Reading time: 8 minutes


In the Smartphones era, people find it difficult to stay away from mobiles. Smartphones started providing services such as money wallets, travel bookings, paying bills, entertainment, and essentials home delivery, etc., which made people think that living without a mobile is quite hard. Any service provided online must process data and data shall be transferred from one place to another, stored, and modified to provide a good experience for the customers or users. Data is a piece of information about any individual which can be personal in certain situations and the service providers processing the data should be regulated by the legislation. While the Data Protection Bill, 2019 has not been passed by the parliament yet, the new IT rules passed by the parliament shall provide protection to a minimum extent. The due diligence shall be followed by the intermediaries and publishers, the grievance redressal mechanism, and the code of ethics have to be followed as mentioned in the rules. These rules try to make the online space safer for the people and safeguard the privacy of an individual. The Companies providing services in India shall become compliant with the new rules to further provide services within the country.

Keywords: Data, IT rules, Intermediaries, Privacy, Compliant



Social Media usage has become one of the most daily routines of many people nowadays. Online markets have become so big in recent years and this covid-19 pandemic made people stay at home which resulted in people becoming more dependent on online services. While people getting used to the online way of life, there is a need for legislation to regulate online activities. Because a large amount of data is being collected and used by the online service providers such as any social media websites or applications, any shopping websites or applications, any food, and essentials delivery websites or applications. There is also a need for regulating the contents posted on social media. Social media was introduced to network with people and help people to connect with each other but lately, It has become a sensitive platform where controversies and allegations manufacture.

On 25th February 2021, The Government of India issued the Information Technology (Intermediary Guidelines and Digital Media Ethics code) Rules, 2021 ‘IT Rules 2021’. The Intermediary guidelines have been framed in exercise of powers under Section 87 (2) of the Information Technology Act, 2000. This rule replaces the Information Technology (Intermediary Guidelines) Rules, 2011 ‘IT Rules 2011’. The IT Rules 2011 could only regulate the intermediaries. The new set of rules apply to all the intermediaries as well as Online Content Creators and Over-The-Top (OTT) Platforms.

 The scope of the IT Rules 2021 is to safeguard the people from threats and dangers which they will come across on the online platforms and reduce unnecessary chaos in the society which are caused by the cyber-environment. It also enhances the protection of data collected by intermediaries. While, currently in India, we do not have any legislation for data protection as the Data Protection Bill, 2019 has not yet been passed by the parliament.

Due Diligence by an Intermediary

An Intermediary[1] shall follow the due diligence mentioned in the IT rules while performing its duties such as prompting the users about the privacy policy, user agreement, and rules and regulations of the website or mobile applications or both, after any major changes or within certain intervals (6 months or a year). The Intermediary shall inform the users through the privacy policy or user agreement or rules and regulations that not to host, display, upload, modify, transmit, store, update or store any information that:

  • Belongs to any other person which the user does not have any right.
  • Is defamatory, obscene, pornographic, paedophilic, invasive of another privacy etc.,
  • Is harmful to any child.
  • Violates any law for the time being in force.
  • Infringes any patents, copyrights, trademark, or any other proprietary rights.
  • Impersonates another person.
  • Threatens the unity, integrity, defence, security, or sovereignty of India, friendly relations with foreign States etc.,
  • Contains software virus or any other computer code which is deployed to interrupt, destroy, or limit the functionality of any computer resource.
  • Is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity, or agency for financial gain or to cause any injury to any person.

The intermediary shall not store, host, or publish any unlawful information which violates any law for the time being in force, and shall remove or disable access to that information as early as possible and not more thirty-six hours in any condition from the receipt of the court order from the competent jurisdiction or on being notified by the government agency. Any information collected by the intermediary shall be retained for a period of one hundred and eighty days after the cancellation or withdrawal of his/her registration. The intermediary shall report to the Indian Computer Emergency Response Team in case of any cyber-security issues.

Grievance Redressal Mechanism

The Grievance officers’ details shall be published on the intermediary’s website, mobile application, or both, any user can raise a complaint against any violation of the provision of their policies or any other matters regarding the service provided. The grievance officer shall acknowledge any complaint within twenty-four hours and dispose of that complaint within fifteen days from the date of its receipt and acknowledge any orders or notifications from the appropriate government, any competent authority, or a court of competent jurisdiction. Any complaint in which prima facie is related to exposure of the private area of such individual, show such individual in full or partial nudity or depicts any sexual content and any kind of morphed images, The grievance officer shall take reasonable and practicable measures to remove or disable access to such content hosted or published by the intermediary.

