By Aditya Narayan Joshi, a IIIrd year student at Dharmashastra National Law University, Jabalpur


The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2019 were published on February 25, 2021. The 2000 IT Act regulations override the 2011 rules. Businesses operating in India must create new positions, amend company regulations, and implement new notification procedures. It was published in the Gazette on February 25th, and most of the new obligations became effective then. Due diligence for key social media intermediaries took effect on May 25, 2021. The standards, which are divided into parts, include guidelines for intermediaries and a digital media code of conduct. This piece is all about intermediaries, and Parts I and II of the new due diligence criteria.

Rules’ purpose The limits were announced on February 25 by the Ministry of Electronics and Information Technology (MeitY). The press statement also expressed concern over a rise in harsh language and “blatant contempt for religious sensitivities” on social media. According to MeitY, police are increasingly using social media in criminal investigations. “Empower regular people” while holding platforms accountable.

Rules’ purpose

The limits were announced on February 25 by the Ministry of Electronics and Information Technology (MeitY). The press statement also expressed concern over a rise in harsh language and “blatant contempt for religious sensitivities” on social media. According to MeitY, police are increasingly using social media in criminal investigations. “Empower regular people” while holding platforms accountable.

Who must the rules apply to?

These laws apply to intermediates, social media intermediaries, and key social media intermediaries. “Any person that receives, preserves, transmits or gives any service concerning specified electronic records” is an intermediary, according to the IT Act. As stated, “cyber cafés” include “telecom, network, internet, and web hosting providers.” By “intermediary,” we imply a service that allows users to create, upload, share, distribute, and modify material online. This is a “social media intermediate.”

Lesser and bigger social media intermediaries are distinguished by the number of users. Significant social media intermediaries in India have a total user base of 5 million or more. Because Facebook, YouTube, and WhatsApp have substantial user bases in India, including social media intermediaries is critical (410 million Indian users).

Dissection of specified due diligence requirements for intermediaries

Entities falling under one of the aforementioned groups are required to execute particular due diligence operations.

What an intermediary is required to perform

An intermediary’s website or mobile app must publish “rules and regulations, privacy policy, and user agreement.” If a user violates the intermediary’s stated rules and regulations, privacy policy, or user agreement, the intermediary has the “right to terminate” that user’s access or usage and “delete non-compliant information” at least once a year. The intermediary must also notify users of any changes to its laws, regulations, privacy policies, or user agreements. Intermediaries must save user registration information for 180 days after the user withdraws or cancels it. Any of the following information is required by a government order within 72 hours:

It may be used for “prevention, detection, investigation, or punishment of any legal infractions… or cyber security events.” Intermediaries must contact MeitY’s Computer Emergency Response Team if they discover a cybersecurity issue.

What a user must be mandated by an intermediate

The guidelines include certain criteria for intermediaries’ rules, privacy policies, and user agreements. In short, users will be prohibited from “host, display, upload, modify, publish, transmit, store, update, or share any information” that:

  • Invades another’s privacy including bodily privacy; insulting or harassing another based on gender; libellous, racially or ethnically objectionable; relating to or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the law.
  • a patent, trademark or copyright infringement.
  • Violates any existing law.
  • includes intentionally sending content that is manifestly incorrect or deceptive but is reasonably perceived as fact.
  • is false and inaccurate, and is written or disseminated with the intent to deceive or harass a person, entity, or agency for financial gain or to inflict harm.

To delete or deactivate information, the intermediary must comply with a court order or notice from the government or an agency. The Intermediary has 36 hours to delete such information. When a major social media intermediary deletes content that falls within one of the categories above, they must inform the person who uploaded, shared, or altered the item. It must also provide the user with an “adequate and reasonable opportunity to protest the judgement… and seek access restoration.”

Requirements for further due diligence on important social media intermediates

Large social media intermediaries have extra due diligence duties. These requirements include hiring supervisors, producing compliance reports, cooperating with law enforcement, and actively monitoring and removing content from their networks.  Services that “enable the publishing or transmission of information in a way that may seriously damage India’s sovereignty and integrity, security, friendly relations with other nations, or public order” must also comply with these extra standards. For significant social media intermediates, MeitY will inform the intermediary in writing.

Three new roles created

Significant social media intermediaries would have to hire Indians for three new roles. To begin, they must choose a chief compliance officer to oversee both the IT Act and the recommendations. Second, they must designate a point of contact to collaborate with law police “round the clock.” Finally, they must appoint a resident grievance officer to manage the grievance process.

Proactive removal tools

Part II, Section 3(1)(d) requires significant social media intermediaries to “proactively identify” instances of “any act or simulation… depicting rape, child sexual abuse, or conduct” or re-posting of previously removed, unlawful information, such as information related to “India’s sovereignty and integrity.” by using “technology-based” tools. If, “Such information has been acknowledged by the intermediary as falling under the categories indicated in [Part II, Section 3(1)(d)],” the intermediary must alert users who seek to “access such content.”

Compliance reports

“Complaints received and measures taken in response to complaints, as well as details on items deleted proactively by the key social media intermediary” are expected to be included in a monthly compliance report.

Data access by the government and civil liberties Now, a court order also requires major social media intermediaries to know and reveal the identity of the “first originator” (i.e., the person who submitted the first communication). These court judgements must be in course with India’s security, international relations, sexual assault, or child pornography. It is presumed that the originating source of information is located in India unless otherwise stated. While the original originator’s identity must be revealed, the communication’s content need not be. Although online commenters have expressed worry that the new clause may be technically challenging to execute and “raises serious issues about end-to-end encryption and encryption backdoors,”. However, several popular messaging applications, such as WhatsApp and Telegram, already have procedures in place that indicate they may be able to comply with the first originator clause. Last year, the Indian government asked that WhatsApp must identify the source of a message, but WhatsApp refused, citing privacy concerns. Section 79(1) of the IT Act now requires WhatsApp to comply with a similar ruling or risk accountability for user behaviour.

Grievance mechanism for all intermediaries

The guidelines provide a “grievance redress procedure” that all intermediaries must adhere to for people to file a complaint claiming a violation of the mandatory norms. Each intermediary is required to nominate a designated grievance officer. The name and contact information for the grievance officer, as well as for instructions on how to make a complaint, must be available on the intermediary’s website or app. Grievance officials will have 24 hours to acknowledge receipt of a complaint and 15 days to resolve it.


Intermediaries who contravene, forfeit Section 79(1) of the IT Act’s protection. “An intermediary shall not be accountable for any third-party information, data, or communication connection made accessibly or hosted by him,” this provision adds. This essentially implies that intermediaries who do not comply will be held liable for the actions of third parties on their platform or application.


The author asserts that the new legislation would drastically alter the legal environment in India, as well as the liability of intermediaries. Significant social media intermediaries have to comply with the laws, which may require technologically complex adjustments to their platforms. These rules add another weapon to the government’s toolbox for using law enforcement agencies and other ways to pursue people who express a viewpoint adverse to the government’s ideas and interests. Live streaming material is beneficial for those that interact with one another. Following the implementation of new IT policies, there has been a positive influence on live streaming material on social media. Except for live broadcasting, the new laws have become the harshest have become the harshest yet.

Share this post