In 2021, The Ministry of Electronics and Information Technology notified the new Information Technology Rules, 20211 (Intermediary Guidelines and Digital Media Ethics Code) under Section 87 of the Information Technology Act, 2000 (“IT Act”) and in supersession of the Information Technology (Intermediaries Guidelines) Rules, 2011.
As per Section 2(1)(w) of the IT Act, an “Intermediary” concerning any particular electronic records means any person who, on behalf of another person, receives, stores, or transmits that record or provides any service for that record and includes:
- Telecom service providers.
- Network service providers.
- Internet service providers.
- Web-hosting service providers.
- Search engines.
- Online payment sites.
- Online-auction sites.
- Online-market places.
As per Rule 2(1)(w) of the Intermediary Rules, a “social media intermediary” means an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.
As per the Intermediary Rules, vide notification dated 25th February 2021, a social media intermediary with fifty lakh registered users in India or above specified as threshold notified by the Central Government shall be considered a significant social media intermediary.
Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 Required Compliances
Under Rule 3, an Intermediary is required to comply with the following requirements, which are binding on an intermediary in India:
- belongs to another person and to which the user does not have any right;
- is defamatory, obscene, pornographic, pedophilic, invasive of another‘s privacy, including bodily privacy, insulting or harassing on the basis of gender, libelous, racially or ethnically objectionable, relating, or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force;
- is harmful to a child;
- infringes any patent, trademark, copyright, or other proprietary rights;
- violates any law for the time being in force;
- deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact;
- impersonates another person;
- threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation;
- contains a software virus or any other computer code, file, or program designed to interrupt, destroy or limit the functionality of any computer resource;
- is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity, or agency for financial gain or to cause any injury to any person;
- 1.4. An intermediary, on whose computer resource the information is stored, hosted, or published, upon receiving actual knowledge in the form of an order by a court of competent jurisdiction or on being notified by the Appropriate Government or its agency under clause (b) of sub-section (3) of section 79 of the Act,
- shall not host, store or publish any unlawful information, which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India;
- security of the State;
- friendly relations with foreign States; public order;
- decency or morality; contempt of court;
- defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force, and shall remove or disable access to that information, as early as possible, but in no case later than thirty-six hours from the receipt of the court order or on being notified by the Appropriate Government or its agency.
- 1.6.Any information which has been removed or access to which has been disabled, the intermediary shall, without vitiating the evidence in any manner, preserve such information and associated records for one hundred and eighty days for investigation purposes, or for such longer period as may be required by the court or by Government agencies who are lawfully authorized.
- 1.7.Where an intermediary collects information from a user for registration on the computer resource, it shall retain his information for a period of one hundred and eighty days after any cancellation or withdrawal of his registration.
- 1.8.The intermediary shall, as soon as possible, but no later than seventy-two hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorized for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention, detection, investigation, or prosecution, of offences under any law for the time being in force, or for cyber security incidents.
- 1.9.The intermediary shall not knowingly deploy or install or modify the technical configuration of a computer resource or become party to any act that may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force.
- 1.10. The intermediary shall report cyber security incidents and share related information with the Indian Computer Emergency Response Team in accordance with the policies and procedures as mentioned in the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 20133.
- 1.11. The intermediary shall prominently publish on its website, mobile-based application, or both, as the case may be, the name of the Grievance Officer and his contact details as well as the mechanism by which a user or a victim may make a complaint against violation of the provisions of this rule or any other matters pertaining to the computer resources made available by it, and the Grievance Officer shall
- (i) acknowledge the complaint within twenty-four hours and dispose of such complaint within a period of fifteen days from the date of its receipt;
- (ii) receive and acknowledge any order, notice, or direction issued by the Appropriate Government, any competent authority, or a court of competent jurisdiction.
- 1.12. The intermediary shall, within twenty-four hours from the receipt of a complaint made by an individual or any person on his behalf, in relation to any content which is prima facie in the nature of any material which exposes the private area of such individual, shows such individual in full or partial nudity or shows or depicts such individual in any sexual act or conduct, or is in the nature of impersonation in an electronic form, including artificially morphed images of such individual, take all reasonable and practicable measures to remove or disable access to such content which is hosted, stored, published or transmitted by it. The intermediary shall implement a mechanism for the receipt of aforesaid complaints which may enable the individual or person to provide details, as may be necessary, in relation to such content or communication link.
ADDITIONAL COMPLIANCE MEASURES FOR SIGNIFICANT SOCIAL MEDIA INTERMEDIARIES
In case, an intermediary qualifies as a social media intermediary as per the definition given under the Intermediary Rules and has more than 50 lakh users, then such intermediary has to comply with the additional compliances as provided under Rule 4 of the Intermediary Rules.
PROCEDURE AND SAFEGUARDS IN RELATION TO NEWS AND CURRENT AFFAIRS
In addition to the above compliances, an intermediary in relation to news and current affairs content shall publish, on an appropriate place on its website, mobile-based application, or both, as the case may be,
- a clear and concise statement informing publishers of news and current affairs content that in addition to the common terms of service for all users,
- such publishers shall furnish the details of their user accounts on the services of such intermediary to the Ministry about the details of its entity by furnishing information along with such documents as may be specified, for the purpose of enabling communication and coordination within a period of thirty days
- and shall publish periodic compliance reports every month mentioning the details of grievances received and action taken thereon.
CODE OF ETHICS AND PROCEDURE AND SAFEGUARDS IN RELATION TO DIGITAL MEDIA
As per Rule 2(1)(i) of the Intermediary Rules “digital media‘ means digitized content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited, or processed by-
(i) an intermediary; or
(ii) a publisher of news and current affairs content or a publisher of online curated content;
(iii) Under part III of the Intermediary Rules, additional rules have been framed specifically for publishers of news and current affairs content and publishers of online curated content and such entities shall be administered by the Ministry of Information and Broadcasting, Government of India.
NON-OBSERVANCE OF RULES
Where an intermediary fails to observe these rules, the provisions of sub-section (1) of section 79 of the IT Act (safe harbor immunity for an intermediary) shall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the IT Act and the Indian Penal Code, 1860.