Electronic evidence under BSA Section 63 showing digital certificate, legal scales and Indian court background

Electronic Evidence under BSA: Section 63 Certificate, Admissibility and IT Act Explained

1. Introduction: The Shift from Indian Evidence Act to BSA

The transition from the Indian Evidence Act (IEA), 1872 to the Bharatiya Sakshya Adhiniyam (BSA), 2023 represents a fundamental realignment of digital authentication in Indian jurisprudence. For decades, Section 65B of the IEA was plagued by judicial inconsistency and a “jurisdictional nightmare” caused by its failure to keep pace with decentralized data, ephemeral messaging, and distributed storage.1 The BSA framework is not merely a cosmetic renumbering; it is a structural overhaul designed to address modern technological realities, specifically expanding the device scope to include semiconductor memory and cloud storage. By moving from discretionary formats to a standardized, mandatory protocol, the BSA eliminates the drafting errors that previously compromised the admissibility of critical digital records.1

This evolutionary paradigm is best understood through a direct structural comparison:

Comparison of Frameworks: IEA vs. BSA

FeatureOld Law (Sec 65B IEA)New Law (Sec 63-65 BSA)
FormatNo fixed format; prone to drafting mistakes and judicial rejection.1Standardized Templates mandated by the BSA Schedule.1
SignaturesRequired only from the custodian or person in charge.1Dual Certification (Part A: Custodian; Part B: Technical Expert).1
Technical ProofBasic, often vague description of computer systems.1Mandatory Hash Values (SHA-256 preferred) for mathematical integrity.
Device ScopePrimarily focused on traditional “computers”.1Explicitly encompasses smartphones, semiconductor memory, and cloud environments.
Procedural GateSubmission timing often varied by court discretion.Hard Gate: Certificate must be filed simultaneously with the evidence.1

This structural evolution necessitates a precise understanding of Section 63, the primary engine for digital admissibility.1

2. Section 63: The Mandatory Certification Architecture

Section 63 serves as the “forensic bridge,” converting raw electronic data into a legally admissible “document”.1 In the current legal landscape, the certificate is a non-negotiable prerequisite. Under the BSA, practitioners must recognize that the certificate is not just a supporting document—it is the evidence’s license to enter the record.1

The Dual-Part Certificate Breakdown

The Schedule to the BSA, 2023 prescribes a two-part architecture to ensure both custodial accountability and technical forensics 3:

  • Part A (To be filled by the Party/Custodian): Completed by the individual in lawful control of the record (e.g., the smartphone owner, the business litigant, or the IT Manager overseeing a server).4 This section establishes the chain of custody by identifying the specific record (CCTV, WhatsApp export, server log) and the source device’s unique metadata identifiers, including Aadhaar details of the declarant, Make & Model, Serial Numbers, and IMEI/MAC/Cloud specifications.4
  • Part B (To be filled by the Expert): This section requires technical validation from an expert.4 The expert must affirm that the digital device was operating properly, that information was regularly fed in the ordinary course of business, and that the cryptographic hash value of the electronic record matches the extracted source, ensuring no post-extraction modification occurred.4

Harmonizing the Part B Expert Qualification: The Pune Bar Association Precedent

A major point of legal friction emerged regarding who qualifies as an “expert” under Part B.8 Historically, a restrictive view suggested that Part B could only be signed by an “Examiner of Electronic Evidence” formally notified by the Central Government under Section 79A of the Information Technology (IT) Act, 2000.

The Supreme Court of India resolved this bottleneck in its landmark ruling in Pune Bar Association v. Union of India (decided on May 22, 2026).8 Rejecting a constitutional challenge to Section 63(4), the Supreme Court harmoniously read Section 39(1) and Section 39(2) of the BSA to clarify that Part B is not confined strictly to Section 79A notified examiners. The Court ruled that any individual possessing specialized technical skills and academic credentials in computer science, cyber forensics, or information technology can validly sign Part B, provided the trial court is satisfied with their credentials based on unimpeachable material.8

The Custodian-Party Paradox

Despite this judicial relief, a significant structural contradiction exists between the body of the Act and its Schedule—a friction known as the Custodian-Party Paradox.9 Under Section 63(4), the certificate must be signed by “a person in charge of the computer or communication device or the management of the relevant activities”.2 This refers to the system custodian (e.g., a bank’s server administrator or a third-party CCTV operator).9

