From Harbour to Hardships Understanding the Information Technology (Intermediary Guidelines and Digital Media Ethics Code Rules 2021 - Part I

Evolution of intermediary liability in India

Ever since the enactment of the Information Technology Act, 2000 (“the IT Act”), the treatment of intermediary liability[1] has been pendulous. The recent Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 Rules”), bring about the most significant changes for intermediaries in terms of increasing due diligence obligations and liability in cases of non-compliance.

To understand the 2021 Rules, we start by tracing the evolution of intermediary liability when only network service providers were exempted from liability under the IT Act. The need to expand the contours of safe harbour provision came to fore in the year 2008, when the CEO of an e-auction website was charged under the Indian Penal Code and IT Act due to an obscene video uploaded on the website.[2] Subsequently, the IT Act was amended to protect intermediaries, which merely acted as platforms for transmission of information, from the liability for offences committed without their actual knowledge. The definition of an intermediary was expanded to include online payment sites, search engines, internet service providers etc.,[3] and exemption was granted to intermediaries from liability arising under ‘any law’, as opposed to the limited protection from offences only under the IT Act provided earlier.

Following the 2008 amendment, whether an intermediary could claim safe harbour hinged largely on two factors, i.e. actual knowledge about the unlawful act and compliance with due diligence obligations, as prescribed. Under the earlier Information Technology (Intermediaries Guidelines) Rules, 2011 (“2011 Rules”), an intermediary was required to remove unlawful content on its platform once it acquired knowledge of such content by itself or from an aggrieved individual. Notably, the Supreme Court in 2015, read down ‘actual knowledge’, in Shreya Singh v. Union of India[4] to state that actual knowledge can be attributed to an intermediary only when there is a court order or notification from an appropriate government authority apprising the intermediary of unlawful content over its platform.

Over the last few years, the role of intermediaries has increased significantly with large sections of society starting to adapt to social media platforms as a primary mode of communication. In the same breath, digital media also attained mainstream relevance, thereby attracting the attention of the Government to regulate such platforms.  The 2021 Rules can, therefore, be considered as the threshold step towards such regulation.

Scope of the 2021 Rules

The 2021 Rules are divided into two parts based on their applicability. While Part II regulates intermediaries, Part III is applicable to digital media including an intermediary, publishers of news and current affairs or publishers of online curated content.[5]

In a departure from the 2011 Rules which regulated all “intermediaries” without any distinction in terms of their user base or the content hosted on their platform, the 2021 Rules classify the regulated entities into the following types:

  1. Social media intermediary[6] with less than 50 lakh registered Indian users;
  2. Significant social media intermediary[7] (“SSMI”) with more than 50 lakh registered Indian users[8];
  3. Publisher of news and current affairs[9] content including news aggregators[10],
  4. Publisher of online curated content[11] which covers all online streaming platforms including Over-the-Top (‘OTT’) platforms.

Due diligence obligations under the 2021 Rules

To claim safe harbour under the IT Act, the intermediaries must[12] undertake and comply with various obligations. With the 2021 Rules, at one end of the spectrum, intermediaries are required to prominently publish rules and regulation on their website informing its users about the type of information which must not be stored or transmitted on the intermediary’s computer resource (“prohibited information”). In a step-up from the 2011 Rules, this now includes content which is published for financial gain but is patently false and untrue or information aimed at gender-based harassment.

At the other end of diligence obligations, intermediaries, upon receiving actual knowledge in the form of an order from a court or notification from an appropriate government authority that certain information hosted by it is prohibited information, must remove or disable access to such information within 36 hours of the receipt of such order or notification. Notably, no such order is required when an individual complaint is received about sexual imagery and the intermediary must take down such content within 24 hours of the receipt of the complaint.[13] Intermediaries are also required to provide any information under their control or possession, within 72 hours of receipt of an order in this regard, to a government agency for investigation, detection or prevention of cyber security incidents or offences under any law.

Another important change is the requirement to appoint a grievance officer (also prescribed under the 2011 Rules) and publish his/her name and contact details prominently on its website. Building on the 2011 Rules, the 2021 Rules make it obligatory upon the grievance officer to acknowledge any order, notice or direction issued by a court or a government agency or a complaint received from an individual user or victim. Further, a complaint must be disposed of within a period of 15 days from its receipt (as opposed to one month under the 2011 Rules).

In addition to the other due diligence requirements prescribed for all intermediaries, an SSMI is required to comply with additional obligations which include inter alia [14] the appointment of a chief compliance officer who will be liable for the failure of an intermediary to observe due diligence and a nodal contact person (available 24×7) to ensure compliance with orders of courts and to coordinate with law enforcement agencies, as also a resident grievance officer who shall be responsible for grievance redressal of its users. It is also required to establish a physical contact address in India.

Regulatory regime for digital media

While the IT Act did not originally envisage regulation of digital media, the 2021 Rules impose various obligations on digital media entities which carry out systematic business of making content available within India. These digital media entities would essentially include publishers of news and current affairs and publishers of online curated content (“publishers”), who shall adhere to a Code of Ethics (“Code”) prescribed under Part III of the 2021 Rules. Interestingly, even foreign news publishers with an online presence in India shall be regulated by this Code.

The 2021 Rules also mandate a three-tier grievance redressal mechanism to entertain any complaints of violation of the Code. At Level I, a grievance officer is required to be appointed by the publisher itself.[15] If a grievance is not redressed by Grievance Officer within 15 days, the grievance is automatically escalated to Level II which is the self-regulating body of one or more publishers or their associations.[16] At Level III, the 2021 Rules provide for establishment of an Inter-Departmental Committee[17] which shall hear grievances from the decision of the self-regulating body or other complaints about violation of the Code.

Looked at in entirety, the 2021 Rules stand to impose various obligations on the intermediaries bringing them closer to regulation like the more traditional forms of media. Considering the direct impact intermediaries can now have on society and polity, a regulation was in the offing. However, the lack of a robust consultation process while formulating the 2021 Rules has raised some cause for concern and criticism with several challenges being filed[18] against them which are now under judicial scrutiny. Meanwhile, it is only appropriate that intermediaries adapt to a future with greater regulation and oversight.

This article is the first part in a series on intermediary liability, which aims to analyse the impact of the 2021 Rules. This part provides a brief primer on the changes brought about by the 2021 Rules. In the second part of the series, we aim to analyse the legal implications of the 2021 Rules on the intermediaries and digital media entities along with the consequential liability for non-compliance.

[1] Section 79 of the IT Act incorporates a safe harbour provision shielding online intermediaries from liability under various laws, for any unlawful content uploaded by their users.

[2] Avinash Bajaj v. State (NCT of Delhi), 2005 (79) DRJ 576.

[3] Section 2(w), IT Act.

[4] (2015) 5 SCC 1.

[5] Rule 2(i), 2021 Rules.

[6] Rule 2(w), 2021 Rules.

[7] Rule 2(v), 2021 Rules.

[8] Government of India, Ministry of Electronics and Information Technology, F.No.16(4)/2020-CLES (February 25, 2021),

[9] Rule 2(t), 2021 Rules.

[10] Rule 2(o), 2021 Rules.

[11] Rule 2(u), 2021 Rules.

[12] Rule 3, 2021 Rules.

[13] Rule 3(2)(b), 2021 Rules.

[14] Rule 4, 2021 Rules.

[15] Rule 11, 2021 Rules.

[16] Rule 12, 2021 Rules.

[17] Rule 13, 2021 Rules.

[18] WP (C) No. 6272 of 2021 filed on March 10, 2021.