Part 3 of 6

Section 63 BSA Certificate - Advanced

🕑 150-180 minutes 📖 Advanced Level 📋 Module 7

Introduction to Section 63 BSA

Section 63 of the Bharatiya Sakshya Adhiniyam (BSA) 2023 governs the admissibility of electronic records in Indian courts. This section, which replaced Section 65B of the Indian Evidence Act, is fundamental to presenting digital evidence. This advanced module provides comprehensive guidance on drafting bulletproof certificates and preparing for cross-examination.

Section 63 BSA - Legal Text Summary

Section 63 provides that any information contained in an electronic record which is printed on paper, stored, recorded or copied in optical or magnetic media produced by a computer shall be deemed to be a document and admissible as evidence of any contents of the original or any fact stated therein of which direct evidence would be admissible, if the conditions specified in sub-section (2) are satisfied.

Key Changes from Section 65B IEA

  • Terminology Updates: Language modernized to reflect current technology
  • Expanded Scope: Broader coverage of electronic records and devices
  • Certification Requirements: Similar structure but with updated provisions
  • Continued Mandatory Nature: Certificate remains mandatory per Arjun Panditrao judgment

The Four Mandatory Conditions

Section 63(2) BSA specifies four conditions that must be satisfied for electronic evidence to be admissible. Understanding these conditions deeply is essential for drafting effective certificates.

Condition 1: Regular Use of Computer

💻 First Condition

"The computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer."

What this means in practice:

  • The computer was used for regular business/personal activities
  • The person producing the evidence had lawful control
  • The output was generated during this regular use period

Condition 2: Regular Feeding of Information

📋 Second Condition

"During the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities."

What this means in practice:

  • Information was input as part of regular operations
  • Data entry followed normal business processes
  • Not specifically created for litigation purposes

Condition 3: Proper Operation

Third Condition

"Throughout the material part of the said period, the computer was operating properly or, if not, that any respect in which it was not operating properly or was out of operation during that part of that period was not such as to affect the electronic record or the accuracy of its contents."

What this means in practice:

  • The computer was functioning correctly during relevant period
  • If there were any malfunctions, they did not affect the relevant data
  • The system's integrity was maintained

Condition 4: Accurate Reproduction

📄 Fourth Condition

"The information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities."

What this means in practice:

  • The output accurately represents the original information
  • No unauthorized modifications have been made
  • The data integrity is preserved

Comprehensive Certificate Template

The following template incorporates all required elements and best practices for Indian courts.

Certificate Under Section 63 of Bharatiya Sakshya Adhiniyam, 2023
Certificate for Admissibility of Electronic Record
1. CASE DETAILS
Case Number: [FIR No./Case Reference]
Court: [Name of Hon'ble Court]
Parties: [Complainant] vs. [Accused]
2. CERTIFIER DETAILS
Name: [Full Name of Certifier]
Designation: [Official Designation]
Organization: [Name of Organization]
Address: [Complete Official Address]
Contact: [Phone/Email]
3. COMPUTER/DEVICE IDENTIFICATION
Device Type: [e.g., Desktop Computer/Server/Mobile Phone]
Make/Manufacturer: [e.g., Dell, HP, Apple]
Model: [Specific Model Number]
Serial Number: [Device Serial Number]
Operating System: [e.g., Windows 11 Pro, Version 22H2]
Location: [Physical Location of Device]
4. ELECTRONIC RECORD DETAILS
Description: [Detailed description of the electronic record]
File Name(s): [Exact file names]
File Type(s): [e.g., PDF, JPEG, XLSX]
Creation Date: [Date of creation]
Relevant Period: [Date range covered by the evidence]
MD5 Hash: [32-character hash value]
SHA-256 Hash: [64-character hash value]
5. CERTIFICATION OF CONDITIONS UNDER SECTION 63(2) BSA

I, the undersigned, being a person occupying a responsible official position in relation to the operation of the relevant device and the management of the relevant activities, hereby certify that:

