Image Source:

This article is written by Suchandra Mukherjee, pursuing Diploma in Law Firm Practice: Research, Drafting, Briefing and Client Management from LawSikho. The article has been edited by Amitabh Ranjan (Associate, LawSikho) and Dipshi Swara (Senior Associate, LawSikho).


On 25th February, 2021, The Ministry of Information Government of India enacted new IT Rules for social media channels and OTT platforms which created a surge of tension under the country’s democratic line. As per new IT  Rules 2021, our social media platforms such as Facebook, Twitter, WhatsApp, Signal, and other messaging apps, as well as OTT platforms such as Netflix, Amazon Prime, and digital news, need to have a thorough mechanism for grievance redressal and cannot be given the status of protection. Because of these rules, there are a lot of controversies, especially concerning our freedom of speech and expression and our right to privacy.

The regulation has been named “Information Technology Rules, 2021 (Intermediary Guidelines and Digital Media Ethics Code)“. The Rules were drafted in accordance with Section 87(2) of the Information Technology Act of 2000, which grants the Central Government the authority to make rules in accordance with this Act’s provisions. Similar provisions existed previously under the Information Technology (Intermediary Guidelines) Rules 2011, which have now been repealed.

Download Now

Various experts have given their personal opinions on this regulation, but before we get into it further, let us know what these rules are and how these changes in regulation would affect us.

These rules were published in the official gazette by the government. It is divided into 3 parts:

  • Part 1 contains the definitions and terms of these Intermediaries Rules.
  • Part 2 focuses on social media platforms like WhatsApp, Facebook, Telegram, Twitter.
  • Part 3 is all about OTT platforms and digital news.

As per the guidelines: 

  1. Social media need to abide by the laws in India- Social media platforms are being encouraged by the government of India to do their business in India but, they also need to follow the Indian laws and need not violate the provisions of the constitution of India. 
  2. Social media can be used freely for questioning or criticism-The major social media platforms that are active in India are WhatsApp, Facebook, Instagram, Twitter and YouTube and as a basic fundamental right to express our views the users are entitled to ask questions, freely share their views on any government issues, as an essential element of Democracy. 
  3. Accountability- In the digital era with increased empowerment and also with an increase in misuse and abuse, social media platforms need to be accountable for all kinds of misuse.
  4. Redressal Mechanism- There is a need for a redressal mechanism for timely resolution of grievances, grievance redressal system has also been provided while uploading journalistic and creative freedom.
  5. The framework suggested is progressive and open to new ideas.
  6. The rules don’t intend to violate the freedom of speech and expression- The suggested framework addresses people’s concerns without infringing their right to freedom of speech, expression and thoughts of the users regarding any matter concerning the new regulations. 
  7. Differentiation has been made in terms of viewership- There is a difference between viewership in a theatre, television and watching it on OTT platforms.
  8. Intermediaries- These regulations are primarily focused on Intermediaries. 

As this regulation focuses on Intermediaries let us understand the concept of ‘Intermediaries’.

What is an intermediary?

An intermediary is a third-party service that acts as the link between people or two parties to convey a message or bring about an agreement or both.

For example; suppose there is a toothpaste manufacturing company that delivers its products to a local store and when you want to buy the toothpaste, you go to the local store. The local shop or the shopkeeper has neither made the toothpaste (i.e., not a manufacturer) nor they are using it (i.e., not a consumer). They are just taking the toothpaste from the company and selling it to us. In such a case the store is an Intermediary. Intermediaries are companies that facilitate this for both parties. A third party facilitates the execution of a transaction between two parties. It is because of them that the two parties have reached an agreement.

What intermediaries are there in this context? These kinds of Intermediaries are known as Internet Intermediaries. Facebook is an internet intermediary that allows you to communicate with your friends. In this case, Facebook acts as a middleman. The Intermediaries enjoy some legal privileges.

Understanding intermediaries with the help of case laws

Avnish Bajaj vs State 

On, a fourth-year IIT Kharagpur student had posted an obscene MMS for sale. @125/piece. It wasn’t immediately obvious that it was an MMS video. Until someone clicks on it, that is. removed it from their website when it was brought to their attention. Because pornography is banned in India and the two people in the video were under the age of 18, the Delhi police’s crime section took cognizance of the situation and filed a charge sheet against the IIT student who posted the video on the internet. Another charge sheet was also filed, this time against the owner of the account.

According to section 79 of the IT Act, intermediaries are provided immunity against any third-party information or data they provide.  However, this safe harbor is subject to Sub-clause (2) and (3) of Section 79 of the IT Act. 

