This article is written by Vasundhara Sinha, BA, LL.B (Hons.), O.P. Jindal Global University during her internship with the Le Droit India

ABSTRACT 

With the rapidly expanding online space, the government has brought about the IT rules of 2021, to regulate the online spaces and enforce accountability on all members. However, as an all matter of free speech, the government must walk the fine line between regulation and censorship, making digital platforms safe spaces, but not stifle the tenets of free speech. This article explores whether the government of India has succeeded in its ambitions or is there still a lot left to be desired. 

Keywords: Tech, AI,rules, IT Rules 202, Shreya Singal vs UOI, IT and Law, Social media, Intermediaries. 

Introduction

One of the benefits of living in the Information age is: everyone knows everything. One of the downsides of living in the information age is: everyone knows everything.The surplus of information in today’s day and age has provided access to unprecedented amounts of data, readily available at the swipe of a few keys. However, the downside of the floodgates of information opening are that there are many social media gurus available, who claim to simplify quantified data to the laymen. This has often resulted in a manipulation of facts, stats and numbers to suit certain narratives. With a large majority of the world relying on social media for news, views and everything else, it becomes important for the governments to ensure that these spaces and the people on them are not exploited. To control this, the government has come out with the IT rules to control social media mismanagement. 

Regulatory Framework Pre‑2021 

The legal framework governing social media in India before the implementation of the 2021 IT Rules was shaped by the Information Technology Act, 2000 (IT Act), which was India’s first attempt at regulating activities in the digital space. Enacted on June 9, 2000, the IT Act aimed to provide a primary basic regulation of the rapidly expanding technology space, in an increasingly globalized world. 

The Act increased the potential of e-transactions in India by providing legal recognition to electronic transactions and digital signatures, while also introducing provisions to address cybercrime.However, where the Act faltered was in the grey areas left for transaction intermediaries and absence of regulations of the social media platforms. . Section 79 of the IT Act offered a  basic safe harbour to intermediaries, shielding them from liability for user-generated content, but it lacked clear definitions or obligations, especially in light of rapid technological evolution and the growing misuse of online platforms.

The legal framework underwent significant changes through the Information Technology (Amendment) Act, 2008. This amendment broadened the definition of “intermediary” to include not just internet service providers (ISPs) and cyber cafes but also platforms like search engines and social media companies. The inadequacies in the existing framework came to light due to major cyber frauds and the listing of illegal materials on intermediary websites, where prosecution fumbled due to absentee provisions, creating an urgent need to clearly demarcate intermediary liability. The 2008 amendment provided a more robust safe harbour to intermediaries under Section 79, stating that they would not be liable for third-party content if they did not initiate or modify the transmission and exercised due diligence. This brought Indian law more in line with global standards such as the European Union’s E-Commerce Directive, which had similarly granted conditional immunity to online intermediaries.

However, even these amendments were not enough to cope with the rapidly expanding techscape. Definitions  remained vague, and the absence of detailed procedural requirements led to regulatory uncertainty. To address these shortcomings, the Ministry of Electronics and Information Technology notified the Information Technology (Intermediaries Guidelines) Rules, 2011. These rules outlined the due diligence obligations that intermediaries were required to fulfill in order to retain their safe harbour. The 2011 Rules mandated that platforms publish terms of use, privacy policies, and user agreements explicitly prohibiting the hosting or sharing of content deemed obscene, defamatory, hateful, or threatening to national security. The rules were streamlined to fit along with India’s penal laws and pushed a heavier liability on all parties involved. 

The 2011 Rules attracted substantial criticism from digital rights activists, legal scholars, and civil society organizations.One of the primary concerns raised were over words with highly subjective fault lines being  used to define prohibited content categories, such as content that is “grossly harmful,” “ethnically objectionable,” or “blasphemous.” This subjectivity opened the floodgates to arbitrary censorship and made it difficult for intermediaries to develop consistent content moderation policies. Another serious concern was the lack of procedural safeguards. The rules did not provide a mechanism for users to contest takedown decisions or for platforms to independently assess the legitimacy of complaints. This created a censorship blackhole, where intermediaries would often remove content preemptively to avoid legal risk, even when the content did not violate any laws.