However, Part A of the Schedule is explicitly titled “To be filled by the Party” and requires them to affirm that the device was under their lawful control and operated by them.3 In cases where a litigant seeks to produce digital evidence from a device they do not own (e.g., a victim presenting an opponent’s server logs), they cannot truthfully sign Part A without committing technical misrepresentation.9 This structural mismatch represents a procedural gap that requires strategic handling during trial preparation.9

Forensic Integrity: The Strategic Dominance of SHA-256

The BSA mandates the disclosure of a “Hash Value”—a unique digital fingerprint generated by mathematical algorithms.1 While Part A and Part B of the Schedule permit various cryptographic standards (such as MD5, SHA-1, or SHA-256), a Senior Strategist will always demand the application of the SHA-256 algorithm.

Older protocols, particularly MD5, are increasingly vulnerable to “collisions”—a phenomenon where two entirely different files can be engineered to generate the identical hash value.2 This vulnerability makes MD5 a strategic liability under rigorous cross-examination. Conversely, SHA-256 provides the absolute mathematical certainty required to defeat allegations of data tampering, cloning, or artificial intelligence-assisted “deepfakes”. If a file’s hash value changes by even a single bit, the mathematical output changes entirely, rendering the evidence demonstrably compromised and legally void.2

3. Sections 64 and 65: Establishing Procedural Guardrails

The BSA reinforces the classic “Best Evidence Rule” through Sections 64 and 65, acting as procedural gatekeepers to ensure digital data is not “sneaked in” through unverified secondary channels.10

The Exclusivity of Section 64

Section 64 of the BSA (which replaces Section 66 of the repealed IEA) governs the “Rules as to notice to produce”. When a party seeks to introduce secondary evidence (such as a digital copy or printout) because the original is in the possession of the adverse party, they must first serve a formal notice to produce the original.10

Section 64 establishes that the contents of electronic records must be proved strictly via the channels of Section 63, effectively closing alternative pathways.1 Litigants can no longer bypass the dual-certification and hash value requirements of Section 63 by attempting to introduce uncertified copies under general secondary evidence provisions.13

However, Section 64 preserves six specific statutory exceptions where notice to produce is waived 10:

  1. itself a notice: When the document to be proved is itself a notice.10
  2. Adverse knowledge: When, from the nature of the case, the adverse party must know they will be required to produce the original.10
  3. Unlawful possession: When the opponent obtained possession of the original by fraud or force.
  4. Original in Court: When the adverse party or their agent has the original physically in Court.
  5. Admission of loss: When the adverse party or their agent has admitted the loss of the document.
  6. Out of reach: When the person in possession of the document is out of reach of, or not subject to, the process of the Court. This exception is increasingly critical for cross-border digital data stored on extraterritorial cloud platforms.

Section 65: Secondary Evidence and the Oral Evidence Bar

Section 65 (replacing Section 67 of the IEA) dictates the proof of signatures and handwritings.15 Within the digital ecosystem, it establishes that the certified record must “speak for itself”.

Under the BSA, oral evidence is strictly barred from substituting or recounting the contents of an electronic record. A witness cannot verbally recount the contents of a text message, email, or chat log unless the genuineness and admissibility of that record have first been established through a valid Section 63 certificate.

Furthermore, Section 65 and Section 60 clarify the strict limits of secondary evidence. The original document must always be produced unless it falls under specific categories of possession:

  • The original is in the possession or power of the adverse party (the person against whom the document is sought to be proved).
  • The original is held by a person who is out of reach or not subject to the process of the Court (e.g., foreign servers or individuals with diplomatic immunity).
  • The person in possession is legally bound to produce the original but fails to do so after receiving notice under Section 64.

Exceptions: Primary Evidence

A Section 63 certificate is bypassed entirely only when the electronic record is presented as primary evidence.1 Under Section 57 of the BSA, this occurs when:

  1. Direct Device Presentation: The original physical device (the actual smartphone, hard drive, DVR, or computer) is produced directly for the inspection of the Court.1
  2. Simultaneous/Sequential Storage: The digital record is stored simultaneously or sequentially in multiple files (e.g., automatic database mirroring), making each file primary evidence.
  3. Proper Custody: The electronic record is produced from proper, undisputed custody, carrying a statutory presumption of primary status.

4. The Synergy: BSA 2023 and the Information Technology Act, 2000

The Information Technology Act, 2000 (Substantive) and the Bharatiya Sakshya Adhiniyam, 2023 (Procedural) operate in a functional partnership where one defines the legal “what” and the other dictates the evidentiary “how”.

