Jurisdiction In Cyberspace

A fast-paced world, and surprisingly fitting in one’s hand. The world is in the era of “internet and cyberspace”, and it seems faster and better than ever. But it all comes with a price, that mankind is still in the exploration of. Just as in the real and physical world, the virtual space created by humans also sees a plethora of criminal activities on a day to day basis where the data of millions of people acts as valuable assets. It has the power to instigate a civil war or to destroy nations altogether, steal data for ransom, or even rob millions from a bank in seconds. It becomes quite a challenge to map out a conclusive set of applicable laws to contain this mass virtual force. The major obstacle being how, when these offences are prosecuted, the personal jurisdiction is to be applied. 

This article breaks down how the legal principles have evolved while determining personal jurisdiction in cyberspace. 

Cyberspace- The Virtual Universe

Cyberspace is an imaginary area or a virtual space where a connection can be established between two computers at any two points in the world, with absolutely no limits. 

The word ‘cyberspace’ was used in the Novel ‘Neuromancer’ by William Gibson, for the first time in 1984, which is a science fiction and defined as an interaction between the human mind and computers. 1

While cyberspace and the internet share very similar connotations, cyberspace can be defined as anything that is done using the internet, while the internet is a network or networks. 

In layman terms “cyberspace” is a virtual universe made up of the widely spread and interconnected digital gadgets and technology, enabling one to create, modify, share, exchange, extract and destroy the physical resources floating all over the internet. 

The world we live in is possibly at its simplest, most sophisticated version, as at this point in time, and we could only hope for it to make many innovative new changes. The world seems so much smaller at our fingertips, lives have collectively become easier. Education, E-commerce, shopping, banking, and almost every other essential has taken its spot on the internet. In fact, some of the richest multinational companies are that of Google and Facebook that are empires built virtually on nothing but data. The huge number of users are the customers and their personal information, the asset. Each of these businesses run on nothing but loads of information, some private, some not, and it becomes necessary to build a hyper-vigilant screening process in providing our personal information, because of the immense threats that tag-along with this mighty tool. 

With business transactions moving online, the conventional methods of dealing with legal complications are also in need of remoulding to fit into the present, needful circumstances. 

It is often very ambiguous to decipher what place holds jurisdiction over disputes that arise in the vast cyberspace. In her paper “Principles of Jurisdiction”, Betsy Rosenblatt states that “a court must first decide “where” the internet conduct takes place, and what it means for internet activity to have an “effect” within a state or a nation”. [1]

The concept of national borders and distance stands irrelevant in cyberspace. By setting up a website from a home computer, here in India, one can grant access to anybody around the world, making communication a piece of cake. While communication is easier, the legal threats posed are quite drastic.

Threats To Cyberspace

With the amount of information being constantly exchanged, the threats in cyberspace are equally large. It is also important to register the intensity of changes the cyberspace is constantly subjected to, which concurrently aids in the advancement of the cyberattacks. 

Cyberattacks can range from personal data breaches to mass frauds, each of which is equally dangerous and harmful, putting one’s usage of cyberspace at risk. 

Cyberattacks are where internet users use malicious maneuvres to steal, destroy, expose, or gain unauthorized access into the personal information of a person, company, military databases, etc., 

Cyberattacks are a part of cyber warfare- where cyberspaces containing classifies military information, are attacked to wage war and other military purposes, and cyber terrorism- where cyberspaces are used to conduct violent criminal activities. 

Some of these common cyberattacks include phishing, identity theft, ransomware, hacking, child pornography, malware, credit or debit card frauds, disinformation- harming an individual, property or a nation. 

What Is Personal Jurisdiction?

Personal jurisdiction refers to the jurisdiction exerted by law, over a person in deciding a particular lawsuit. It also operates along with the due procedure of law established by the constitution of that country. Personal jurisdiction in cyberspace has evolved, one case law at a time, like cyberspace itself. The advancements are constant; hence it proposes a challenge for the laws to keep up with it.

Due to its versatile and inconsistent nature, absence of physical boundaries and dynamic space structures, containing cyberspace in the bounds of a few specific laws and assigning jurisdiction becomes quite a task. 

To break it down, a “cyberspace” is created by a computer, and this virtual space “holds” all information. All physical transactions and all legal connotations attached to it goes into overdrive in cyberspace. 

“A transaction in cyberspace fundamentally involves three parties. The user, the server host and the person with whom the transaction is taking place with the need to be put within one jurisdiction.” [2]

In terms of personal jurisdiction, to separate disputes into domestic or international, in cyberspace, it is important to distinguish disputes based on (i) what has happened? (ii) where has it happened? (iii) why did it happen? 

Hence, a resident shall inevitably be tried under municipal laws, but there persists ambiguity while dealing with non-residents.  

Traditionally, jurisdiction is exerted by a court in specific matters by terms of territory, subject matter, or the applicable law.