The judicial response to these regulatory ambiguities came in the landmark Supreme Court decision in Shreya Singhal v. Union of India (2015). The Court struck down Section 66A of the IT Act, which had criminalized the sending of “offensive” messages through communication services, as unconstitutional on the grounds that it violated the right to freedom of speech under Article 19(1)(a). Importantly, the Court also interpreted Section 79 and the 2011 Rules, clarifying that intermediaries could only be required to remove content when directed to do so by a court or by an appropriate government agency, and not merely upon receiving user complaints. This interpretation aimed to protect platforms from the burden of having to adjudicate the legality of content, a task better suited for judicial authorities.

The Shreya Singhal judgment was hailed as a victory for free speech advocates and significantly altered the intermediary liability regime in India. However, it also left some questions unanswered. The judgment did not elaborate on what procedural safeguards should accompany government takedown orders, nor did it address the lack of transparency in content removal processes. Subsequent judicial decisions continued to refine the contours of intermediary liability. 

Despite these legal developments, the pre-2021 framework faced growing criticism for being inadequate in addressing new and complex challenges in the digital ecosystem. The rise of disinformation, online hate speech, child sexual abuse material, and threats to national security revealed the limitations of a regulatory regime that relied heavily on voluntary compliance and ex post enforcement. The procedural uncertainties left intermediaries in a difficult position: over-censor and risk accusations of violating free speech, or under-censor and face potential legal consequences. Moreover, the lack of specific provisions dealing with modern concerns such as data privacy, algorithmic transparency, and encrypted communications became increasingly apparent, especially after the Supreme Court recognized the right to privacy as a fundamental right in Justice K.S. Puttaswamy v. Union of India (2017).

The cumulative effect of these challenges led to growing consensus among policymakers that a more robust and forward-looking regulatory framework was needed. The government argued that existing rules were outdated and incapable of addressing the scale and complexity of content moderation, privacy protection, and platform accountability in the 21st century. This set the stage for the formulation and eventual implementation of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. While these rules aimed to fill the regulatory gaps, they have also raised new legal and ethical concerns, which will be examined in the subsequent sections of this article.

Key Provisions of the IT Rules, 2021

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, notified on February 25, 2021,brought about a significant overhaul of the intermediary liability and digital content regulation regime in India. Issued under Section 87 of the Information Technology Act, 2000, the Rules are divided into three parts. Part I includes definitions, Part II focuses on intermediaries including social media platforms, and Part III deals with digital news publishers and OTT content providers. These Rules aim to ensure greater accountability from digital intermediaries, especially those with a large user base, while also creating a new regulatory framework for digital media content.

A key feature of the 2021 Rules is the classification of intermediaries into two categories: ‘intermediaries’ and ‘significant social media intermediaries’ (“SSMIs”). SSMIs are defined as  social media platforms with over 5 million registered users in India. These platforms are subject to more stringent compliance obligations compared to smaller platforms. Among these obligations is the requirement to appoint a Chief Compliance Officer (CCO) who shall be responsible for ensuring compliance with the Rules. Additionally, SSMIs must appoint a Nodal Contact Person for 24×7 coordination with law enforcement agencies and a Resident Grievance Officer based in India to handle user complaints.

Under Rule 3 of the 2021 Rules, all intermediaries are required to publish rules and regulations, privacy policies, and user agreements that inform users not to host, display, upload, modify, publish, or share any content that is defamatory, obscene, pornographic, invasive of privacy, hateful, or otherwise unlawful. Intermediaries must also acknowledge user complaints within 24 hours and resolve them within 15 days. Further, intermediaries are required to remove or disable access to unlawful content within 36 hours of receiving a court order or a direction from a government agency under applicable law.

