Introduction
The ancient maxim that “a man’s home is his castle” has guided search and seizure jurisprudence for centuries, protecting citizens from arbitrary state intrusion. But what happens when that castle exists not in physical space, but in the cloud? What protections apply when tax authorities seek not just account books in a desk drawer, but WhatsApp messages, email archives, and encrypted data stored on remote servers?
These questions have moved from theoretical to urgent with the passage of the Income Tax Act, 2025, which takes effect from April 1, 2026. The new law fundamentally transforms the relationship between taxpayers and the state by extending search powers into “virtual digital space” – encompassing email servers, social media accounts, cloud storage, and digital applications . For the first time in Indian legal history, tax officers possess explicit statutory authority to override passwords, compel decryption, and access the most intimate corners of citizens’ digital lives .
This expansion occurs against a complex constitutional backdrop. In 2017, a unanimous nine-judge bench of the Supreme Court in Justice K.S. Puttaswamy v. Union of India declared privacy a fundamental right under Article 21, holding that any state intrusion must satisfy the tests of legality, necessity, and proportionality . The question now before the nation – and currently before the Supreme Court in a pending constitutional challenge – is whether the taxman’s new digital powers strike the right balance between revenue enforcement and fundamental rights, or whether the government has begun watching too closely .
The New Landscape: Section 247 and Virtual Digital Space
From Physical Premises to Digital Lives
Under the old Section 132 of the Income Tax Act, 1961, search powers were largely physical. Officers needed “reason to believe” that a person was concealing income, and could then raid premises to seize undeclared cash, jewellery, and documents . Electronic records could be inspected, but the statute did not explicitly authorize searching computers or phones, nor did it compel taxpayers to divulge passwords.
The Income Tax Act, 2025, changes this fundamentally. Section 247 authorizes tax officers to search any building, place, vessel, vehicle, aircraft – and now any “computer system” or “virtual digital space” where relevant data may be stored . The definition in Section 261(e) is breathtaking in scope:
“‘virtual digital space’ means an environment, area or realm, that is constructed and experienced through computer technology… which encompasses any digital realm that allows users to interact, communicate and perform activities using computer systems, computer networks, computer resources, communication devices, cyberspace, internet, worldwide web and emerging technologies… and includes – (i) email servers; (ii) social media account; (iii) online investment account, trading account, banking account; (iv) any website used for storing details of ownership of any asset; (v) remote server or cloud servers; (vi) digital application platforms; and (vii) any other space of similar nature” .
This definition means a tax search can potentially cover everything from a company’s WhatsApp chats to an individual’s Gmail inbox and iCloud backup. Data on overseas cloud servers could be within reach if deemed connected to an investigation .
The Power to Override
Most controversially, Section 247(1)(ii)-(iii) mandates individuals and businesses to disclose passwords or encryption keys and permits officers to “override the access control” of any device or account . If a taxpayer refuses to hand over a phone passcode or email password on demand, officials can hack into the device. Any refusal is explicitly punishable as non-compliance.
This represents a radical departure from the previous legal position. As Zubin Billimoria, President of the Bombay Chartered Accountants Society, observed, “The Act gives officials more powers, allowing what you may call ethical or regulatory hacking. They can enter a taxpayer’s private space, so yes, there is a possibility of regulatory overreach” .
The Global Encryption Coalition warned that these provisions pose a direct threat to digital privacy, noting that requiring disclosure of passwords and permitting forced access to encrypted data “effectively undermines end-to-end encryption” – the technical infrastructure that citizens, businesses, and government agencies themselves rely on for secure communication .
The Constitutional Challenge: Privacy at the Supreme Court
The Pending Petition
On February 10, 2026, a bench comprising Chief Justice Surya Kant, Justice Joymalya Bagchi, and Justice N.V. Anjaria heard a preliminary challenge to these provisions in Vishwaprasad Alva v. Union of India . The petitioner challenges Sections 247 of the Income Tax Act, 2025, and corresponding provisions of the 1961 Act, arguing they create an intrusive and anticipatory search regime violating fundamental rights under Articles 19(1)(g) (right to practice any profession) and 21 (right to life and privacy) .
Senior Advocate Sanjay Hegde, appearing for the petitioner, raised a crucial concern: the powers extend beyond the primary target of investigation. “Smart investigators always know. Suppose you go after the lawyer… but then you go after clerk’s phone… then… please see only evading assessee is not at risk. Anybody at contact is at risk and the power is kept with the joint commissioner” .