More Safety Exercises to be performed by Social Media Intermediary

A Chief Compliance Officer, a nodal contact person, and a Grievance Compliance Officer are to be appointed by the intermediary. All of them should be residents in India. The Chief Compliance Officer mainly has to ensure compliance with the Act. The nodal contact person has to cooperate with the Government agencies as mentioned in the Act. The Grievance officer has to perform the functions discussed above.

Any social media intermediary providing messaging services shall identify the first originator of the information on its computer resource when requested with an order from a judicial authority of competent jurisdiction or any other competent authority under Section 69 of the Information Technology Act, 2000 and the directions issued under Information Technology (Procedure and Safeguards for the interception, monitoring, and decryption of information) Rules, 2009. For the prevention, detection, investigation, prosecution, and prohibition of an offense that can be a threat to the country in various ways.

Any information hosted, displayed, or transmitted by the intermediary targeting the receiver of the information for advertising, marketing, sponsored, owned, or exclusively controlled shall make it identifiable appropriately.

The intermediary can take advantage of utilizing the technology-based and automated tools such as artificial intelligence for the surveillance of information that is hosted, displayed or transmitted and warn the user of any prohibited contents that he/she tries to transmit, host, or display.

The social media intermediary providing services in India shall have a physical contact address in India which shall be published on its website, mobile application, or both. The intermediary shall implement the grievance redressal mechanism as mentioned in the Act. The intermediary shall verify the information of the users from India using active Indian Mobile numbers and provide a mark of verification for the verified users.

Three-tier Regulating Mechanism

We talked a lot about the intermediaries above. As the cyber-environment is much wider, the publishers[2] play the next major role in online services. For addressing the grievances about publishers as mentioned in the rules, there shall be a three-tier structure:

  • Level 1 – Self-regulation by the publishers.
  • Level 2 – Self-regulation by self-regulating bodies of the publishers.
  • Level 3 – Oversight Mechanism by the Central Government.

Self-regulation by the publishers

The publisher shall appoint a grievance officer who is a resident in India. The grievance officer will be the nodal point between the complainant, self-regulating body, and the Ministry. He/she will perform the similar work that we discussed above in the Grievance Redressal Mechanism.

Self-regulating bodies of the publishers

The self-regulating body shall be headed by a retired judge of the Supreme Court, a High Court, or an expert on the field of media, broadcasting, entertainment, child rights, human rights, or such relevant fields, and have other members from such related fields not exceeding six. This body shall hear appeals filed by the complainants against the publishers and the complaints that could not be resolved by the publishers until the given time. It advises the publishers by the grievances such as warning the publisher, requiring an apology by the publisher, or requiring the publisher to include a disclaimer, etc., In case of deleting or modifying content, the self-regulating body shall refer such content to the Ministry for consideration by the Oversight Mechanism.

Oversight Mechanism by the Central Government

The Ministry shall publish a charter for self-regulating bodies, including a code of practices for such bodies. It shall establish an Inter-Departmental Committee consisting of representatives from Ministry of Information and Broadcasting, Ministry of Women and Child Development, Ministry of Law and Justice, Ministry of Home Affairs, Ministry of Electronics and Information Technology, Ministry of External Affairs, Ministry of Defence, and such other Ministries and Organisations, including domain experts, that it may decide to include in the committee. The committee shall meet periodically and hear the grievance that is not resolved by Level 1 or 2 within the time specified or referred to it by the Ministry.

The Ministry shall appoint an officer not below the rank of Joint Secretary to the Government of India, as the Authorised Officer to issue directions. The Authorised Officer shall place the matter for consideration before the Secretary, Ministry of Information and Broadcasting for taking the appropriate decision, on approval of the decision of the Secretary, He/she shall direct the publisher, any agency of the government or any intermediary, to delete or modify or block the content from its computer resource for public access within the time limit specified in the direction. If not approved by the Secretary, The Authorised Officer shall convey the message to the committee.

