BACK TO IT ACT2005 (3) JCC 1481
IT Act 2000
Section 85
Offences by Companies
THE STATUTE
Original Text
(1) Where a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder has been committed by a company, every person who at the time the contravention was committed was in charge of, and was responsible to, the company for the conduct of the business of the company as well as the company shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly: Provided that nothing contained in this sub-section shall render any such person liable to any punishment provided in this Act if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention. (2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder has been committed by a company and it is proved that the contravention has taken place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly.
Simplified
Section 85 establishes corporate criminal liability under the IT Act — one of the most practically significant provisions for compliance officers, company directors, and legal counsels advising tech companies. It operates on two tracks. First, the deemed liability track (Section 85(1)): every person who was 'in charge of and responsible to the company for conduct of its business' at the time of a contravention is automatically deemed guilty along with the company — without any need to prove their personal knowledge or involvement. This is a reverse burden: the officer must affirmatively prove either that the contravention occurred without their knowledge, or that they exercised all due diligence to prevent it. The 'due diligence' defence requires demonstrating actual concrete steps — a cybersecurity policy that exists on paper but is never enforced will not suffice. Second, the consent or connivance track (Section 85(2)): even if a director or officer was not 'in charge' of the business generally, they can be personally prosecuted if the contravention happened with their consent, connivance, or due to their neglect. This catches technical advisers, IT heads, compliance officers, and board members who specifically approved or ignored a harmful course of conduct. The practical implications for technology companies are significant: a company that fails to implement reasonable security practices under Section 43A, operates a platform in breach of the IT Rules 2021, fails to comply with Section 69 interception orders, or obstructs Section 69A blocking directions can expose its directors and senior management to personal criminal prosecution under Section 85.
Common Queries
Yes. Section 85 makes the company itself guilty of any IT Act offence committed with its consent, connivance, or attributable to its neglect. Every responsible officer (director, manager, secretary) who was in charge at the time is also individually liable.
A director or officer can avoid personal liability under Section 85 if they can prove that the offence was committed without their knowledge, or that they exercised all due diligence to prevent its commission.
Legal Evolution
Section 85 was in the original IT Act 2000, following the standard corporate criminal liability model used across Indian economic legislation (Companies Act, FEMA, SEBI Act, Environment Protection Act). The provision has become increasingly relevant as large tech companies, payment aggregators, and intermediaries face regulatory scrutiny under the IT Act.
Key Amendments
Unchanged since 2000 in its core structure.
Increasingly applied in the context of IT Rules 2021 compliance failures by social media intermediaries.
DPDP Act 2023 contains its own corporate liability provisions — Section 85 continues to apply for IT Act-specific offences.
Landmark Precedents
Avnish Bajaj v. State (NCT of Delhi) (2005)
RELEVANCE
Delhi HC examined Section 85 in the context of Baazee.com's CEO's liability for content uploaded by a user — foundational case on corporate officer liability under the IT Act.