Hegde acknowledged that Section 132 of the 1961 Act had been upheld in Pooran Mal v. Director of Inspection (1974). However, he submitted that the recognition of privacy as a fundamental right in K.S. Puttaswamy (2017) necessitates a fresh constitutional evaluation, especially in the digital context .
The Court’s Preliminary Response
The bench expressed awareness of the investigative challenges in the digital age. Chief Justice Surya Kant observed: “If notice is given for this search and seizure… there is a potential for destroying the evidence. The best way to snub out such investigation against the digital record is to destroy the device itself” .
Justice Bagchi added, “There is no better example than what you say for invoking clause (b). If lawyer is called up to answer and you send a notice to the clerk under clause (a). Then he will also say phone is missing” .
The Court emphasized that these powers are not entirely unchecked, citing Principal Director of Income Tax (Investigation) v. Laljibhai Kanjibhai Mandalia (2022), where limited judicial review of “reasons to believe” under Section 132 was recognized. Courts can examine whether there exists a rational nexus between the material before authorities and the belief recorded .
The matter has been adjourned for further consideration, with the constitutional challenge remaining pending .
The Secrecy Problem: Section 249 and Blindfolded Review
Perhaps as troubling as the search powers themselves is Section 249, which contains a blanket gag on disclosing the “reasons to believe” or any information about the material that led authorities to suspect tax evasion, to “any person,” including the target of the search .
This means if tax officials raid your home and hard drive, you have no right to know why – not at the time of search, not even during any later legal challenge. As the Internet Freedom Foundation notes, “How can a taxpayer contest a search as baseless or malicious if they are legally barred from accessing the very grounds on which it was ordered?” .
Indian courts have long held that giving reasons for administrative action is an essential “safety valve” against arbitrary exercise of power. In Ajit Jain v. Union of India (2000), the Delhi High Court observed that complete secrecy of reasons frustrates judicial review and tilts the scales toward unchecked state power . If Section 249 shuts the door on sharing any part of the tax department’s internal “satisfaction note,” the taxpayer argues blindfolded. The absence of a duty to disclose reasons removes a key disciplinary check – if authorities know their reasons will never see daylight, what incentive exists to ensure those reasons are defensible?
Historical Context: Privacy Jurisprudence and Tax Searches
The Pre-Puttaswamy Era
The constitutional validity of tax search powers was tested in Pooran Mal v. Director of Inspection (1974), where a five-judge bench upheld Section 132. The Court relied heavily on M.P. Sharma v. Satish Chandra (1954), an eight-judge bench decision holding that unlike the US Fourth Amendment, the Indian Constitution did not subject search powers to privacy-based limitations .
The Puttaswamy Revolution
K.S. Puttaswamy v. Union of India (2017) fundamentally altered this landscape. A nine-judge bench unanimously overruled M.P. Sharma’s holding that privacy was not a constitutionally protected right. The Court declared privacy an integral part of Articles 14, 15, 19, and 21, and held that any state intrusion must satisfy a four-fold test:
1. Legality: The intrusion must be authorized by law
2. Necessity: The intrusion must be necessary for a legitimate state aim
3. Proportionality: The extent of intrusion must be proportionate to the aim
4. Procedural safeguards: Adequate safeguards must exist against abuse
As legal commentators Ashish Goel and Kumar Kartikeya argue, Section 247 of the 2025 Act fails this test. While preventing tax evasion is a legitimate aim, “social media accounts are not financial documents that help in the determination of taxable income. Invading the private digital life of a taxpayer is highly intrusive, is disproportionate, and does not have any rational nexus to the objective of tracing and taxing escaped income” .
The Bhatia Principle: Protecting Third Parties
The Supreme Court’s decision in Income Tax Officer v. Vikram Sujit Kumar Bhatia provides another crucial safeguard relevant to the digital age. In that case, the Court held that the Income Tax Department could not compel a third party (Sujit Kumar Bhatia) to produce documents seized during a search of another person’s premises .
The Court ruled that the words “belongs or belong to” in Section 153C must not be confused with “relates to or refers to.” Documents could not be requisitioned from a third party unless they actually “belonged” to that person. This decision protects individuals not directly involved in tax investigations from having their privacy invaded .
This principle assumes new importance in the digital context. As Sanjay Hegde argued before the Supreme Court, digital searches risk sweeping in not just the target’s data, but that of lawyers, clerks, family members, and anyone else whose communications appear on a seized device .
