The last decade has witnessed a mass proliferation of internet facilities across the country. The digital economy has been made accessible to nearly every person thanks to the relatively unregulated sector and the 'Digital India' programme. As a natural consequence of this and the outbreak of the COVID-19 global pandemic, people from all walks of life took to social media platforms to share their opinion, glean information and be a part of the virtual world that left no opinion unheard and no voice unrecognised. While, on one hand, there was an increase in the spread of 'fake' news due to the lack of censorship and inbuilt safeguards on social media platforms, that contributed to mob lynchings and riots, on the other hand, voices that spoke up against oppression were muzzled through heavy-handed internet shutdowns and police action. While the user base of social media platforms grew, so did the discontentment and apprehension about the lack of transparency and accountability regarding malicious content posted on digital platforms. Any efforts to regulate dissemination of personal views over social media was seen by some as an attack on the freedom of speech, and rights of users to freely share their thoughts and perspectives, as guaranteed by the Constitution of India.

In a contemporaneous manner, we have witnessed a global spike in digital media consumption, where people turned to over-the-top platforms ("OTT Platforms") for entertainment from the safety of their homes, as theatres and cinemas remained shut due to the pandemic. Such additional scrutiny brought the concerns related to the lack of content regulation to the forefront, resulting in filmmakers and civil society highlighting the need for an institutional mechanism to be put in place to oversee the distribution of content on OTT Platforms.

Faced with constant scrutiny across sectors regulated by it, the Ministry of Electronics and Information Technology ("MEITY") had prepared the draft Information Technology Intermediary Guidelines (Amendment) Rules, 2018 to replace the existing Information Technology (Intermediary Guidelines) Rules, 2011 ("2011 Guidelines") in response to the spread of fake news and misuse of social media platforms. After holding public consultations and receiving public comments on the draft, the Central Government has framed the 'Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("2021 IT Rules") in supersession of the earlier 2011 Guidelines, in order to bolster grievance redressal mechanisms and have a harmonious 'soft-touch' oversight mechanism in relation to digital media platforms. Moreover, the 2021 IT Rules are intended to bring digital media platforms broadly within a regulatory framework similar to that applicable to print and television, and thus, create a level playing field.


2.1 Due Diligence by an Intermediary

The definition of 'intermediary' within the 2021 IT Rules remains the same as provided within the Information Technology Act, 2000 ("IT Act")1, but the 2021 IT Rules now seek to regulate 'social media intermediary'2 and 'significant social media intermediary'3 as well. The 2021 IT Rules require all intermediaries to observe "due diligence" while discharging their duties, and as a departure from the 2011 Guidelines, there are certain new diligence requirements for intermediaries. For instance, intermediaries are now required to inform users through their privacy policy or user agreements to not publish or share any information that is: (i) invasive of another's bodily privacy or harassing on the basis of gender; (ii) patently false or misleading but appearing as a fact; or (iii) false, with the intention of causing injury or to profit.

INDUSLAW VIEW: These incremental additions to the existing 2011 Guidelines appear to be put in place to check the advent of 'fake news' and 'revenge porn' circulating on numerous platforms. It is pertinent to note however, that terms such as 'harassing on the basis of gender', 'patently false with the intention of causing injury, 'injury', among others, have not been defined, which could be a hindrance in their implementation and could also be a ground for challenging the provision. For instance, in Shreya Singhal v. Union of India4, one of the reasons Section 66A of the IT Act was struck down was the observation that as there was no demarcating line conveyed by use of such expressions, it could render the entire Section unconstitutional and vague. Therefore, since the Supreme Court has already criticized the vagueness of similar expressions used in the past, it increases the likelihood that the undefined terms within this Rule could also be similarly challenged on constitutional grounds.

Intermediaries now also have to mandatorily notify users on a yearly basis regarding any non-compliance or change of rules, privacy policy or user agreement, thereby tightening compliance requirements and delegating regulatory responsibilities.

2.2 Takedowns

Upon receiving a court order or being notified by the Appropriate Government5 or its agency regarding unlawful information hosted by the intermediary, the intermediary should immediately ensure that such information is removed from its platform within 36 hours, in the interest of the sovereignty or security of the State, decency, morality, preventing incitement to an offence relating to the above, among others. Further, voluntarily removing information from its platform shall not vitiate the exemption from liability provided to intermediaries under the IT Act.

