The Ministry of Electronics and Information Technology (‘MEITY’) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022 on 28 October 2022 (‘Amendment’) which introduces certain enhanced due diligence obligations for intermediaries, changes in timeline and grievance redressal procedures and constitution of grievance appellate committees. The Amendment appears to be along the same lines as the draft amendment released for consultation a few months earlier.
Enhanced due diligence obligations
Intermediaries are required under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘Intermediary Guidelines’) to comply with certain due diligence requirements when discharging their duties. Intermediaries which do not exercise such due diligence may be at risk of forfeiting the ‘safe harbor’ protection afforded under the Information Technology Act, 2000. Some of these due diligence requirements have been enhanced or amended. The key amendments are:
This may be a welcome change to expand coverage of the internet to potential users fluent in Eighth Schedule Languages, apart from English and may result in furthering inclusivity, aiding internet penetration, especially in non-urban areas of the country and moving closer towards digital equity. While platforms are likely to disembark users which do not comply with Platform Policies, the intent behind an express requirement to enforce such Platform Policies appears unclear.
b) Content restrictions: Restrictions pertaining to content uploaded, hosted, displayed, modified, published or transmitted on an intermediary’s platform have been amended to require intermediaries to make reasonable efforts to cause users to not host, display, upload, modify or transmit any information which promotes enmity between different religious or caste groups with intent to incite violence, and any content which violates any law in force.
While the expansion of content restrictions may or may not be in line with reasonable restrictions outlined in the Constitution, it must be emphasized that intermediaries may not be best suited to adjudge validity of such requests. Given that millions of content takedown requests are received from users through user grievance redressal mechanisms, making content driven decisions on such requests especially within a 72-hour window, all while balancing key considerations of freedom of speech and legal validity of takedown requests in merits may prove to be burdensome for intermediaries, in the absence of a court order or the order of a notified Government agency. It may also lead to unintended consequences such as content takedowns being undertaken as a precautionary approach.
c) Reasonable expectation of due diligence, privacy and transparency: The Amendment requires intermediaries to ‘ensure accessibility of its services to users’ along with meeting a reasonable expectation of due diligence, privacy and transparency. At the outset, the context in which accessibility is used remains unclear as with the Draft Amendment, if the same is intended to make services available to and accessible by specially-abled persons or if it relates to uptime and availability of platforms and services.
The Amendment also requires intermediaries to ensure reasonable expectation of due diligence, privacy and transparency. The implications of these reasonable expectations, especially of ‘privacy and transparency’ have not been clearly spelled out by the Amendment. While intermediaries (being body corporate) would be responsible to comply with the Information Technology Act and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other sectoral laws and regulations, the inclusion of a broad expectation of ‘privacy’ and ‘transparency’ raises pertinent questions on sufficiency of the said compliance. Certain aspects of the now withdrawn Data Protection Bill, 2021 (‘Bill’) also relate to transparency obligations of data fiduciaries, including fairness of algorithms or methods of processing. In the absence of a comprehensive legislation governing data protection, algorithmic transparency or internet regulation, the implications of privacy and transparency remain unclear.
d) Respecting fundamental and constitutional rights: Intermediaries are required to respect all rights accorded to citizens under the Constitution, including in Articles 14, 19 and 21, pertaining to rights of equality, freedom and life and personal liberty. While they ostensibly relate to social media platforms, it is pertinent that they have been made applicable regardless, to all intermediaries. It is noteworthy that these rights have traditionally been available against the State and those entities discharging a ‘public function’ or similar functions.
While the Minister of State of Electronics and Information Technology (‘MOS’) asserted in a press briefing that the provision is intended to ensure that community guidelines of platforms do not contradict constitutional rights of users when they operate in India, the intent is not visibly apparent as it is applicable to all intermediaries, including those based in India. It may also be perceived as uncertain and capable of wide interpretation and misuse. Given that the Supreme Court affirming the right to privacy laid down certain distinctive features of the right and identifying certain principles governing the same, it is unclear if intermediaries are called upon to comply with the right and principles (typically exercisable against the State) and if the same would be construed as part of the ‘reasonable expectation of due diligence’ thereby interlinking it with the safe harbor protection afforded to such intermediaries.
