Bringing you the Best Analytical Legal News

Home › Experts Corner › Cyril Amarchand Mangaldas › What About The

Intermediary? Demystifying The Information Technology (Intermediary
Guidelines And Digital Media Ethics Code) Rules, 2021

What about the Intermediary?

Demystifying the Information
Technology (Intermediary
Guidelines and Digital Media
Ethics Code) Rules, 2021
by Ankoosh K. Mehta†, Srinivas Chatti†† and Rupal
Jaiswal†††
Cite as: 2021 SCC OnLine Blog Exp 58
Published on July 12, 2021 - By Editor_4

Advertisement

LISTOFLATEST
JUDGMENTS/ORDER WEBEDIT
UPDATED
Post

Ever since the enactment of the Information Technology Act, 2000 (the IT Act), the
treatment of intermediary liability[1] has been pendulous. The Information Technology
(Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 Rules”),
however, have brought about the most significant changes for intermediaries in terms of
increasing due diligence obligations and liability in cases of non-compliance, the e!ects of
which are already beginning to be felt.
In this article, we attempt to analyse how the 2021 Rules a!ect intermediaries and digital
media entities from a compliance perspective and the consequences of non-compliance,
especially for intermediaries.

How has intermediary liability evolved?

In order to contextualise the 2021 Rules, we start by tracing the evolution of intermediary
liability when only network service providers were exempted from liability under the IT
Act. The need to expand the contours of safe harbour provision was recognised, from a
legislative perspective when in the year 2008, the CEO of an e-auction website
Baazee.com was charged under the Penal Code and IT Act on account of an obscene
video being uploaded on the website by a user.[2] Subsequently, the IT Act was amended
to protect intermediaries, which merely acted as platforms for transmission of
information, from the liability for o!ences committed without their actual knowledge. The
definition of an intermediary was expanded to include online payment sites, search
engines, internet service providers, etc.,[3] and exemption was granted to intermediaries
from liability arising under “any law”, as opposed to the limited protection from o!ences
only under the IT Act provided earlier.
Following the 2008 amendment, whether an intermediary could claim safe harbour
hinged largely on two factors i.e. actual knowledge about the unlawful act and compliance
with due diligence obligations, as prescribed. Under the Information Technology
(Intermediaries Guidelines) Rules, 2011 (2011 Rules), an intermediary was required to
remove unlawful content on its platform once it acquired knowledge of such content by
itself or from an aggrieved individual. Notably, the Supreme Court in Shreya Singhal v.
Union of India[4] judgment, read down “actual knowledge”, to state that actual knowledge
can be attributed to an intermediary only when there is a court order or notification from
an appropriate government authority apprising the intermediary of unlawful content over
its platform.
Over the last decade however, the role of intermediaries has increased significantly with
large-scale adoption of social media platforms as a primary mode of communication and
dissemination of information. Digital media also attained mainstream relevance, thereby
attracting the attention of the Government to regulate such platforms. The 2021 Rules
are therefore a threshold step towards such regulation.

Scope of the 2021 Rules

The 2021 Rules are divided into two parts based on their applicability. While Part II
regulates intermediaries, Part III is applicable to digital media including an intermediary,
publishers of news and current a!airs or publishers of online curated content.[5]
In a significant departure from the 2011 Rules which regulated all “intermediaries”
without any distinction in terms of their user base or the content hosted on their
platform, the 2021 Rules classify the regulated entities into the following types, namely:
(a) Social media intermediary[6] with less than 50 lakh registered Indian users.
(b) Significant social media intermediary[7] (SSMI) with more than 50 lakh registered
Indian users[8].
(c) Publisher of news and current a!airs[9] content including news aggregators[10].
(d) Publisher of online curated content[11] which covers all online streaming platforms
including over-the-top (OTT) platforms.

