The Government of India, in supersession of the Information Technology (Intermediary Guidelines) Rules, 2011, has notified the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 (hereinafter referred to as the "Rules") under the Information Technology Act, 2000 ("IT Act") on February 25, 2021. The Rules encapsulate guidelines and rules for intermediaries, OTT platforms, digital news apps, publishers of news and current affairs content and other social media players. Further, the Rules usher in new expansive definitions for terms such as 'news and current affairs content', 'online curated content', 'digital media', 'publisher of online curated content'; 'publisher of news and current affairs content', 'news aggregator', 'social media intermediary' and 'significant social media intermediary'.

In our previous posts here and here on the Rules, we had discussed the provisions of the Rules pertaining to intermediaries, its applicability for publishers of online curated content and news aggregators and the three-tier grievance redressal mechanism that the Rules introduced. Through this article we shall explain the implications of the Rules on social media intermediaries and significant social media intermediaries.

A social media intermediary has been defined as an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services. The Rules also go on to define a significant social media intermediary ("SSMI") as a social media intermediary whose number of registered users in India is higher than the threshold level, as notified by the Central Government. The Central Government has now fixed this threshold level at 50 lakhs registered users, hence a social media intermediary would be classified as a SSMI if it has more than 50 lakh registered users. As on today's date India has 53 crore WhatsApp users, 44.8 crore YouTube users, 41 crore Facebook subscribers, 21 crore Instagram clients, and 1.75 crore Twitter users1 implying that they all would be considered as a SSMI.

Additional Due Diligence

The Rules set forth provisions related to additional due diligence to be observed by a SSMI along with the standard due diligence that all intermediaries are bound by (as covered in Part 1 of this series of Articles). A SSMI under the Rules is required to have a physical contact address in India, which should be published on its website, mobile based application or both, to receive any communication addressed to it2. We have set forth below the additional compliances that the Rules provide for SSMIs that includes amongst other things, appointing a grievance redressal team of three as illustrated hereunder3.

Grievance Redressal Team


First Originator Identification

Furthermore, a SSMI providing services primarily in the nature of messaging may also (on receipt of a judicial order) be required to enable the identification of the first originator of the information on its computer resource. This will be solely for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years unless other less intrusive means are effective in identifying the originator of the information4. This Rule would be applicable to the messaging services such as Whatsapp.

However, the SSMI will not be required to disclose the contents of any electronic message, any other information related to the first originator, or any information related to its other users. The Rules clarify that if the first originator is located outside India, then the first originator within India will be considered as the first originator.

Proactive Censorship using Automated Tools

A SSMI is now also required to adopt technology-based measures and automated tools to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse or information that has been previously removed for being prohibited in the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court or defamation. The Rules provide leeway stating that the SSMI

should be mindful to the interests of free speech and expression and privacy of users while using such technology and tools5.

Grievance Tracking Mechanism

A SSMI is required to put in motion, mechanisms for the receipt of complaints and grievances in relation to the violation of the Rule. The mechanism is to encompass within its scope assigning ticket numbers for complaint or grievance received and facilitate tracking of the same6.

Voluntary Verification

The Rules curiously provide that a SSMI allow its users to voluntarily verify their accounts by using appropriate methods such as an active Indian mobile number of such users7. Whether voluntary will become mandatory at some point in time remains to be seen.

Disclosure to Users

A SSMI that removes or disables access to any information that is violative of the Rules, on its own accord, is required to, prior to removing any such information, notify the user that created, uploaded, shared, disseminated, or modified the information. The SSMI is required to explain the reasons for removal, provide the user with an opportunity to dispute the action and request for the reinstatement of access to such information. The SSMI also has to ensure that its Resident Grievance Officer oversees the resolution of any disputes raised8.


Intermediaries and SSMIs that do not observe the required due diligence under the Rules not only lose the right to rely on the safe harbour provision of the IT Act (Section 79 of the IT Act) but may also be liable to for punishment under any law for the time being in force including the provisions of the Act and the Indian Penal Code9.


The Rules will surely bring about a change in the way we experience the internet and interact with various social media by marshalling more control, regulation and supervision. However, will the Rules also have far-reaching consequences for online privacy, freedom of speech and expression and access to information and how would those concerns tie in with the anticipated legislation on data privacy? Will the government be able to maintain accountability? Will the Rules create a safer space for users? Only the passage of time shall tell.

Meanwhile, today (a week after the Rules were notified) the Supreme Court of India ("SC") while hearing another matter, commented on the Rules stating that they were grossly inadequate. The bench remarked that upon going through the Rules, they were of the opinion that the Rules had "No teeth. No power of prosecution. These are just guidelines. No mechanism to control it,". The SC opined that to give these Rules "teeth" legislation was required, without which the Government could not control such platforms (OTT platform in this particular case). The Central government informed the SC that they would consider appropriate steps and could prepare a draft legislation and place it before the SC for its consideration.



2. Rule 4 (5) of the Rules.

3. Rule 4 (1) of the Rules.

4. Rule 4 (2) of the Rules.

5. Rule 4 (4) of the Rules.

6. Rule 4 (6) of the Rules.

7. Rule 4 (7) of the Rules.

8. Rule 4 (8) of the Rules.

9. Rule 7 of the Rules.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.