INDUSLAW VIEW: There have been numerous instances where the Government has sent takedown notices to social media intermediaries for the removal of objectionable or politically-coloured content where, citing the right to freedom of speech and expression and the lack of well-defined law, the platforms have largely not paid heed to such orders. The 2021 IT Rules propose to codify the evolving jurisprudence on this subject. Therefore, in line with the Indian judiciary's interpretation of the safe harbour principles in Section 79 of the IT Act and the 2011 Guidelines, the 2021 IT Rules impose an obligation on the intermediary to take action only upon receiving a court order or a notification from a Government authority. This safeguards the intermediaries from excessive responsibility or liability. The requirement for taking down content by an intermediary only on receiving a lawful order is commendable, protecting the interest of both the intermediary and its users - as it is not practicable for an intermediary to examine all uploaded content to evaluate whether it is liable to remove or disable access. At the same time, the permission to voluntarily take down content to ensure compliance with Rule (3)(1)(b) of the 2021 IT Rules or on the basis of grievance, without any threat to the safe harbour benefit, can jeopardize freedom of speech and expression unless each intermediary implements robust internal controls for self-regulation.

The addition of 'decency' and 'morality' appears to be intended to take full benefit of Article 19(2) of the Constitution as interpreted by the Supreme Court in Shreya Singhal v. Union of India, when striking down the more looselyworded Section 66A of the IT Act.

2.3 Data as Evidence

Under the 2021 IT Rules, intermediaries are expected to store records of any information that has been removed or access to which has been disabled from the platform for a period of 180 days for investigation purposes or for longer, as opposed to the 90-day requirement under the 2011 Guidelines. Further, even records of information of users who have withdrawn or cancelled their registration from the platform are expected to be stored for a period of 180 days.

INDUSLAW VIEW: The requirement of storing records for a longer period for investigation purposes will mean that the intermediaries will have to incur additional costs in preserving and safeguarding user data/records for a longer period, to ensure that there is no misuse or unauthorized access to data during this period. However, retaining information of users who have cancelled their registration from the platform for 180 days appears to be excessive, in light of the extant data privacy framework and global data privacy laws, which require information to be stored for only as long as required. The apparent conflict in treatment of personal data of (for example) an EU resident with the 'right to be forgotten', will need to evolve.

2.4 Assisting with Inquiries

In a similar vein, on receipt of a written order, intermediaries have to provide assistance to the relevant Government agency within 72 hours in matters relating to verification of identify, investigation, prevention of offences, among others6.

INDUSLAW VIEW: The aforementioned Rule does require the order to specify the exact nature of information that is being requested. This may lead to Government agencies fishing for information, thereby exposing the private information of citizens to scrutiny, and drawing on the technology expertise of the intermediary to help investigate a matter. This may, in turn, create a challenge for intermediaries to strike a balance between complying with the lawful order while safeguarding the right to privacy of its users. In the present case, the scope of this Rule is broader than that conceived under the Code of Criminal Procedure, 1973, and has a lower threshold of checks and balances built into it, thus, widening the scope for potential misuse.

2.5 Grievance Redressal Mechanism

It is pertinent to note that the grievance redressal mechanism has been significantly broadened under the 2021 IT Rules vis-à-vis the erstwhile 2011 Guidelines. Presently, not only should the intermediary publish the name, contact details or mechanism through which a user can complain, but also should acknowledge the complaint within 24 hours and redress it within 15 days of receipt, unlike the one-month period provided earlier. In case the complaint is made in relation to exposure of private parts or impersonation of a person, the intermediary should strive to disable access to such content within 24 hours.

2.6 Introduction of Additional Compliances to be Fulfilled by Significant Social Media Intermediaries

A new class of intermediary has been introduced within the 2021 IT Rules, called the 'significant social media intermediary' ("SSMI") which means a social media intermediary having 5 million or more registered users in India. All SSMIs are required to observe certain additional compliances within 3 months from February 25, 2021, while discharging its duties.

For instance, the SSMI has to mandatorily appoint certain personnel under the 2021 IT Rules, including a (i) Chief Compliance Officer; (ii) Nodal Contact Person; and (iii) Resident Grievance Officer. The Chief Compliance Officer is responsible for compliance and can be held liable for contravention of the 2021 IT Rules. The Nodal Contact Person has to be available 24x7 for coordination with law enforcement agencies as required, and the Resident Grievance Officer is in-charge of grievance redressal. A common thread among all these personnel is not only that they are all employees of the respective intermediaries, but also that they have to be resident in India. Moreover, an SSMI is required to have a physical contact address in India to receive communication under the 2021 IT Rules.