Often involving multiple countries in one single transaction on cyberspace, it is challenging to dissect the disputes arising into the laws of one particular country. One of the ultimate recourses could be sought under Public International Law, to eliminate jurisdictional clashes between countries and conflicts of law arising out of it, using the principles of “personal jurisdiction”. Jurisdiction, under International Law is of three types: (1) jurisdiction to prescribe; (2) jurisdiction to enforce; and (3) jurisdiction to adjudicate. To replicate these into cyberspace, one can consider the ‘law of the server’, that is, the physical position of the server or where the webpage is located and claim the jurisdiction of that country. However, these principles are of no use when the cyberspaces are used to commit terrorist activities hence maintaining anonymity of its servers. 

Personal Jurisdiction in Cyberspace Around the World

The United States, having one of the strongest cyberspace laws in force, while formulating principles to deal with cases of cyberspaces, stood by the concept of ‘minimum contacts’, a standard that was outlined by the Court in International Shoe v Washington, 1945. The Court ruled that a non-resident of a state may be sued in that state if the party has ‘certain minimum contacts with [the state] such that maintenance of the suit does not offend traditional notions of fair play and substantial justice.’[3]

The US Supreme Court later laid down the “Zipper test” or the “Sliding Scale test” that- “In the absence of general jurisdiction, specific jurisdiction permits a court to exercise personal jurisdiction over a non-resident defendant for forum-related activities where the relationship between the defendant and the forum falls within the ‘minimum contacts’ framework” and  classified websites as (i) passive, (ii) interactive and (iii) integral to the defendant’s business.

The difficulty experienced with the application of the Zippo sliding scale test paved the way for the application of “the effects test”. The courts have thus moved from a ‘subjective territoriality’ test to an ‘objective territoriality’ or ‘the effects test’ in which the forum court will exercise jurisdiction if it is shown that effects of the defendant’s website are felt in the forum state. In other words, it must have resulted in some harm or injury to the plaintiff within the territory of the forum state- as pronounced primarily in Calder v. Jones.

The recent lawsuit by the International League Against Racism and Anti-Semitism and the Union of French Law Students against Yahoo!, (Yahoo! Inc., v La Ligue Contre Le Racisme Et L’Antisémitisme), which has received a lot of attention in the popular press summarizes the difficulties that remain in resolving both the prescriptive and enforcement jurisdictional issues in cyberspace.

It appears that courts and legislatures have found legitimate grounds for asserting prescriptive jurisdiction over defendants based upon actions taken in cyberspace, but that may have little importance when the plaintiff seeks a restorative remedy. Enforcement jurisdiction, which requires the injured party to attach either the defendant or his tangible assets, becomes an issue of comity or state’s recognition of its obligation to enforce a law. [4]

“In sum, under U.S. law. if it is reasonable to do so, a court in one state will exercise jurisdiction over a party in another state or country whose conduct has substantial effects in the state and whose conduct constitutes sufficient contacts with the state to satisfy due process.  Because this jurisdictional test is ambiguous, courts in every state of the U.S. may be able to exercise jurisdiction over parties anywhere in the world, based solely on Internet contacts with the state.”[5]

In European countries, the jurisdiction of cyberspace is determined by the Brussels Regulations by extending its operations to online disputes and states that “subject to the provisions of this Regulation, persons domiciled in a contracting state shall, whatever their nationality, be sued in the courts of that state”- thus eliminating the ambiguity of jurisdiction. 

Germany has passed a law that subjects any Web site accessible in Germany to German law, holding Internet service providers (ISPs) liable for violations of German content laws if the providers were aware of the content and were reasonably able to remove the content. [6]

 Malaysia’s new cyberspace law also extends well beyond the borders of Malaysia. The bill applies to offenses committed by a person in any place, inside or outside of Malaysia, if at the relevant time the computer, program, or data was either (i) in Malaysia or (ii) capable of being connected to or sent to or used by or with a computer in Malaysia. The offender is liable regardless of his nationality or citizenship. [7]

Personal Jurisdiction in Cyberspace- The Indian Mechanism

Casio India Co. Limited v. Ashita Tele Systems Pvt. Limited the Supreme Court held that “the website of Defendant can be accessed from Delhi is sufficient to invoke the territorial jurisdiction of this Court”. [8]

In India TV Independent News Service Pvt. Limited v. India Broadcast Live Llc & Ors., it was held that “the Defendant is carrying on activities within the jurisdiction of this court; has sufficient contacts with the jurisdiction of the court and the claim of the Plaintiff has arisen as a consequence of the activities of Defendant, within the jurisdiction of this court”.

In Banyan Tree Holding (P) Limited v. A. Murali Krishna Reddy, The Division Bench of the Delhi High Court, while answering the referral order of the learned Single Judge, affirmed the ruling in India TV, and overruled the Casio Judgement. [9]

Various laws in India can be deemed applicable to today’s scenario of cyberspace and everything that is involved with it. It is fascinating to notice how some of these laws, though decades old, stand accurate to today’s circumstances. 

Based on the Sections 15 to 20 of the Code of Civil Procedure, 1908, stipulating the Indian approach to determining jurisdiction, the jurisdiction shall be detrimental to the location of the immovable property, or the place of residence or place of the work of the defendant or the place where the cause of action has arisen. These provisions stand inapplicable for cyberspace disputes. 

