Reading time : 12 minutes

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 have been launched through the Ministry of Electronics and Information Technology (MeitY) in February. Social Media intermediaries were given a three-month duration to adapt to the new regulations. The authorities on May 26 issued a clean word to all social media intermediaries for compliance with the new regulations that came into effect on that day.

Tech giants like Google, Facebook, WhatsApp, LinkedIn, etc. have given Ministry of Electronics and Information Technology details in accordance with the new rules. Twitter requested an extension of the compliance window, calling for constructive dialogue and a collaborative approach. WhatsApp filed a case in the Delhi High Court against the government on basis that the new regulations violated customer privacy. The new law has also been challenged by companies like The Quint, etc. The main aim of the IT Rules 2021 is to protect the Indian users from frauds, fake news and other misuse of the platform.

The emphasis is also given to increasing sexual offences against children and women. The Government basically wants to dominate on the basic privacy policies of these social media platforms and how they should be structured. While the government refuses to accept that they are not interested in the messages of the person but the structure of the law is clearly the opposite. On 25th February 2021 all the major social media platforms were given a time period of 3 months to comply with the Intermediary Rules. This law is not only applicable to social media platforms but also Indian companies which are gaining popularity and expanding their user base.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 is a leap towards providing more secure use of these platforms. It will also help in curbing and lowering down the amount of online sexual harassments. The main aim of these rules is to set a standard framework for all the intermediaries through self-monitoring policies. The intermediaries which will come under these rules are OTT platforms, digital media and social media platforms.

Important Definitions-:

Rule 2 is the definition clause:

“Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record as per section 2(w) of the IT Act. An intermediary also includes websites, apps and portals of social media networks, media sharing websites, blogs, online discussion forums and other such functionally similar intermediaries as per the ‘Code’. 

Social Media Intermediary means an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.

Significant Social Media Intermediary (hereinafter ‘SSMI’) means a social media intermediary having a number of registered users in India above such threshold as notified by the Central Government as per rule 2(y) of the ‘Code’.”[1]

Good Side of these Laws:

  • Rule 3(2) (b) Deletion of intimate (non-consensual) pictures posted without consent within 24hrs.
  • Rule 4 (3) -The users will be able to know whether the post is advertised or sponsored or exclusively controlled.
  • Rule 4 (1) (d) The social media platforms need to publish compliance report which will help in bringing clarity in the content moderation practices of these companies.
  • Rule 4 (8) -Dispute resolution mechanism for content removal. The social media platforms have to give an explanation in case the content is removed within a set period of time. Though it will create burden on the companies but it will reduce the cases where harmless content is blocked.

Adverse Side of these Laws:

  • Rule 3 (1) (d) -The social media platforms need to take down the content within 36 hours.
  • Rule 4 (a) Appointment of personnel. All the social media platforms need to appoint Chief Compliance Officer, a nodal contact person and Resident Grievance Officer. The main hardship is all the three officers should be residing in India which creates additional burden on these companies.
  •  Rules 4 (2) –Traceability requirement. It basically removes end-to-end encrypted and will severely impact the freedom of speech.
  • Rule 4 (5) – The social media companies need to setup a local office will create additional difficulties and will add to financial burden.


  1. While the significant social intermediaries need to follow the diligence under the rule 4 within 3 months of publications of the rules, the intermediaries also need to follow additional due diligence which are –

Appointment of personnel:

Chief Compliance Officer, Rule 4(a) – An intermediary has to appoint a Chief Compliance Officer who shall undertake the responsibility for ensuring compliance with the IT Act and the rules there under. The Chief Compliance Officer will be liable in any proceedings relating to third party information where he/she fails to make sure that due diligence was followed by the intermediary. No liability will be imposed upon the significant social media intermediary, without being granted an opportunity to be heard. The Chief Compliance Officer has to be a ‘key managerial personnel’ or a senior employee of the company and he/she has to be a resident in India.

Appointment of a Nodal Contact Person, Rule 4(b): A social media intermediary is also required to appoint a nodal person who shall be responsible for 24x7coordination with the law enforcement authorities and shall ensure that the Orders and requisitions sent to the company are complied with. The nodal contact person has to be an employee, someone other than the person holding the position of the Chief Compliance Officer and he/she has to be a resident of India.

