Who Can Issue Electronic Evidence Certificate? | Section 63 BSA Explained

Understanding the Practical Challenges of Digital Evidence Certification

In contemporary times, a substantial portion of communication, business operations, and documentation exists in electronic form. Emails, instant messaging platforms, CCTV recordings, server logs, databases, and various other digital records are increasingly relied upon in legal proceedings.

As courts continue to depend on electronic records to determine facts and resolve disputes, the authenticity and reliability of digital evidence have become critically important. Unlike traditional physical evidence, digital data is highly sensitive and can be easily altered—either intentionally or unintentionally if it is not handled properly during collection and preservation.

Recognizing these challenges, Indian law has introduced a modern legal framework for electronic evidence through the Bharatiya Sakshya Adhiniyam, 2023. One of the key aspects of this legislation concerns the admissibility of electronic records and the certification required before such records can be presented before a court.

Understanding who is authorized to issue this certification—and how digital evidence should be handled in practice—is essential for legal professionals, investigators, and organizations that rely on electronic data in litigation.

Legal Framework Governing Electronic Records

Under Section 63 of the Bharatiya Sakshya Adhiniyam, 2023, electronic records may be admitted as evidence if certain statutory conditions are satisfied.

This provision replaces the earlier framework under the Indian Evidence Act, 1872, where similar requirements were governed by Section 65B.

A central requirement under the new law is the certificate described in Section 63(4). This certificate serves as a formal declaration confirming that:

• The electronic record was produced from a computer system
• The computer system was functioning in the ordinary course of activities
• The electronic record accurately represents the original data stored in the system

The purpose of this certificate is to assure the court that the electronic evidence being presented is authentic and has not been manipulated or altered.

While the statutory framework appears relatively straightforward, practical implementation often raises several technical and procedural questions.

Who Can Issue the Electronic Evidence Certificate?

Section 63(4) provides that the certificate must be issued by a person occupying a responsible position in relation to:

• The operation of the computer system, or
• The management of the electronic record.

Importantly, the law does not restrict certification to a single category of professionals. Instead, it allows certification by any individual who has operational responsibility over the system or the data from which the electronic record is produced.

In practical situations, this may include:

• System administrators or IT managers
• Device owners or primary users
• Authorized company officials
• Record custodians responsible for maintaining electronic records

These individuals generally have direct access to the systems where electronic records are created, stored, or processed. Because of their operational control over these systems, the law allows them to certify the authenticity of records generated from them.

However, having operational responsibility over a system does not necessarily mean the person has specialized knowledge of digital forensic practices.

The Practical Challenge: Limited Digital Forensic Expertise

Although system administrators or record custodians may manage computer systems and digital infrastructure, they are not always trained in the scientific handling of digital evidence.

Digital evidence is extremely sensitive to the way it is collected, copied, and preserved. Even routine actions performed on a computer system can unintentionally modify important digital artifacts.

For example, the following issues may arise during improper handling of electronic records:

• Copying files incorrectly may alter metadata such as creation and modification timestamps
• Opening files can automatically update access logs or timestamps
• Screenshots may fail to capture underlying metadata or system-level attributes
• Non-forensic extraction tools may overwrite digital artifacts
• Connecting storage devices without write blockers may modify stored data
• Booting a seized system normally may trigger automated processes that alter logs
• Transferring files through messaging platforms may compress or change file attributes
• Improper storage of digital media may lead to corruption or data loss
• Lack of documentation during acquisition may raise questions about authenticity
• Differences in system time settings may create inconsistencies in digital timelines

These risks illustrate why digital evidence ideally should be collected using specialized forensic tools and scientifically accepted methodologies.

If the authenticity of electronic records is challenged during legal proceedings, procedural errors during collection or preservation can significantly weaken the evidentiary value of the data.

Importance of Maintaining Chain of Custody

One of the most critical principles in digital evidence handling is maintaining a proper chain of custody.

Chain of custody refers to the documented process that records how evidence is collected, handled, transferred, and preserved from the moment it is obtained until it is presented before the court.

A properly documented chain of custody typically records:

• When the evidence was collected
• Who collected the data
• How the data was acquired
• Where the evidence was stored
• Who accessed the evidence during the investigation

Maintaining this documentation helps demonstrate that the electronic evidence remained secure and unaltered throughout the investigative process.

If such documentation is missing or incomplete, opposing parties may challenge the authenticity and reliability of the digital evidence during litigation.

