Intermediary Guidelines 2021

The Ministry of Electronics and Information Technology (“MeitY”), on 25 February 2021, had notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”) which superseded the Information Technology (Intermediary Guidelines) Rules, 2011 (“Intermediary Guidelines, 2011”) and brought under their scope numerous online entities by introducing broad new terms and definitions.

The Intermediary Guidelines 2021 have been amended recently vide the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022 published and notified in the Gazette dated October 28, 2022 (“Amending Rules”).

Intention of the Ministry

The lack of transparency, accountability of intermediaries and social platforms on the internet and violation of rights of users of digital media had been a growing concern for the nation in the changing and ever-advancing technology and digital media space. Considering the need of the hour, the MeitY issued the Intermediary Guidelines, 2021 covering many issues related to use of digital media and defining the responsibilities of the  intermediaries, including social media intermediaries, and also providing a code of ethics to be followed and outlining grievance redressal mechanisms to be followed.

The Intermediary Guidelines sought to address all the issues faced by social media and internet users and to regulate the following categories of intermediaries and digital media entities: 

1. Intermediaries including social media intermediaries and significant social media intermediaries; 
2. Publishers of news and current affairs content, including news aggregators, news agencies, and individual news reporters to the extent they are transmitting content in the course of a commercial activity 
3. Publishers of online curated content, including individual creators transmitting content in the course of a systematic business, professional or commercial activity.

This has been a major step forward in today’s digital world, establishing a practice of regulating a critical sphere of our lives and also the nation’s economy.  

Further, in its press release, the MeitY stated that the Amending Rules were being notified in view of the complaints against  the intermediaries due to their action/inaction regarding user grievances regarding objectionable content or suspension of their accounts

Definitions

The Intermediary Guidelines provided the following definitions:

• News Aggregator (Rule 2(o))
  An entity who, performing a significant role in determining the news and current affairs content being made available, makes available to users a computer resource that enables such users to access the news and current affairs content which is aggregated, curated and presented by such entity.
• Publisher of news and current affairs content (Rule 2(t))
  An online paper, news portal, news aggregator, news agency and such other entity called by whatever name, which is functionally similar to publishers of news and current affairs content but shall not include newspapers, replica e-papers of the newspaper and any individual or user who is not transmitting content in the course of systematic business, professional or commercial activity.
• Publisher of online curated content (Rule 2(u))
  A publisher who, performing a significant role in determining the online curated content being made available, makes available to users a computer resource that enables such users to access online curated content over the internet or computer networks, and such other entity called by whatever name, which is functionally similar to publishers of online curated content but does not include any individual or user who is not transmitting online curated content in the course of systematic business, professional or commercial activity.
• Significant social media intermediary (Rule 2(v))
  A social media intermediary having a number of registered users in India above such threshold as notified by the Central Government. This threshold has been set at fifty (50) lakh users.  
• Social media intermediary (Rule 2(w))
  An intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.

Other important definitions include communication link, news and current affairs content and online curated content which together fulfill the government’s purpose of regulating numerous kinds of information available on the internet. 

The Intermediary Guidelines are divided into two parts:

• Due diligence obligations applicable to intermediaries and grievance redressal, and
• Code of ethics and related safeguards and procedures applicable to entities in the digital media space

It must be noted here that; Rule 3 of the Intermediary Guidelines require an intermediary to observe due diligence while discharging its duties. If this mandate of due diligence is not complied with, such an intermediary shall not qualify for ‘safe harbor’ protection, as granted under Section 79 of the Information Technology Act, 2000 (“IT Act”). The due diligence obligations include publishing, in a prominent manner, the rules and regulations, privacy policy and user agreement for access or usage by any person (these shall, thereafter, be collectively referred to as “Access Policy”). The Amending Rules require such Access Policy to be in English or any of the official languages of India as specified in the Eighth Schedule to the Constitution so that it can be understood by the users in the country easily. The Access Policy must also inform the user to not host, display, upload, modify, publish, transmit, store, update or share any prohibited information. After the Amending Rules were enforced, there are nine categories of such prohibited information ranging from unauthorized information as a consequence of it belonging to another person to information which threatens the unity, integrity, defense, security or sovereignty of India.

As part of its due diligence obligations, an intermediary must also do the following:

1. Periodically inform its users that their non-compliance with the Access Policy allows the intermediary a  right to terminate such users’ right to access or usage of the intermediary’s website or mobile application (hereinafter collectively referred to as “Platform”).
2. Not host, store or publish any unlawful information, or if so done, the intermediary shall remove or disable access to such information at the earliest but not later than thirty-six (36) hours of having received actual knowledge of the unlawfulness of the impugned information. A similar obligation was placed upon an intermediary under the Intermediary Guidelines, 2011; however, an intermediary was also required in case it obtained knowledge of such information by itself and not necessarily by actual knowledge. An intermediary was also required to work with the user or owner of such information to disable it. The Intermediary Guidelines, 2021, on the other hand, limit the obligation to receiving actual knowledge in the form of an order by a competent court or on being notified by the government or its agency.

