Shareholder Has No Proprietary Rights Over Company's Digital Assets: Karnataka High Court

The Karnataka High Court recently refused to quash an FIR registered against the Director of a Bengaluru-based algorithmic trading company for allegedly stealing, copying, and deleting the company's proprietary source code and trading algorithms, holding that a shareholder's stake does not confer any proprietary right over the company's digital assets.

The single-judge bench of Justice M. Nagaprasanna held that the issue was not purely civil in nature; the court observed that the allegations “have all the hues and forms of cyber crime” and require investigation involving forensic reconstruction of digital data.

Director's Lack Of Proprietary Rights Over Company's Digital Assets

The primary question before the court was whether a complaint alleging theft of data against a Director and shareholder of a company is maintainable in law.

Answering in the affirmative, the court held that the property of a company, whether tangible or intangible, vests in the company alone and not in its shareholders or directors.

"Once a company is incorporated under the Companies Act, it acquires a distinct juristic personality, separate and independent of its shareholders and directors. The property of the Company, whether tangible or intangible, vests in the Company alone. The number of shareholders or directors, whether few or many, would not dilute this foundational principle. To accept the proposition that each shareholder may lay claim to the Company's assets would lead to juridical chaos, eroding the very edifice of corporate personality” the court said.

Relying on Bacha F. Guzdar v. Commissioner of Income-Tax (1954), the court reiterated that a shareholder only has a right to participate in profits and does not acquire any proprietary interest in the assets of the company.

It further clarified that in the digital age, a company's assets include data, code, and intellectual property, all of which are exclusively owned by the company.

Cyber Crime Allegations Cannot Be Quashed At FIR Stage

Rejecting the contention that the dispute was civil in nature, the court held that allegations involving downloading, copying, and deletion of proprietary source code and confidential digital assets constitute allegations of cybercrime.

“It is the allegation of downloading, copying, deletion of source code, proprietary data and confidential digital assets. All these are hues and forms of cyber crime and cyber crime investigations are highly technical and complex involving forensic reconstitution of data. Therefore, the projection of triviality of the offence by the petitioner, contending that it is purely civil in nature, cannot be acceded to, at this juncture” the court observed.

Delhi Race Club Judgment & Co-Existence Of Offences

The petitioner had argued that offences of criminal breach of trust and cheating under Sections 316 and 318(4) of the BNS cannot co-exist in light of Delhi Race Club (1940) Ltd. v. State of Uttar Pradesh (2024).

Rejecting this contention at the present stage, the court held that whether both offences would ultimately be sustained is a matter to be determined after investigation.

“…It would be premature and indeed inappropriate for this Court to interdict investigation on the ground of alleged overlap in offences,” the court said.

The court added that at the stage of filing of the charge sheet, one of the offences may not survive, but that cannot be a ground to quash the FIR at inception.

Background

The case arises from disputes between the founder directors of Plutus Research Private Limited, a quantitative trading company developing proprietary algorithms for stock market trading.

According to the complaint filed by one of the co-founders, the accused director is said to have gone beyond his authorised access, copying code from areas outside his domain, altering trading parameters, and deleting critical system logs. The complaint also alleges that proprietary code repositories were removed, resulting in financial and operational harm to the company.

The FIR invokes Sections 65 and 66 of the Information Technology Act, 2000 (tampering with computer source documents; computer-related offences including unauthorised access, copying, and data theft), along with Sections 316 and 318(4) of the Bharatiya Nyaya Sanhita, 2023 (criminal breach of trust; cheating).

The petitioner contended that as an equal shareholder and founder director, he could not be accused of stealing company data, likening the allegation to “a father being accused of kidnapping his own child.”

He also claimed to be a whistleblower who had raised concerns about the company's functioning before regulatory authorities.

Opposing the plea, the complainant argued that company data is the property of the company as a separate legal entity and that any unauthorised access or copying, even by a director, may attract criminal liability.

Holding that the allegations disclose a prima facie case requiring investigation, the court dismissed the petition and allowed the probe to continue.