Appointment of Resident Grievance Officer, Rule 4(c): The said officer shall be responsible for ensuring that the intermediary follows the due diligence requirements relating to the grievance redressal mechanism. The Resident Grievance Officer must be a resident of India.[2]

  • The major social media intermediaries primarily in the nature of messaging shall enable identification of first originator. The main purpose is prevention, detection, prosecution or punishment and to protect the sovereignty and integrity of the country. It will also be used for purpose of detection of rape/ sexual explicit material or child abuse material.

It is also specified that if the first originator of the information is located outside India then first originator located in India will be deemed as first originator as per the clause.

  • The Significant Social Media Intermediary needs to deploy automated tools to identify anything which depicts sexual abuse, explicit content, etc. The SSMI will have excessive power which can be misused. It will be quite difficult to maintain a balance between Law & Order and also protecting the privacy of the users. It will also lead to an impact on the free speech which is the spine of democracy.
  • The significant social media intermediary need to provide the physical contact address in India on its website/ app for proper grievance redressal and communication.
  • The users from India need to verify for the services provided by the significant social media intermediary voluntarily through active Indian mobile numbers. The users verified will be provided with verification mark.
  • All the intermediaries need to furnish details of the publishers of news and current affairs of their user accounts to the ministry.



The new law brings a major threat to the privacy of the users as end-to-end encrypted messages will be removed. It is included the Rule 4 (2) of the new it rules act 2021which is a revised version of intermediary guidelines which was published in December 2018. Social media platforms like Whatsapp and Facebook use complex cryptographic functions, if the data is not protected there are chances that it might get stolen.

Another drawback is it would be difficult to prove the first originator of the message.

In brief this undermines the privacy and right to free speech, it will also affect end-to-end encrypted messages.   


The significant social media intermediary of each platform is expected to verify the users through mobile number and also provide a badge or mark alongside their account. This step will significantly reduce the amount of fake accounts on the social media platforms.

Online financial frauds on the name of others will also reduce after verification. Though this is not voluntary and does not compel users to verify the credentials which will not affect the digital rights of the consumer. 


The law requires retention of data for a time period of one hundred and eighty days. For now India does not have its own privacy law, as many countries have already adopted GDPR (general data protection regulation) but in future the law needs to be informed. There is also a huge risk of data leaks and breach which can be a threat to national security.


The significant social media intermediary (SSMI) of each social media platform needs to provide the Government with information under their possession for identification and investigation or prosecution of offences. This should be done within 72 hours. The major drawback is the government can misuse this for their own political benefits which can lead to threat to privacy of the users.


The Significant Social Media Intermediary needs to deploy automated tools to identify anything which depicts sexual abuse, explicit content, etc. The SSMI will have excessive power which can be misused. It will be quite difficult to maintain a balance between Law & Order and also protecting the privacy of the users. It will also lead to an impact on the free speech which is the spine of democracy.


1. Grievance Redressal Mechanism: Rule 10

“A publisher has to give an acknowledgment of the grievance to the complainant, within a period of twenty-four hours. The publisher must address the grievance and it has to convey its decision to the complainant, within fifteen days from the registration of the grievance. If the grievance remains unaddressed even after fifteen days, it will be escalated to the self regulating body at level two of the three tier grievance redressal mechanism. 

The regulation of online curated content or news and current affairs content is structured into three different levels.

  • Level 1: Rule 11 

This level consists of the grievance redressal mechanism constituted by the publisher. Every publisher is supposed to appoint a Grievance Redressal Officer based in India who will be responsible for addressing the grievances. 

The said officer has to take a decision in respect of every grievance received by him, within a period of fifteen days and the decision has to be communicated to the complainant within the specified time. The said officer is also expected to be the point of contact for receiving grievances relating to the Code of Ethics and the nodal point for interaction with the complainant, the self regulating body and the MIB.

  • Level 2- Self Regulatory Mechanism: Rule 12 

Constitution: Level 2 consists of the self regulatory body which is expected to be an independent body made by an association of the publishers. There can be more than one self regulatory body and it has to be headed by a retired judge of the Supreme Court or a High Court or an ‘independent eminent person’ who belongs to the field of media, broadcasting, entertainment, child rights, human rights or any such relevant field. The self-regulatory body shall have up to six other members who shall be experts from the aforementioned fields.  

