Analysis of the new IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

intermediary guidelines
Spread the love for law

 About the Author:

Fareedunnisa Huma is a practicing advocate graduated from Symbiosis Law School, Pune.


The IT Act, 2000, was implemented so as to lay down a legal framework for electronic governance. The Act focuses mainly on cybercrimes and electronic commerce. However, with the advent and development of technology, the Act had to be amended, and Rules had to be laid down, so as to make the form of governance: holistic, evolutionary, and specific. Information Technology (intermediary Guidelines and Digital Media Ethics Code), Rules, 2021, are one of such Rules and have been implemented with the intent to combat the lack of transparency, accountability and rights of users related to digital media.

In 2021, WhatsApp released a new privacy policy that all users had to comply with if they wished to keep using the app henceforth. The updated privacy policy allowed WhatsApp to share user data with its parent company Facebook Inc. and simultaneously other apps owned by Facebook Inc.[1]

With our growing dependency on technology and the ubiquitous presence of an app like WhatsApp, WhatsApp’s‘take it or leave it’ privacy policy posed a serious threat to Indian users who were being nothing short of coerced into accepting the said policy, regardless of whether or not they wished to give consent.

Legal proceedings were initiated before various High Courts and the Hon’ble Supreme Court challenging the new policy, holding that it aimed at diluting the right to privacy, that it was against the landmark Puttaswamy judgement (2017) 10 SCC 1, which held that right to privacy is a fundamental right [2], and lastly, that WhatsApp had only mandated its Indian users to accept the privacy policy and not its users residing in the European Union. While it is true that the case is still pending adjudication before the Hon’ble Supreme Court, it was brought to the knowledge of the Indian government that

WhatsApp had not mandated its European Union (EU) users to accept the new privacy policy and that they had the option to opt-out of the same if they felt that this would trespass upon their data privacy[3].The EU users were protected by their Data protection legislation called the General Data Protection Regulation (GDPR), which gave individuals autonomy over their data.

This discovery led to the spotlight turning on the Indian government, who were criticised for sitting on implementing the new IT rules and guidelines since 2018. The Indian government’s lack of adequate response to the rights of their citizens was criticised as being behaviour that seemed lethargic at best. Their downright complicity indicated that there was some sort of internal arrangement that benefitted them from WhatsApp’s high-handed dealing with its Indian users.

Owing to this public outrage, in February of 2021, India released its Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021[4](Henceforth referred to as the Intermediary Rules).The Intermediary Rules, derive their power and authority from its parent statute the Information and Technology Act, 2000, and are managed by the Ministry of Electronics and Technology Information (MeitY).

Brief History

In the case of SharatBabuDigumatri v. Government of NCT of Delhi(2016 SCC Online SC 1464)[5], back in 2008, when an online DVD store was held accountable for the sale of obscene videos made on its website by a third party; the Supreme Court observed, that intermediaries need to be given immunity from actions of the third party on their online platforms.

And thus, the Intermediary Rules, 2008 and subsequently Intermediary Rules 2011 were implemented to protect intermediaries from actions of third parties [6].Section 79 of the IT Act, 2000 states that intermediaries would not be held liable for third party actions, as long as the intermediaries had exercised all due diligence and the Intermediary rules the regulations that is to be followed by intermediaries[7] .

The Intermediary Rules 2021, however, have included under their ambit a number of additional online platforms including online news providers, OTTs such as Netflix, Amazon Prime and have separated the intermediaries into: significant social media intermediaries and social media intermediaries. Apart from this, a number of new guidelines for enforcement of due diligence have been laid down.

The Intermediary Rules, 2021, have been divided into three parts. While Part I pertains to definitions, Part II of the Rules lays down ‘due diligence that needs to be observed by intermediaries, including social media intermediaries, and finally, Part III creates a code of ethics and procedure and safeguards in relation to digital media. Part III draws into its ambit, online news sites and online curated content including OTTs, and unlike part II which is administered by the MeitY, Part III is administered by a novel ministry, the Ministry of Broadcasting (MoB).

Legislative Analysis

We will now be delving in detail into the provisions laid down in each of the parts along with discussing some of the possible repercussions of the same.