INDUSLAW VIEW: The mandate for having a contact address in India and locally present officers in India adds significant legal risk and costs. At the same time, there is greater clarity as to who will be 'on the hook' in case of investigation or non-compliance, and the current practice of summoning country heads or even global heads of organisations may diminish. Further, such requirement may also create permanent establishment risks for certain foreign intermediaries under tax avoidance treaties as global platforms are typically owned and operated in one jurisdiction and other ancillary activities take place physically in the local market. Although the IT Act already provides for extra-territorial jurisdiction, the 2021 IT Rules make it easier for the Indian courts to exercise jurisdiction over intermediaries situated outside India.

2.7 Identifying the Messenger

Another decisive addition made by the Government is the requirement of an SSMI, primarily providing messaging services, to enable the identification of the first originator of information, as required by a court order or as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. The considerations attached to securing this order are: (i) firstly, for the purposes of prevention, detection or investigation of offences related to the sovereignty and security of India, public order, or offences in relation to rape, where the imprisonment is not less than 5 years; and (ii) secondly, as a last resort, when the Government has no other effective means to identify the originator. Further, the intermediary has no obligation to divulge the contents of the message while identifying the originator. Moreover, in the event the first originator of information is outside Indian territory, then the first originator of information within the territory of India will be considered as the first originator of information for the purposes of the 2021 IT Rules.

INDUSLAW VIEW: Whatsapp, Signal, Telegram and other encrypted messaging services are going to be significantly impacted by the above requirement. This provision appears to have been introduced to cease and curb the nuisance of certain kinds of fake news and conspiracies. To that end, this measure is commendable. Moreover, the requirement of the first originator to be within Indian territory seems to be spurred by the ease of access and ability to hold intermediaries accountable, if they were closer to home. However, as a measure to protect privacy, several of these platforms use end-to-end encryption to ensure that the content of messages shared between two or more people remain private. While most messaging platforms are aware of the users' identity (through their mobile number and location), the contents of the messages are usually 'double-encrypted' in that the platform is also not aware of the content. The common belief is that the encryption will need to be broken in order to identify the first originator for the Government; this means that the data from a technology standpoint will be exposed to higher cyber security risk. While the 2021 IT Rules, in not authorising a discovery of content of messages, reflect a nuanced recognition of the extent to which data is double encrypted, the public faith in messaging platforms will be significantly reduced and there is potential for the breach of the fundamental right of speech of Indian citizens. Further, significant costs will need to be incurred in order to have accurate and updated identification records of each user of the platform, in a manner that can be shared with the Government.

The very concept of 'public order' as examined in Shreya Singhal v. Union of India, has a high threshold, where disturbance of public order is to be distinguished from acts directed at individuals which do not disturb the society to the extent of causing a general disturbance of public tranquillity. Therefore, the Government should ensure that for a lawful command on the grounds of 'public order' under this Rule, there needs to be an immediate threat to society as a direct consequence of the messages shared; if not, such messages cannot be said to constitute a disturbance to public order to justify restriction of the freedom of speech. On a related note, offences such as 'murder' do not find their way into the consequences triggering the requirement for identifying first originator of information, and it remains to be seen whether the Government will provide adequate clarification on this front.

The 2021 IT Rules also stipulate that an SSMI should strive to deploy automated tools to proactively identify information that depicts rape or related offences, as well as information identical to what was previously taken down upon a court order. The automated tools will be periodically reviewed and evaluated in relation to its propensity of bias and discrimination. While the 2021 IT Rules state that only proportionate measures will be taken in relation to this provision, considering the need to ensure privacy and freedom of speech, the practical implementation of these measures have not been elaborated upon.

INDUSLAW VIEW: The use of such automated tools may arbitrarily, excessively and disproportionately pre-censor information and content, having a chilling effect on an individual's right to free speech. The Government appears to be granting interventionist rights to the intermediary directly, and thereby would want to ensure that adequate checks and balances were in place. Indeed, it may be cold comfort to have the Government 'evaluate' artificial intelligence biases within the automated tools, given India's politically charged atmosphere.