Grievance Redressal Mechanism and GACs
Intermediaries are required to implement grievance redressal mechanisms and ensure acknowledgment and resolution of complaints within 24 (twenty-four) hours and 15 (fifteen) days respectively under the Intermediaries Guidelines. Content-related restrictions (except those pertaining to violation of intellectual property rights, proprietary information or content in violation of applicable law) may be required by intermediaries to be resolved within 72 (seventy-two) hours of reporting under the Amendment, however, platforms may develop safeguards to prevent misuse of such reporting mechanisms by users. Resolution (or takedown) of content requests may have unintended and adverse consequences.
The Amendment introduces one or more Grievance Appellate Committees (‘GAC’) consisting of a chairperson and two members each appointed by the Central Government to enable persons aggrieved by decisions of grievance officers to appeal to GAC within 30 (thirty) days, which must resolve such appeal within 30 (thirty) days, using an online dispute resolution mechanism with entire process of filing of appeal to decision being digitally conducted. Orders must be reported to intermediaries and uploaded on websites.
It is unclear as to how the Government would propose to deal with the large volume of requests and appeals that may be received by intermediaries and the GACs in turn. While the MOS acknowledges that the Government may not have the capacity and capability to act or play the role of an ombudsman, it was indicated that the role was adopted reluctantly owing to existing gaps in grievance redressal mechanisms adopted by the big technology platforms.
While the intent of the Amendment appears to be to promote digital/internet inclusivity and a uniform and effective grievance redressal mechanism, certain aspects of the Amendment pertaining to enhanced obligations of due diligence such as privacy and transparency, respect to fundamental or constitutional rights may have the effect of creating further uncertainty and unintended consequences, especially when differing in intent vis-à-vis text of the Amendment and being applicable in a wider context to all internet intermediaries.
[The authors are Senior Associate and Partner in Data Protection and TMT practice at Lakshmikumaran & Sridharan Attorneys in Hyderabad and New Delhi, respectively]
 Information Technology. (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022, available at https://egazette.nic.in/WriteReadData/2022/239919.pdf
 Press Note and Draft Amendment dated 6 June 2022, available at https://www.meity.gov.in/writereaddata/files/Press%20Note%20dated%206%20June%2022%20and%20Proposed%20draft%20amendment%20to%20IT%20Rules%202021.pdf
 Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, available at https://www.meity.gov.in/writereaddata/files/Intermediary_Guidelines_and_Digital_Media_Ethics_Code_Rules-2021.pdf
 Rule 3, Intermediary Guidelines
 Section 79, Information Technology Act, 2000
 Eighth Schedule to the Constitution of India
 Rule 3(1)(a), Intermediary Guidelines
 Rule 3(1)(b), Intermediary Guidelines
 Article 19(2), Constitution of India
 Rule 3(2)(i), Intermediary Guidelines
 Rule 3(1)(m), Intermediary Guidelines
 Rule 2(1)(c), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
 Clause 23, Data Protection Bill, 2021
 Clause 23(1)(h), Data Protection Bill, 2021
 Rule 3(1)(n), Intermediary Guidelines
 Rajeev Chandrasekhar elucidates how changes to IT Rules will keep internet open & safe, available at https://www.republicworld.com/technology-news/social-media-news/rajeev-chandrasekhar-elucidates-how-changes-to-it-rules-will-keep-internet-open-and-safe-articleshow.html
 Justice K. S. Puttaswamy v. Union of India, (2017) 10 SCC 1
 Section 79, IT Act 2000
 Rule 3(2), Intermediary Guidelines
 Rule 3(2)(a)(i), Intermediary Guidelines
 Rule 3A, Intermediary Guidelines