By R. Suryamurthy
When India’s new Income-tax Act, 2025 was unveiled earlier this year, it was touted as a model of modernization — a law that would replace the colonial hangover of the 1961 Act with a “trust-based, transparent, and technology-driven” tax regime. But as the government celebrates digital efficiency, its own policy think tank has sounded an alarm: the taxman may be turning into a digital watchman.
In its latest Tax Policy Working Paper Series-II, titled “Towards India’s Tax Transformation: Decriminalisation and Trust-Based Governance,” the NITI Aayog warns that the new law grants sweeping and intrusive powers to tax officers — powers that could breach fundamental rights to privacy and protection against self-incrimination.
Behind the bureaucratic prose lies a chilling message: in the name of compliance, the State is quietly building the architecture of surveillance. At the core of NITI Aayog’s warning lie two provisions — Sections 247(1)(ii) and 474 of the new Act. These empower tax authorities to demand from any taxpayer their passwords, decryption keys, and “reasonable technical assistance” to access data stored on personal devices or in the cloud. Non-compliance could lead to rigorous imprisonment of up to two years and fines.
This is not just about financial audits. As the report notes, these clauses “extend physical search powers into virtual domains,” allowing officers to enter “not only financial systems but also personal digital spaces — emails, social media accounts, even cloud archives.”
NITI Aayog calls this “compelled digital transparency.” What it really means is forced disclosure of private information, without adequate legal safeguards. And that, the think tank suggests, may cross the constitutional red line.
The Indian Constitution’s Article 20(3) guarantees that no person “shall be compelled to be a witness against himself.” Forcing individuals to recall and disclose passwords, as the Supreme Court has previously held, is a mental act — and thus protected under this provision. By criminalising the refusal to divulge one’s digital keys, the new tax law effectively turns silence into an offence.
The NITI Aayog paper explicitly warns that such powers “risk crossing the line into unconstitutional territory.” It quotes CBI v. Mahesh Kumar (2022), where an Indian court held that recalling a password engages cognitive processes and cannot be compelled.
The concern is not hypothetical: in an era where one’s phone contains not just bank statements but private messages, health records, and professional correspondence, access to “digital devices” is access to one’s entire life. What makes this especially troubling is that these coercive digital provisions are being introduced under a regime that publicly champions “trust-based governance.”
The Prime Minister’s flagship initiatives — Faceless Assessment, Honouring the Honest, and Transparent Taxation — were meant to humanize the tax administration and reduce fear. Yet, as NITI Aayog dryly observes, “Instead of promoting voluntary compliance, such coercive powers reinforce a culture built on fear.”
The ‘culpable mental state’ clause (Section 490) compounds this problem by presuming guilt unless the accused proves innocence. In practice, this means that a taxpayer who resists revealing their digital keys not only faces prosecution but must also prove they lacked criminal intent — an inversion of the presumption of innocence that underpins every constitutional democracy. In short, India’s new tax architecture preaches trust but legislates suspicion.
Tax authorities, of course, argue that such provisions are essential to curb digital tax evasion, especially in an era of cryptocurrencies, offshore accounts, and encrypted communication. But the lack of judicial oversight is what transforms enforcement into potential abuse. Unlike the United Kingdom or Australia, where similar powers are used only for national security or serious organised crime, India’s new Act allows them in routine tax assessments. That distinction matters. NITI Aayog warns that India now stands as “one of the few jurisdictions where a revenue authority can demand private digital access on threat of imprisonment.”
In most mature tax systems, failure to cooperate with digital audits leads to administrative fines, not jail. And any intrusion into encrypted or private data requires a court warrant — not merely an officer’s discretion. By erasing that procedural firewall, India risks normalising surveillance as a compliance tool.
Seen in isolation, these clauses may seem technical. But in the broader context of India’s expanding digital state — from Aadhaar authentication to facial recognition and the Digital Personal Data Protection Act — they signal a pattern of creeping normalisation of coercive data access.
When the same state that preaches data privacy for citizens also gives its enforcement agencies unchecked power to demand digital keys, it creates a dual moral order: one for the governed, another for the governors. NITI Aayog’s unease reflects an institutional awareness that a surveillance state can easily wear the mask of reform.
The paradox is evident: India wants to attract global investors with a “predictable and rule-based tax environment,” yet its new digital provisions could drive both citizens and companies into defensive secrecy. A law meant to build trust ends up breeding distrust — not between taxpayer and state, but between citizen and Constitution.
To its credit, NITI Aayog does not merely critique; it prescribes. The report urges the government to replace criminal penalties with civil fines for failure to assist in digital audits, to define clear limits on what constitutes “virtual digital space,” and to mandate judicial oversight for all digital searches. It also recommends restoring the prosecution’s burden of proof, ensuring that citizens are not presumed guilty for exercising their right to digital privacy.
These are not radical demands. They mirror global due-process standards. But they also demand a philosophical shift — one that sees the taxpayer not as a suspect but as a stakeholder in national governance.
The controversy over digital overreach fits within a larger struggle inside India’s tax reform project. The 2025 Act repeals several outdated offences from the 1961 law, but still criminalises 35 actions — including routine procedural defaults.
NITI Aayog’s recommendations for tiered decriminalisation — full removal of 12 minor offences, intent-based prosecution for 17, and criminal retention for only six serious frauds — represent a blueprint for what a proportionate, rights-respecting enforcement model could look like.
But the deeper reform lies not in the statute book, but in the state’s mindset. As the report’s foreword by NITI Aayog CEO B.V.R. Subrahmanyam notes, “Trust-based governance is not leniency but intelligent enforcement.” It means designing laws that punish deliberate fraud, not honest error; that protect privacy, not weaponise it.
India’s tax transformation, the paper concludes, will be judged not by how much data the state can compel, but by how responsibly it handles the data it already holds. If digital governance becomes synonymous with digital coercion, the line between reform and repression will blur beyond repair.
The NITI Aayog’s warning deserves more than polite acknowledgement — it demands legislative introspection. The question is not whether the state should have the tools to enforce compliance, but whether it can wield those tools without trespassing into the private lives of its citizens.
For a nation that aspires to be Viksit Bharat — a developed democracy by 2047 — the true measure of progress will not be the efficiency of its tax code, but the integrity of its digital conscience. (IPA Service)
Narendra Modi Government Took 11 Years To Make Draft Employment Policy 