The Indian government has recently announced a series of amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. These changes are designed to make the internet an open, safe, trustworthy, and accountable space for the country’s digital citizens or ‘nagriks’. This article will outline the specifics of these amendments, as well as their implications for key IT Rules in 2021.
Key Amendments to IT Rules, 2021
The first set of amendments pertain to new guidelines regarding social media intermediaries. In the past, intermediaries were simply required to inform users about the prohibition on uploading certain categories of harmful or unlawful content. The amendments, however, impose a legal obligation on intermediaries to take reasonable steps to prevent users from uploading such content. This change ensures that the intermediary’s responsibility is not taken lightly.
Moreover, intermediaries are now required to respect the rights guaranteed to users under Articles 14, 19, and 21 of the Indian Constitution. These protections encompass due diligence, privacy, and transparency. The rules and regulations of the intermediary must be communicated effectively, and in multiple regional Indian languages when necessary.
Changes to Rule 3
The next amendment relates to Rule 3, specifically subclause 1 of rule 3 (rule 3(1)(b)(ii)). This section has been modified by removing the terms ‘defamatory’ and ‘libellous’. Instead of these terms, the issue of whether content is defamatory or libellous will now be determined through judicial review.
Some of the content categories in subclause 1 of rule 3 (rule 3(1)(b)) have been rephrased to focus specifically on misinformation, and content that could incite violence between different religious or caste groups.
Establishment of Grievance Appellate Committee(s)
New amendments also provide for the establishment of Grievance Appellate Committee(s). These bodies will allow users to appeal against the inaction, or decisions, of intermediaries on user complaints. Importantly, users will retain the right to approach courts for any remedy.
Main IT Rules, 2021
Under the updated IT Rules (2021), social media platforms are required to exercise greater diligence regarding the content hosted on their platforms. This includes establishing a grievance redressal mechanism and removing unlawful and unsuitable content within stipulated time frames. The platform’s grievance officer will be responsible for receiving and resolving user complaints.
Intermediaries must remove or disable access to any content exposing individuals’ private areas or showing individuals in full or partial nudity or sexual acts within 24 hours of receiving a complaint. Content that impersonates individuals, including morphed images, must also be removed.
Privacy policies of the social media platforms must ensure that users understand not to circulate copyrighted material or defamatory, racially or ethnically objectionable, paedophilic, or threatening content. This includes content that jeopardises the unity, integrity, defense, security, or sovereignty of India, or its friendly relations with foreign states.
Cybersecurity Reporting Requirements
In India, it is legally mandatory for service providers, data centers, and corporate bodies to report cybersecurity incidents. According to section 70B of the Information Technology Act, 2000 (IT Act), the Union Government should by notification appoint an agency named Indian Computer Emergency Response Team (CERTIn) to serve as the national incident response agency. These entities are required to report cybersecurity incidents to CERT-In within a reasonable time frame after the occurrence of the incident.