The provisions of the Code of Criminal Procedure, 1973 prescribes for multiple places of jurisdiction based on the place of commission of crime or occurrence of the consequence of a crime in cases of a continuing crime, which, in the case of cyberspace, stands accurate. 

The persisting laws relating to cyberspace are dealt under the Information Technology Act, 2000, in India. The objective of the Act is to provide legal recognition to e- commerce and to facilitate storage of electronic records with the Government. 

The Act provides various definitions and instances of cybercrimes, prescribing the punishment for those crimes and also provides laws for trial of cyber law cases in and out of the country. 

Sec 1 of the IT Act states that, this Act extends to the whole of India and, unless otherwise provided, it shall also apply to any offence or contravention committed outside India by any person.

Sec 75 of the IT Act deals with the provisions of the act to apply for offences or contravention committed outside India, irrespective of his nationality, and shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

Sec 46 of the IT Act gives power to adjudicate in case of contravention of any provision in this Act and also appoints an Adjudicating Officer who is vested with the powers of Civil Courts and are conferred on the Cyber Appellate Tribunal.

As much as the Information Technology Act 2000 seems inclusive, it still does pose ambiguity in jurisdiction when the offence has been committed outside of India or by a non-citizen, while also following the principle of Lex Fori, meaning the law of the country. [10]

A part of IT Act 2000, there are other relevant legislation under Indian laws that gives the authority to India Courts to adjudicate the matters related to cyber-crimes such as:

Sec 3 and 4 of Indian Penal Code, 1882 that deals with extra territorial jurisdiction of Indian courts.

Section 188 of the Code of Criminal Procedure, 1973 provides that even if a citizen of India outside the country commits the offence, the same is subject to the jurisdiction of courts in India. 

And Section 178 deals with the crime or part of it committed in India and Section 179 deals with the consequences of crime in Indian Territory. 


Cyberspace- a word gathered from fiction, yet has made its presence felt in reality, to almost everyone. It is not a luxury, but a bare necessity for people of all ages and has the entire world to offer, one simple click away. 

Artsy and simplistic, is how cyberspace feels and how technology is evolving, giving mankind its best, the crimes relating to cyberspaces are also on a drastic rise. The more advanced the cyberspace gets, the more advanced its disputes. The existence of a virtual space creates a cape of invisibility for those that wish to misuse this innovation. It is detrimental to observe that since cyberspace and the internet are ever-evolving entities, the laws to deal with mishaps occurring in these cyberspaces are formulated long after the damage is done. The very nature of its consistent development and ease of change, the laws and lawmakers are often stuck at war to propose an accurate implementation of these offences. Oftentimes, these offences turn grave and brutal, bringing threat to people’s safety, their lives, important military information costing a nation’s security or frauds that steal money from a large number of people- among others. 

It is crucial to learn that creating a well-developed set of consistent laws are the only solution to battle bigger evils that could arise out of cyberspace and its invisible pursuit. 


1. Why Is There A Need To For Personal Jurisdiction In Cyberspace?

Personal Jurisdiction does nothing but to provide a clearer vision as to applicability of laws while prosecuting an offence that has occurred in the vast expanse of cyberspace, making it easier for courts to decide on the dispute and accurate laws be applied or be formulated accordingly. 

2. Do Cyberspace Laws Need Constant Modifications?

It is evident to note that cyberspace is a dynamic entity, and it advances by the second. There is a newer innovation every day, making technology easier. But it comes with its own set of innovative problems. The newer the innovations, the newer ways there are to commit offences in cyberspace. It calls for a close inspection of cyberspace and to regulate and reform the disputes in effective new ways with the help of effective and newer laws. 


https://blog.ipleaders.in/cyber-security-and-its-legal-implications/ 1

Cyberspace−Conflicting Jurisdictional Spheres of Litigating IPR Claims  


Principles of Jurisdiction- Paper Produced by Betsy Rosenblatt


Jurisdictional Issues in Cyberspace JUSTICE S. MURALIDHAR 


Cyberspace Jurisdiction: Issues and Challenges


Determining Jurisdiction in Cyberspace: The “Zippo” Test or the “Effects” Test? Julia Alpert Gladstone 


Analysis of Cyber Jurisdiction In Indiahttp://www.legalserviceindia.com/legal/article-3329-analysis-of-cyber-jurisdiction-in-india.html

[1] Principles of Jurisdiction- Betsy Rosenblatt

[2] Cyber Space Jurisdiction: Issues and Challenges

[3] Principles of Jurisdiction- Betsy Rosenblatt

[4] Determining Jurisdiction in Cyberspace: The “Zippo” Test or the “Effects” Test? – Julia Alpert Gladstone

[5] Principles of Jurisdiction- Betsy Rosenblatt

[6] Principles of Jurisdiction- Betsy Rosenblatt

[7] Principles of Jurisdiction- Betsy Rosenblatt

[8] Jurisdictional Issues in Cyberspace JUSTICE S. MURALIDHAR

[9] Jurisdictional Issues in Cyberspace JUSTICE S. MURALIDHAR

[10] Analysis of Cyber Jurisdiction In India

Leave a Reply

Your email address will not be published. Required fields are marked *