+—————————————-+       +—————————————–+
|     Substantive Framework (IT Act)     |       |       Procedural Admissibility (BSA)    |
|                                        |       |                                         |
|  – Sec 2(t): “Electronic Record”       | —-> |  – Sec 2(1)(d): Document Definition     |
|  – Sec 15 & 16: Secure Systems         | —-> |  – Sec 63(2): System Reliability        |
|  – Sec 35 & 79A: CA & Forensic Experts | —-> |  – Sec 63(4): Part B Certification      |
+—————————————-+       +—————————————–+

Definition Alignment

The BSA’s documentary definitions are directly aligned with the IT Act.13 Under Section 2(1)(d) of the BSA, “document” explicitly includes electronic and digital records, such as emails, server logs, smartphone messages, websites, and locational data. This definition is tethered to Section 2(t) of the IT Act, which defines an “electronic record”.13

Forensic Empowerment

The role of the “Technical Expert” under Part B of the BSA Schedule is directly empowered by the IT Act.8 Section 79A of the IT Act grants the government the authority to notify specialized forensic examiners.8 As clarified in the Pune Bar Association case, while Section 79A notified examiners represent the gold standard under Section 39(2) of the BSA, Section 39(1) allows any expert with specialized skills in computer science or cyber forensics to sign the Part B certificate, provided their credentials satisfy the court.8

Secure Systems and the Certificate Ecosystem

The IT Act emphasizes the security of electronic records. Section 63 of the BSA enforces this substantively by requiring a sworn statement that the computer system was secure and operating properly during the period of data logging.10 If a system fails to meet the “secure system” standards under the IT Act, the Part B technical certification becomes highly vulnerable.

This synergy extends across the broader digital certificate ecosystem, mapping specific BSA sections to IT Act provisions:

Evidentiary RequirementGoverning BSA SectionIT Act Statutory LinkPractical Application
Technical AdmissibilitySection 63(4).Section 79A (Examiner framework).8Verifies system integrity and registers cryptographic hash values.8
Secure Electronic SignaturesSection 66.Section 15 & 16 (Secure record rules).Creates a statutory presumption of signature authenticity, shifting the burden of proof.
Digital Signature Certificates (DSC)Section 73.15Section 35 (Certifying Authorities).Authorizes the Court to direct Certifying Authorities to produce the public key for verification.

5. Forensic Vulnerabilities and Defence Strategies

For defense counsel, the technical and procedural requirements of the BSA provide a clear roadmap for challenging the prosecution’s digital evidence.1 If the technical chain of custody or the certification process is compromised, the evidence collapses.1

The “Initial Link” Source Vulnerability

The most critical forensic failure occurs at the moment of data extraction.1 If an Investigating Officer (I.O.) records a conversation on a digital voice recorder or copies a CCTV file but fails to generate a cryptographic hash value immediately, the “initial link” of the chain of custody is broken.1

If the digital file is transferred to an intermediary laptop before a hash value is generated, the defense must argue that the laptop is an open source for potential manipulation.1 Without a recorded hash value at the exact moment of extraction from the source device, the prosecution cannot mathematically prove that the file presented in court is identical to the one originally recorded.

Strategic Defense Evaluations

Trial lawyers should evaluate opposing digital evidence against three major vulnerabilities:

  1. Hash Value Mismatch: A mismatch occurs when the hash value declared by the custodian in Part A differs from the independent expert’s calculation in Part B.4 Any mathematical discrepancy—even a single digit—proves that the file has been altered, corrupted, or tampered with, rendering it inadmissible.2
  2. The Time Gap Risk: Any significant, unexplained delay between the physical seizure of a device (or recording of data) and the generation of its cryptographic hash value creates a “suspect file.” This “Time Gap” represents a window of opportunity where data could have been modified, edited, or fabricated, failing the “proper operating condition” test of Section 63(2).
  3. The Multiple-Copy Trap: Every digital transfer of an electronic record (e.g., from ) requires a verified, documented chain of custody. If the prosecution presents a CD in court but cannot produce consistent, sequential hash value verifications for each transfer stage, the integrity of that specific copy can be successfully challenged.

