What does India's Information Technology Act have in common with Daft Punk? They both love techno, they're both 20+ years old, and they will probably get replaced by a GenAlpha successor.

In this edition, we analyze the probable skeleton of the Digital India Act. We also bring to you – short explainers (mini-splainers) on cloud regulation, the amendments to the Competition Act, FDI in OTT, and then some.

Let's go!

Write it, cut it, paste it, save it, load it, check it, quick – rewrite it

Last month, we attended the IT ministry's public consultation on the proposed Digital India Act (DIA) in Bangalore. At the consultation, the minister of state, IT, Mr. Rajeev Chandrasekhar provided an insight into what the DIA might look like. Next, the ministry will consult on the principles underlying the DIA, and later the draft version of the DIA itself. How long will this process take, you ask? However long it takes, said the minister.

Turf war: The minister mentioned that the DIA will regulate competition issues – such as internet monopolies and duopolies. Acknowledging the ongoing consultations for a separate Digital Competition Act, he called out the need to deal with anti-competitive practices arising out of ad-tech and content monetization. Meanwhile, there has been increased Parliamentary interest in competition issues. In this budget session, MP Mr. Jayant Sinha introduced a private member's bill proposing ex-ante regulations to govern digital markets. Other Parliamentary committees too, have called out the need to keep a check on anti-competitive practices of tech companies. However, multiple efforts to regulate the same issues are likely to cause confusion and chaos – calling for the need to find an aligned approach.

Unsafe intermediaries: Is safe harbor protection necessary at all? Who should be entitled to safe harbor protection? Should the government be the referee, or should it be left to the courts to deal with any grievances between users and intermediaries? Talking about safe harbor (protection given to tech platforms like Facebook from being held liable for the third-party content they host), these are the questions the DIA is presently grappling with. The minister shared that intermediaries may be divided into categories such as e-commerce, digital media, search engines, gaming, and social media etc. And it appears that each category will be regulated differently.

Online safety – the most reviewed DIA product:The goal of the DIA is to ensure that the internet is a trusted and non – 'toxic' space for digital nagriks. Citing the infamous Bill Gates interview generated using deepfake tech, he stressed the dangers posed by such technology. The bottom-line, according to the minister is to "make content that is legal but harmful into illegal and harmful".

One internet, one regulation? The IT ministry is yet to decide on a regulatory design for the internet regulator. However, the intention is to utilize a light-touch approach, while also considering the views of sectoral regulators. The minister assured that issues around blockchain, emerging technologies, content regulation will be regulated by their sectoral regulators and the IT ministry will only look at aspects that fall within its scope of work. Here's a list of issues the IT ministry is permitted to regulate.

Mini-splainers

  1. E-commerce, report, action: On 24 March, the government responded to the recommendations of the Standing Committee on Commerce's report on e-commerce – which was released in June last year. The government's response suggests that it has an eye on regulating issues like private labels (products made by X but sold by Y on its e-commerce platform as its own), fallback liability (if a seller fails to deliver, the e-commerce platform must also bear the brunt), and flash sales (lots of discounts for a limited period). It also seems keen on introducing ex-ante regulations for digital players – which is currently being considered by an inter-ministerial committee. But the government also shared its effort to bolster the ease of doing business in the country, through reforms in GST compliances, among other things. In other news, the government released the much awaited 'Foreign Trade Policy 2023'. The policy introduces a dedicated framework for the promotion of e-commerce and other emerging channels of exports from India.
  2. Passed without discussion: The Competition (Amendment) Bill, 2023 has been passed in both the houses of the Parliament, without any discussion. Apart from changes introduced in August last year, such as the 'settlements and commitments' framework allowing companies to settle competition cases outside of courts and a new threshold to notify deals to the CCI – the bill now also amends the provision on penalties. The calculation of penalty will be based on the percentage of the 'global turnover derived from all products or services of a person or enterprise'. At present, the penalty is imposed on the 'average turnover in the relevant market'. For context, if an automaker has engaged in anti-competitive practices in the passenger car segment, then only the revenue generated by the automaker in that segment would be calculated for the penalty. Now, the penalty imposed will be calculated on the basis of the revenue generated by it in all segments (say trucks and two-wheelers). Further, it does not feature in the recommendations of the Standing Committee on Finance (that examined the bill).
  3. Cloudy with a chance of sectoral regulations:Recently, the Securities and Exchange Board of India (SEBI) published a cloud framework to govern the use of cloud services by regulated entities such as stockbrokers. While using the services of the cloud service provider (CSP), a regulated entity must store and process their data within India. For investors incorporated outside India, original data/ logs must be kept within India. The framework is unclear about how data can be transferred abroad. Further, a strict data localization requirement may prevent regulated entities from accessing cloud services at competitive prices and bespoke services/products that rely on cross-border data transfers. Concerningly, the framework also gives the SEBI and regulated entities broad rights to access the CSP's infrastructure, for audit and inspection purposes. Lastly, CSPs are required to inform regulated entities of all cybersecurity incidents (like data breaches and ransomware attacks) according to certain norms. However, such a blanket reporting requirement ignores critical aspects of the CSP's relationship with their customers, and hence, can be difficult to satisfy.
  4. FDI and OTT: In 2019, the Department of Promotion of Industry and Internal Trade allowed foreign direct investment (FDI) upto 26% through the government approval route for entities involved in uploading or streaming news and current affairs through digital media. Ministry of Information and Broadcasting recently clarified that this restriction on FDI will not apply to over the top platforms (OTT) that only act as a medium and host digital feed of TV news channels without any editorial intervention, aggregation or curation of the news content. Several OTT platforms had earlier made representations to the government to clarify this issue.

To read more about the latest in the online gaming sector, check out our collaborative newsletter with the All-India Gaming Federation.

On the anvil

With Census 2021 being the first-ever census to be postposned, the Indian government is planning to launch a 'digital census' by 2024. 'Digital census' seems like the natural next step in India's digitization journey – and is a 'must do' move than a 'should we even?' move. However, the need to discuss policy concerns around data security, state surveillance, and privacy is indispensible.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.