The DPDP Act Conflict: A House Divided
Competing Statutory Frameworks
The Digital Personal Data Protection Act, 2023 (DPDP Act), enacted just two years before the Income Tax Act, 2025, establishes principles of purpose limitation and data minimization – personal data should be processed only for specific, lawful purposes, and only the data strictly necessary should be collected .
Yet Section 17 read with Section 7(d) of the DPDP Act exempts government agencies investigating offenses, including tax offenses, from these requirements . This creates a troubling paradox: the very law designed to protect privacy exempts the very agency most likely to invade it.
As Rishab J notes, “The consequences of such unprecedented access to the virtual digital space of taxpayers may be violative of the various fundamental principles of the [DPDP] Act” . The risk is that routine tax assessments become treated under the broad umbrella of this exemption, allowing fishing expeditions through personal data unrelated to any genuine tax inquiry .
The Oversight Vacuum
Beyond the search itself, the 2025 Act is silent on post-search data protection. There is no “chain of custody” rule, no explicit requirement that personal data not relevant to the tax inquiry must be sealed or destroyed .
In the United Kingdom, the Commissioners for Revenue and Customs Act, 2005, prohibits HMRC officials from disclosing taxpayer information except in tightly controlled circumstances, with criminal penalties for wrongful disclosure . India’s framework lacks comparable protections. As the Internet Freedom Foundation warns, an individual’s entire digital footprint – intimate conversations, family photos, medical records, business secrets – could be in the tax department’s hands, mingled with financial data, with nothing stopping officers from poring over or divulging unrelated personal information .
The Competence Question: Can Tax Officers Handle Digital Data?
An underappreciated concern involves the technical competence of tax officers to handle digital data appropriately. Zubin Billimoria of BCAS asked, “whether officers have the technical competence to access such data – gaps here may lead to unintended consequences” .
Tax officers are trained in accounting and financial investigation, not digital forensics. Without proper training and protocols, attempts to access encrypted devices or cloud data may result in data corruption, evidentiary problems, or inadvertent privacy violations. As Billimoria noted, “wider powers have been given, regulators must act responsibly” .
The Chilling Effect: Surveillance and Democratic Freedoms
Targeting Critics
The concern about unchecked search powers is not theoretical. History provides instances of enforcement agencies being used against government critics. In September 2021, raids swept across media offices and activists’ homes in Srinagar, Delhi, and Mumbai, officially seeking tax improprieties. In February 2023, tax officials conducted a high-profile “survey” at the BBC’s New Delhi and Mumbai offices weeks after the BBC aired a documentary critical of the Prime Minister .
Human Rights Watch has documented how Indian authorities have used tax evasion allegations to raid and intimidate journalists, activists, and political opponents, often after they criticize the government . When searches extend to digital realms, the potential for fishing expeditions multiplies. If a tax raid can mean perusing one’s entire email archive or WhatsApp history, the chilling effect on whistleblowers, advocacy groups, and ordinary citizens who might fear that speaking up could make them the next target is profound .
Self-Censorship in the Digital Age
As Kartikeya and Ahuja argue, “When the tax department possesses the legal authority to enter these domains, taxpayers may self-censor for fear that political speech could invite scrutiny under the guise of a tax investigation. The law thereby risks creating a chilling effect on free expression, imperilling the democratic bargain” .
This is particularly concerning given that social media is not only a marketplace of ideas but also a forum where citizens critique policies and mobilize opinion. The digital expansion of search powers transforms the income-tax department into a potential surveillance agency, without the constitutional safeguards that normally accompany intelligence operations .
Comparative Perspective: How Other Democracies Balance
The absence of a judicial warrant requirement distinguishes India’s approach from constitutional democracies that value privacy. In most jurisdictions, state entry into private informational domains requires a prior warrant issued by a neutral magistrate .
In the United States, the Fourth Amendment requires warrants based on probable cause. In the United Kingdom, the Police and Criminal Evidence Act imposes warrant requirements. Even countries that empower tax authorities to seize digital evidence – the US Internal Revenue Service, UK’s HM Revenue and Customs – temper these powers with independent warrants or strict protocols .
India’s new law, by contrast, allows tax officers to authorize searches internally without approaching any court. As the Telegraph India editorial observed, “Although a constitutional court is able and competent to examine issues relating to objective satisfaction or lawful sanction, such a review inevitably occurs after the disproportionate intrusion has already taken place” .