Due diligence obligations under the 2021 Rules

In order to claim safe harbour under the IT Act, the intermediaries must[12] necessarily
undertake and comply with various obligations prescribed thereunder. With the 2021
Rules having come into e!ect from 26-5-2021, intermediaries are, at one end of the
spectrum of compliance, required to prominently publish rules and regulation on their
website informing its users about the type of information which must not be stored or
transmitted on the intermediary’s computer resource (prohibited information). At the
other end of diligence obligations, intermediaries, upon receiving actual knowledge in the
form of an order from a court or notification from an appropriate government authority
that certain information hosted by it is prohibited information, must remove or disable
access to such information within 36 hours of the receipt of such order or notification.
Notably, no such order is required when an individual complaint is received about sexual
imagery and the intermediary must take down such content within 24 hours of the
receipt of the complaint.[13] Intermediaries are also required to provide any information
under their control or possession, within 72 hours of receipt of an order in this regard, to
a government agency for investigation, detection or prevention of cybersecurity incidents
or o!ences under any law.
Another important change is the requirement to appoint a grievance o#cer (also
prescribed under the 2011 Rules) and publish his/her name and contact details
prominently on its website. Building on the 2011 Rules, the 2021 Rules make it obligatory
upon the grievance o#cer to acknowledge any order, notice or direction issued by a court
or a government agency or a complaint received from an individual user or victim.
Further, a complaint must be disposed of within a period of 15 days from its receipt (as
opposed to one month under the 2011 Rules).
In addition to the other due diligence requirements prescribed for all intermediaries,
SSMI’s are required to comply with additional obligations which inter alia[14] include
establishing a physical contact address in India; and the appointment of a chief
compliance o#cer who will be liable for the failure of an intermediary to observe due
diligence and a nodal contact person (available 24×7) to ensure compliance with orders of
courts and to coordinate with law enforcement agencies, as also a resident grievance
o#cer who shall be responsible for grievance redressal of its users.