Intermediaries are defined as follows in section (2)(w) of the Information and Technology Act, 2000:

with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.”

The Intermediary Rules have further included to Part I, section 2 (v) and (w) respectfully, the definitions of ‘social media intermediaries’ and ‘significant social media intermediaries’. Social media intermediaries are those that primarily and solely enable interaction between two or more people, and significant social media intermediaries’ are those intermediaries that have more than a specific number of users (as will be notified by the government at a later date, although the reason for such ambiguity has raised eyebrows).[8]

Section 3 (a) of Part II mandates intermediaries, including social media intermediaries, to inform their users about their updated privacy policy, promptly, and section 3(b) lists 10 instances of unlawful content that cannot be hosted, transmitted, uploaded, modified or displayed, which are to be brought to the knowledge of any registered user via the promptly published privacy policies[9].

Section 3(d) prohibits social media intermediaries from posting unlawful content, against public order that infringes decency or morality. Although such prohibition is only enforceable upon an order from the Court, the terminology used in the rules can be interpreted leniently, and create room for arbitrary and unwarranted use of the provision. Additionally, this may amount to infringement of Article 19 of the Constitution,  which safeguards freedom of speech and expression.

The Rules, state in sec 3(h) that all information received from users is to be stored for 180 days or 6 months. The period for which user data is to be stored has been doubled from what it was in the 2011 Rules. Adding to that, sec 3(j) states that all such information, including any other information that is required during an investigation, will be furnished by the intermediaries within 72 hours of such request by law enforcement agencies is made.[10]

Part II of the Rules also provide for a grievance redressal mechanism that is to be appointed by social media and significant social media intermediaries. The rules provide for a grievance officer to be appointed, who is to acknowledge all complaints within 24 hours and further provide redressal within 15 days. In the 2011 Rules, a grievance officer was to acknowledge the complaint within 15 days.[11].

Adding to this, a specific grievance redressal mechanism has been rolled out for significant social media intermediaries, in section 4 of the Rules. Apart from appointing a grievance officer, significant social media intermediaries are to appoint:

  •  A compliance officer, to ensure compliance with the IT Act and Rules,
  • A nodal officer, for 24-hour coordination with law enforcement agencies, &
  • A resident grievance officer who shall respond to user queries and grievances.

A substantially controversial provision in the Rules is section 4(2) that enables information of the first originator if the same is required by the Court. Although the Rules do not lay down specifications relating to decrypting of contents of electronic messages, by the virtue of Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009,[12] government agencies will be able to decrypt messages and access user data. 

This not only shatters the right to privacy by ending end-to-end encrypted, it also leaves users without any legal recourse to defend or protect their data in the absence of data protection laws and proper parliamentary oversight. The façade of end-to-end encryption and right to privacy then is just a  façade.

The new Rules mandated all social media intermediaries to comply with the updated guidelines within 3 months, and on the failure of prompt compliance, their immunity would be snatched. Unsettled by this arbitrary set of guidelines, WhatsApp has filed a case before the Delhi High Court (WhatsApp LLC vs. UoI 2021) [13] challenging the new guidelines, stating that section 4(2) would be against the landmark Puttaswamy ruling [14], while also rendering ineffective public privacy and freedom of speech and expression, a fundamental right safeguarded under the Article 19 of the Constitution of India. WhatsApp further contended that the rules are in contravention of, and fail the tests of necessity and proportionality.

However, the government has argued that the right to privacy, as laid down in the landmark Puttaswamy judgement, is subject to certain exceptions including, national security, public order etc. and that the new Rules will be the first to test the exceptions laid down. Adding to that, the Centre argued, that the new and updated rules are needed for faster grievance resolution and stop of spreading of fake news on social media. The claim of the government, however, does not have a leg to stand on  since national security, public order, and fake news are terms of dubious meaning and can be dangerous tools in the hands of government officials that wish to misuse them.

Significant social media intermediaries, under section 4(4) are to deploy technologically based methods to proactively identify and stop information that depicts unlawful or previously removed content. Although the section states that such technologically based methods should pass the test of proportionality with respect to freedom of speech and should also be monitored by periodic human oversight, this will drastically change the way the internet is being used.