Now, the question arises whether it is right to blame the owner of the website?

Because the website owner was unaware that the content was inappropriate, they removed it when they discovered it. Regardless, the website is still being investigated as a suspect. Would it be appropriate for the authorities to arrest a small Kirana store owner for selling dangerous toothpaste if the shopkeeper does not know that the toothpaste has any flaws or that harmful ingredients are in the product OR should the toothpaste manufacturer be held solely responsible? 

The answer is self-evident from a logical standpoint. The court has ruled on this as well, and in the case of, the court stated that the owner of the domain is the owner of the website and will not be at fault when the users put some objectionable content on it. It is the sole responsibility of the users.

Conduit Laws – According to sec 79 of the IT Act all these Intermediaries are protected by some immunities known as the Conduit Laws because they don’t regulate the content unless a complaint is received under the authority of law. 

A famous example where a blog post had published some defamatory content against Dr Ashwin, a city-based cardiologist, his primary issue being Google Inc. allowing those blogs to post such defamatory content, to which Google said that they were only the medium/conduit, and were helpless to monitor what is being posted all the time. 

Shreya Singhal vs. UOI

In the famous Shreya Singhal vs. UOI on Section 66A of the IT Act 2000, the Supreme Court struck down as there was no clear definition for the words/clauses used in the following section.

The section basically deals with those acts that involve punishment due to offensive, fake messages through a communication device or computer resource which becomes the cause of causing annoyance, danger, criminal intimidation, insult, injury or inconvenience to some other person, then that person who has caused such would be criminally liable under this section of the IT Act.

The court in this case focused on a very important factor regarding the elements that constitute real knowledge under the Intermediary guidelines. It was held that knowledge constitutes upon being notified by the court or an appropriate government, and also said that if any intermediary fails to remove such content after receiving actual knowledge that such content is unlawful then it will lead to loss of the intermediary status and breach of due diligence.

Why is regulation required?

With the increase in usage of social media platforms and after the shift of the massive industry to IT-based platforms, social media giants and tech corporations have expanded their footprints in India, and with such expansion of usage by common people the misuse of these technologies is also being exercised. Rampant abuse such as Child pornography, fake news, revenge porn, abusive language, defamatory, and obscene contents have often threatened the dignity of women and hurts the religious sentiments which further results in the spread of disharmony, anti-national elements and to curb all such activities are like a challenge for the law enforcement agencies. In India, there was no such specific complaint redressal system for which user’s complaints could get redressed within a specific time period. Lack of transparency and absence of a robust redressal system has made the users fully dependent on the whims and fancies of such social media platforms, without giving any opportunity of being heard. Therefore, these regulations will act as a deterrence for such content and make the process more fair and transparent.

The rules

Intermediaries have been categorized into:

  • Social media intermediaries – This states that all due diligence is needed to be followed by all social media intermediaries.
  • Significant social media intermediaries – This states that all the additional due diligence that needs to be followed by intermediaries with more than 50 lakh users need to follow some extra set of rules.

Rules to be followed by intermediaries:

Social media intermediaries

Due Diligence

As per section 79 (2)(c) of the IT Act, a platform qualifies as an Intermediary only if it observes the due diligence as mentioned in the section and the guidelines as mentioned by the central government. Due diligence has not been defined and has been left to the interpretation of the courts. 

As observed in the landmark judgment of My Space Inc. v Super Cassettes Industries Ltd. Myspace was the owner and operator of a social media website, where a third party could upload and view content, no changes were made in the content uploaded by the users, except additional advertisements being added. The court was to decide that whenever any third-party uploads objectionable content, what is the extent of liability of the platform and whether due diligence was enough in the publication of rules, privacy policy, regulations, and user agreement.  The court in evaluating the extent of liability of the intermediary, decided on the concept of knowledge as mentioned under Section 79(3) sub-clause (b) of the IT Act was knowledge based on specific information given by the person whose work was being infringed by the content uploaded on Myspace, which practically translated to the owner of a work providing specific URL addressed where the infringing content was located.

Grievance redressal system 

Grievance includes any formal complaint regarding any content, duties of intermediary-related issues, or other concerns relevant to the computer resource of the intermediary or the publisher under the Act. Such a grievance redressal system should be developed to resolve any such complaints from victims/users. A special Grievance Redressal system needs to be set up where an officer shall be appointed, and the name and contact details of such officer are to be shared by the intermediaries, to deal with such complaints. Within 24 hours complaints would be acknowledged and resolved within fifteen days from the date of its receipt.