Blocking of Information in case of emergency

In case of emergency nature, The Authorised Officer shall examine the content and consider it whether it is within the grounds of sub-section (1) of section 69A of the Information Technology Act, if it is necessary or justifiable to block the information, He/she shall escalate the issue to the Secretary, Ministry of Information and Broadcasting with a specific recommendation. If the secretary approves the decision, the hosted information is removed from public access from the computer resource of the publisher or intermediary. Then, the Authorised Officer shall bring the request for permanent removal of that content before the committee for its consideration and recommendation. On the recommendation of the committee, the Secretary shall approve the final order for request, if the request for permanent removal is not approved by the secretary, the interim direction issued by the Authorised officer shall be revoked and the publisher, individual or intermediary in control of such information shall unblock the hosted information for public access.

Furnishing and Disclosure of Information

A publisher of news and current affairs content and a publisher of online curated content operating in the territory of India shall inform the Ministry about the details of its entity by furnishing information along with the related documents for purpose of enabling communication and co-ordination and shall be done within a period of thirty days of the publication of these rules, and if a publisher begins the operation after the commencement of these rules, it shall furnish information to the Ministry within thirty days from the inauguration of its operation within the territory of India. The publisher shall publish periodic compliance reports every month about the grievance received and actions taken.

The publisher shall disclose all the information about the grievances received and actions were taken regarding the grievance publicly and update it every month. It shall preserve the records of content transmitted by it for a minimum period of sixty days and make it available to the self-regulating body or central government, or any other government agency, as may be demanded the implementation of these rules.

Code Of Ethics

Contents prohibited under any law for the time being in force shall not be published. The publisher should consider various factors such as sovereignty and integrity of the country, contents that endanger or jeopardize the state’s security, maintenance of public order, and friendly relations with foreign countries.

Contents shall be classified under several ratings such as:

  • Content which is suitable for children as well as adults – “U”.
  • Content which is suitable for children aged 7 years and above, and children under the age of 7 years shall be viewed with parental guidance – “U/A 7+”.
  • Content which is suitable for children aged 13 years and above, and children under the age of 13 years shall be viewed with parental guidance – “U/A 13+”.
  • Content which is suitable for children aged 16 years and above, and children under the age of 16 years shall be viewed with parental guidance – “U/A 16+”.
  • Content which is restricted to adults – “A”.

Content can also be classified based on themes and messages, violence, nudity, sex, language, drug and substance abuse, and horror as described in the Schedule of the rules which may be modified from time to time by the Ministry of Broadcasting and Information.

The publisher shall ensure that access control mechanisms including parental locks, reliable age verification mechanisms are made available for such content and take all reasonable efforts to restrict content that is classified as “A” from the children.


Recently, WhatsApp banned twenty lakh Indian users for “harmful behavior” during May. And the parent company, Facebook, reported taking down nearly 3.2 crore posts that were prohibited from hosting as per the IT rules 2021. The disclosure of this information is also a part of these rules. Also, WhatsApp and Facebook reported that they received many complaints from the users regarding fake profiles, hacking of accounts, obscenity, etc.,[3] These rules provide additional safety to the users and the service providers in all aspects. The IT rules should be updated from time to time as there is a constant change in the cyber-environment. Privacy has become a word that everyone will come across daily in their life, the data that we provide in these online platforms are being stored by them in a highly secured manner but still there is always a risk or a loophole. The cyber-world is a zero-day environment and there is always a 0.001% chance for data breaches, so these regulations provide alternative measures to make after a data breach or a cyber-security issue for the users and service providers.


  • Information Technology (Intermediary Guidelines and Digital Media Ethics code) Rules, 2021.
  • Information Technology Act, 2000.

[1]The Information Technology Act, 2000, s. 2(w) defines ‘intermediary’ as any person, who on behalf of another person receives, stores, or transmits that record, or provide any service concerning that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places, and cyber cafes.

[2]The Information Technology (Intermediary Guideline and Digital Media Ethics code) Rules, 2021, s. 2(s) defines a publisher as a publisher of news and current affairs content or a publisher of online curated content.

[3] Pankaj Doval, “WhatsApp bans 20 lakh Indian users”, Times of India, July 16, 2021, available at <WhatsApp bans 20 lakh Indian users | India News – Times of India (> (last visited on July 19,2021)

Author: Rishi Nandhan R B, Presidency University, Bangalore

Editor: Kanishka VaishSenior Editor, LexLife India.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s