SYNOPSIS

Digital India Act Consultation

On 9th March 2023, the Ministry of Electronics and Information Technology ('MeitY') consulted upon the Digital India Act, 2023, during the Digital India Dialogues held in Bengaluru, Karnataka.

The Digital India Act is an attempt to standardize and bring uniformity in the Indian technology laws. The current regulatory framework consists of various different rules and guidelines read with the Information Technology Act, 2000. The current framework has a scope of undergoing further updates pertaining to the recent advances and upcoming trends in the market. The Digital India Act aims to provide a comprehensive regulatory framework and bring the Indian law at par with the global standards.

The new framework will also consist of Digital Personal Data Protection Act, Digital India Act Rules, National Data Governance Policy, and IPC Amendments for Cyber Crimes.

Timeline

The consultation on Digital India Act, 2023 took place on 9th March 2023, however there is no clear date mentioned on when the bill will be introduced in the Parliament.

These FAQs attempt to simplify the contents of the consultation and enunciate applicability and future course of action.

FAQs

Q. What is the current regulatory landscape of digital laws?

A. The current regulatory landscape of digital laws consists of:

  • Information Technology Act, 2000
  • IT (Amendment) Act, 2008
  • Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • Establishment of Grievance Appellate Committees under Rule 3A of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Direction No. 20(3)/2022-CERT-In Consumer Protection Act, 2019 ('CPA') and Consumer Protection (E-Commerce) Rules, 2020
  • Information Technology (Certifying Authorities) Rules, 2000
  • Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015
  • Information Technology (The Indian Computer Emergency Response Team and the Manner of Performing Functions and Duties) Rules, 2013 ('CERT-In Rules')
  • Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009
  • Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
  • In particular the important notifications include
    • Notification No. S.O.1581(E) dated 26.4.16 regarding Authorisation of CERT- In to monitor and collect traffic data or information in any computer resources u/s 69B
    • Notification No. S.O. 6062(E) dated 23.12.2022 regarding 370th Amendment to the Allocation of Business Rules 1961 relating to Online Gaming and e- Sports
    • Notification No. GSR 520(E) dated 2.05.16 Powers and Functions of Chairperson, CyAT
    • Notification No.G.S.R 446(E) dated 27.4.16 regarding Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2016
    • Notification No.993(E) dated 11.12.2015 regarding declaration of UIDAI-CIDR critical information under section 70A of IT Act

Q. What is the need for the Digital India Act?

A. The Digital India Act is an attempt to standardize cyber laws and bring Indian regulatory framework at par with the global standards. It aims at:

  • ensuring that the internet in India is open, safe, trusted and accountable
  • establishing specialized and dedicated adjudicatory mechanism for online, civil and criminal offences which would be easily accessible, deliver timely remedies to citizens, resolve cyber disputes, develop a unified cyber jurisprudence and enforce the rule of law online
  • making provisions which can evolve and will be consistent with changing market trends, and developments in international jurisprudence
  • adopting 'principles & rule-based approach' in order to rapidly create, modify, and enforce regulations for securing compliance with the evolving law
  • managing the complexities of internet and rapid expansion of the types of intermediaries
  • protecting citizens' rights
  • addressing emerging technologies and risks
  • provide provisions of deterrent, effective, proportionate and dissuasive penalties

Q. What will be the framework of the new global standard cyber laws?

A. The new regulatory landscape will consist of:

  • Digital India Act and Associated Rules
  • Digital Personal Data Protection Act
  • National Data Governance Policy
  • IPC Amendments for Cyber Crimes

Q. What is Open Internet?

A. Open Internet is the internet which we commonly use and includes the following components without any variables:

  • choice
  • competition
  • online diversity
  • fair market access
  • ease of doing business and ease of compliance for start-ups

Open internet promotes fair trade practices and prevents concentration of market power and gatekeeping, distortions through regulation of dominant Ad-tech platforms, App stores etc.

It safeguards innovation to enable emerging technologies such as AI/ML, Web 3.0, Autonomous systems/ Robotics, IoT/ Distributed Ledger/ Blockchain, Quantum Computing, Virtual Reality/Augmented Reality, Real-time language translators, Natural- language processing, etc.

It also promotes digital governance ease access to government & other public utility services, delivery of public services through online and mobile platforms in a simple, accessible, interoperable and citizen friendly manner.

Q. What are the provisions for online safety and trust under the proposed Digital India Act?

A. The provisions for online safety and trust are identified below:

  • adjudicating user harm against revenge porn, cyber-flashing, dark web, women and children, defamation, cyber-bullying, doxing, salami slicing, etc.
  • discretionary moderation of fake news by social media platforms under the

constitutional rights of freedom of speech & expression

  • secure cyberspace by empowering agencies like CERT-In for cyber resilience; strengthening the penalty framework for non-compliance, advisories on the information & data security practices, etc.
  • content monetisation rules for platform-generated and user-generated content

Q. What are the requirements for minors' data processing?

A. The proposed Digital India Act will have mandatory 'do not track' requirement to protect minors' data, promote safety and privacy of minors on social media platforms, gaming and betting apps and to avoid the use of a minors' data for ad targeting, etc.

Q. What are the rights for the users?

A. The following new rights for users are proposed under the Act:

  • right to be forgotten
  • right to secured electronic means
  • right to redressal
  • right to digital inheritance
  • right against discrimination
  • rights against automated decision making

Q. What are the provisions for AI under the Act?

A. The following provisions with respect to AI are included in the proposal for Digital India Act:

  • definition of AI systems
  • regulation of hi-risk AI systems through legal, institutional quality testing framework to examine regulatory models, algorithmic accountability, zero-day threat & vulnerability assessment, examine AI based ad-targeting, content moderation, etc.
  • ethical use of AI based tools to protect rights or choices of users

Q. What are the KYC requirements?

A. Privacy invasive devices such as spy camera glasses, wearable tech would be mandated under stringent regulation before market entry with strict KYC requirements for retail sales with appropriate criminal law sanctions.

Q. What are the obligations for digital entities?

A. Following are the new obligations for digital entities:

  • new obligations on significant digital operators through classification/ mandates
  • algorithmic transparency and periodic risk assessments by digital entities

Q. What are the different classes of intermediaries under the updated framework?

A. Following are the new classes of intermediaries under the proposed framework:

  • eCommerce
  • Digital Media
  • Search Engines
  • Gaming
  • AI
  • Over-the-top (OTT) Platforms
  • TSPs
  • Ad-Tech
  • SSMIs

Q. What are the provisions being for intermediaries?:

A. Following are the new provisions for intermediaries:

  • each class of intermediaries will have separate rules
  • new disclosure norms to be consulted upon for data collected by data intermediaries, collecting data above a certain threshold
  • new standards for ownership of anonymized personal to be consulted upon for data collected by data intermediaries

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.