First Condition (Regular Use): The computer/electronic device identified above was used regularly to store and process information for the purposes of activities regularly carried on by [Organization Name] during the period from [Start Date] to [End Date]. I had/have lawful control over the use of this computer during this period.
Second Condition (Regular Information Feeding): During the said period, information of the kind contained in the electronic record being produced, namely [describe type of information], was regularly fed into the computer in the ordinary course of [describe business/activity].
Third Condition (Proper Operation): Throughout the material part of the said period, the computer was operating properly. [If there were any issues: The computer experienced [describe issue] during [dates], but this did not affect the electronic record or the accuracy of its contents because [explain reason].]
Fourth Condition (Accurate Reproduction): The information contained in the electronic record being produced accurately reproduces and is derived from information fed into the computer in the ordinary course of the said activities. The printout/copy attached herewith faithfully reproduces the contents of the original electronic record.
6. INTEGRITY VERIFICATION

I further certify that:

  • The electronic record has not been altered, modified, or tampered with since its creation/acquisition.
  • The hash values stated above were calculated at the time of acquisition and can be independently verified.
  • Appropriate measures were taken to preserve the integrity of the electronic record.
7. DECLARATION

I make this certificate based on my personal knowledge and/or examination of the relevant computer system and records. I understand that any false statement in this certificate may constitute perjury and result in legal consequences.

Signature of Certifier
Name: ____________________
Designation: ____________________
Date: ____________________
Place: ____________________
Official Seal/Stamp
 
 
 
 

Common Mistakes to Avoid

Understanding common errors helps you create certificates that will withstand judicial scrutiny and cross-examination.

Critical Errors That Can Invalidate Certificates
  1. Wrong Certifier: Certificate signed by someone without relevant position or knowledge
  2. Vague Device Description: Generic descriptions without specific identifiers
  3. Missing Hash Values: No cryptographic verification of data integrity
  4. Incomplete Conditions: Failing to address all four conditions explicitly
  5. Late Filing: Certificate produced after court challenge instead of with evidence
  6. Boilerplate Language: Using generic language without case-specific details
  7. Undated Certificate: Missing date or date after evidence production
  8. No Relevance Link: Failing to connect certificate to specific evidence items

Mistake Analysis: Case Examples

Example 1: Inadequate Device Description
WRONG: "The information was produced by a computer in our office."
CORRECT: "The information was produced by a Dell OptiPlex 7090 desktop computer, Serial Number: JXYZ123456, running Windows 11 Pro (Build 22621), located in the Accounts Department, Room 204, Corporate Office, Mumbai."
Example 2: Addressing Third Condition (Proper Operation)
WRONG: "The computer was working properly."
CORRECT: "Throughout the period from 01/01/2025 to 31/12/2025, the computer was operating properly. Routine maintenance was performed on 15/06/2025 (software updates) which did not affect data integrity. No hardware failures or data corruption events occurred. System logs confirm normal operation throughout the relevant period."
Example 3: Wrong Certifier
WRONG: Certificate signed by company receptionist with no connection to IT systems or evidence.
CORRECT: Certificate signed by IT Manager who manages the systems, or Department Head who oversees the activities generating the evidence, or designated Nodal Officer with official responsibility.

Complex Certification Scenarios

Scenario 1: Multi-Device Evidence

When evidence comes from multiple computers or a network system:

  • Identify each device separately with full specifications
  • Explain how devices are interconnected (if applicable)
  • Address all four conditions for each device or for the system as a whole
  • Consider using multiple certificates if devices are controlled by different persons

Scenario 2: Cloud-Based Evidence

For data stored on cloud services (Google Drive, AWS, Azure, etc.):

  • Identify the cloud service provider and account details
  • Describe the user's lawful control and access rights
  • Note that the physical computer may be unknown but the service operates properly
  • Request service provider certificate if possible
  • Include access logs and authentication records

Scenario 3: Third-Party System Evidence

When evidence comes from a system not under your control (bank records, telecom records):

  • Certificate must be issued by the custodian of that system
  • Coordinate with the third party to obtain proper certification
  • Ensure the third party understands Section 63 requirements
  • Obtain supporting documentation (service agreements, SLAs)

Scenario 4: Email Evidence

Special Considerations for Email
  • Include complete email headers (not just From/To/Subject)
  • Identify the email server that stored the message
  • For web-based email, note the service provider
  • Calculate hash of the email in its native format (EML/MSG)
  • Document the email extraction method used

Cross-Examination Preparation

Defence counsel will attempt to challenge your certificate. Preparation is essential for maintaining credibility.