The self-regulatory body must be registered with the MIB. If such a body has been constituted before the notification of the rules, it must be registered within thirty days and if it is constituted after the notification of the rules, it must be registered within thirty days from the date of its constitution. 

The self-regulatory body is supposed to ensure that the publishers adhere to the Code of Ethics, provide guidance on the same to them, address grievances which remain unresolved with the publishers and hear appeals which are filed by the complainants against the decision given by the publishers. The body also has to power to issue guidance or advisories to the publishers, ‘warning, censuring, admonishing or reprimanding’ them or requiring an apology, warning card or a disclaimer from the publisher. The self-regulatory body can further direct the publisher of online curated content to reclassify the ratings of content, make modifications in the age classification and access control measures, and refer content to the Ministry for consideration. 

  • Level 3- Oversight Mechanism: Rule 13 

The final level comprises an Oversight Mechanism which is constituted by the Ministry, to ensure adherence to the Code of Ethics by the publishers. The Ministry has been empowered to designate an officer of the ministry, not below the rank of a Joint Secretary to the Central Government, as the “Authorized Officer”. The authorized officer shall have the power to initiate the procedure for deletion, blocking or modification of information by the publisher, and for blocking of information in case of an ‘emergency’.”[3]

In February 2021 India’s 17 largest streaming platforms (Netflix, Amazon Prime, etc) launched a self regulation toolkit under the guidance of Internet and Mobile Association of India (IAMAI). The main motive of these regulations was to prevent the code laid by the government.

The code has many issues in itself like more push towards self-censorship. Overall it may be possible that the self-regulation and the clauses issued by the government (11, 12, 13) both come into force result being in self-censorship and Government surveillance.



As the new rules have been introduced WhatsApp (owned by Facebook) reached Delhi High Court against the new laws. The main aim is data protection and the right to privacy for its users which are the main point of debate as due to  the new IT Rules, 2021 end-to-end encryption will be removed.

“In its petition, WhatsApp said the rules that came into effect on Wednesday were a “dangerous invasion of privacy” and pose a threat to free speech. The petition claimed that enforcement of Rule 4(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) will break WhatsApp’s encryption that ensures messages can only be read by the sender and receiver and the privacy principles underlying it.

The Puttaswamy judgement was a landmark ruling passed by the Supreme Court in 2017, which said a person’s right to privacy must be preserved except in cases where legality, necessity, and proportionality are all weighed against it. WhatsApp contends that the traceability requirements violate users’ privacy and is against the Puttaswamy judgement.”[4]


Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors

“In August 2017, a nine judge bench of  J.S. Khehar, J. Chelameswar, S.A. Bobde, R.K. Agrawal, R.F. Nariman, A.M. Sapre, Dr. D.Y. Chandrachud, S.K. Kaul and S.A. Nazeer of  the Supreme Court in the Puttaswamy Case gave legitimacy to the ‘right to privacy’ under the Constitution of India and overruled the M.P Sharma case and the Kharak Singh case in relation to the guarantee of the right to privacy under the Constitution, and, therefore, made its derogation subject to the highest level of judicial scrutiny. Premised on the principle that “Privacy is the ultimate expression of the sanctity of the individual“, the Supreme Court affirmed the reasoning and judgment given in the PUCL Case and held that:

  1. The violation of privacy with regard to arbitrary state action would be subject to the “reasonableness” test under Art. 14.
  2. Privacy invasions that implicate Art. 19 freedoms would have to fall under the restrictions of public order, obscenity etc.
  3. Intrusion of one’s life and personal liberty under Art. 21 will attract the just, fair and reasonable threshold.
  4. Phone tapping not only infringes Art. 21 but also contravenes Art. 19 freedoms. Such a law would have to be justifiable under one of the permissible restrictions in Article 19(2), in addition to being “fair, just and reasonable” as required by Article 21, and as was held in the PUCL Case. It would also need to be subject to a higher threshold of “compelling state interest”.
  5. The ‘proportionality and legitimacy’ test was also established – which is a four-fold test that needs to be fulfilled before state intervention in the right to privacy:
    1.  Action must be proportionate to the need for such interference.
    1.  And it must be subject to procedural guarantees against abuse of the power to interfere.”[5]



