Section 16

Section 16 is the rule-making foundation for the IT Act's security framework — it empowers the Central Government to prescribe what counts as a 'security procedure' for the purposes of Sections 14 (secure electronic records) and 15 (secure electronic signatures). Without prescribed security procedures, the enhanced evidentiary protections in those sections cannot operate. The proviso contains a sophisticated, multi-factor test for commercial reasonableness that the government must consider when prescribing procedures. These factors include the nature and value of the transaction, the sophistication of the parties involved, industry practice volume, the importance of speed (acknowledging that heavily secured procedures slow down high-frequency transactions), the physical locations of the parties (relevant to cross-border transactions), technical safeguards for human-operated systems, and the practical commercial availability of the required technology. This multi-factor framework prevents the government from prescribing gold-standard security procedures that are technically ideal but commercially impractical for the relevant transaction type. For example, the security procedure appropriate for a high-value property registration differs from that appropriate for routine e-commerce orders. The Information Technology (Security Procedures) Rules 2004 were notified under this section, specifying cryptographic hash functions, asymmetric cryptographic systems, and digital signature standards that satisfy the Section 14-15 requirements.