Compliances by an Intermediary Under Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

That the Ministry of Electronics and Information Technology in the year 2021 has notified the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 20211 (“Intermediary Rules”) under Section 87 of the Information Technology Act, 2000 (“IT Act”) and in supersession of the Information Technology (Intermediaries Guidelines) Rules, 2011.

As per Section 2(1)(w) of the IT Act, an “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites,online-market places and cyber cafes. 

As per Rule 2(1)(w) of the Intermediary Rules, a “social media intermediary” means an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.

As per the Intermediary Rules, social media intermediary having number of registered users in India above such threshold as notified by the Central Government shall be considered as significant social media intermediary. That vide notification dated 25th February 2021, the Central Government hereby specifies fifty lakh registered users in India as the threshold for a social media intermediary to be considered a significant social media intermediary2 .

COMPLIANCES REQUIRED BY ALL INTERMEDIARIES 

Under Rule 3 of the Intermediary Rules, an Intermediary is required to comply with the following requirements which are binding on an intermediary in India: 

1.1.Publish on its website, mobile based application or both, as the case may be,  

  • the rules and regulations, 
  • privacy policy, and 
  • user agreement

for access or usage of its computer resource by any person. 

1.2.The rules and regulations, privacy policy or user agreement of the intermediary shall inform the user of its computer resource 

  • not to host, display, upload, modify, publish, transmit, store, update or share any information that,—
  • belongs to another person and to which the user does not have any right; 
  • is defamatory, obscene, pornographic, pedophilic, invasive of another‘s privacy, including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating, or 
  • encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force; 
  • is harmful to child; 
  • infringes any patent, trademark, copyright or other proprietary rights; 
  • violates any law for the time being in force; 
  • deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact;
  • impersonates another person; 
  • threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation; 
  • contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource; 
  • is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person;

1.3.Shall periodically inform its users, at least once every year, that in case of non-compliance with rules and regulations, privacy policy or user agreement for access or usage of the computer resource of such intermediary, it has the right to terminate the access or usage rights of the users to the computer resource immediately or remove non-compliant information or both, as the case may be.

1.4.An intermediary, on whose computer resource the information is stored, hosted or published, upon receiving actual knowledge in the form of an order by a court of competent jurisdiction or on being notified by the Appropriate Government or its agency under clause (b) of sub-section (3) of section 79 of the Act, shall not 

  • host, store or publish any unlawful information,  
    • which is prohibited under any law for the time being in force in relation to
      • the interest of the sovereignty and integrity of India; 
      • security of the State;  friendly relations with foreign States; 
      • public order; 
      • decency or morality; 
      • contempt of court; 
      • defamation; 
      • incitement to an offence relating to the above, or 
      • any information which is prohibited under any law for the time being in force, 

and

  • shall remove or disable access to that information, as early as possible, but in no case later than thirty-six hours from the receipt of the court order or on being notified by the Appropriate Government or its agency. 

1.5.Shall periodically, and at least once in a year, inform its users of its rules and regulations, privacy policy or user agreement or any change in the rules and regulations, privacy policy or user agreement.

1.6.Any information which has been removed or access to which has been disabled, the intermediary shall, without vitiating the evidence in any manner, preserve such information and associated records for one hundred and eighty days for investigation purposes, or for such longer period as may be required by the court or by Government agencies who are lawfully authorized.

1.7.Where an intermediary collects information from a user for registration on the computer resource, it shall retain his information for a period of one hundred and eighty days after any cancellation or withdrawal of his registration.

1.8.The intermediary shall, as soon as possible, but not later than seventy two hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorized for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention,detection, investigation, or prosecution, of offences under any law for the time being in force, or for cyber security incidents.

1.9.The intermediary shall not knowingly deploy or install or modify technical configuration of computer resource or become party to any act that may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force.

1.10. The intermediary shall report cyber security incidents and share related information with the Indian Computer Emergency Response Team in accordance with the policies and procedures as mentioned in the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 20133 . 

1.11. The intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the name of the Grievance Officer and his contact details as well as mechanism by which a user or a victim may make complaint against violation of the provisions of this rule or any other matters pertaining to the computer resources made available by it, and the Grievance Officer shall 

(i) acknowledge the complaint within twenty four hours and dispose off such complaint within a period of fifteen days from the date of its receipt;

(ii) receive and acknowledge any order, notice or direction issued by the Appropriate Government, any competent authority or a court of competent jurisdiction.

1.12. The intermediary shall, within twenty-four hours from the receipt of a complaint made by an individual or any person on his behalf, in relation to any content which is prima facie in the nature of any material which exposes the private area of such individual, shows such individual in full or partial nudity or shows or depicts such individual in any sexual act or conduct, or is in the nature of impersonation in an electronic form, including artificially morphed images of such individual, take all reasonable and practicable measures to remove or disable access to such content which is hosted, stored, published or transmitted by it. The intermediary shall implement a mechanism for the receipt of aforesaid complaints which may enable the individual or person to provide details, as may be necessary, in relation to such content or communication link.

ADDITIONAL COMPLIANCE MEASURES FOR SIGNIFICANT SOCIAL MEDIA INTERMEDIARIES

In case, an intermediary qualifies as a social media intermediary as per the definition given under the Intermediary Rules and has more than 50 lakh users, then such intermediary has to comply with the additional compliances as provided under Rule 4 of the Intermediary Rules. 

PROCEDURE AND SAFEGUARDS IN RELATION TO NEWS AND CURRENT AFFAIRS 

In addition to the above compliances, an intermediary in relation to news and current affairs content shall publish, on an appropriate place on its website, mobile based application or both, as the case may be, a clear and concise statement informing publishers of news and current affairs content that in addition to the common terms of service for all users, such publishers shall furnish the details of their user accounts on the services of such intermediary to the Ministry about the details of its entity by furnishing information along with such documents as may be specified, for the purpose of enabling communication and coordination within a period of thirty days and shall publish periodic compliance report every month mentioning the details of grievances received and action taken thereon. 

CODE OF ETHICS AND PROCEDURE AND SAFEGUARDS IN RELATION TO DIGITAL MEDIA

As per Rule 2(1)(i) of the Intermediary Rules “digital media‘ means digitized content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited or processed by- 

(i) an intermediary; or 

(ii) a publisher of news and current affairs content or a publisher of online curated content; 

Under the part III of the Intermediary Rules, additional rules have been framed specifically for publishers of news and current affairs content and publishers of online curated content and such entities shall be administered by the Ministry of Information and Broadcasting, Government of India.

NON-OBSERVANCE OF RULES 

Where an intermediary fails to observe these rules, the provisions of sub-section (1) of section 79 of the IT Act (safe harbour immunity for intermediary) shall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the IT Act and the Indian Penal Code, 1860.