Intermediary Rules 2021
📜

Intermediary Rules 2021

Legislative Context

The Intermediary Rules were framed in exercise of the powers conferred by Sections 87(2)(z) and 87(2)(zg) of the Information Technology Act, 2000. They were notified by the Central Government via G.S.R. 139(E) on 25 February 2021, and have since undergone amendments, most recently updated by G.S.R. 264(E) dated 6 April 2023.
These Rules supersede the earlier Information Technology (Intermediary Guidelines) Rules, 2011, and represent a significant overhaul of the regulatory architecture applicable to intermediaries and digital media entities in India. The stated objectives of the Rules are threefold:
  1. To prescribe due diligence obligations that intermediaries must observe in order to qualify for the legal immunity available under Section 79 of the IT Act;
  1. To promote greater accountability of social media and digital platforms, particularly those with wide reach and influence;
  1. To establish a co-regulatory enforcement mechanism for publishers of news and curated content on online platforms, including digital news media and OTT streaming services, under a newly introduced Code of Ethics.
The Intermediary Rules introduce a layered regulatory approach by classifying intermediaries into distinct categories based on the nature and scale of their operations. Rule 2(l) defines intermediary in alignment with Section 2(1)(w) of the IT Act. It includes entities that store or transmit information on behalf of others or provide services related to such transmission.
Rule 2(v) introduces a special class of intermediaries called Significant Social Media Intermediaries (“SSMIs”). As per Rule 2(v) read with Rule 6, an SSMI is any social media intermediary which has a number of registered users in India above the threshold notified by the Central Government, currently set at 50 Lakh. These intermediaries are subject to additional compliance requirements under Rule 4.

Due Diligence Requirements

The safe harbour protection granted to intermediaries under Section 79 of the IT Act is not absolute — it is conditional upon the intermediary observing due diligence as prescribed by the Central Government. These requirements were significantly expanded by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, notified under Sections 87(2)(z) and 87(2)(zg) of the Act.
The Intermediary Rules apply to all intermediaries, but impose an additional layer of obligations on a class of entities termed Significant Social Media Intermediaries (“SSMIs”) — those providing messaging or social media services with a registered user base in India above a threshold of 5 million. The due diligence obligations under the Intermediary Rules form the basis on which intermediaries retain or lose their immunity under Section 79.

Duties of All Intermediaries

Rule 3 of the Intermediary Rules outlines the baseline duties applicable to all intermediaries, including:
  • Every intermediary must appoint a Grievance Officer and publish their contact details and complaint-handling mechanism on their website or app. Complaints must be acknowledged within 24 hours and resolved within 15 days.
  • Intermediaries must publish clear terms of service that prohibit users from uploading or sharing content that is unlawful, defamatory, obscene, invasive of privacy, or violates intellectual property or other legal rights.
  • Upon receiving a court order or a notification from the government or its agency under Section 79(3)(b), intermediaries must take down unlawful content within 36 hours.
  • Intermediaries are required to retain user data and records of removed content for 180 days after account termination or content takedown.
Failure to comply with any of these duties may result in loss of the legal immunity provided under Section 79.
 

Additional Obligations for SSMIs

For intermediaries classified as SSMIs, the Rules impose enhanced due diligence obligations under Rule 4. These include:
  • Compliance Personnel Based in India – SSMIs must appoint three officers based in India:
      1. Chief Compliance Officer, responsible for ensuring compliance with the IT Act and Rules.
      1. Nodal Contact Person, for coordination with law enforcement.
      1. Resident Grievance Officer, who handles user complaints and publishes periodic compliance reports.
  • Monthly Compliance Reports – SSMIs are required to publish reports disclosing the number of complaints received, actions taken, and content removed proactively.
  • Voluntary User Verification – Platforms must enable users in India to voluntarily verify their identity using appropriate mechanisms (such as mobile numbers). Verified users must be provided with visible identification marks.
  • Automated Content Moderation – SSMIs must deploy automated tools to identify and remove content relating to child sexual abuse material, terrorism, and other content previously flagged as unlawful or harmful.
  • Traceability Requirement for Messaging Services – Messaging-based SSMIs (like WhatsApp, Signal, etc.) must enable identification of the first originator of information upon an order by a court or competent authority under Section 69 of the IT Act. This requirement has been subject to significant legal and technical criticism, especially due to its implications on end-to-end encryption.
 

Legal Controversies and Practical Concerns

The Intermediary Rules have been challenged before various High Courts, with critics arguing that they exceed the delegated powers under the IT Act and impose disproportionate compliance burdens, especially on private messaging platforms. Concerns have also been raised regarding freedom of speechsurveillance risks, and the feasibility of traceability mandates.
Despite these concerns, the Rules remain in effect, and intermediaries must comply with their obligations to retain the safe harbour protections under Section 79. For social media platforms operating at scale in India, this has meant significant restructuring of internal compliance functions and user-facing policies.

Digital Media Ethics and Regulatory Code (For News and OTT Platforms)

The Intermediary Rules introduce a separate framework under Part III to regulate publishers of digital news and online curated content. This part of the Rules is issued under Section 87(2)(zg) of the Information Technology Act, 2000 and is operationalised through oversight by the Ministry of Information and Broadcasting. Its objective is to ensure accountability and responsible content dissemination by publishers who operate entirely in the online space but have, until now, operated outside the scope of formal regulatory oversight.
These provisions apply to two categories of publishers. The first is publishers of news and current affairs content – these are entities that make content available over the internet relating to news, politics, or current events, and are not already regulated by existing print or broadcast codes. The second is publishers of online curated content, which primarily refers to over-the-top (OTT) streaming services offering programmes, web series, or films curated for public consumption. Notably, news aggregators are excluded from the scope of these provisions.
A core feature of this framework is the introduction of a three-tier regulatory mechanism:
  1. At the first level, each publisher is required to establish an internal self-regulatory mechanism. This includes appointing a Grievance Officer, who must be a resident in India and is responsible for receiving complaints and resolving them within a fixed timeframe. The officer must acknowledge the complaint within 24 hours and provide a resolution within 15 days.
  1. If a complainant is dissatisfied with the outcome at the first level, the complaint can be escalated to a second-tier self-regulatory body. Publishers are encouraged to form or be part of such bodies, which are expected to be headed by a retired judge of the Supreme Court or a High Court, or by an eminent person from the media or broadcasting sector. These bodies are tasked with ensuring compliance with the Code of Ethics, issuing advisories, and guiding publishers on standards to be maintained.
  1. The third and final level is the oversight mechanism established by the Central Government. The Ministry of Information and Broadcasting has the power to constitute an Inter-Departmental Committee to examine unresolved complaints, review content for compliance with the Code of Ethics, and recommend appropriate action. In cases where content is found to violate public order, decency, or other grounds under Section 69A of the IT Act, the Ministry may direct blocking of such content, in accordance with the procedure set out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.
The ethical standards themselves are codified in the appendix to the Rules and are binding on publishers. For news publishers, the applicable benchmark is the Norms of Journalistic Conduct published by the Press Council of India. For OTT platforms, the guiding document is the Programme Code under the Cable Television Networks (Regulation) Act, 1995. Additionally, OTT platforms must classify content based on age suitability, provide parental controls, and include content descriptors to enable informed viewing.
While this framework seeks to promote responsible content curation and fair grievance redressal, it has also attracted criticism for the extent of discretion it confers upon the government, particularly through the Inter-Departmental Committee. Questions have been raised about the implications for freedom of expression and editorial independence, especially in light of the possibility of state-directed takedowns. Nonetheless, the rules are now in force and form a central part of India’s evolving regulatory architecture for digital media.