Compliance of an intermediary with information technology rules (guidelines for intermediaries and code of ethics for digital media), 2021

That the Ministry of Electronics and Information Technology in 2021 notified the new Information Technology Rules (Guidelines for Intermediaries and Digital Media Code of Ethics), 20211 (“Intermediate Rules” ) under section 87 of the Information Technology Act 2000 (“IT Act”) and replacing the Information Technology (Intermediary Guidelines) Rules 2011.

Pursuant to Section 2(1)(w) of the Information Technology Act, an “intermediary”, in relation to any particular electronic record, means any person who, on behalf of another person, receives, stores or transmits this record or provides any service with respect to this record and includes telecommunications service providers, network service providers, internet service providers, web hosting service providers, search engines search sites, online payment sites, online auction sites, online marketplaces and internet cafes.

Pursuant to Rule 2(1)(w) of the Intermediary Rules, a “social media intermediary” means an intermediary who primarily or solely enables an online interaction between two or more users and enables them to create, upload, share , distribute, modify or access information using its services.

According to the rules of intermediaries, a social media intermediary having a number of registered users in India above the threshold notified by the central government should be considered as a significant social media intermediary. In this notification dated February 25, 2021, the central government hereby specifies fifty lakh registered users in India as the threshold for a social media intermediary to be considered a significant social media intermediary2.


Under Rule 3 of the Intermediary Rules, an intermediary is required to comply with the following requirements imposed on an intermediary in India:

1.1. Publish on its website, mobile application or both, as the case may be,

  • rules and regulations,
  • privacy policy, and
  • User Agreement

for access or use of its computer resource by any person.

1.2.The rules and regulations, the privacy policy or the user agreement of the intermediary must inform the user of his computing resource

  • not to host, display, upload, modify, publish, transmit, store, update or share any information that,—
  • belongs to another person and over which the user has no rights;
  • is defamatory, obscene, pornographic, child molesting, invasive of another’s privacy, including bodily intimacy, insulting or harassing on the basis of gender, libelous, racially or ethnically objectionable, related or
  • encouraging money laundering or gambling, or otherwise inconsistent with or contrary to applicable law;
  • is harmful to the child;
  • infringes any patent, trademark, copyright or other proprietary rights;
  • violates any currently applicable law;
  • deceives or misleads the recipient as to the origin of the message or knowingly and intentionally communicates any information which is manifestly false or misleading in nature but which can reasonably be perceived as fact;
  • impersonates another person;
  • threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states or public order, or causes incitement to commit any recognizable offense or impedes investigating an offense against or insulting another nation;
  • contains a software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource;
  • is patently untrue and untrue, and is written or published in any form, with the intent to mislead or harass any person, entity or agency for profit or to cause injury to anyone;

1.3.Periodically informs its users, at least once a year, that in the event of non-compliance with the rules and regulations, the privacy policy or the user agreement for the access or use of the computer resource of this intermediary, he has the right to terminate the users’ right of access or use of the computer resource immediately or delete the non-compliant information or both, as the case may be.

1.4.An intermediary, on whose computer resource the information is stored, hosted or published, after receiving actual notice in the form of an order from a court of competent jurisdiction or after being notified by the appropriate government or its agency in under clause (b) of subsection (3) of section 79 of the Act, may not

  • host, store or publish any illicit information,
    • which is prohibited by any law now in force with respect to
      • the interests of India’s sovereignty and integrity;
      • state security;  friendly relations with foreign states;
      • public order;
      • decency or morality;
      • contempt of court;
      • defamation;
      • incitement to an offense relating to the foregoing, or
      • any information prohibited by applicable law,


  • will remove or disable access to such information, as soon as possible, but in no event later than thirty-six hours from receipt of the court order or notification by the appropriate government or its agency.

1.5.Shall periodically, and at least once a year, notify its users of its rules and regulations, privacy policy or user agreement or any changes to the rules and regulations, privacy policy or its user agreement.