The Way Forward: Balancing Enforcement and Rights
What Safeguards Are Needed
Several measures could restore constitutional balance:
Judicial Oversight: Mandate prior approval from judicial authorities before accessing taxpayers’ digital space, or at minimum, provide for post-facto judicial review where taxpayers can challenge searches on merits .
Clearer Thresholds: Better define the “reason to believe” standard so that trivial cases do not lead to privacy invasions. As the Internet Freedom Foundation notes, the standard remains unchanged even though search intrusiveness has increased manifold .
Proportionality Requirement: Expressly require that if a targeted summons can achieve the aim, a full device search should not be allowed .
Data Protection Duties: Codify rules for handling seized data – that it should be used only for that investigation, not as general intelligence, and that irrelevant personal data must be sealed or destroyed .
Transparency and Accountability: Maintain logs of all access to digital spaces, with regular audits to ensure compliance with legal standards . Allow taxpayers to know the reasons for search, at least after the fact.
Cybersecurity Measures: Implement robust security protocols to protect accessed data from unauthorized access or cyber threats .
The Government’s Assurances
The government has acknowledged these concerns. Finance Minister Nirmala Sitharaman and the Central Board of Direct Taxes have promised Standard Operating Procedures for handling digital data obtained in tax searches . However, these assurances lack the binding, enforceable strength of statutory mandate. If an SOP is violated, the aggrieved taxpayer may not even know, since Section 249 prevents them from learning what officers did with their data. Moreover, an SOP can be revised at any time .
Conclusion: The Trust Deficit
The Income Tax Act, 2025, represents a genuine attempt to modernize tax enforcement for the digital age. Tax evasion techniques have evolved with technology – unaccounted wealth today may be concealed in encrypted ledgers on cloud servers or laundered through digital tokens. Law enforcement must keep pace .
But modernization need not mean sacrificing constitutional safeguards. The Supreme Court’s dictum in Puttaswamy compels the state to adopt the least intrusive method to achieve its aims. The new tax law, in its current form, tilts toward surveillance and away from privacy, granting sweeping authority without equally robust safeguards .
In the digital economy, trust is paramount. Tax compliance improves when citizens trust that authorities will not violate their rights or misuse their data. Heavy-handed powers that could be used arbitrarily will breed fear and potentially push more activities offshore .
The constitutional challenge now before the Supreme Court offers an opportunity to restore balance. Whether through judicial reading-down of provisions, legislative amendment, or detailed procedural guidelines, the essential question remains: Can India fight tax evasion without sacrificing the fundamental right to privacy?
As the Court observed in the Bhatia case, the right to privacy protects even those who may be connected to investigations. In the digital age, where our entire lives reside in our devices and cloud accounts, that protection becomes not merely important, but essential to the preservation of democratic citizenship itself.
The government may not be watching too closely yet – but without adequate safeguards, the potential for overreach is built into the statutory framework. The task ahead is to ensure that in pursuing tax evaders, we do not create a surveillance state that erodes the very freedoms that make democracy meaningful.
References
1. Income Tax Act, 2025, Sections 247, 249, 261
2. Vishwaprasad Alva v. Union of India, Writ Petition (Civil) No. ___ of 2026 (pending)
3. Justice K.S. Puttaswamy v. Union of India(2017) 10 SCC 1
4. Pooran Mal v. Director of Inspection(1974) 93 ITR 505 (SC)
5. Income Tax Officer v. Vikram Sujit Kumar Bhatia(2023) (SC)
6. Principal Director of Income Tax (Investigation) v. Laljibhai Kanjibhai Mandalia(2022) (SC)
7. Ajit Jain v. Union of India(2000) 110 Taxman 70 (Delhi)
8. Digital Personal Data Protection Act, 2023
9. Internet Freedom Foundation, “India’s New Tax Law Raids Your Cloud” (September 2025)
10. Bar and Bench, “Plea in Supreme Court against allowing IT Department raids without notice” (February 2026)
11. Legal Era, “Supreme Court Examines Constitutional Challenge To Income Tax Act, 2025 Provisions” (February 2026)
12. The Indian Express, “New Income Tax Act 2025 expands state’s digital surveillance powers” (September 2025)
13. The Telegraph India, “Privacy Taxed” (October 2025)
14. Economic Times, “New I-T Bill enables deep digital access; BCAS President flags privacy, competence risks” (November 2025)
Author Bio