2.8 Material Risk: flexibility to lower thresholds

The MEITY also has the power to notify any intermediary, who is not an SSMI, to comply with the additional compliances, in the event the services provided by that intermediary permit transmission of information that could create material risk of harm to the sovereignty and security of the country, among other qualifications. 'Material risk' will be determined based on whether: (i) the main services of the intermediary seem to facilitate interaction between users, irrespective of intention; or (ii) the transmission of information is made to a significant number of users, which results in widespread dissemination of information.

INDUSLAW VIEW: This understandably drives a metaphorical stagecoach through the 5 million user threshold for SSMI and affords further unilateral power to the Government in addition to the 2021 IT Rules themselves being outside the formal purview of Parliament.

2.9 An Elaborate Censorship Regime for Digital Media

Part - III of the 2021 IT Rules set out the code of ethics, procedure and safeguards in relation to digital media and are applicable to publishers of news and current affairs content, and publishers of online curated content, where such publishers operate in the territory of India or conduct systematic business activity of making its content available in India7.

The 2021 IT Rules provide an inclusive definition of 'news and current affairs content' as well as including "newly received or noteworthy content, including analysis, especially about recent events primarily of socio-political, economic or cultural nature, made available over the internet or computer networks, and any digital media shall be news and current affairs content where the context, substance, purpose, import and meaning of such information is in the nature of news and current affairs content."

'Online curated content' is defined as "any curated catalogue of audio-visual content, other than news and current affairs content, which is owned by, licensed to or contracted to be transmitted by a publisher of online curated content, and made available on demand, including but not limited through subscription, over the internet or computer networks, and includes films, audio visual programmes, documentaries, television programmes, serials, podcasts and other such content."

'Publisher of news and current affairs content' is defined as "an online paper, news portal, news aggregator, news agency and such other entity called by whatever name, which is functionally similar to publishers of news and current affairs content but shall not include newspapers, replica e-papers of the newspaper and any individual or user who is not transmitting content in the course of systematic business, professional or commercial activity."

'Publisher of online curated content' is defined as "a publisher who, performing a significant role in determining the online curated content being made available, makes available to users a computer resource that enables such users to access online curated content over the internet or computer networks, and such other entity called by whatever name, which is functionally similar to publishers of online curated content but does not include any individual or user who is not transmitting online curated content in the course of systematic business, professional or commercial activity."

Part-III of the 2021 IT Rules will be administered by the Ministry of Information and Broadcasting ("MIB").

INDUSLAW VIEW: Considering the fact that the 2021 IT Rules have been issued under Section 87(1) and Section 87(2)(z) and (zg) the IT Act (power of Central Government to make rules)8, empowering MIB to administer a portion of the 2021 IT Rules, namely Part - III, is beyond the scope of implementation of the IT Act. It also seems to be an overreach to use the 2021 IT Rules to expand the regulatory net over digital news publishers.

The 2021 IT Rules reduce the current uncertainty surrounding the definition of terms such as 'digital media' and 'news and current affairs', by providing clarity on the scope of such terms. The lack of definition of these terms has contributed to confusion in many spheres of the Indian law, including the foreign exchange management laws in relation to Press Note 4 of 20199. The 2021 IT Rules address the ambiguities that existed within the foreign direct investment policy. However, the purview of the IT Act, 2000 does not extend to news media and hence the 2021 IT Rules do not appear to have any legislative backing to regulate news media. Further, there are sufficient existing laws that determine reasonable restrictions on the freedom of press in India.

The definition of 'news and current affairs content' goes beyond the socio-political to cover economic and even cultural news. The net has been cast extremely wide unlike, for instance, the Australian News Media Bargaining Code which focuses on issues of public importance. Moreover, by retaining news aggregators as opposed to original publishers as regulated entities, there is clear signalling by the Government that along with journalistic reporting of news, curation s in itself a regulated activity.

2.10 Code of Ethics for Publishers of News and Current Affairs

The 2021 IT Rules require the publishers of news and current affairs content to adhere to the Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television and Networks regulation Act, 1995.

INDUSLAW VIEW: The requirement under the Code of Ethics of the 2021 IT Rules, is an attempt to bring the online news and current affairs publishers on the same footing as the offline news and current affairs publishers.

2.11 Additional due diligence to be observed by an intermediary in relation to news and current affairs

An intermediary is mandated to publish a clear and concise statement on its website or mobile application, as applicable, informing publishers of news and current affairs that in addition to being governed by the common terms of service applicable to all users, these publishers should furnish details of their user accounts on the services of such intermediary to the MIB.

