📱Test our Android app — free beta!Join Beta GroupYou'll receive the install link by email after joining.

RTI for Cybercrime Complaint Status

RTI for Cybercrime Complaint Status — RTI Wiki

Ramesh lost Rs. 40,000 to a UPI scam in November. He filed a complaint on the National Cyber Crime Reporting Portal and got a complaint number. Three months later, there was no FIR, no update, and no call back. The portal still showed “under process”. He did not know which officer held his file, whether any money was traced, or what to do next.

This is a very common story. Lakhs of cybercrime complaints are filed every year, but only a small share turn into FIRs. When the silence stretches for months, the Right to Information Act 2005 is one of the few tools that forces the system to answer. This guide shows, step by step, how to use RTI to get the status of your cybercrime complaint, who to address it to, what fee to pay, and how to pair it with the bank-liability route so you do not lose your money twice.

Direct answer. File one RTI to the CPIO, Indian Cybercrime Coordination Centre I4C, Ministry of Home Affairs for the National Cyber Crime Reporting Portal record, and a second RTI to the State cyber cell or police station that is actually handling your case. Ask for registration status, action taken, money trail, the officer in charge, and the expected timeline.

Where your cybercrime complaint actually goes

Many citizens believe the Central government investigates every cybercrime complaint. That is not how the system works.

The National Cyber Crime Reporting Portal NCRP at cybercrime.gov.in is operated by the Indian Cybercrime Coordination Centre I4C, which is an attached office of the Ministry of Home Affairs. The portal was launched on 30 August 2019 and dedicated to the nation on 20 January 2020. When you file a complaint on NCRP, it does not stay with I4C. The portal routes the complaint automatically to the concerned State or UT law-enforcement agency. So the actual investigation is done by your State cyber cell or local police, not by I4C centrally.

This split matters for RTI. The NCRP record, the complaint number, the routing, and the helpline data sit with I4C, which is a Central public authority. The FIR, the investigation, and the money-trail sit with the State police. You may need two RTI applications to get the full picture.

Because I4C is an attached office of MHA, it is a “public authority” under the RTI Act 2005. So an RTI to NCRP or I4C is properly addressed to the CPIO, I4C, Ministry of Home Affairs.

The 1930 helpline and how money can be frozen

Before filing RTI, make sure you have used the 1930 National Cyber Crime Helpline. It is operational in all States and UTs and is linked to the Citizen Financial Cyber Fraud Reporting and Management System CFCFRMS, which connects banks and payment intermediaries so that defrauded money can be lien-marked, that is, frozen in real time.

The Ministry of Home Affairs has issued a Standard Operating Procedure, dated 2 January 2026, for the NCRP and CFCFRMS system. It governs lien-marking and money restoration using Sections 106, 94 and 168 of the Bharatiya Nagarik Suraksha Sanhita 2023, which replaced the old CrPC. The SOP sets a 90-day hold-release rule for amounts up to Rs. 50,000, and provides grievance officers at the District level, usually the Additional SP or DySP, and at the State level, usually the ADG, IG or DIG.

In plain terms: if you report fast on 1930, the bank can freeze the stolen money before it moves further. Reporting early is the single most important thing you can do for recovery. If you only file on the portal and never call 1930, you lose this window.

The RBI zero-liability rule, the bank angle, and RTI to the bank

A cybercrime RTI is only half the battle. The other half is making your bank refund you. The Reserve Bank of India circular DBR.No.Leg.BC.78/09.07.005/2017-18, dated 6 July 2017, titled “Customer Protection - Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”, sets the real rules.

Key points, in plain language:

  1. Zero liability applies where the fraud happened because of contributory negligence by the bank, or because of a third-party breach that you reported within three working days of the bank communicating the transaction to you. Note: it is three working days, not 24 hours. There is no 24-hour zero-liability rule.
  2. The burden of proving that you, the customer, were at fault lies on the bank, not on you.
  3. Where zero liability applies, the bank must reverse the shadow entry, that is, credit the money back, within 10 working days.

So the correct sequence for a money-loss cybercrime is: report on 1930 immediately, report to your bank in writing, and then file on NCRP. If the bank drags its feet, you can file RTI with the bank to ask what action it took on your complaint, and you can escalate to the Banking Ombudsman. For the wider framework on the RBI compensation route, see our guide on the RBI digital fraud compensation rules.

Pair the RTIs. File one RTI to I4C for the NCRP record, one to the State cyber cell for the FIR and investigation, and one to your bank for the action taken on the fraud complaint. Together they force every layer of the system to answer.

