In India, the Information Technology Act, received the Presidential Assent in June 2000. The Act is based on the Model Law on E-Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL). The essence of the Act is captured in the long title: ‘An act to provide for the legal recognition of transactions carried out by … alternatives to paper-based methods of communication and storage of information …'. In a previous article the authors reviewed the ‘heavy handed' approach taken by the Indian government to the regulation of Certificating Authorities,1 this article continues this theme and evaluates the provisions of the Act in and around a range of jurisdiction, crime and privacy issues. Unlike similar legislation in Singapore, Malaysia, South Korea and Thailand, which primarily focuses on the regulation of e-commerce, the Information Technology Act 2000 introduces and enacts for the first time in India a range of e-commerce and Internet related criminal offences, these provisions provide a range of executive powers that the authors consider will significantly impair the rights of privacy and free speech of both citizens of India and of other countries.