Regulatory regime for digital media

While the IT Act did not originally envisage regulation of digital media, the 2021 Rules
impose various obligations on digital media entities which carry out systematic business
of making content available within India. These digital media entities would essentially
include publishers of news and current a!airs and publishers of online curated content
(publishers), who shall adhere to a Code of Ethics (Code) prescribed under Part III of the
2021 Rules. Interestingly, even foreign news publishers with an online presence in India
shall be regulated by this Code.
The 2021 Rules also mandate a three-tier grievance redressal mechanism to entertain any
complaints of violation of the Code. At Level I, a grievance o#cer is required to be
appointed by the publisher itself.[15] If a grievance is not redressed by grievance o#cer
within 15 days, the grievance is automatically escalated to Level II which is the self-
regulating body of one or more publishers or their associations.[16] At Level III, the 2021
Rules provide for establishment of an inter-departmental committee[17] which shall hear
grievances from the decision of the self-regulating body or other complaints about
violation of the Code.
Consequences of non-compliance of the 2021 Rules
For intermediaries, a failure to observe the 2021 Rules and comply with the due diligence
requirements under Part II thereof disentitles them from claiming safe harbour under
Section 79 of the Information Technology Act, 2000 (IT Act). Consequently, the
intermediary becomes liable for o!ences under various laws including the IT Act and the
Penal Code, 1860 (IPC), as the case may be.
Further, if an intermediary fails to furnish information required by a law enforcement
agency, or fails to block public access to information when so directed, the IT Act
prescribes that such o!ences are punishable with imprisonment of a term, which may
extend up to seven years along with a fine.[18] Additionally, provisions of the IPC ranging
from criminal conspiracy[19], sale of obscene books, etc.[20], deliberate and malicious
acts intended to outrage religious feelings[21] to criminal defamation[22] and in some
cases criminal breach of trust[23] and cheating[24], may also be attracted, as observed in
cases involving intermediaries.
Considering the broad nature and extent of compliances prescribed under the 2021
Rules, that impose a higher threshold of diligence upon intermediaries and more
particularly significant social media intermediaries (SSMIs), the immediate e!ect is that of
inadequate or improper compliance of the 2021 Rules, divesting the intermediaries of the
safe harbour under the IT Act. Consequently, this results in exposure, at the very least, to
a higher number of criminal allegations and complaints being registered where
intermediaries also become liable.
As regards digital media entities, the 2021 Rules specify that they will be held liable under
any law contravened by them, irrespective of adherence to the Code of Ethics prescribed
under the 2021 Rules.[25] This becomes especially relevant in the present day since the
threat of attracting criminal allegations by digital media platforms has become all the
more prevalent, with instances of complaints or FIRs being registered against content
hosted on video sharing and OTT platforms in the recent past.[26]
Interestingly though, the 2021 Rules itself do not specify penal consequences for non-
compliance by the digital media entities. Rather, the 2021 Rules empower the self-
regulating body or the Ministry of Information and Broadcasting (on the
recommendations of the inter-departmental committee) to, inter alia warn, censure,
admonish a publisher, require apology, delete or modify content to prevent incitement to
a cognizable o!ence and issue orders for blocking of content under Section 69-A of the
Act.[27]
Taking notice of the same, the Supreme Court in a recent order observed that “a perusal
of the Rules indicate that the Rules are more and more in the form of guidelines and have
no e!ective mechanism for either screening or taking appropriate action for those who
violates the guidelines”.[28]
Compliance with takedown orders
Another important aspect concerning compliance with takedown orders[29] is the
obligation to not store or host any unlawful information (which is defined rather broadly)
[30] upon receiving actual knowledge in the form of a court order or on being notified by
the Government or its agency, and to further “remove or disable access” within 36 hours
from the receipt of such a court order or notification by the Government or its agency.
While issuing a takedown order, the court may direct an intermediary to disable or de-
index unlawful content globally.[31] Further, if an intermediary fails to comply with the
takedown orders issued by a court, the o#cers in charge of its a!airs may become liable
for prosecution.[32] Interestingly, however, it is not explicitly specified in the 2021 Rules
that the notification of takedown from the Government or its agency has to be in writing,
in the absence of which there may be some potential for misuse.
The 2021 Rules also impose an obligation to preserve information and associated records
of information that has been removed, for a period of 180 days for the purpose of
investigation, or a longer period if required by a court or a government agency.
Pertinently, this condition also applies in cases where the information has been removed
based on grievances received under the prescribed grievance redressal mechanism of
intermediaries.[33]
Identification of first originator
Significantly for SSMIs, an additional obligation is imposed to enable the identification of
the first originator of information, if required by a judicial order passed under Section 69
of the IT Act and the rules thereunder.[34] While the 2021 Rules clarify that such an order
shall be passed for prevention, detection, investigation, prosecution or punishment of
“serious” o!ences, which are punishable with imprisonment for a term of not less than
five years, a direct implication of this is the possibility of compromising the end-to-end
encryption of the messages that may be provided by the intermediary.
It is also interesting to note in this regard that in case the first originator of any
information is located outside India, the first originator of the information within India
shall be deemed to be the first originator of the information.
Another aspect that is of relevance for SSMIs is that the 2021 Rules encourage
deployment of technology-based measures, including automated tools or other
mechanisms, which at present appear to be mainly for identifying sexually explicit
content. However, this aspect entails careful consideration of various legal and ethical
issues when being implemented practically.
Achieving a fine balance
At first glance, the 2021 Rules cast a wide net over the various intermediaries and digital
media platforms and seek to achieve several objectives with an intent to regulate the
online space. The significance of intermediaries, and especially SSMIs, in the present day
and age cannot be overstated, as online spaces are a ubiquitous and relevant part of
society. Considering the direct impact intermediaries have on society and polity, a
regulation was in the o#ng. However, the lack of a robust consultation process while
formulating the 2021 Rules has raised cause for concern and criticism with several
challenges being filed[35] against them which are now under judicial scrutiny. The e!ects
of non-compliance have also been made apparent, with clear indications being given to
intermediaries to comply with the 2021 Rules, despite subsisting challenges being
pending.
Many questions however remain. Whether the stated intent of the 2021 Rules to
empower the common user is attainable? Whether due diligence obligations imposed on
intermediaries are practical or enforceable uniformly even across the new classifications?
Whether the penal consequences associated with non-compliance of the 2021 Rules are
commensurate with the o!ences an intermediary may be charged with?
Added to this is the aspect that while the 2021 Rules appear to augment the ability of law
enforcement agencies to access information from intermediaries, whether su#cient
safeguards can be exercised to prevent overreach or abuse.
It also remains to be seen how the Government or its agencies utilise the takedown
provisions or how the grievance redressal mechanisms introduced under the 2021 Rules
are practically implemented. The discourse on regulation of digital media entities is a
separate discussion altogether.
While the 2021 Rules are under challenge before various High Courts,[36] by SSMIs,
independent media and civil society organisations, another important question, that
necessarily falls for consideration is the e!ect the rule will have on user engagement and
online discourse, especially from free speech and privacy perspective, where maintaining
a fine balance is imperative for a democracy.

† Partner, Cyril Amarchand, Mangaldas.