While, prima facie, this step shall ensure that only information that has been verified to be unlawful shall be subject to not being hosted, stored or published, or removed or disabled accessed to, it does not keep any person from having such information on display on an intermediary’s platform till the time a court or an appropriate government acts upon it.

An exception is made to this rule, wherein, an intermediary, within twenty-four (24) hours from the receipt of a complaint made by an individual (or on behalf of such individual), with regard to any content which, prima facie, depicts nudity, sexual conduct or impersonation of such individual, must take such content down.

3. Any information, which has been removed or to which access is disabled, shall be preserved, without vitiating evidence, up to one hundred and eighty (180) days or more, as may be required by a court or (lawfully authorized) government agency.
4. Any information collected from a user upon his/her registration shall be retained for one hundred and eighty (180) days after cancellation and/or withdrawal of his/her registration.
5. Reasonable security measures must be implemented to protect the Platform, its users and the information contained therein, compliant with the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011
6. Co-operate with any government agency lawfully authorized to perform investigative, protective or cyber security activities and provide any related information under the control or possession of the intermediary within seventy-two (72) hours of receipt of an order to do so.
7. The intermediary must not, knowingly deploy, install or modify its Platform’s technical configuration or become a party to an act which may result in such consequence. It is also required to report cyber security incidents and share related information with the Indian Computer Emergency Response Team.
8. The intermediaries are required to respect the rights guaranteed to users under the Constitution, including a reasonable expectation of due diligence, privacy and transparency. This obligation was inserted via the Amending Rules.

Furthermore, Significant Social Media Intermediaries are required to observe additional due diligence which includes:

1. Appointment of a Chief Compliance Officer.
2. Appointment of a nodal contact person (other than the Chief Compliance Officer) for full time coordination with law enforcement agencies and officers.
3. Appointment of a Resident Grievance Officer.
4. Publishing of monthly compliance reports containing details of complaints received and actions taken.

If a Significant Social Media Intermediary provides services primarily in the nature of messaging, it must enable the identification of the first originator of the information available on such platform, as may be required by a judicial order passed by a competent court or an order passed under Section 69 of the IT Act and applicable rules, by a competent authority.

To curb the abuse of this Rule, it has been provided that such orders shall only be passed for prevention, detection, investigation, prosecution or punishment of an offence and only if other means, not as intrusive, cannot be employed. It is further provided that the contents of any electronic message or other such information relating to the first originator needn’t be disclosed. Thus, an attempt has been made to balance public or national interests and the protection of individual privacy.

5. Significant Social Media Intermediaries are also required to endeavour to adopt technology-based measures to proactively identify information depicting the act or simulation of rape, child sexual abuse or other such conduct, or any information which was previously removed or the access to which was disabled, and to display notice to users attempting to access such information.
6. Here, it has been provided that interests of free speech and expression, user privacy and so on, must be duly regarded and measures must be proportionate. Appropriate human oversight of such measures, including periodic reviews evaluating their accuracy and fairness, must also be deployed to ensure their proper functioning.
7. Significant Social Media Intermediaries are also required to have a physical contact address in India which must be published on their Platform.
8. A grievance redressal mechanism must be implemented which must enable aggrieved users to track the status of their complaint via a unique ticket number. Moreover, the complainants must be provided with reasons for why the Significant Social Media Intermediary acted or did not act upon their complaint to a reasonable extent.
9. Enable users to voluntarily verify themselves and provide a demonstrable and visible mark of verification to such users. The information provided by any user, in furtherance of this, shall not be used for any other purpose, unless expressly consented to.
10. Before removal or disabling access to information, which is unlawful, on its own accord, a Significant Social Media Intermediary must notify the user who has created or uploaded such information and provide an adequate and reasonable opportunity to such users to dispute the action.

In addition to the above, an intermediary in relation to news and current affairs content shall publish on its Platform, at an appropriate place, a clear and concise statement informing publishers therein, to furnish details of their user accounts on the services of such intermediary to MeitY. Such publishers must be provided a demonstrable and visible mark of verification.

Grievance Redressal Mechanism

An intermediary is required to prominently publish the name and contact details of the Grievance Officer along with the redressal mechanism, including for receipt of complaints, on the Platform. The Grievance Officer shall

1. Acknowledge the complaint within twenty-four (24) hours and dispose it of within a period of fifteen days from the date of its receipt,
2. Receive and acknowledge any order, notice or direction issued by the Appropriate Government, any competent authority or a court of competent jurisdiction.

An intermediary must, within 24 hours of receipt of a complaint made individual (or on behalf of such individual), with regard to any content which, prima facie, depicts nudity, sexual conduct or impersonation of such individual, must take all reasonable and practical measures to remove or disable access to such content.

