The Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules, 2021 And The Skirmish Between Social Media Corporations And The Government

The Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules, 2021 And The Skirmish Between Social Media Corporations And The Government



This Blog is written by Bhavya from NALSAR University of Law, HyderabadEdited by Prakriti Dadsena.



The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, passed as a notification by the Ministry of Electronics and Information Technology[1] came into the public domain on 25th February 2021. Superseding the Information Technology (Intermediaries Guidelines) Rules, 2011, and in the exercise of the IT Act of 2000, these rules lay down broad policy framework and regulations governing social media handles as well as Over-the-top (OTT) platforms in India. These rules find roots in the 2018 order of the Supreme Court[2] that mandated regulation of several content platforms that malingered explicit content including forms of child and aggravated sexual assaults. A report on the same situation was also passed by the Ad Hoc Committee[3] in Rajya Sabha in 2020. This not only made these platforms appear under the blanket of the abovementioned ministry but also gave rise to the “first originator punishment” theory.[4]

This article throws light upon and analyses these rules with a special emphasis on social media intermediaries[5], the chain response and reception of these rules among citizens, expert groups and internet freedom groups across the country that heightened in the month of May 2021, kickstarting tiff between these intermediaries, including Twitter and WhatsApp.


Foremost, the rules lay down guidelines for several social media intermediaries in India- divided into two categories, based upon usage figures: “Social Media Intermediaries” (SMIs) and “Significant Social Media Intermediaries” (SSMIs). Section 79 of the Information Technology Act of 2000, works as an immunity barrier that protects such intermediaries from threat of legal prosecution, in pursuance of the content posted on these handles. If the intermediaries fail to follow guidelines, the rules mandate stripping-off of these immunities consequently.

Complaints filed by individuals and accounts about certain posts that exhibit obscene and nude depictions- partial and whole, have to be removed within 24 hours of the set complaint by these intermediaries. A grievance officer, appointed for the same purpose is obliged to acknowledge such a complaint within 24 hours, accompanied with its resolution within next fifteen days.

SSMIs require appointment of three officers residing in India, on the other hand- a Chief Compliance Officer, a Nodal Contact Person and a Grievance Officer. A monthly compliance report portraying removal of such posts and actions taken thereby has to be profiled. For the purposes of “prevention, detection, investigation, prosecution or punishment of an offence related to sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order or of incitement to an offence relating to rape, sexually explicit material or child sexual abuse material punishable with imprisonment for a term of not less than five years”, these SSMIs are also required to identify the first originators of such messages.


Since the rules, as we saw, bring about a fundamental alteration in usage of internet experience across the country, it becomes expedient to look at these changes with the lens of bureaucratic loopholes for abuse, overstepping provisions beyond the permit of fundamental rights (if any) and the multi-fold impact on legality and rights churning out of these regulations with a critical yet careful approach. This section will look into all such forces and will scrutinise the impact that surfaces out of these regulations.

Foremost, the user interface and its strength encompass heavy and unbridled discretion of the central government, in drawing the line between SMIs and SSMIs defined under the rules. The central government in setting up the limit of fifty lakh users[6] as the dividing threshold fails to explain or clarify with reasons, why it has reached a figure with such objectivity, imposing stringent restrictions upon some firms over others.

Certain vague, uncanalised and broad definitions that confer unbridled powers of determining what constitutes as a breach of guidelines and the government intervention resultantly, can be estimated via the wide wordings of Rule 6:

“Notification of other intermediary.—(1)The Ministry may by order, for reasons to be recorded in writing, require any intermediary, which is not a significant social media intermediary, to comply with all or any of the obligations mentioned under rule 4, if the services of that intermediary permits the publication or transmission of information in a manner that may create a material risk of harm to the sovereignty and integrity of India, security of the State, friendly relations with foreign States or public order.”

What constitutes such “material risk of harm” is undefined and overtly discretionary.

As a measure of due diligence in Part 2 of the rules document, “an intermediary shall periodically inform its users, at least once every year, that in case of non-compliance with rules and regulations, privacy policy or user agreement for access or usage of the computer resource of such intermediary, it has the right to terminate the access or usage rights of the users to the computer resource immediately or remove non-compliant information or both, as the case may be.”