Is cybercrime complaint status actually disclosable under RTI?

Yes. Complaint-status records have been obtained under RTI in practice. A 2023 RTI response disclosed that about 22.57 lakh NCRP complaints had been filed against only roughly 2 per cent FIR registration, a figure that itself became public because someone asked under RTI. This confirms the general principle: the status and progress of your cybercrime complaint is information that a public authority holds and must disclose under the RTI Act, subject to the usual exemptions.

You do not need a special judgment to claim this. The law is simple. I4C and the State police are public authorities. They hold your complaint record. Section 6 of the RTI Act lets any citizen ask for it.

Step-by-step: how to file the RTI

Step 1 - Collect your basics. Before you file, gather your NCRP complaint number, the date of complaint, the bank transaction reference or UTR, the amount lost, and any 1930 call reference. Without the NCRP number, the authority cannot locate your file, and your RTI may be rejected as vague.

Step 2 - Decide who to ask. If you want the NCRP record, the routing, or helpline data, ask the CPIO, I4C, Ministry of Home Affairs. If you want the FIR status, the investigation progress, or the money trail, ask the State cyber cell or the police station that received your routed complaint. If you are not sure which State unit is handling it, ask I4C first for the routing detail, then approach that State unit.

Step 3 - Choose the right fee. The fee depends on which authority you are asking.

  1. For the Central authority, that is, MHA, I4C or NCRP, the fee is Rs. 10 under the Right to Information Regulation of Fee and Cost Rules 2012. You can pay by cash against a receipt, by Indian Postal Order, Demand Draft or Banker's Cheque made out to the Accounts Officer, or by electronic means through rtionline.gov.in. Court fee stamps are not a valid mode for Central authorities.
  2. For a State cyber cell or State police, the fee follows the State RTI Rules, which vary. Some States charge Rs. 10, some charge nothing, and some accept court fee stamps. Check your State rules before you pay. Our RTI fee structure guide lists the common State fees.

Step 4 - Draft the application. Keep it short and specific. Ask for records, not opinions.

Step 5 - Submit. You can file online through rtionline.gov.in for the Central authority, or by hand or registered post at the State cyber cell office. Keep the stamped copy and the postal receipt as proof.

Step 6 - Wait 30 days, then escalate. The authority must reply within 30 days. If it does not, or the reply is unsatisfactory, file a first appeal under Section 19 within 30 days of the expiry, to the First Appellate Authority. If that too fails, you can approach the Information Commission. For the full ladder, see the next section.

A ready-to-use template

To: The Central Public Information Officer,
    Indian Cybercrime Coordination Centre I4C,
    Ministry of Home Affairs, New Delhi.

[For the State version, address it to:
 The Public Information Officer,
 State Cyber Cell / Police Station, <City, State>.]

Subject: Application under Section 6, RTI Act 2005 -
         Status of cybercrime complaint.

Sir/Madam,

My cybercrime complaint was filed on the National Cyber
Crime Reporting Portal on [DD/MM/YYYY]. The NCRP complaint
number is [________]. The amount involved is Rs. [_____].

Kindly furnish the following information:

1. Whether the complaint has been registered and routed,
   and to which State/UT law-enforcement agency.
2. The present status of the complaint and any FIR
   registered against it, with FIR number and date.
3. Action taken so far on the complaint, including
   any lien-marking or money recovery through CFCFRMS.
4. The name and designation of the officer currently
   handling the matter.
5. The expected timeline for resolution, and reasons
   for any delay beyond the standard period.

I am a citizen of India and the information sought is
not exempt under Section 8 or 9 of the RTI Act 2005.

[For Central: Fee of Rs. 10 is paid herewith by
Indian Postal Order / through rtionline.gov.in.]
[For State: Fee of Rs. [__] is paid as per State RTI
Rules, by [mode].]

Date: [DD/MM/YYYY]
Place: [City]
Signature: __________
Name: __________
Address: __________

Five questions to ask

  1. Registration and routing: Is the complaint registered, and which State unit is handling it?
  2. Action taken: What steps have been taken so far, and is there an FIR?
  3. Money trail: For a fraud case, what has been done under CFCFRMS to trace or freeze the money?
  4. Officer in charge: Who is the officer handling the file, with name and designation?
  5. Timeline: What is the expected resolution date, and why has it delayed if it has?

Asking for the officer's name is powerful. Once a name is on paper, accountability follows.