1.6. Any information that has been deleted or access to which has been disabled, the intermediary shall, without vitiating the evidence in any way, retain such information and associated records for one hundred and eighty days for investigative purposes. , or for a longer period may be required by the court or by legally authorized government agencies.

1.7.When an intermediary collects information from a user for registration on the computer resource, he retains his information for a period of one hundred and eighty days after any cancellation or withdrawal of his registration.

1.8. The Intermediary shall, as soon as practicable, but no later than seventy-two hours after receipt of an order, provide information in its control or possession or assistance to the lawfully authorized government agency to investigative or protection or cybersecurity purposes. activities, for identity verification purposes, or for the prevention, detection, investigation, or prosecution of violations of any law currently in force, or for cybersecurity incidents.

1.9.The Intermediary shall not knowingly deploy, install or modify the technical configuration of the Computing Resource or become a party to any act which may change or has the potential to change the normal course of operation of the Computing Resource than it is supposed to perform, thus circumventing any law currently in force.

1.10. The intermediary must report cyber security incidents and share related information with India’s Computer Emergency Response Team in accordance with the policies and procedures mentioned in the Information Technology Rules 20133 (the team India’s computer emergency response system and how to perform functions and duties).

1.11. The intermediary shall prominently publish on its website, mobile application, or both, as applicable, the name of the Complaints Officer and contact information and the mechanism by which a user or victim may file a complaint of violation of the provisions. this Rule or any other matter relating to the computing resources made available by it, and the Grievance Officer shall

(i) acknowledge receipt of the complaint within twenty-four hours and resolve such complaint within fifteen days from the date of receipt;

(ii) receive and acknowledge receipt of any order, notice or direction issued by the appropriate government, any competent authority or a competent court.

1.12. The intermediary must, within twenty-four hours from the receipt of a complaint formulated by an individual or any person acting on its behalf, concerning any content having prima facie the nature of a material exposing the private space of that individual, shows that person in full or partial nudity or shows or depicts that person in any sexual act or conduct, or is of the nature of impersonation in any electronic form, including artificially altered images of that person, take all reasonable and practicable steps to remove or disable access to such content that is hosted, stored, published or transmitted by that person. The intermediary will put in place a mechanism for receiving the aforementioned complaints which may allow the individual or person to provide details, if necessary, in relation to this content or this communication link.


In the event that an intermediary qualifies as a social media intermediary as defined in the Intermediate Rules and has more than 50 lakh users, then such intermediary must comply with the additional compliances provided for in Rule 4 of the Intermediate Rules.


In addition to the above compliances, a news and current affairs content intermediary shall post, at an appropriate place on its website, mobile application or both, as applicable, a clear and concise statement informing publishers of news and news content that in addition to the terms of use common to all users, these publishers must provide the details of their user accounts on the services of this intermediary to the ministry on the details of its entity by providing information with the documents that may be specified, with the aim of enabling communication and coordination within thirty days and will publish a periodic compliance report each month mentioning the details of the complaints received and the follow-up given to those -this.


Pursuant to Rule 2(1)(i) of the Intermediate Rules, “digital medium” means digitized content that may be transmitted over the Internet or computer networks and includes content received, stored, transmitted, edited or processed by-

(i) an intermediary; or

(ii) a news and current affairs content publisher or online curated content publisher;

Under Part III of the Intermediate Rules, additional rules have been developed specifically for publishers of news and current affairs content and publishers of online curated content and these entities will be administered by the Department of Information and Indian Government Broadcasting.


Where an intermediary fails to comply with these rules, the provisions of subsection (1) of Article 79 of the Computer Law (safe harbor immunity for the intermediary) do not apply to such intermediary and the intermediary is liable to penalties under any law. currently in force, including the provisions of the Computer Act and the Indian Penal Code of 1860.

About Dora Kohler

Check Also

Asustor Lockerstor 4 Gen 2 (AS6704T) Short Review

When we reviewed Asustor’s two-bay Lockerstor 2 Gen 2 AS6702T earlier this year, we gave …