Experts doubt at this having a disturbing effect upon already crowdsourced email pool of users and irritable banners every year surfacing for each user in using these handles.

Under rule 3(2) of Part II of the Rules, a grievance officer has to perform the following functions:

(i) “acknowledge the complaint within twenty-four hours and dispose-off such complaint within a period of fifteen days from the date of its receipt;”

This duration is extremely short as compared to the 2011 guidelines given the immensity and exactitude of huge numbers in which such content is published everyday by near-infinite users of the country.

(ii) “receive and acknowledge any order, notice or direction issued by the Appropriate Government, any competent authority or a court of competent jurisdiction.

All these functions that are prima facie hefty as well as contribute to added work are not only problematic stricto sensu. In fact, they are also discriminatory, when compared with the position of SMIs. Non-SSMIs’ grievance officers are not required to produce any reasons before the user or the authority explaining prohibition of a post within the set time duration. This ipso facto creates differentiated responsibilities upon two private corporations operating within the same territory.

The three officers, appointment of which is mandated under Rule 4, have responsibilities, disproportional in magnitude, only for being ex-officio officers of the SSMIs. These are twofold:

Firstly, a resident grievance officer is required to furnish reasons before a content is removed which the user will have entitlement to dispute. [Rules 4(6) and 4(8)]. No such condition is required for SMIs.

As per Rule 4, it is also compulsory for such officers to reside within the territory of India, being brought under more close watch and uncontrolled authority of the central government.

The shrunk time limit in carrying out mammoth tasks on an everyday basis, further adding to increased economic costs to come handy for these firms, is also alarming.

Unlike the 2011 provisions, the new IT Rules require “completion” of the takedown process of a content within 36 hours of it being complained of. Adding to further pressures, unlike earlier provisions that carried no such restrictions, it is mandatory to inform law-enforcement agencies only within 72-hours post such complaint. [Rule 3(2)(j)].

Rule 3(2)(b) is more stringent, requiring more instant action (within 24 hours), in cases of content that exhibits “the private area of such individual, shows such individual in full or partial nudity or shows or depicts such individual in any sexual act or conduct, or is in the nature of impersonation in an electronic form, including artificially morphed images of such individual.”

Rule 3(1)(h) presents grave concerns in absence of enacted data privacy laws in as much as it mandates the following:

where an intermediary collects information from a user for registration on the computer resource, it shall retain his information for a period of one hundred and eighty days after any cancellation or withdrawal of his registration, as the case may be”. Unchecked surveillance accompanying such a condition seriously impinges upon the data privacy rights of an individual for an unreasonably long period of time. Such retainment of information will have to continue even when the user has deleted his/her account.

Rule 4(7) also casts serious doubts upon “mandator-isation” of voluntarily verified data of the user, which also entails his/her phone number for verification, at times connected with his unique identity (Aadhar). How law enforcement agencies access this data and what provisions apply, remains a grey area too.

Rule 4(2) has to be dealt with carefully. It states:

A significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009, which shall be supported with a copy of such information in electronic form…” [provided along several reasons]

This, when read along with broad terminologies like “public order”, portray an arbitrary decision. The rules declare that the information regarding the first originator may not be disclosed along with contents of the post. Nevertheless, such a demand can still be made under Information Decryption Rules.[7] This will result in a serious blow to the end-to-end encryption safeguard, hailed as the basic tenet of data privacy in the world of internet data protection. WhatsApp messages are truly committed to such a technique. How and to what extent, can any contents of a message be used by the Central Government invigorates serious nebulosity.

Use of technologies like PhotoDNA, to trace patterns and images portraying instances of rape and sexual offences are required to be adopted under Rule 4(4) by these intermediaries. However, the threat of functional errors still persists, since no technology can be blindly relied upon. Such a task will inadvertently require more asset utilisation for filtering genuine from the ‘glitch’.

The penal provisions are swiftly direct and imposing in character, reflecting disproportional consequences on failing to stick with the mandate of these rules, without taking into consideration, any room for exigency or urgencies. The only outcome is “immunity lost”, which is not itself very arbitrary and broad, but also leaves such intermediaries prosecutable under criminal provisions of the Indian Penal Code under Rule 7 of the doc.