Online safety

Dignity and online safety of the users, especially women’s must be ensured by the Intermediaries, and access to the social media platform by such offenders should be restricted to access within 24 hours of the receipt of the complaint. 

Voluntary mechanism

A voluntary user verification mechanism has to be adopted by these Intermediaries, which would give users confidence about the authenticity of the information on the verified accounts. This mechanism is similar to that of the regular KYC verification system used for online services.

Unlawful information

Intermediaries must remove such information which is against the law immediately upon gaining such knowledge, due to certain court orders or any appropriate government platform, and such information must not be published. 


All the mentioned rules in the guidelines shall come into effect within 3 months after the publication of the regulation.

Significant social media intermediaries

First originator

According to the new rules social media companies need to disclose the first originator for any investigation related purposes in relation to offences such as rape, death threats, sexually explicit materials, things which can destroy the harmony of the state, be a threat to the friendly relation between states etc., but as claimed by WhatsApp itself that all the chats of the users are protected with end-to-end encryption which means that no third party, not even WhatsApp can read those private chats, but to comply with the new rules and to disclose the first originators name such privacy policy needs to be modified. In this clause the major contention lies as the privacy of the individuals would be violated. In this case, Intermediaries need not disclose that content to the first originator.


Certain officers’ resident in India needs to be appointed for performing certain specific roles as follows:

  1. Chief Compliance Officer: Who has to be a resident in India and will be responsible for checking in compliance with all the rules and regulations.
  2. Nodal Contact Person: A chief nodal person who will be responsible for ensuring coordination with the law Agencies.

Monthly compliance report

A monthly compliance report needs to be published which will contain all the complaints and contents that are removed by the social media platforms while taking action.

What are OTT Platforms?

The IT Rules, 2021 have also attempted to improve the OTT Platforms (such as Netflix, Amazon Prime, and Disney+Hotstar).

Parental Control and Age Group Classification: –

The OTT Platforms must self-categorize their content into five age groups. 

  • U (Universal), 
  • U/A 7+,
  • U/A 13+, 
  • U/A 16+, and 
  • A is the age group (Adult)

The Code of Ethics also contemplates that the platforms must adhere to the age limit and may require parental control or locks for those of appropriate ages. One of the most important points at this point is that the Rules mention AI Automated Censorship.


Data retention period

As per the new regulations, the Data Retention Period has been doubled to 6 months for Investigation purposes. An organization should only retain data for as long as it’s needed. Retaining data longer than necessary takes up unnecessary storage space and costs more than needed. 

In a country where there are no robust data protection laws, increasing the data retention period may jeopardise users’ privacy.

Breaking of the encryption clause

The identification of the first originator means that the users’ chats/private messages will no longer be encrypted, and anyone can read those messages, making the individuals’ private data unsafe. Furthermore, there is no clear definition of what constitutes “public order,” and the authority to determine what constitutes “public order” and what does not, should be delegated to the judiciary rather than the executive.

On December 24, 2018, the Ministry of Electronics and Information Technology (MEITY) released proposed regulations for public feedback. Individuals, civic society, industrial associations, and organizations submitted 171 comments to MEITY. There were also 80 counter-comments to these comments. These remarks were thoroughly examined, and an inter-ministerial meeting was convened, following which these rules were finalized. There are many stakeholders in India, but only 171 people have commented. Therefore, it’s not a very good statistic as there are millions of users but only 171 and 80 counter comments were received by the government.

This is a mistake on both sides; we have provided very little input to the government, and the administration has not informed the public, which is why the majority of people have not been notified. 


Every individual should be given the right to express their thoughts clearly when they believe that any government policy violates their fundamental rights, and if anything gets labelled as ‘against public order’ while expressing such opinions, it is an infringement on the fundamental rights of the individuals. Whenever any citizen feels that any content incites violence, they can easily take that issue to the respective courts in order to get an appropriate remedy. The rules are currently under scrutiny and many have said these rules to be anti-democratic and infringing the rights of the individuals. 

The rules with a robust data protection law can play a significant role in evaluating the social media and OTT platforms and can take proper steps to control social media misuse in the future. As social media platforms can be used to ask questions and receive criticism, therefore, such tools should be used wisely. Digital India has empowered its users with rights to use social media platforms and express their views but the misuse and abuse practised by certain users also need to be scrutinized to make them accountable for such actions.  The framework proposed is progressive and aims to address people’s various concerns while dispelling any misconceptions.



Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here