India Information Technology Rules – 2021

July 21, 2021

Information technology law or cyberlaw concerns the law of information technology, including computing and the internet related to legal informatics, and governs the digital dissemination of both (digitized) information and software, information security, and electronic commerce aspects and it has been described as "paper laws" for a "paperless environment". IT Rules raises specific issues of intellectual property in computing and online, contract law, privacy, freedom of expression, and jurisdiction.


The IT Act, 2000 came into force on 17 October 2000.


The Information Technology Act, of 2000, serves as a useful illustration of the dearth of dynamism in digital rule-making in India. Though the Information Technology Act, of 2000 forms the legislative bedrock of the country’s online edifice, it has only been significantly amended once in 2008; while it witnessed minor revisions from time to time since then, these were largely informed by political exigencies rather than any long-term digital vision.


The IT Rules should grant legal sanction to officers for processes involving the collection and preservation of electronic evidence. Though the IT Act and its accompanying rules hint at these norms there is nothing in the way of a concrete playbook that informs cyber-policing capabilities. As such, a majority of cybercrime cases in India are left unreconciled. Illustratively, according to a report by the National Crime Records Bureau, only 38% of the 24,187 cybercrime incidents reported in 2016 were disposed of by the end of the year.


Amidst growing concerns around the lack of transparency, accountability, and rights of users related to digital media and after elaborate consultation with the public and stakeholders, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 has been framed in exercise of powers under section 87 (2) of the Information Technology Act, 2000 and in supersession of the earlier Information Technology (Intermediary Guidelines) Rules 2011.


New Guidelines for Social Media/Intermediaries:

Categories of Social Media Intermediaries:

Based on the number of users, on the social media platform intermediaries have been divided into two groups:
  • Significant social media intermediaries.
  • Due Diligence to be Followed by Intermediaries: In case, due diligence is not followed by the intermediary, Safe Harbor Provisions will not apply to them.
The safe harbour provisions have been defined under Section 79 of the IT Act, and protect social media intermediaries by giving them immunity from legal prosecution for any content posted on their platforms.

Grievance Redressal Mechanism is Mandatory:

  • Intermediaries shall appoint a Grievance Officer to deal with complaints and share the name and contact details of such officers.
  • The Grievance Officer shall acknowledge the complaint within twenty-four hours and resolve it within fifteen days from its receipt.

Ensuring Online Safety and Dignity of Users:

  • Intermediaries shall remove or disable access within 24 hours of receipt of complaints of contents that expose the private areas of individuals, show such individuals in full or partial nudity or in sexual activity or is in the nature of impersonation including morphed images etc.
  • Such a complaint can be filed either by the individual or by any other person on his/her behalf.

Additional Due Diligence for the Significant Social Media Intermediaries:

  • Appointments: Need to appoint a Chief Compliance Officer, a Nodal Contact Person, and a Resident Grievance Officer, all of whom should be residents of India.
  • Compliance Report: Need to publish a monthly compliance report mentioning the details of complaints received and action taken on the complaints as well as details of contents removed proactively.

Enabling Identity of the Originator:

  • Significant social media intermediaries providing services primarily in the nature of messaging shall enable the identification of the first originator of the information.
  • Required only for the purposes of prevention, detection, investigation, prosecution, or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign states, or public order.
  • Or incitement to an offence relating to the above or in relation to rape, sexually explicit material, or child sexual abuse material punishable with imprisonment for a term of not less than five years.

Removal of Unlawful Information:

  • An intermediary upon receiving actual knowledge in the form of an order by a court or being notified by the Appropriate Govt. or its agencies through an authorized officer should not host or publish any information which is prohibited under any law in relation to the interest of the sovereignty and integrity of India, public order, friendly relations with foreign countries, etc.

Grievance Redressal Mechanism: 

A three-level grievance redressal mechanism has been established under the rules with different levels of self-regulation.
  • Level-I: Self-regulation by the publishers
    • The publisher should appoint a Grievance Redressal Officer who is a resident of India.
    • The officer should take his/her decision on complaints within 15 days.
  • Level-II: Self-regulation by the self-regulation bodies of the publishers
      • The self-regulating bodies of the publishers should register themselves with the Ministry of Information & Broadcasting.
        • One publisher can have more than one self-regulating body.
          • Such bodies would be headed by a retired judge of the Supreme Court, a High Court, or an eminent independent person and shall not have more than six members.
            • This body should oversee that the publisher adheres to the Code of Ethics.
              • The body will also address grievances that are not resolved within 15 days by the publisher.
            • Level-III: Oversight mechanism
              • An oversight mechanism will be framed by the Information and Broadcasting Ministry.
              • It shall publish a charter for self-regulating bodies, including Codes of Practice.
              • It shall also establish an Inter-Department Committee for hearing grievances. 

            Self-regulation by the Publisher:

            • Publisher shall appoint a Grievance Redressal Officer based in India who shall be responsible for the redressal of grievances received by it.
            • The officer shall take a decision on every grievance received within 15 days.

            New IT Concerns

            Some of the concerns expressed about these new Rules are mentioned below.

            Some people say that instead of soft-touch monitoring, the government has opted for predatory new rules.
            • The mandate that social media intermediaries should help authorities trace the first originator of contentious messages can be problematic, experts opine. Tracking the first originator would entail storing sensitive information or breaking end-to-end encryption protocol, moves that could weaken overall security. Here, the users’ right to privacy could be potentially violated. The issue gets even more complicated if the message originator is outside India.
            • While many laud the steps to mitigate and penalize child sexual abuse online, some worry that the lack of nuanced automated tools to filter material could have a deleterious effect on free speech.

            We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

            No comments:

            Post a Comment

            Subscribe to: Post Comments (Atom)