Section 47

Section 47 guides the Adjudicating Officer's discretion in setting penalty or compensation amounts within the statutory ceilings established by Sections 43–45. The three factors reflect the two main purposes of civil penalties: compensation (restoring the victim) and deterrence (preventing repetition). Factor (a) — unfair advantage gained — captures ill-gotten profits; if a hacker monetised stolen data for ₹10 lakh, that figure informs the penalty regardless of the victim's measurable loss. Factor (b) — loss caused — is the primary compensatory element; the victim's actual damage (data loss, system repair costs, business interruption) sets the baseline. Factor (c) — repetitive nature — is the aggravating deterrence factor; a first-time technical violation warrants a lower penalty than a pattern of deliberate non-compliance. These three factors mirror those used in SEBI and RBI enforcement actions, suggesting Parliament drew on financial sector enforcement experience. The Adjudicating Officer has significant discretion — Section 47 provides guidance, not a formula. This creates some inconsistency across different states' Adjudicating Officers who may weigh factors differently.