The Amending Rules have inserted the definition of a Grievance Appellate Committee under section 2(ka), and also directed the Central Government to establish one or more Grievance Appellate Committees within three months from notification of the Amending Rules under newly inserted Section 3A of the Rules. Section 3A also provides for appointment of the committee members and its purpose. The Appellate Committee shall consist of three members headed by a chairperson, where two of such members shall be independent and one will be an ex-officio member. It is for enabling any aggrieved person to appeal to the Committee when he is not satisfied with the decision of the Grievance Officer and such appeal shall be disposed expeditiously within 30 calendar days from filing of the appeal

Code of Ethics

A three-tier code of ethics (“Code”) has been implemented which is largely self-regulatory in nature. This includes self-regulation by publishers of not only online curated content but also of news and current affairs content, operating in India and conducting the systematic business activity of making their content available here.

Level I provides for self-regulation by the publishers.

• Publishers are required to establish a grievance redressal mechanism and appoint a Grievance Officer. Moreover, publishers of online curated content are required to classify such content based on appropriateness and suitability for persons of various age groups while having regard for context, theme, tone and impact and target audience. Other concerns such as the display or use of discrimination, psychotropic substances, liquor, smoking and tobacco, imitable behavioral, offensive language, nudity, sex and violence must also be duly accounted.

Such classification or rating must be displayed prominently and viewer discretion, if required, must be advised. Display ratings of the Online Curated Content such as 'U', or 'U/A 7+,' or 'U/A 13+', or 'U/A 16+', or 'A' prominently to its users in a manner that will ensure that the users are aware of the ratings before accessing such content.

• Publishers must also make reasonable efforts to improve accessibility of online curated content to persons with disabilities by implementing appropriate access services.

Additionally, a publisher shall not transmit or publish any content which is prohibited by law or by a competent court and must also take into consideration national interests and India’s diversity while exercising due caution and discretion in featuring activities, beliefs, practices or views of any racial or religious group.

Level II provides for the establishment of one or more independent and self-regulating bodies of publishers or their associations.

Such a body shall be headed by a retired judge of the Supreme Court or High Court, or an independent eminent person from the field of media, broadcasting, entertainment, child rights, human rights or such other relevant field and up to six other members who are experts in one or more of the aforementioned fields. The body must register itself with MeitY within thirty days of the date of notification of these rules or, if constituted after this period, within 30 days of its constitution.

The regulatory body shall:

1. Oversee and ensure adherence, by all publishers, to the Code
2. Provide guidance to publishers on the Code
3. Address grievances which remain unresolved by publishers even after the fifteen (15) day period
4. Hear appeals against decisions of publishers

The body can also issue guidance or advisories to publishers while disposing of a grievance or an appeal. It can also refer a matter to MeitY if it believes it necessary. If the body concludes there is no violation of the Code, such a decision must be conveyed both to the complainant and the publisher. Finally, in cases of non-compliance of a guideline or advisory, issued by the body, by a publisher, the matter may be referred to the Oversight Mechanism within 15 days of the period in which such compliance was required by such publisher.

Level III provides for an oversight mechanism which shall fall under the purview of MeitY, who shall, in turn, coordinate and facilitate adherence, by publishers, to the Code. 

MeitY is required to do the following, as part of the oversight mechanism:

1. Publish a charter for self-regulating bodies, including Codes of Practices
2. Establish an Inter-Departmental Committee for hearing grievances or appeals to decisions made by the self-regulating body or complaints or references made regarding violation of the Code
3. Issue guidance and advisories to publishers
4. Issue orders and directions to publishers for maintenance and adherence to the Code

Analysis of Intermediary Guidelines 2021

The Intermediary Guidelines, 2021 seem to be a necessary step allowing the law to catch up with the constantly evolving and disruptive technology. With these Rules encouraging self-censorship, it is evident that the Executive recognizes how important it is to allow intermediaries freedom in their operation. However, it also uploads the need to protect individuals using such intermediary platforms and urges intermediaries to work in a conscious and ethical manner. The increase in compliance requirements is likely to result in higher volumes of complaints and access requests by government agencies, making it difficult to address the complaints in a short time frame as provided under the rules that is to say it may not be practical to take down content within these timelines. Provisions such as permitting the tracing of originators of the information drastically undermines the privacy of individuals. The local presence requirement as seeked under the new guidelines may also lead to increased operational costs.

As the Intermediary Guidelines are still in its early stages, it is crucial that while regulating the ever-changing and dynamic digital space, the Government and bodies responsible for enforcing and monitoring compliance under the Intermediary Guidelines, 2021, strike a balance between upholding the protections which individuals are entitled under the Indian Constitution or under any other law and to allow intermediaries to operate in India with limited restrictions, thereby, curbing any abuse while also helping the country’s digital economy to flourish. 

---

Disclaimer

The content of this article is for information purpose only and does not constitute advice or a legal opinion and are personal views of the author. It is based upon relevant law and/or facts available at that point of time and prepared with due accuracy & reliability. Readers are requested to check and refer to relevant provisions of statute, latest judicial pronouncements, circulars, clarifications etc. before acting on the basis of the above write up. The possibility of other views on the subject matter cannot be ruled out. By the use of the said information, you agree that the Author / Treelife is not responsible or liable in any manner for the authenticity, accuracy, completeness, errors or any kind of omissions in this piece of information for any action taken thereof.