“Shreya Singhal v. Union of India is a judgment by a two-judge bench of the Supreme Court of India in 2015, on the issue of online speech and intermediary liability in India. The Supreme Court struck down Section 66A of the Information echnology Act, 2000, relating to restrictions on online speech, as unconstitutional on grounds of violating the freedom of speech guaranteed under Article 19(1)(a) of the Constitution of India. The Court further held that the Section was not saved by virtue of being a ‘reasonable restriction’ on the freedom of speech under Article 19(2). The Supreme Court also read down Section 79 and Rules under the Section. It held that online intermediaries would only be obligated to take down content on receiving an order from a court or government authority. The case is considered a watershed moment for online free speech in India.” [6]

The Section 66A of Information Technology Act was struck down by the Supreme Court. The court stated that Section 66A was unclear and imprecise and it not covered under Article 19(2) of the Indian Constitution.

The court struck down only the sections which were invalid as whole legislation cannot be removed.


  • Romesh Thapper v. State of Madras 1950 AIR 124
  • Khushboo v. Kanniamal & Anr (2010) 5 SCC 600
  • Bennett Coleman & Co. V. Union of India & Ors [1960] 2 S.C.R. 1671

Conclusion –

The New IT Rules 2021 have resemblance to the General Data Protection Regulation and EU Code of practice on disinformation. People are looking with suspicion as the New Rules aim to oppress debates and criticism. While these rules are being simply seen as channel of bringing law and order on the other hand it may be used by the government to chase people with different opinions or have a different ideology from the government.

At present it is very important to verify the information as what may appear false could be true and vice-versa. If we see this law from the point of view of protecting the common man of India from getting mislead because of the false news/ information then the move is praiseworthy. The social media platforms have been divided into two categories which are social media intermediaries and significant social media intermediaries. The main motive of these rules is to regulate action which the intermediaries should take in case of infringement of the policies.

One of the main issues is that who decides whether the information is false or obscene or defamatory. It will also be very difficult to decide to decide what is against the sovereignty or integrity of India.  This can further lead to more burden on the intermediary due to increase in the regulations. While many rules are a welcome step but there are some measures which handicaps the privacy of the users. One of the measures is the removal of end-to-end encryption, though this measure will help to identify the first originator of the message or remove sexual content through automated tools but it can be misused and will lead to data leak. Removal of source of information (first originator) may not solve the problem as every person cannot be held liable. Furthermore there is no assurance that there is no misuse of the information by the government agencies or even the intermediaries.

All the messaging platforms have very less information about the users which disables them to see the messages of the users, adding traceability will unnecessarily increase the burden on the companies.

Before the IT Rules 2021, the Information Technology (Procedure and Safeguards for the Interception, Monitoring and Decryption of Information) Rules, 2009. According to the previous law the intermediaries need not to comply according to the Government but provide with technical assistance which is practically possible.


  1. – Important Definitions.
  2. – Digital Media Ethics Code, Grievance Redressal Mechanism.
  3. – Justice K. S. Puttuswamy (Retd.) and Anr. vs Union Of India And Ors.    –  Writ Petition (Civil) No 494 of 2012; (2017) 10 SCC 1; AIR 2017 SC 4161     
  4. – Karmanya Singh Sareen Vs. Union Of India
  5.,of%20the%20Constitution%20of%20India – Shreya Singhal and Ors. v. Union of IndiaAIR 2015 SC 1523; Writ Petition (Criminal) No. 167 OF 2012  
  6.,of%20the%20Constitution%20of%20India –  Shreya Singhal and Ors. v. Union of IndiaAIR 2015 SC 1523; Writ Petition (Criminal) No. 167 OF 2012




[4] – Karmanya Singh Sareen Vs. Union Of India

[5] Justice K. S. Puttuswamy (Retd.) and Anr. vs Union Of India And Ors.                                                                   

 Writ Petition (Civil) No 494 of 2012; (2017) 10 SCC 1; AIR 2017 SC 4161      

[6],of%20the%20Constitution%20of%20India –  Shreya Singhal and Ors. v. Union of IndiaAIR 2015 SC 1523; Writ Petition (Criminal) No. 167 OF 2012

Author: Haritosh Dev Garg, AMITY LAW SCHOOL, NOIDA

Editor: Kanishka VaishSenior Editor, LexLife India.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s