†† Senior Associate, Cyril Amarchand Mangaldas.
††† Associate, Cyril Amarchand Mangaldas.
[1] S. 79 of the IT Act incorporates a safe harbour provision shielding online
intermediaries from liability under various laws, for any unlawful content uploaded by
their users.
[2]
Avnish Bajaj v. State (NCT) of Delhi, 2004 SCC OnLine Del 1160 : (2005) 79 DRJ 576.
[3] S. 2(w), IT Act.
[4] (2015) 5 SCC 1.
[5] R. 2(i), 2021 Rules.
[6] R. 2(w), 2021 Rules.
[7] R. 2(v), 2021 Rules.
[8] Government of India, Ministry of Electronics and Information Technology,
F.No.16(4)/2020-CLES (25-2-2021), <https://images.assettype.com/barandbench/2021-
02/da6bb41f-8289-4148-9b99-308cf1ed21b6/Significant_Social_Media_Intermediary.pdf>.
[9] R. 2(t), 2021 Rules.
[10] R. 2(o), 2021 Rules.
[11] R. 2(u), 2021 Rules.
[12] R. 3, 2021 Rules.
[13] R. 3(2)(b), 2021 Rules.
[14] R. 4, 2021 Rules.
[15] R. 11, 2021 Rules.
[16] R. 12, 2021 Rules.
[17] R. 13, 2021 Rules.
[18] Ss. 69 and 69-A, IT Act.
[19] S. 120-B, IPC.
[20] Ss. 292 and 293, IPC.
[21] S. 295-A, IPC.
[22] S. 499, IPC.
[23] Ss. 406, 408, IPC.
[24] Ss. 415 and 420, IPC.
[25] R. 9(2), 2021, Rules.
[26] Aparna Purohit v. State of U.P., 2021 SCC OnLine All 179.
[27] R. 12(4), 2021, Rules.
[28] Supra note 9 (order dated March 5, 2021).
[29] R. 3(d), 2021 Rules.
[30] “… which is prohibited under any law for the time being in force in relation to the
interest of the sovereignty and integrity of India; security of the State; friendly relations
with foreign States; public order; decency or morality; in relation to contempt of court;
defamation; incitement to an o!ence relating to the above, or any information which is
prohibited under any law for the time being in force.”
[31] X v. Union of India, 2021 SCC OnLine Del 1788.
[32] Id. at para 93; S. 85, IT Act.
[33] R. 3(2), 2021 Rules.
[34] R. 4(2), 2021 Rules.
[35] SDS Infratech (P) Ltd. v. National Faceless Assessment Centre Delhi, WP (C) No. 6272 of
2021 filed on 10-3-2021.
[36] Praveen Arimbrathodiyil v. Union of India, WP (C) No. 9647 of 2021, order dated 9-4-
2021(Ker); Foundation for Independent Indian Journalism v. Union of India, WP (C) No. 3125
of 2021, order dated 28-6-2021.
Tags : intermediary | IT Rules | law

MOST READ

24 hours 7 days All time

Case Briefs High Courts Case Briefs High Courts

Delhi High Court: FEMA Bombay HC denies relief
does not immunize IPC to Symbiosis Law
offences; ₹3,500 Cr School student,
Hawala accused can’t suspended for her
escape criminal charges Instagram post on
‘Operation Sindoor’

Interviews Case Briefs High Courts

In Conversation with ‘Granting relief will
Siddharth Raja on His malign noble profession
Contributions Towards of advocacy’: Delhi HC
Avtar Singh’s Company dismisses anticipatory
Law, 18th Edition, bail plea of an advocate
published by EBC in a road rage case
 Hot Off The Press News Case Briefs High Courts
SCBA Elections 2025 | ‘Ban on manufacturing
SCBA to organise Public plastic of less than 120
Debate for candidates microns’; Meghalaya HC
for the posts of issues set of directions
President & Secretary to prevent use of plastic

News Submissions Article Submissions

    
[email protected] [email protected]
Download SCC Online App for
Android Users/IOS Users

Disclaimer : The content of this Blog are for informational purposes only and for
the reader's personal non-commercial use. The views expressed are not the
personal views of EBC Publishing Pvt. Ltd. and do not constitute legal advice. The
contents are intended, but not guaranteed, to be correct, complete, or up to date.
EBC Publishing Pvt. Ltd. disclaims all liability to any person for any loss or
damage caused by errors or omissions, whether arising from negligence, accident
or any other cause.

© 2025 EBC Publishing Pvt. Ltd. All rights reserved.