The Role of Digital Forensic Experts

Digital forensic experts apply structured scientific methodologies to the collection, preservation, and analysis of electronic evidence.

Unlike routine IT operations, digital forensic investigations follow strict procedures designed to maintain the integrity of digital records.

Typical forensic procedures include:

• Creating forensic images of storage devices without altering original data
• Preserving metadata and system artifacts associated with digital files
• Recovering deleted or hidden data from storage media
• Maintaining a properly documented chain of custody
• Generating cryptographic hash values, such as MD5 or SHA-256, to verify data integrity
• Preparing detailed forensic reports explaining investigative findings

These procedures help ensure that electronic evidence remains intact, verifiable, and defensible in legal proceedings.

Case Study: When Improper Handling of Digital Evidence Weakens a Case

A manufacturing company once suspected that confidential design files had been leaked to a competitor shortly after a senior engineer resigned from the organization. The management asked the internal IT administrator to examine the engineer’s office computer.

During the investigation, the administrator located several folders containing project documents, email exchanges, and chat records related to the designs. Believing this information could prove the employee’s involvement, the administrator copied the files to a USB drive and captured screenshots of the filenames and timestamps.

The company later initiated legal proceedings and submitted these materials as electronic evidence, along with a certificate issued by the IT administrator confirming that the files were obtained from the company’s computer system.

However, during the hearing, the opposing counsel raised several technical objections. They argued that the files had been copied directly from a live system without creating a forensic image, and that opening the files may have altered metadata such as access timestamps. In addition, no cryptographic hash values were generated, and there was no documented chain of custody.

Although the certificate satisfied the legal requirement under Section 63(4), the court questioned the reliability of the collection process. The case ultimately highlighted an important lesson: proper forensic handling of digital evidence is just as important as legal certification.

Judicial Perspective on Electronic Records

Indian courts have repeatedly emphasized the importance of proper certification for electronic records.

In the landmark judgment Anvar P.V. v. P.K. Basheer, the Supreme Court clarified that electronic records must generally be accompanied by a proper certificate to be admissible as evidence.

This principle was reaffirmed in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, where the Court emphasized that certification requirements serve as essential safeguards to ensure the authenticity and reliability of electronic evidence.

These decisions highlight that certification is not merely a procedural formality but an important legal mechanism designed to preserve the integrity of digital evidence presented before courts.

Legal Compliance vs Scientific Reliability

When dealing with electronic evidence, it is important to distinguish between legal admissibility and technical reliability.

The certificate required under Section 63(4) primarily satisfies a statutory legal requirement. It confirms that the electronic record meets the legal conditions for admissibility.

However, the technical reliability of digital evidence largely depends on how the data was collected, preserved, and analyzed.

In complex investigations—such as cybercrime cases, corporate fraud investigations, intellectual property disputes, or data breach incidents—both legal and technical processes are often applied together.

In practice:

• A digital forensic expert performs the technical extraction and analysis of data
• The system custodian or responsible official issues the statutory certificate required by law
• The forensic expert may provide technical reports or expert testimony in court

This collaborative approach strengthens both the legal admissibility and the technical credibility of electronic evidence.

The Need for Greater Awareness

As digital records become increasingly central to modern litigation, organizations, investigators, and legal professionals must understand the distinction between statutory certification and forensic validation.

Relying solely on a legal certificate without proper forensic handling may create vulnerabilities if the evidence’s authenticity is challenged.

By adopting structured digital forensic practices alongside legal certification, organizations can significantly enhance the credibility and evidentiary value of electronic records.

Conclusion

The provisions governing electronic evidence under the Bharatiya Sakshya Adhiniyam, 2023, reflect the growing importance of digital information in modern legal proceedings.

While the law permits system administrators, device owners, and record custodians to issue the certificate required under Section 63(4), the scientific handling and preservation of digital evidence remain equally important.

As electronic records continue to play a decisive role in litigation, proper collection, certification, and forensic validation of digital evidence will be essential to ensuring fairness, reliability, and integrity in judicial proceedings in the digital age.

References

1. Bharatiya Sakshya Adhiniyam, 2023 – Section 63 governing admissibility and certification of electronic records.
2. Indian Evidence Act, 1872 – Section 65B relating to electronic evidence prior to the enactment of the new law.
3. Anvar P.V. v. P.K. Basheer – Supreme Court ruling clarifying mandatory certification requirements for electronic records.
4. Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal – Supreme Court judgment reaffirming procedural safeguards for electronic evidence certification.