含羞草社区

含羞草社区 Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) establish a comprehensive regulatory framework for digital intermediaries, imposing compliance obligations that create significant implementation challenges while raising constitutional concerns regarding executive discretion, freedom of speech and privacy.

The IT Rules, promulgated under section 87 of the Information Technology Act, 2000, supersede the 2011 Intermediaries Guidelines and categorise platforms into ordinary intermediaries, social media intermediaries, and significant social media intermediaries.

India IT rules: traceability, compliance, encryption

Significant social media intermediaries face enhanced obligations, including the mandatory appointment of India-resident chief compliance officers, resident grievance officers, and nodal contact persons – a localisation requirement that imposes extraterritorial jurisdictional burdens on global platforms.

The most problematic provision requires social media intermediaries providing messaging services to enable identification of the “first originator” of information on judicial order, or a direction from the competent authority under section 69 of the IT Act.

But the technical architecture necessary to enable such traceability inherently undermines end-to-end encryption, rendering these safeguards largely illusory.

The IT Rules also require social media intermediaries to deploy appropriate technical measures, including automated tools, to proactively identify content depicting rape, child sexual abuse or previously removed identical content.

IT rules: monitoring, deepfakes, takedowns

While addressing such unlawful content is legitimate, the obligation of proactive monitoring risks undermining the intermediary safe harbour provisions under the IT Act by effectively transforming intermediaries from neutral conduits into quasi-editorial gatekeepers.

Intermediaries enabling the creation of “deep fake” content must inform users of potential criminal liability under statutes including the Bharatiya Nyaya Sanhita, 2023, the Protection of Children from Sexual Offences Act, 2012, and the Representation of the People Act, 1951.

Social media intermediaries are further required to obtain user declarations regarding whether content is synthetically generated, implement technical measures to verify such disclosures, and prominently label verified synthetic content. Failure to act on such content, where the intermediary is deemed to have knowledge of a violation, may constitute a breach of due diligence under the IT Rules.

Part III establishes a three-tier grievance mechanism for publishers: self-regulation through grievance officers (Level I); oversight by self-regulatory bodies headed by retired judges (Level II); and supervision by an interdepartmental committee under the Ministry of Information and Broadcasting (Level III), with powers to direct content modification, disclaimers or deletion.

Intermediaries are required to remove or disable access to prohibited information within 36 hours of a court order or government notification, and within two hours in cases involving intimate imagery, impersonation or morphed content. While intended to protect individual rights, these strict timelines impose significant oper-ational burdens by necessitating continuous content moderation infrastructure.

Reform India IT rules protections

The traceability mandate must be revisited in light of encryption imperatives and global privacy standards, with lawful interception permitted only through judicial warrants. Content removal timelines should be proportionate to the nature of violations. General takedowns should allow reasonable time for human review.

Institutional safeguards must be strengthened by including independent experts and retired judges in grievance appellate committees and interdepartmental committees. Proactive monitoring ought to be confined to manifestly illegal content such as child sexual abuse material.

The IT Rules seek to regulate digital intermediaries and content oversight but remain constitutionally vulnerable due to vague provisions and excessive executive discretion, leaving the balance between regulation and fundamental rights unsettled.

Their long-term viability depends on restrained enforcement and periodic reform to ensure innovation and user protection evolve in tandem with technological change.

Aman Avinav is a partner (dispute resolution, white-collar crimes & investigation) at Phoenix Legal