6. Final Summary Checklist

Legal professionals must use the following checklist to verify a Section 63 certificate’s validity before filing or during the cross-examination of opposing electronic evidence:

  • [ ] Procedural Timing: Was the Section 63 certificate filed simultaneously at the first instance of submitting the electronic evidence? 1
  • [ ] Dual Signatures: Does the certificate contain both Part A (completed by the party/custodian) and Part B (completed by the technical expert) signatures? 1
  • [ ] Expert Qualification: Is the Part B signatory a recognized technical expert possessing verifiable skills in cyber forensics or computer science? 8
  • [ ] Device Identification: Are the unique physical identifiers (IMEI, Serial Numbers, MAC address, Cloud ID, Make and Model) of the source device clearly specified? 4
  • [ ] Hash Algorithm: Is a secure, collision-resistant cryptographic algorithm (specifically SHA-256) clearly stated and applied to the files?
  • [ ] Initial Link Verification: Was the cryptographic hash value generated and logged at the immediate moment of extraction from the source device? 1
  • [ ] Lawful Control: Does the Part A declaration clearly establish that the record was under the lawful control of the person who extracted or managed the data? 4

Works cited

  1. Electronic evidence under the BSA, 2023 – iPleaders, accessed July 4, 2026, https://blog.ipleaders.in/electronic-evidence-under-the-bsa-2023/
  2. Expert In Computer Science & Cyber Forensics Competent To Sign …, accessed July 4, 2026, https://www.verdictum.in/supreme-court/qualification-section-39-bsa-not-restricted-section-79a-it-act-examiners-forensics-sign-part-b-certificate-1614860
  3. Supply of copy of electronic evidence – Suggested system for District Courts – AIJFR, accessed July 4, 2026, https://www.aijfr.com/papers/2026/1/3213.pdf
  4. BSA 2023 Electronic Records Certificate | PDF | Cryptography | Computer Science – Scribd, accessed July 4, 2026, https://www.scribd.com/document/832369597/BSA-2023-Certificates
  5. Section 63 – India Code, accessed July 4, 2026, https://www.indiacode.nic.in/show-data?actid=AC_CEN_5_23_00049_2023-47_1719292804654&orderno=63
  6. Electronic Evidence in Indian Law: Admissibility, Authentication and Evidentiary Value, accessed July 4, 2026, https://www.researchgate.net/publication/407109013_Electronic_Evidence_in_Indian_Law_Admissibility_Authentication_and_Evidentiary_Value
  7. Section 63 BSA Certificate Format | PDF | Cryptography | Computer Science – Scribd, accessed July 4, 2026, https://www.scribd.com/document/832371126/63-Certificate-BSA
  8. Section 63(4) BSA: Supreme Court Clarifies That Part B Is Not Confined to Section 79A Examiners – Law Web, accessed July 4, 2026, https://www.lawweb.in/2026/05/section-634-bsa-supreme-court-clarifies.html
  9. Section 63 BSA – Electronic Evidence – YouTube, accessed July 4, 2026, https://www.youtube.com/shorts/PWQN9W48jf4
  10. Bsa Notes 5 | PDF | Signature | Will And Testament – Scribd, accessed July 4, 2026, https://www.scribd.com/document/995302772/BSA-NOTES-5
  11. Documentary Evidence Under BSA 2023 (Sections 56–66): Meaning, Types, and Admissibility Rules – Lawsho, accessed July 4, 2026, https://www.lawsho.com/documentary-evidence-under-bsa-2023-sections-56-66-meaning-types-and-admissibility-rules/
  12. SECTION 64 OF THE BHARATIYA SAKSHYA ADHINIYAM, 2023 | Vidhi Judicial Academy, accessed July 4, 2026, https://vidhijudicial.com/section-64-of-the-bharatiya-sakshya-adhiniyam,-2023.html
  13. BSA Project on Electronic Records | PDF | Signature | Information – Scribd, accessed July 4, 2026, https://www.scribd.com/document/795245746/194-BSA-Project-1
  14. Week-10 BSA, 2023- Section 54- 73.docx, accessed July 4, 2026, https://www.studyiq.net/lecture_ppt/lesson156354/Week-10-BSA-2023–Section-54–73docx_1731055175.pdf
  15. Documentary Evidence under BSA – Drishti Judiciary, accessed July 4, 2026, https://drishtijudiciary.com/to-the-point/bharatiya-sakshya-adhiniyam-&-indian-evidence-act/documentary-evidence-under-bsa
  16. Section 65 in Bharatiya Sakshya Adhiniyam, 2023 – Indian Kanoon, accessed July 4, 2026, https://indiankanoon.org/doc/145265831/

Leave a Comment

Your email address will not be published. Required fields are marked *