Additionally, this provision does not seek to regulate the way social media is used, but rather control it. Section 4(4)poses a hindrance to freedom of speech and expression, as even the mere expression of ‘information, is trying to be curtailed, even before it has been expressed.

Part III of the Rules, which lays down due diligence that is to be complied by online news platforms and online curated  Over the Top (OTT) content has garnered for itself criticism, on the grounds that it infringes upon Article 19 and is ultra vires of its parent act, the IT Act, 2000.

The Code of Ethics, which is enumerated in Part III of the Rules, marks out an oversight mechanism that is to be set up by news platforms and OTT platforms. It orders for creation of a three-level mechanism, them being:

Ø  Level 1, self-regulating by the publisher- At is level a resident grievance officer is to be appointed, whose duties including responding and resolving user grievances within 24 hours and 15 days, respectively.

Ø  Level 2, self-regulating by the body of Publishers- In case a user is not satisfied with the redressal received from Level 1, the user can escalate said grievance to this level. This level is also to assure compliance of online platforms with section 69A of the IT Act, 2000 & in case of non-compliance, escalate the same. Such team shall be headed by a retired High Court or Supreme Court judge or any other eminent person from any other relevant field and will have a total of 6 members.

Ø  Level 3, regulating by Central Government oversight- Level 3, publishes the Code of Practices for self-regulating bodies and establishes committees for advice. The committees comprise of members from the ministries of Information and Broadcasting, Women and Child Development, Law and Justice, Home Affairs, Electronics and Information Technology, External Affairs, Ministry of Defence and are responsible for recommendations relating to warnings, deletion of content, apologies, censorship, and compliance.

Multiple cases have been filed by various online news platforms, including, The Wire and The Quint in Delhi High Court and by LiveLaw in the Kerala High Court (Livelaw Media Pvt.Lmt vs. UOI , WPC no. 6272/2021)[15] challenging the provisions laid out to be followed by online news platforms.

The news platforms have reiterated that intermediaries and publishers are ghastly different and cannot be governed by one set of rules. Secondly, it was contented that the government has tried to bring back the oppressive section 66A of the IT Act, which was struck down in the landmark judgement of Shreya Singhal vs UoIAIR 2015 SC 1523[16].  Section 66A made punishable, menacing or grossly offensive information transmitted via an electronic device. The Supreme Court while striking down the section observed that it was extremely vague, had a ‘chilling effect’ on the freedom of speech and expression, and failed the test of necessity and proportionality.

Lastly, it was contended that section 69A does not cover online news platforms and is restrictive only to ‘government agencies’ and ‘intermediaries’, which becomes clear from a plain reading of the section.

All three major online news platforms have filed cases on the premise that the IT Act, does not bring under its ambit online news channels, and so to form rules that regulate online news platforms, where such power is derived from the IT Act, would exceed the scope of the Act, and be ultra vires of the same.

The news platforms also contended that trying to control the free circulation of news is against and derogatory to fundamental rights, safeguard under the Indian Constitution (Article 13),denies equality before the law (Article14), restricts freedom of speech and expression (Article19) and limits the liberty of an individual (Article 21).

All cases, filed by different online news platforms, in the various High Courts have been transferred to the Supreme Court, who in turn, has issued notice to the Centre [17]. However, it is important to note that the Kerala High Court had passed an interim order, in favour of LiveLaw and restricted the Central Government from taking any coercive action against LiveLaw under part III of the intermediary rules. [18]

In relation to OTTs, Part III holds substantial control over the same. The ministries are authorised to modify or delete content that incites a cognizable offence [sec 14 (e)] and can also block sites and content completely in case of emergency [sec 16(2)].


The new IT rules drastically change how the internet will be experienced in India. While freedom of expression is subject to exceptions, such exceptions are only valid if they pass the test of necessity and proportionality. The rules are arbitrary, vague, and controlling in nature rather than regulative. It is through these rules, that for the first time the circulation of news is trying to be curtailed. With no data protection laws and no parliamentary oversight, the data of users are unprotected and open to exploitation. This alarmingly undermines privacy and freedom of expression. The rules are not only ultra vires to the parent act, but also the constitution.

Leave a Comment

Your email address will not be published. Required fields are marked *