Digital intermediary guidelines evoke a wave of litigation in India
Managing IP is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2023

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Digital intermediary guidelines evoke a wave of litigation in India

Sponsored by


Ranjan Narula of RNA, Technology and IP Attorneys takes a look at the new due diligence mechanism and considers why this has caused a backlash

On February 25 2021, the Indian government notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which replaced the Information Technology (Intermediaries Guidelines) Rules, 2011.

While the 2011 rules applied only to intermediaries, the new rules have been expanded to cover online news content and over-the-top (OTT) platforms. As per the government, the latest rules are designed to ensure that digital platforms such as social media sites, messaging apps, digital newspapers, and OTTs provide grievance redressal mechanisms to their users.

The social media intermediaries were provided three months, i.e. till May 25 2021, to comply with the rules.

As the deadline for intermediaries to comply with the guidelines was set to expire, a flood of litigation challenging various aspects of the new guidelines has been filed in different courts.

These include the Google search engine claiming they are an ‘aggregator’ and not an ‘intermediary’. Meanwhile, digital newspapers and other digital news platforms have filed a writ to challenge the rules, as they arguably seek to regulate digital news media by imposing a 'code of ethics' and vest the power of interference ultimately with the central government as the chief regulator. News platforms have also argued that the regulation and oversight by the government or its agents cannot be prescribed by the rules when not contemplated by the parent act (in this case, Information Technology Act).

New due diligence rules

The due diligence mechanism by the intermediary, as per the new guidelines, includes:

1. Publishing rules and regulations, privacy policy, and user agreement for access by any person on its website and mobile app and informing them not to host, display, upload, modify, publish, transmit, store, update or share any information that:

  • Belongs to another person and to which the user does not have a right;

  • Is defamatory, obscene, pornographic, invasive of another's privacy, or encourage money laundering or gambling or anything inconsistent with or contrary to the laws in force;

  • Is harmful to the child;

  • Infringes any patent, trademark, copyright or other proprietary rights;

  • Deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is false or misleading in nature but may reasonably be perceived as a fact; and

  • Threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order. 

2. Remove the offending content upon receiving actual knowledge in the form of a court order or upon being notified by the government or agency envisaged under Section 79 of the IT Act, within 36 hours of the receipt of a court order.

3. Information that has been removed and disabled by the intermediary shall be retained for 180 days or longer, as it may be required by the court or government.

4. The intermediary shall, within 72 hours of the receipt of an order, provide information under its control or possession, or assistance to the government agency for investigation or cybersecurity activities, for the purposes of prevention, detection, investigation or prosecution, of offences under any law.

Significant social media intermediaries

The difference has been carved out between social media intermediaries (SMI) and significant social media intermediaries (SSMI). The SSMI are classified as those with more than a registered user base of 5 million in India. For the first time, the new rules have put an onus on SMI to put in place a grievance redressal mechanism.

Towards this, the intermediary is required to publish (on its website and mobile app), the name of the ‘grievance officer’ and his contact details, as well as a mechanism for lodging the complaint. Strict timelines have been prescribed for grievance redressal:

  • Acknowledgement of complaint within 24 hours and adjudication of the complaint within 15 days; and

  • In case the complaint made is concerning any obscene/nude content, the intermediary is required to bring down the content within 24 hours. 

A higher threshold of compliance requirement is required for SSMI. The rules envisage SSMI to:

  • Appoint a chief compliance officer for ensuring compliance with the IT Act and rules. The officer shall be liable relating to any third-party information, data hosted by that intermediary where he fails to ensure that the intermediary observes due diligence while discharging its duties. The chief compliance officer should be a resident of India;

  • Appoint a nodal officer for coordination with law enforcement agencies, who should be resident in India; and for the

  • Appointment of a resident grievance officer, who should also be resident in India.

Furthermore, they are required to publish monthly compliance reports of the complaints filed and decided. They should also deploy automated tools to (a) proactively identify information that depicts any act or simulation depicting rape, child sexual abuse or conduct; and (b) any information which is identical in content to the information that has previously been removed.

Decryption of communication on demand

In general, national security, protection of law and order, and prevention of sexual crimes are why the government asks message service providers such as WhatsApp to identify the first originator of the information.

The SSMI argue there is no way to predict which message will be the subject of such a tracing order. Therefore, it will need to make changes in its app or platform. The new rules have caused a stir among messaging companies such as WhatsApp, Signal, and others. It seems that the new rules put a significant onus on them to comply with demand to provide information about their users' activity.

It further requires them to change their business model and stated policy that all communication on their platform is end-to-end encrypted. 

Just as the new rules were to come into the force, WhatsApp filed a writ before the Delhi High Court to challenge the rules. WhatsApp has objected to the traceability clause provided under Rule 4(2) that requires social media platforms to locate "the first originator of the information." 

The intermediaries also question the power given to the law enforcement agencies to seek information, and lack of clarity on the words used in the rules ‘sovereignty and integrity of India’, ‘the security of the state’, ‘friendly relations with foreign states’, or ‘public order’ that law enforcement agencies can exploit. Furthermore, in most countries, such orders are backed by a judicial order following due process of law. Thus in some sense, these rules give unfettered powers to the executive to demand decryption 

Working towards a common interest

As a business, no social media intermediary wants its platform to be used for criminal activities, distribute pornographic materials, or instigate violence. However, they are concerned about protecting the user's privacy and aim to provide space where an individual has the right to express himself. Thus, it is essential to define further and clarify the rules so that it does not curtail an individual's freedom, which may have a chilling effect on the use of social media.

In addition, from a technical point of view, it may be challenging to introduce traceability without breaking end-to-end encryption. Thus, all stakeholders should work together to find a solution that protects the interest of consumers and intermediaries and ensures that criminal activities are curtailed. 


Ranjan NarulaManaging partner, RNA, Technology and IP AttorneysE:

more from across site and ros bottom lb

More from across our site

Firms explain how monitoring, referrals and relationships with foreign firms helped them get more work at the TTAB
Luke Toft explains why he moved back to Fox Rothschild after working in-house at Sleep Number for five months
We provide a rundown of Managing IP’s news and analysis coverage from the week, and review what’s been happening elsewhere in IP
In a seminal ruling, the Beijing Internet Court said images generated by Stable Diffusion counted as original works
Boston-based John Lanza is hoping to work more with life sciences colleagues on the ‘exciting’ application of AI to drug discovery
The Delhi High Court has expressed its willingness to set global licensing terms in the Nokia-Oppo dispute, but it must deal with longstanding problems first
Some patent counsel are still encountering errors even though the USPTO has fully transitioned to the new system
A senior USPTO attorney spoke at a Nokia-sponsored event on the EU’s proposed SEP Regulation today, November 29
IP counsel are ‘flooded’ with queries from clients worried about deepfakes, but the law has so far come up short
Each week Managing IP speaks to a different IP practitioner about their life and career