Anticipated Questions and Responses

Q: How can you be certain the computer was operating properly?
Prepared Response: "I reviewed the system event logs which show no critical errors during the relevant period. Additionally, the device underwent routine maintenance as documented in our IT records. The system is protected by antivirus software that was active and updated. No data corruption warnings were recorded. I can produce these logs if required by the Hon'ble Court."
Q: How do you know the data wasn't modified before you accessed it?
Prepared Response: "The file system maintains metadata including creation dates, modification dates, and access dates. The hash values I calculated at the time of acquisition provide a cryptographic fingerprint. Any modification, even a single bit change, would result in a completely different hash value. The hash verification I performed confirms the data integrity from acquisition to production."
Q: What qualifications do you have to certify this evidence?
Prepared Response: "I hold [certifications]. I have [X years] of experience in [relevant field]. As [designation], I have regular access to and responsibility for the systems that generated this evidence. I have been trained in digital evidence handling procedures and am familiar with the requirements of Section 63 BSA."
Q: Can you explain what MD5 and SHA-256 hash values mean?
Prepared Response: "MD5 and SHA-256 are cryptographic hash algorithms that generate a unique fixed-length string (fingerprint) from any data. If even one character in the source data changes, the resulting hash changes completely. By comparing the hash calculated at acquisition with the hash calculated now, we can verify that the data has not been altered. This is a standard practice in digital forensics accepted worldwide."
Q: How do you rule out the possibility that someone manipulated the data before your involvement?
Prepared Response: "I documented the chain of custody from seizure to analysis. The evidence was stored in [secure location] with [access controls]. I verified that tamper-evident seals were intact before examination. The file metadata shows [relevant timestamps]. While I can certify the integrity from the point of acquisition, the chain of custody documentation supports integrity from seizure onwards."

Cross-Examination Survival Tips

💡 Key Principles
  • Stay within your knowledge: Only testify to facts you personally know
  • Don't speculate: Say "I don't know" rather than guess
  • Be precise: Avoid absolute statements unless certain
  • Refer to documentation: Support answers with contemporaneous records
  • Remain calm: Don't become defensive or argumentative
  • Ask for clarification: If a question is unclear, ask for clarification

Key Indian Judgments on Section 63/65B

Case Year Key Holding
Anvar P.V. v. P.K. Basheer 2014 Section 65B certificate is mandatory; electronic evidence without it is inadmissible
Shafhi Mohammad v. State of H.P. 2018 Court can relax certificate requirement in specific circumstances (later limited)
Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal 2020 Certificate is mandatory; Anvar P.V. position reaffirmed; Shafhi Mohammad interpretation clarified
Tomaso Bruno v. State of U.P. 2015 Call records without Section 65B certificate are inadmissible
State (NCT of Delhi) v. Navjot Sandhu 2005 Early recognition of electronic evidence requirements (pre-Anvar)
Arjun Panditrao - The Definitive Ruling

The Supreme Court's 2020 judgment in Arjun Panditrao definitively established that the Section 65B (now Section 63 BSA) certificate is MANDATORY, not directory. The three-judge bench overruled any interpretation suggesting certificates could be dispensed with. This judgment remains the controlling precedent under BSA 2023.

📚 Key Takeaways
  • Section 63 BSA certificate is MANDATORY for electronic evidence admissibility (per Arjun Panditrao)
  • All four conditions must be explicitly addressed in the certificate
  • Device identification must be specific: make, model, serial number, location
  • Hash values (MD5 and SHA-256) are essential for integrity verification
  • The certifier must have relevant position and knowledge - not just any employee
  • Certificate should be produced along with evidence, not as an afterthought
  • Prepare for cross-examination with documented evidence and clear explanations
  • Complex scenarios (cloud, multi-device, third-party) require special handling
Previous: Documentation Next: Report Writing