One of the most controversial aspects of the Rules is the traceability requirement under Rule 4(2), which applies to SSMIs providing messaging services, such as WhatsApp. This provision mandates that such platforms must enable the identification of the first originator of information that is deemed unlawful. While the government has justified this requirement in the interest of national security and public order, critics argue that it undermines end-to-end encryption and the right to privacy recognized by the Supreme Court in the Puttaswamy judgment. WhatsApp has challenged this provision before the Delhi High Court, asserting that it is technically incompatible with encryption and violates user privacy.

Another major component of the 2021 Rules is the regulation of digital media content. Part III introduces a three-tier grievance redressal mechanism for publishers of news and curated content, such as OTT platforms like Netflix and Amazon Prime. The first tier requires self-regulation by the publishers themselves. The second tier provides for the creation of self-regulatory bodies headed by a retired judge of the Supreme Court or a High Court. The third tier empowers the Ministry of Information and Broadcasting (MIB) to establish an oversight mechanism, including an inter-departmental committee with the power to issue guidance, advisories, and directions to publishers.

The Rules also require that  OTT platforms sub- classify content into age-based categories—U, U/A 7+, U/A 13+, U/A 16+, and A—and implement parental controls and age verification mechanisms. News publishers are required to adhere to the Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act, 1995. These provisions effectively bring digital news media and OTT platforms under the regulatory purview of the government, which was previously absent.

Overall, the 2021 Rules reflect a regulatory shift towards stricter oversight and accountability for online platforms. While the government asserts that these rules are necessary to curb the misuse of digital platforms and to ensure user safety, they have also raised significant concerns regarding freedom of speech, privacy, and the potential for executive overreach. 

Conclusion

India’s journey toward regulating social media platforms has been complex and is constantly evolving. What began with the Information Technology Act, 2000 as a means to foster e-commerce and digital communication, gradually expanded and transformed to confront a broader range of social, legal, and ethical challenges that accompany widespread internet use. The 2008 amendments and the 2011 Rules attempted to clarify intermediary responsibility, but ambiguity and overreach often left both users and platforms vulnerable. Landmark judicial interventions have brought important constitutional clarity but have also underscored the need for more nuanced and updated legal frameworks.

The IT Rules, 2021 were introduced as a response to those lacunae—adding more structures and stipulations  to content moderation, platform accountability, and digital news oversight. While they reflect legitimate concerns around user safety, national security, and misinformation, their implementation has triggered debates on censorship, privacy, and state surveillance. As India continues to position itself as a major digital economy, the challenge lies in striking a balance—protecting democratic freedoms and privacy while ensuring accountability in a fast-changing digital environment. Ongoing judicial scrutiny and future legislative refinements will be key to maintaining this delicate balance.

Reference List

• “Christian Louboutin SAS v. Nakul Bajaj & Ors.” Legal Service India. https://legalserviceindia.com/legal/article-13627-information-technology-rules-2021-a-critical-analysis.html
• “Information Technology (Intermediary Guidelines) Rules, 2011.” LawBhoomi. https://lawbhoomi.com/evolution-of-intermediaries-guidlines-resolving-conundrum
• “MySpace Inc. v. Super Cassettes Industries Ltd., 2016.” Helpful Highlights. https://helpfulhighlights.com/indian-law/intermediary-liability-under-the-i-t-act-2000
• “Shreya Singhal v. Union of India.” Wikipedia. https://en.wikipedia.org/wiki/Shreya_Singhal_v._Union_of_India
• “Supreme Court Judgment in Shreya Singhal.” Centre for Internet and Society (CIS). https://cis-india.org/internet-governance/blog/sc-judgment-in-shreya-singhal-what-it-means-for-intermediary-liability
• “The Road to Immunity and Accountability.” Rainmaker. https://rainmaker.co.in/blogs/part-i-the-road-to-immunity-and-accountability-in-depth-exploration-of-the-safe-harbour-principle-in-india
• “WhatsApp and Traceability Debate.” Reddit India. https://www.reddit.com/r/india/comments/oikfq8