2.12 Code of Ethics for Publishers of Online Curated Content

The 2021 IT Rules prohibit the publishers of online curated content from transmitting, publishing or exhibiting any content which is prohibited under any law or by any court of competent jurisdiction. Publishers of online curated content are required to exercise due caution and discretion while featuring the activities, beliefs, practices or views of any racial or religious groups. Publishers of online curated content should classify all content transmitted, published or exhibited by them, based on the suitability of such content for viewers of different ages. The content should also be classified based on the context, theme, tone, impact and target audience of such content as detailed in the schedule annexed to the 2021 IT Rules ("Schedule"). Further, publishers of online curated content should display the rating of any online curated content along with explanation of the relevant content descriptor, in a prominent manner.

Publishers should ensure availability of access control mechanism10, including a parental lock to facilitate compliance of age classification of content. Any publisher transmitting, exhibiting or publishing content suitable only for viewers above the age of 18 years, should implement a reliable age verification mechanism for viewership of such content. The publishers of online curated content are further required to take reasonable efforts to improve the accessibility of online curated content transmitted by them to persons with disabilities through implementation of appropriate access services.11

INDUSLAW VIEW: The requirement for the publishers of the online curated content to exercise due caution and discretion with respect to content relating to activities, beliefs, practices or views of any racial or religious groups, is very wide and the term 'exercise of due caution and discretion' creates ambiguity with respect to the responsibility of the publisher. It must be noted that Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television and Networks regulation Act, 1995 do not impose any similar restriction on publishers of news and current affairs content. Though the Norms of Journalist Conduct and Programme Code lay down some guidelines with respect to content relating to religious or communal group, these guidelines are specific and not as wide as the requirement for the publishers of online curated content under the 2021 IT Rules. Considering the difference in the nature of the news and current affairs content and online curated content, it is surprising that the publishers of online curated content are expected to exercise greater responsibility regarding the nature of the content. Imposing such an obligation is an over-reaching exercise of powers over publishers of online curated content.

Though the requirement to implement access control measures to restrict access to content unsuitable for a particular age, is a positive move in protecting the children from inappropriate content, it may be cumbersome for publishers of online curated content to implement these measures, especially for small-scale publishers.

2.13 Three-Tier Grievance Redressal Mechanism for Digital Media

The 2021 IT Rules provide a three-tier grievance redressal structure for addressing grievances in relation to the Code of Ethics. The publisher shall be the first level of the three-tier structure and is required to set up a self-regulating mechanism and appoint a grievance officer based in India. The publisher is required to issue an acknowledgement for any grievance within 24 hours of its receipt. The grievance officer is required to take a decision on every grievance received by it and communicate the same to the complainant, within 15 days of the registration of the grievance.

At the second level, one or more self- regulatory bodies of publishers will be constituted as independent bodies, by publishers or their associations. The self-regulating body will have a maximum of 6 members, and will be headed by a retired judge of the Supreme Court or a High Court, or an independent eminent person from the field of media, broadcasting, entertainment, child rights, human rights or such other relevant field. Such self-regulating body is required to register itself with the MIB. The self-regulating body has to ensure the alignment and adherence by the publishers of the Code of Ethics, and will hear appeals filed by the complainants against the decision of the publishers. The self-regulating body may then issue guidance or advisory to publishers while disposing a grievance or an appeal against a decision of a publisher.

At the third level, the MIB will develop an oversight mechanism and coordinate and facilitate the adherence to the Code of Ethics by the publishers of news and current affairs content and publishers of online curated content. The MIB will establish an inter-departmental committee (the "Committee"), and an authorized officer appointed by the MIB ("Authorised Officer") will be the Chairperson of such Committee. The Committee will hear complaints arising out of the grievances in respect of the decision taken by the publishers or the self-regulating body, or where no such decision is taken by these bodies within the specified timeline, and complaints referred to it by the MIB. Further, the MIB will also publish a charter, including a code of practice for self-regulating bodies. While disposing a grievance or an appeal, the selfregulating body or the Committee, as the case may be, may issue an advisory or guidance to the publisher in the nature of a warning, censure, admonish or reprimand, or it may require the publisher to submit an apology or to include a warning card or disclaimer. It may also require a publisher of online curated content to reclassify ratings of relevant content, modify the content descriptor, age classification and access control measure or edit synopsis of any content.