The effect of these provisions is equally perceptible if one is to glance at pragmatic considerations, erupted in a row of events lately. The time window that was provided to such intermediaries to establish such complex apparatus was also a contracted duration of three months, which was to be complied till May 26, 2021 but the grievances foretold other side of the silence.

The result was obviously foreseeable, with Koo, an Indian platform, the only one adhering to these guidelines, being a non-SSMI as well. An abyss of insecurity has dawned upon Twitter, Facebook and WhatsApp in a much imposing character, since the public release of these rules. There were doubts in the country whether these monumentally significant firms shall continue post the deadline.

Transparency has been ever absent since the very last years, with government playing a heavy role in a cloak of protecting sovereignty in controlling content and taking down accounts on Twitter. Twitter defied the stringent stampede by remarking that “the safety of its employees was a “top priority”, but that the “tweets must continue to flow.” Classification of the BJP toolkit as manipulative media added fuel to the fire, with a probe order being presented by Delhi Police itself at the Twitter offices. In fear of punitive measures therefore, an ideological war has dawned over the subcontinent, with government playing more and more discretion in controlling hashtags and other differential sources that remain incongruent.

The proportionality argument in blocking accounts under S. 69A of the IT Act, which doesn’t even require government to provide reasons or draw causation before the implementation of its orders, is also seen as a serious infringement of Right to Freedom of Speech and Right to Privacy, earlier contended in relation to the same act in the Shreya Singhal Case.

Microblogging websites like Koo, present a rival episode, in response to international intermediaries. These have been joined by more and more leaders of the ruling part thereby indicating an “artificial support” against the order established by Twitter.


In order to prevent the worse, that might hinder constitutional provisions, therefore, it becomes expedient to bring out flaws in orders and rules that go against constitutional ideals and substances of democratic liberties and civil right to privacy. Since the union of India has always embraced the reasonable and curtailed arbitrary choices, the stampede should ease out with both the sides playing a proactive role in the scenario. The government’s aim to arrest pornography and offence related content should balance the ideals of such handles, in upholding the best interests of citizens.


(1) ‘Govt Announces New Social Media Rules to Curb Its Misuse’ The Hindu (New Delhi, 25 February 2021) <> accessed 15 June 2021.

(2) ‘How the Intermediaries Rules Are Anti-Democratic and Unconstitutional.’ (Internet Freedom Foundation, 27 February 2021) <> accessed 15 June 2021.

(3) ‘Notification Dated, the 25th February, 2021 G.S.R. 139(E): The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 | Ministry of Electronics and Information Technology, Government of India’ <> accessed 15 June 2021.

(4) ‘Sound the Alarm! The Clock Strikes for Social Media Tomorrow with the Intermediaries Rules Coming into Effect.’ (Internet Freedom Foundation, 24 May 2021) <> accessed 15 June 2021.

(5) ‘The Indian Government’s War with Twitter – BBC News’ <> accessed 15 June 2021.

(6) ‘The Social Media Wars: Why Indian Govt, Twitter Continue to Be at Loggerheads – UP Front News – Issue Date: Jun 7, 2021’ <> accessed 15 June 2021.

(7) ‘Twitter India News: Speculations over “Twitter Ban” over Non-Compliance with Government Norms | India News – Times of India’ <> accessed 15 June 2021.

(8) ‘Understanding the Nuances to Twitter’s Standoff With the Modi Government’ <> accessed 15 June 2021.

In-Text Citation(s):

[1] ‘Notification Dated, the 25th February, 2021 G.S.R. 139(E): The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 | Ministry of Electronics and Information Technology, Government of India’ <> accessed 15 June 2021.

[2] India PT of, ‘Govt May Frame Norms to Eliminate Online Child Pornography, Rape Videos: SC’ Business Standard India (11 December 2018) <> accessed 15 June 2021.

[3] ‘Commitee Home Page’ <> accessed 15 June 2021.

[4] ‘Name “1st Originator Of Mischievous Tweet Or Message”: Government’ ( <> accessed 15 June 2021.

[5] Defined in Rule 1(w) as “an intermediary which primarily/solely allows interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services;”.

[6] Notified w.e.f. February 26, 2021.

[7]Enacted, 2009: Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.pdf (

Leave a Comment