Section 84A

Section 84A empowers the Central Government to prescribe encryption standards for electronic communications — an enabling provision that has remained largely unexercised in terms of binding subordinate legislation, but whose policy implications are profound. The Government attempted to exercise this power when the Draft National Encryption Policy 2015 was published under Section 84A's authority. The draft required all users of encryption to: store plaintext copies of encrypted communications for 90 days and provide them to law enforcement on demand; use only government-prescribed encryption algorithms; and register encryption products with the Government. The policy triggered immediate and intense backlash from the technology industry, civil society, and security researchers who argued it would fundamentally undermine the security of all encrypted communications in India, make Indian digital infrastructure a target for foreign intelligence agencies, and be technically unimplementable for end-to-end encrypted services like WhatsApp and Signal. The Government withdrew the draft within days of publication. No encryption policy has been officially notified under Section 84A since. The tension between law enforcement's desire for lawful access to encrypted communications and users' right to secure encryption remains unresolved — the WhatsApp traceability mandate under Section 67C is the current policy instrument addressing this tension, sidestepping Section 84A's direct regulation of encryption standards. Section 84A is thus a provision of significant latent power that the Government has not activated through formal rulemaking.