On February 25th, 2021, Union Law & IT Minister of India said "There should not be double standards. If an attack is there at Capitol Hill (US Congress), then social media supports police action. But if there is an aggressive attack at Red Fort, the symbol of India's freedom where the Prime Minister hoists the national flag, you have double standards. This is plainly unacceptable,". This statement was made while announcing the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("Rules") under the Information Technology Act, 2000 ("IT Act"). The Rules were notified in the official gazette on February 25th, 2021 and are now in force. We will be covering the Rules in a series of articles.

The Rules supersede the previous intermediary rules of 2011 and bring under its ambit several more entities by introducing new expansive definitions for terms such as 'news and current affairs content', 'online curated content', 'digital media', 'publisher of online curated content'; 'publisher of news and current affairs content', 'news aggregator', 'social media intermediary' and 'significant social media intermediary'.

Due Diligence by Intermediaries

The Rules lay down that an intermediary, including a social media intermediary and significant social media intermediary, are required to observe certain due diligence while discharging its duties. The Rules stress that an intermediary that fails to observe any such due diligence cannot claim protection under the safe harbour provision (sub-section (1) of section 79 of the IT Act) and is liable for punishment under any law including the provisions of the IT Act and the Indian Penal Code.

The due diligence required to be observed by an intermediary amongst other things involves the following:

  • publish on its website, mobile based application or both, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person;
  • the rules and regulations, privacy policy or user agreement of the intermediary are to inform the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share information of a certain category. The Rules set forth a sweeping swathe of 10 such prohibited broad categories of information which are as follows:
  • belongs to another person and to which the user does not have any right;
  • is defamatory, obscene, pornographic, paedophilic, invasive of another's privacy, including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force;
  • is harmful to child;
  • infringes any patent, trademark, copyright or other proprietary rights;
  • violates any law for the time being in force;
  • deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact;
  • impersonates another person;
  • threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation;
  • contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource; and
  • is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person.
  • periodically inform its users, at least once every year, of any change in the rules and regulations, privacy policy or user agreement and that in case of non-compliance with the same, the intermediary has the right to terminate the access or usage rights of the users to the computer resource immediately or remove non-compliant information or both;
  • an intermediary, upon receiving an order by a court or on being notified by the Government under the IT Act, will not host, store or publish any unlawful information, which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court; defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force. The intermediary is required to take down such information, within thirty-six hours from the receipt of the court order/notification;
  • the intermediary is required to periodically, and at least once in a year, inform its users of its rules and regulations, privacy policy or user agreement or any change in the rules and regulations, privacy policy or user agreement;
  • where any information has been removed, the intermediary is to preserve such information and associated records for one hundred and eighty days for investigation purposes, or for such longer period as may be required by the court or by Government agencies who are lawfully authorised;
  • where an intermediary collects information from a user for registration on the computer resource, it is required to retain this information for a period of one hundred and eighty days after any cancellation or withdrawal of his registration;
  • the intermediary is to secure its computer resource and information contained therein by following the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011;
  • the intermediary not later than seventy-two hours of the receipt of an order, is to provide information under its control or possession, or assistance to the Government agency, for the purposes of verification of identity, or for the prevention, detection, investigation, or prosecution, of offences under any law for the time being in force, or for cyber security incidents; and
  • the intermediary is required to report cyber security incidents and share related information with the prescribed persons.

Significant Social Media Intermediaries

While the Rules have not yet prescribed the threshold value for who is considered a significant social media intermediary, the Rules do set forth provisions related to additional due diligence to be observed by a significant social media intermediary. These encompass within its scope actions such as appointing a chief compliance officer, nodal contact person, a resident grievance officer, publishing periodic compliance reports, providing unique tracking numbers to complaints to track a compliant etc.

We will in Part 3 of this series of articles on the Rules cover the provisions laid down in the Rules with respect to a Significant Social Media Intermediary.

Intermediary in Relation to News and Current Affairs Content

In addition to the above due diligence, an intermediary in relation to news and current affairs content is required to publish, on an appropriate place on its website, mobile based application or both, a clear and concise statement informing publishers of news and current affairs content that in addition to the common terms of service for all users, such publishers are required to furnish the details of their user accounts on the services of such intermediary to the MIB as provided under Rule 18. The intermediary also has the option to provide a publisher who has provided the MIB such information, a visible mark of verification visible to all users of the service (this could be interpreted to read as an equivalent to the blue tick verified accounts that Instagram has for official accounts).

Grievance Redressal Mechanism for an Intermediary

A user or a victim can make a complaint regarding an intermediary's violations of the Rules or pertaining to the computer resources made available by the intermediary by using the grievance mechanism set up by the intermediary. This mechanism is as provided below:


Supplementary to the above mechanism, the Rules also empower the MIB to direct intermediaries to block, modify, delete certain content and provide interim directions in case of emergencies


Code of Ethics

Part III of the Rules makes available a Code of Ethics that have been annexed to the Rules and a three-tier grievance redressal mechanism. While we have not elaborated on the Code of Ethics here, we have covered the same in Part 2 in the series of articles on the Rules. Part III of the Rules is applicable to publishers of news and current affairs content and publishers of online curated content (collectively referred to as "Publishers"). Publishers shall mean all such Publishers who operate in the territory of India or conduct systematic business activity of making its content available in India. A Publisher shall be deemed to operate in the territory of India where such publisher has a physical presence in the territory of India. "Systematic Activity" shall mean any structured or organised activity that involves an element of planning, method, continuity or persistence. Part III unlike the rest of the Rules is to be administered by the Ministry of Information and Broadcasting ("MIB").

To ensure observance and adherence to the Code of Ethics by Publishers operating in the territory of India, and for addressing the grievances made in relation to Publishers, a three-tier structure for grievance redressal has been provided for.


We will in Part 2 in the series of articles on the Rules cover in detail this Grievance Redressal Mechanism. It is however noteworthy to mention that a compliant can be registered directly with the Oversight Mechanism and need not traverse through all three levels. These Rules will no doubt have significant implications for social media platforms, OTT platforms, messaging applications and all other online content and news aggregators in India.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.