (UNCC) adopted in 2024, yet remains unsigned as of late 2025 due to similar privacy and sovereignty issues. Accession could offer India benefits like faster extraditions and joint investigations, enhancing enforcement against transnational scams targeting its citizens.

DIGITAL FORENSICS ADMISSIBILITY 

Admissibility of digital forensics evidence in Indian courts for cross-border cybercrimes is governed by Section 65B of the Indian Evidence Act, 1872, which mandates a certificate under Section 65B(4) for electronic records like server logs, IP traces, and forensic images to be treated as admissible documents. This certificate, issued by a responsible official, verifies the device’s integrity, production process, and authenticity, ensuring the evidence is not tampered with. Failure to produce it renders the evidence inadmissible, as affirmed in landmark rulings.

In cross-border scenarios, challenges abound. Chain-of-custody breaks frequently occur during international evidence collection, as foreign data must traverse jurisdictions with varying standards, risking contamination or loss. Tampering vulnerabilities arise from encryption differences and non-standardized forensic tools, while global disparities in data protection laws (e.g., GDPR vs. India’s DPDP Act) complicate transfers. Foreign-sourced evidence often proves inadmissible without Mutual Legal Assistance Treaties (MLATs), which delay certification and verification.

The Supreme Court in Anvar P.V. v. P.K. Basheer (2014) established Section 65B as a complete code, upholding admissibility only if forensically sound, with subsequent cases like Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) reinforcing the certificate’s mandatory nature, oral testimony suffices only if the producer is unavailable. Yet, cross-border data frequently fails these tests absent MLAT-backed protocols.

Standardized global forensic protocols, blockchain-secured chains of custody, and IT Act amendments for expedited MLATs are essential to bolster reliability and admissibility in transnational prosecutions. 

EXTRADITION, COOPERATION, AND SOLUTIONS

Extradition of cybercriminals remains critical yet challenging for India due to procedural delays and legal complexities. India has extradition treaties with over 48 countries, including the US and UK, but currently has more than 300 pending requests across nations. Delays often result from crooks exploiting legal loopholes, a lack of streamlined communication, and prolonged diplomatic negotiations. However, success stories like coordinated operations with the US show the potential when protocols are effective.

To expedite extradition and cybercrime prosecution, India is pursuing reforms, including joining global frameworks such as the Budapest Convention and the UN Convention against Cybercrime (UNCC). Cyber-specific MLAT fast-tracks are proposed to reduce bureaucratic red tape in evidence sharing and fugitive apprehension. Capacity building through specialised forensic training, creation of dedicated cybercrime units at state levels, and leveraging blockchain technology to secure the electronic evidence chain-of-custody are key measures being implemented.​

Balancing privacy concerns under the Digital Personal Data Protection (DPDP) Act with enforcement imperatives remains crucial. India aims to ensure robust data protection without compromising international legal cooperation. The establishment of expert special cells and global operations centres under CBI facilitates intelligence sharing and real-time coordination. These multi-pronged reforms promise to overcome existing hurdles, enabling efficient cross-border cybercrime prosecutions, safeguarding digital space, and reinforcing India’s global law enforcement credibility.

CONCLUSION

Cross-border cybercrime prosecution in India is hindered by jurisdictional conflicts, procedural delays, and limited access to foreign-held evidence. The absence from the Budapest Convention and complexities around digital forensics admissibility further complicate investigations. However, legislative modernization through the Bharatiya Nyaya Sanhita, enhanced cooperation frameworks like MLATs, and the establishment of specialized cybercrime units signal progress. Future success depends on India’s accession to global treaties, adopting standardized forensic protocols, and balancing privacy with enforcement. Strengthening technological capabilities and diplomatic collaborations will be pivotal in effectively prosecuting cross-border cybercriminals, thus ensuring justice and cybersecurity in the digital era. Continuous reform is essential to address the evolving cyber threat landscape and uphold India’s sovereignty and legal order.

 FAQ

Q: What is cross-border cybercrime?

A: Offenses like ransomware/phishing from abroad targeting India, ignoring borders.

Q: What are the key Indian laws dealing with cross border cyber crime?

A: IT Act sec75 (extraterritorial), BNS 2023 (§§303,318), CERT-In/I4C enforcement.

Q: What are the main hurdles while dealing with these offences?

A: Jurisdiction conflicts (effects doctrine vs. forum non conveniens), MLAT delays.

Q:  What is the status of Budapest Convention in India?

A: India is a non-party in this convention however it prefers the United Nation Convention Against Cybercrimes

Q: Are there any Digital evidence rules in India?

A: yes, section 65B certification mandatory (Anvar P.V.); cross-border chain-of-custody breaks common.

Q:  what are the possible solution to tackle these offences?

A: Join treaties, fast-track MLATs, forensic training, blockchain evidence.​

REFERENCES 

• BUDAPEST CONVENTION https://www.coe.int/en/web/cybercrime/the-budapest-convention
• I4C https://www.pib.gov.in/PressReleasePage.aspx?PRID=1969452&reg=3&lang=2
• MLAT https://www.drishtiias.com/daily-updates/daily-news-analysis/mutual-legal-assistance-treaty-mlat
• Anvar P.V. v. P.K. Basheer (2014) https://indiankanoon.org/doc/187283766/
• Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) https://www.scconline.com/blog/post/2021/06/07/electronic-evidence-2/
• United Nations Convention against Cybercrime (UNCC) https://visionias.in/current-affairs/monthly-magazine/2025-11-12/security/united-nations-convention-against-cybercrime