INDUSLAW VIEW: While the 2021 IT Rules have introduced a three-tier grievance redressal mechanism involving the publishers, self-regulating body and Committee, the MIB retains the power to refer any complaints directly to the Committee, constituted by MIB, without exhausting either of the first two tiers. It remains to be seen how this will work in practice. The Constitution of India does not grant the executive, the power to judge the suitability of content published by media. At the third level of the grievance redressal mechanism, the 2021 IT Rules have empowered the MIB and the Committee to adjudicate on questions of suitability of the content published by publishers of news and current affairs content and the online curated content. Grant of such adjudicatory powers to an executive branch of the Government, may jeopardize the freedom of the press and media in India. In an event of an emergency, where no delay is acceptable, the Authorised Officer will examine if the relevant content falls within the grounds mentioned under Section 69A(1) of the IT Act12, and whether it is necessary and justifiable to block such content or part thereof. The Authorised Officer will accordingly submit a written recommendation to the Secretary, MIB (the "MIB Secretary").

In the event the MIB Secretary is satisfied that it is necessary and justifiable to block such content, he may issue such direction as an interim measure, after recording the reasons in writing, without providing an opportunity of hearing. In such an event, the Authorised Officer has to seek the consideration and recommendation of the Committee within 48 hours of issue of such direction. The MIB Secretary will pass the final order in accordance with the recommendation of the Committee. In the event the Committee does not approve the blocking of such content, the MIB Secretary shall revoke the interim order.


The constriction of immunity enjoyed by intermediaries was long in the making. It remains to be seen how these 2021 IT Rules will play out in practice and whether the Government will indeed adopt a light touch in exercising its vast powers. There is a case to be made that Indian authorities need more and not less guidance in matters of freedom of speech. The year 2020 was replete with instances of takedowns and blocks without much explanation from the Government. The new 2021 IT Rules will now at least mandate reasons for such takedowns to be debated, and provided the three-tier grievance redressal mechanism works, it will provide material for the High Courts and Supreme Court to examine them, in the event Government actions are challenged. Intermediaries now have enhanced due diligence and monitoring burdens, and are also expected to continuously educate users on what can and cannot be posted. This will assist in establishing a trend of self-regulation, especially in relation to social media intermediaries, thanks to tools provided by artificial intelligence.

Invariably, as with implementation of any major legislation, we can expect a long process of trial and error. It is however undeniable that freedom of speech on the internet may well end up being regulated much more than in the past. The added liabilities for publishers of news and current affairs content and publishers of online curated content are burdensome and will significantly encumber digital media in India.


1 As per Section 2(w) of the IT Act, an 'intermediary' with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, onlineauction sites, online-market places and cyber cafes.

2 As per Rule 2(w) of the 2021 IT Rules, a 'social media intermediary' means an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share disseminate, modify or access information using its services.

3 As per Rule 2(v) of the 2021 IT Rules, a 'significant social media intermediary' means a social media intermediary having number of registered users in India above such threshold as notified by the Central Government.

4 (2015) 5 SCC 1.

5 As per Section 2(1)(e) of the IT Act, 'appropriate Government' means as respects any matter,-- (i) ) enumerated in List II of the Seventh Schedule to the Constitution; (ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government.

6 As per Rule 3 (1) (j) of the 2021 IT Rules, assistance is also to be provided to the Government agency for purposes of prevention, investigation, detection or prosecution of offences under any law for the time being in force, or for cyber security incidents.

7 2021 IT Rules state that 'systematic activity' shall mean any structured or organized activity that involves an element of planning, method, continuity or persistence.

8 Section 87(1) of the IT Act empowers the Central Government to make rules with respect to the IT Act and Section 87(2) lays down specific matters in relation which the Government may make these rules. Clause (z) of Section 87(2) empowers the Government to make rules to lay down the procedures and safeguards for blocking for access by the public under section 69 A(3), whereas Clause (zg) of Section 87(2) states that the Government may issue guidelines to be observed by the intermediaries under section 79(2).

9 https://dipp.gov.in/sites/default/files/pn4_2019.pdf

10 As per Rule 2(a) of the 2021 IT Rules, 'access control mechanism', means any measure, including a technical measure, through which access to online curated content may be restricted based on verification of the identity or age of a user;

11 As per Rule 2(b) of the 2021 IT Rules, 'access services' as any measure, including technical measure such as closed captioning, subtitles and audio descriptions, through which the accessibility of online curated content may be improved for persons with disabilities.

12 Section 69A(1) of the IT Act states that: "Where the Central Government or any of its officers specially authorised by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.