Section 65B Certificate: Practical Guide for Digital Evidence

The certificate requirement for electronic evidence is one of the most litigated procedural issues in Indian evidence law. It is also one of the most preventable sources of risk. Many disputes do not fail because the digital record is irrelevant. They fail because the party relying on it cannot explain how the record was produced, who controlled the system, whether the system operated properly and why the output should be treated as reliable.

Although the Bharatiya Sakshya Adhiniyam, 2023 now governs the evidentiary framework for electronic and digital records in new proceedings, lawyers and courts continue to refer to the language and case law of Section 65B of the Indian Evidence Act, 1872. For practical purposes, a litigation team should understand both: the familiar certificate discipline under Section 65B and the updated statutory language of Section 63 of the BSA.

Relevant Indian Legal Framework

The certificate is not a ceremonial annexure. It performs three functions. It identifies the electronic record being produced. It describes the device, system or communication resource that produced it. It confirms the statutory conditions that allow a court to treat the output as a document without requiring production of the original device in every case.

Under the BSA, Section 63 refers to records produced by a computer, communication device, computer system, computer network, computer resource or intermediary. This language is better suited to modern evidence: cloud dashboards, enterprise email systems, mobile apps, payment gateways and platform exports. The certificate should therefore match the real technology. A vague statement that a printout was taken from a computer may be inadequate for a cloud CRM export, WhatsApp backup, server log or CCTV DVR extraction.

Who Should Sign

The signer should be a person in charge of the relevant device or the management of the relevant activities, as appropriate. In a company, this may be an IT administrator, compliance officer, records custodian, system owner or authorised manager. In a personal-device case, it may be the phone owner or a person who extracted the record, depending on the facts. For third-party records, the telecom company, bank, platform administrator or service provider may need to issue the certificate.

After Arjun Panditrao Khotkar, a party that does not control the device should not simply abandon the evidence. It should move the court to summon the certificate or records from the person in control. This is especially relevant for call detail records, bank systems, email servers, social media platforms, workplace tools and government portals.

What to Include

A practical certificate should include the case description, record description, file names or exhibit references, date range, device or system details, account identifiers, method of extraction, regular use statement, proper operation statement, ordinary course statement and a declaration that the output reproduces information fed into or stored by the system in the ordinary course. If hash values are available, include them. If screenshots are used, describe when and how they were captured.

For CCTV, identify the DVR/NVR, camera number, date range, export format and storage media. For email, identify the mailbox, domain, server or platform, export method and message headers. For WhatsApp, identify the phone number, device, export process and whether media files are included. For accounting software, identify the software, user access, report generated and date of export. Specificity is what gives the certificate credibility.

Timing and Objections

The safest approach is to file the certificate along with the electronic record. Courts have permitted later production in appropriate circumstances, but relying on judicial indulgence is poor litigation strategy. A delayed certificate invites objections, adjournments and doubts about after-the-fact reconstruction. Where the record is central to an injunction, bail opposition, charge, arbitral claim or commercial suit, prepare the certificate before filing.

Objections to mode of proof should ordinarily be raised when the record is tendered. Sonu alias Amar v. State of Haryana is frequently cited for the principle that procedural objections may be waived if not taken at the right stage. Still, a party should not assume that silence cures every defect. Courts remain cautious where authenticity, fabrication or prejudice is seriously alleged.

Generic certificates are the biggest problem. A template that does not identify the record, device or extraction process may be attacked as mechanical. Another error is using the wrong signer: for example, a lawyer certifying a client's server data without personal knowledge of the system. A third error is certifying screenshots without preserving the underlying device or chat export. The certificate should be truthful, limited to the signer's knowledge and supported by the surrounding chain of custody.

Good certificate practice is part legal drafting and part evidence management. It requires early coordination between clients, IT teams, forensic professionals and counsel. When done properly, it reduces avoidable disputes and lets the court focus on the real merits of the case.

Drafting Checklist

Start with a precise exhibit description. A certificate that says "computer printout" is usually too thin. Identify whether the record is an email chain, WhatsApp export, CCTV clip, server log, accounting report, cloud file, payment dashboard or social media capture. Mention the relevant date range, file name, account identifier and storage media. The judge should be able to match the certificate to the exhibit without guesswork.

Next, explain the system in ordinary language. If the record came from a laptop, state who used it and for what purpose. If it came from an enterprise system, identify the application, administrator and regular business process. If it came from a third-party provider, state whether the provider supplied the output and whether the party has requested a certificate from that provider. Avoid technical exaggeration. A certificate is stronger when it is modest, accurate and tied to the signer's actual knowledge.

The certificate should also deal with reliability. State that the device or system was used regularly, that information of that kind was regularly entered or stored, that the system was operating properly or that any defect did not affect the accuracy of the output, and that the output reproduces information held in the ordinary course. These statements should not be copied blindly. They should be checked against the facts, especially where devices were damaged, accounts migrated or backups restored.

Where a party lacks control over the system, the application to court should be practical. Ask for production of the record, the certificate, the relevant custodian and any logs necessary to establish authenticity. This is often better than filing an incomplete exhibit and hoping the objection will be overlooked.

Courtroom Use

A certificate should be supported by the witness who can explain the record. In many matters, counsel focuses only on the document and forgets the oral evidence needed to make it understandable. The witness should know what system was used, how records are ordinarily stored, why the specific output was generated and whether the exhibit is complete. If the witness is not technical, a separate custodian or expert may be necessary.

Parties should also plan for inspection. The opposing side may ask to see the original device, native file, metadata or source system. A refusal without good reason can reduce the court's confidence. Where inspection raises privacy, confidentiality or privilege concerns, the party should propose a controlled method: supervised inspection, limited search terms, redactions, confidentiality undertakings or appointment of a neutral expert. A certificate is strongest when it sits within a transparent and fair evidentiary process.