The escalation ladder

1. **File RTI** to the CPIO at I4C and to the State cyber cell PIO.
2. **No reply in 30 days** or a poor reply: file a **first appeal** under Section 19 to the First Appellate Authority, usually a senior officer in the same department, within 30 days.
3. **No relief from the appeal**: approach the **Central Information Commission** for I4C, or the **State Information Commission** for the State cyber cell.
4. **Parallel bank track**: simultaneously complain to your bank, then to the **Banking Ombudsman** under the RBI framework, and use RTI on the bank to ask what it did with your fraud report.
5. **Court or tribunal**: if money has been wrongfully frozen or the bank refuses liability despite the RBI circular, a consumer forum or a writ petition may be needed. RTI gives you the paper proof to fight there.

For a fuller map of the appeal route, see our Section 20 penalty guide and the wider FIR status RTI guide, which walks through the same ladder for a pending FIR.

Common mistakes to avoid

  1. Filing without the NCRP complaint number. The authority cannot trace your file. Always quote the number and date.
  2. Addressing only the Cyber Cell. The NCRP record and the investigation sit with different authorities. Ask both.
  3. Using the wrong fee mode. Court fee stamps do not work for the Central authority. Use an IPO or the online route for I4C, and your State's accepted mode for the State unit.
  4. Believing a 24-hour zero-liability rule. The RBI rule is three working days for third-party breach, with the bank bearing the burden of proof. Report immediately to 1930 and the bank, not “within 24 hours”.
  5. Skipping the bank angle. Even if the police catch the fraudster, your refund depends on the bank and the RBI liability framework. File RTI on the bank too.
  6. Waiting too long. The 90-day hold-release rule and the RBI timelines both reward speed. The longer you wait, the harder recovery becomes.

Take the next step

You now know exactly where to send your RTI, what fee to pay, and how to pair it with the bank-liability route so the silence does not cost you your money. If you want the full, plain-language method for drafting and filing any RTI application, the The RTI Playbook walks you through every step, from choosing the right public authority to writing questions the PIO cannot dodge.

This guide is free because public information should be. If it helped you, consider supporting the wiki with a small donation so we can keep producing honest, source-checked explainers for citizens who cannot afford a lawyer.

Sources

  1. National Cyber Crime Reporting Portal, NCRP launch date, 1930 helpline and CFCFRMS: https://cybercrime.gov.in/
  2. RBI circular DBR.No.Leg.BC.78/09.07.005/2017-18 dated 6 July 2017, zero liability and three working days: https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11040
  3. Central Information Commission - RTI Rules 2012, Rs. 10 fee and accepted modes: https://cic.gov.in/sites/default/files/RTIRules2012_Eng.pdf
  4. LiveLaw analysis of MHA SOP dated 2 January 2026 on NCRP-CFCFRMS lien and restoration under BNSS Sections 106, 94, 168: https://www.livelaw.in/articles/cfcfrms-reading-mha-new-account-freeze-sop-537503
  5. News18 - 2023 RTI response on NCRP complaints versus FIR registration, confirming complaint-status records are disclosable: https://www.news18.com/india/only-2-firs-filed-in-22-lakh-cybercrime-complaints-filed-on-national-portal-rti-response-reveals-8184589.html

Last reviewed: 3 July 2026.

RTI for cybercrime complaint status: How to track and escalate cyber fraud cases

RTI for cybercrime complaint status — complete guide on tracking and escalating cyber fraud cases:

  1. Step 1: What is a cybercrime complaint? (a) a cybercrime complaint — is a complaint — filed by the victim — of a cyber fraud — with the cyber crime cell — or the police — for the investigation — and the recovery, (b) the common cybercrimes: (i) the UPI fraud — and the online fraud, (ii) the phishing — and the OTP fraud, (iii) the WhatsApp OTP fraud — and the social media fraud, (iv) the credit card fraud — and the net banking fraud, (v) the cryptocurrency fraud — and the investment fraud, (vi) the identity theft — and the data theft, (vii) the ransomware — and the hacking, © the complaint — can be filed: (i) online — on the National Cyber Crime portal — cybercrime.gov.in — or call 1930, (ii) offline — at the nearest police station — or the cyber crime cell.
  2. Step 2: How to file a cybercrime complaint. (a) online — on the National Cyber Crime portal: (i) visit cybercrime.gov.in — and click “Report Cyber Crime”, (ii) select the category — (the women/child related — or the other cybercrime), (iii) fill the complaint form — with: (a) the victim details — name, contact, address, (b) the fraud details — date, amount, mode, © the suspect details — number, account, UPI ID, (d) the evidence — screenshots, transaction ID, (iv) submit — and the complaint number — is generated, (b) call 1930: (i) call the National Cyber Crime Helpline — 1930 — and report the fraud, (ii) the helpline — initiates the complaint — and the money — is flagged — for the hold — if reported within the golden hour, © offline — at the police station: (i) visit the nearest police station — and file an FIR — under the relevant sections — of the IPC — and the IT Act, (ii) the police — registers the FIR — and investigates — with the cyber crime cell.
  3. Step 3: How to check cybercrime complaint status. (a) online — on the portal: (i) visit cybercrime.gov.in — and login — with the complaint number — and the mobile number, (ii) check the status — which shows: (a) “Under Investigation” — the police — is investigating, (b) “Transferred” — the complaint — is transferred — to the state police — or the concerned unit, © “Closed” — the complaint — is closed — with the reason, (b) the status — is updated — by the investigating officer — and the victim — can check — online, © the victim — can also contact — the investigating officer — directly — with the complaint number — for the status.
  4. Step 4: Common cybercrime complaint issues. (a) no action: (i) the complaint — is filed — but no action — is taken — for months, (ii) the reason: (a) the cyber crime cell — is understaffed, (b) the complaint — is transferred — but not acknowledged, © the investigation — is stuck — at the bank — or the UPI — or the platform, (b) no recovery: (i) the money — is not recovered — despite the complaint, (ii) the reason: (a) the money — is withdrawn — before the hold, (b) the bank — is slow — in the response, © the scammer — used the mule account — and the trace — is lost, © FIR not registered: (i) the police — refuses to register the FIR — for the cybercrime, (ii) the solution: (a) send the complaint — by registered post — to the SP — or the DGP, (b) file a complaint — with the State Human Rights Commission, © file RTI — for the action taken.
  5. Step 5: File RTI on cybercrime complaint status. File RTI with the cyber crime cell (or the police) asking for: (a) the complaint status: “Provide the status — of the cybercrime complaint — reference number [number] — filed on [date] — including: (i) the complaint details, (ii) the investigating officer — and the contact, (iii) the investigation status — and the progress, (iv) the recovery — if any — and the amount”, (b) the FIR: “Provide the FIR status — for the cybercrime complaint — reference number [number] — including: (i) the FIR number — and the date, (ii) the sections — invoked, (iii) the investigation status, (iv) the chargesheet — filed or not — and the date”, © the transfer: “Provide the transfer details — for the complaint — reference number [number] — including: (i) the transferred to — the unit — and the date, (ii) the acknowledgement — by the unit, (iii) the status — at the unit”, (d) the statistics: “Provide the statistics — of the cybercrime — for the period [date] to [date] — in the [district/state] — including: (i) the number of complaints, (ii) the number of FIRs — registered, (iii) the number of cases — solved, (iv) the amount — lost — and recovered”, (e) the action: “Provide the action taken — on the complaint — reference number [number] — by the investigating officer — including: (i) the steps taken, (ii) the bank — and the UPI — response, (iii) the trace — and the freeze — of the account”.
  6. Step 6: The cyber crime cell as a public authority. (a) the cyber crime cell — is part of the police — and the police — is a public authority — under the RTI Act, (b) the PIO — is at the cyber crime cell — and the SP — or the DGP — office, © the RTI application — can be filed: (i) at the cyber crime cell — by hand — or by post, (ii) online — on the state RTI portal — if available, (iii) the application fee — is Rs 10 — by the IPO — or the court fee stamp — or the cash, (d) the Section 8(1)(h) — exemption: (i) the police — may refuse — the RTI — citing the ongoing investigation — under Section 8(1)(h), (ii) but the status — and the progress — can be sought — and the refusal — can be appealed.
  7. Step 7: Practical tips. (a) report early (report the fraud — within the golden hour — on 1930 — to increase the chance — of the recovery), (b) keep the evidence (keep the screenshots — the transaction IDs — and the communication — as the evidence), © file RTI (if the complaint — is not acted upon — file RTI — with the cyber crime cell — for the status), (d) follow up (follow up — with the investigating officer — regularly — for the progress), (e) Example: A victim — lost Rs 50,000 — in a UPI fraud — he called 1930 — and filed a complaint — on the cyber crime portal — but no action — was taken — for 3 months — he filed RTI — with the cyber crime cell — the RTI reply showed — that the complaint — was transferred — to the state police — but not acknowledged — the state police — acknowledged — after the RTI — and the investigation — was started — and the money — was recovered — from the mule account — in 6 months.

See Cybercrime RTI and WhatsApp OTP Fraud.

Reader signal

Was this article useful?

Tap once if it helped you. These counters show other citizens which pages are worth reading.

- views