The Law Blog

_{Aryan Chauhan is a fourth-year student at Dr. Ram Manohar Lohiya National Law University, Lucknow.}

The Income Tax Bill, 2025, introduced in Parliament on 13 February 2025, promises to modernize India’s tax laws. But one provision has drawn fierce debate. Clause 247 dramatically expands search-and-seizure powers into the digital realm. It authorizes a tax officer who “has reason to believe” a person is hiding income to break digital locks. In the Bill’s own words, an authorised officer can “gain access by overriding the access code to any computer system, or virtual digital space”. In practice, this would allow investigators to hack into personal emails, social-media and messaging apps, cloud storage, and other private accounts. Digital rights groups warn that without limits, the state could effectively conduct wide-ranging surveillance of individuals’ private communications. As an expert cautioned, the clause “could allow the use of privacy-violating data extraction tools to break into locked devices or password-protected accounts without any safeguards”. Even supporters of tougher enforcement concede that such sweeping digital access must be carefully circumscribed.

Expanded Digital Search Powers under Clause 247

The Bill defines “virtual digital space” very broadly. According to the draft, this includes email servers, social media accounts, online investment and banking accounts, asset ownership websites, cloud servers, and “any other space of similar nature”. In short, virtually every place where a taxpayer might store information electronically comes under scrutiny. Clause 247(1)(b)(iii) explicitly empowers officers to break into any locked container or override any digital access code to reach alleged incriminating material. As one legal expert bluntly put it, the Bill effectively allows“the Government to override access codes and directly enter digital spaces to gather information” if access is refused. The draft law also enables authorities to compel suspects to hand over passwords or keys. In this sense the Bill codifies what was previously a legal grey area; currently officers may demand access under Section 132 of the Income-tax Act, but there is no explicit authorization to override encryption or password protection. Starting 1 April 2026, any refusal to comply could be treated as obstruction under law, effectively making non-disclosure of credentials an offence.

The expansion in Clause 247 goes well beyond past practice. Section 132 of the existing Act allowed search of premises and seizure of electronic records, but in fact officers already have informally been seeking data from phones and apps during raids. The Income Tax Department under Section 132 have been seizing hard drives and extracting data from platforms like WhatsApp and Telegram as evidence. The new Bill removes any uncertainty by spelling out that an “authorized officer” (at the rank of Joint Director or higher) may literally break into digital spaces on mere suspicion of undisclosed income. As media reports note, this means tax officials will formally have power to override any access codes on a computer or phone during a search. The definition of digital space is so broad that even bystanders could be swept in: officers could seize data from a person’s cloud server or app if it contains records pertinent to another’s tax probe, raising concerns about third-party privacy.

Privacy and Constitutional Safeguards

This radical shift inevitably raises constitutional questions under the right to privacy. The Supreme Court in Justice K.S. Puttaswamy v. Union of India unanimously held that privacy is a fundamental right under Article 21. Any state intrusion must therefore meet strict tests of legality, necessity and proportionality. In Puttaswamy, the Court insisted that laws infringing privacy must be clear, unambiguous, and confined to the “least intrusive” means to achieve a legitimate aim. Here the legitimate aim is combating tax evasion, which itself is a valid state interest. But critics note that Clause 247 does not incorporate the kind of proportionality standards the Court demanded. The Internet Freedom Foundation (IFF) has pointed out that the Bill does not require an officer to show that no less-invasive tool could retrieve the data, nor does it mandate prior judicial oversight. Instead, the bill relies solely on internal sanction (a senior tax officer’s order) to authorize searches. Even under Section 69 of the Information Technology Act, which allows government agencies to compel decryption of communications, strong safeguards are required. Section 69(3) expressly obliges any subscriber or intermediary to assist in decryption when directed by the government, and failure to do so is punishable by imprisonment up to seven years. But those powers are theoretically limited to national security or serious crime investigations. The Income Tax Bill would extend similar override powers to routine tax cases, with no clearer guidelines. Legal scholars warn that without express judicial warrants or transparency requirements, Clause 247’s forceful search regime risks running afoul of Puttaswamy’s proportionality test.

Indeed, the Bill’s proviso that the search may proceed even if the taxpayer does not “cooperate” effectively makes password surrender compulsory. In Parliament the Finance Ministernoted that the new Section 247(1)(ii) essentially codifies the power to override access codes when the target is uncooperative. Refusal to provide a password under a valid search order can already be punished under the Income-tax Act as obstruction. The Bill thus squares this with technology: if officers have the right to break locks physically under the current regime, it is unsurprising the law now explicitly lets them demand you turn over the password or circumvent it. But from a privacy standpoint, this is a fraught extension.End-to-end encryption on personal devices designed to protect privacy by making data unreadable even to service providers would be effectively nullified. Encrypted group chats and messages could be decrypted or exposed if someone in the group is under suspicion. Digital freedom activists argue that this undermines privacy norms, because once a backdoor is opened in encryption by law, it weakens security for everyone.

Global Digital Privacy Norms

Compared to practices in other democracies, the Bill’s approach appears aggressive. In most mature jurisdictions, any compelled access to private data generally requires a judicial warrant or equivalent oversight. For example, the United States’ position is that law enforcement supports “strong, responsibly managed encryption,” but insists that tech companies should provide encrypted data only in response to valid court orders. The U.S. emphasises that constitutional safeguards must guide any intrusion: “We continue to embrace the rigorous legal standards law enforcement must meet to obtain a warrant before accessing evidence,” the FBI stresses. Similarly, the European Union’s jurisprudence tends to balance privacy with law enforcement needs, but even there, strong encryption is not lightly overridden without due process. India’s laws have acknowledged the tension for years. Under the IT Act, Section 69 empowers the government to intercept or decrypt communications in the interest of security and crime prevention, and requires any subscriber or intermediary to assist, with failure punishable by up to seven years in jail. The Bill’s Clause 247 echoes Section 69 in spirit, but drops the security justification, treating tax enforcement like a matter of public order. Arguably, putting such extraordinary cyber-search powers into the routine tax code breaks from global norms. If a warrant system is a necessarysafeguard for national security or crime investigations, it should be at least as stringent for financial investigations; broad roving digital searches without independent review arebeyondconstitutional permissibility in India.

Conclusion

The Income Tax Bill’s drafters have signalled that they intend to equip tax authorities for the digital age. Yet the legal community is warning that this must not come at the cost of constitutional rights. The proposed Clause 247 clearly ventures into uncharted territory: it would permit agents to remotely unlock personal devices and invade encrypted chats when any tax-related suspicion arises. Under Article 21, such extraordinary powers must be narrowly tailored. As IFF and others have urged, Parliament could mend the apparent gaps by introducing proportionality requirements and judicial warrants, much as the Supreme Court directed in Puttaswamy. Until then, Clause 247 will remain controversial. Legal analysts stress that only careful checks and transparency can prevent it from becoming a license for unchecked surveillance. The debate over this Bill’s privacy implication may well end up in court, where ultimately the standards of Puttaswamy that no intrusion be more intrusive than necessary will govern the outcome.