ASG Analysis: New Rules for India's Internet and their Implications for Businesses
Key Takeaways
-
India’s Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (2021 Guidelines) are likely to fundamentally change several aspects of the country’s internet landscape and consequently, the operating structure of internet companies in India. This regulatory announcement is aimed at widening the scope of the already-established Intermediary Liability Guidelines, 2011 and introduces multiple provisions that would regulate digital news media and over-the-top (OTT) streaming platforms in the country.
-
While the 2021 Guidelines have just been brought into effect, they provide an indication of how the government plans to consider issues relating to data and technology going forward and offer insight into the future of tech regulation in India.
-
The current political and regulatory context – including U.S. elections and the discussions around the mini India-U.S. trade deal, discussions around the Personal Data Protection Bill (PDP Bill), and the government’s recent disagreement with Twitter over content moderation – made the release of these guidelines highly likely and much-anticipated. While the rules were announced without much public consultation, they are expected to be put under intense legal review before they are applied.
-
The rules will impact the operations of internet companies in several ways, including by creating enhanced due diligence requirements for intermediaries, mechanisms for government control of OTT platforms, and a much harsher regulatory environment for digital news media vis-à-vis traditional news media including print, television and other forms of broadcast media.
Key Provisions and Circumstances
-
Background and Scope: On February 25, 2021, Union Ministers Ravi Shankar Prasad (Minister of Electronics and Information Technology) and Prakash Javadekar (Minister of Information and Broadcasting) announced the release of the 2021 Guidelines framed under the provisions of the Information Technology Act, 2000 (IT Act). The 2021 Guidelines replace the Intermediary Liability Guidelines, 2011 (2011 Guidelines).
-
Specific Contours: The 2021 Guidelines not only widen the scope of the 2011 Guidelines but also introduce new provisions aimed at regulating digital news media, over-the-top (OTT) streaming platforms, and intermediaries (including social media platforms).
-
These new provisions include enhanced due diligence requirements (in order for intermediaries to utilise safe harbour protections), and a more robust grievance redressal mechanism for these intermediaries.
-
Large social media intermediaries (those with over 5 million users) are subject to additional due diligence requirements. This is particularly important because previous guidelines did not consider the regulation of digital news media and OTT streaming platforms; the new guidelines introduce a code of ethics and a three-tier user grievance redressal mechanism for such platforms.
-
The 2011 Guidelines did not specify penalties for intermediaries that failed to comply with its provisions; however, the 2021 Guidelines expressly state that intermediaries in non-compliance will lose safe harbor protections and be subject to punishment under law including provisions of the IT Act and the Indian Penal Code, 1860. Imposing criminal liability on intermediaries would make India very much the exception among global jurisdictions.
-
-
Lack of Public Consultation: Contrary to usual government of India practice, the 2021 Guidelines were announced by the government without much public consultation. In 2018, in comparison, the government published draft amendments to the 2011 Guidelines (2018 Draft Amendments) followed by an open house held by the Ministry of Electronics and Information Technology (MeitY) and a window for the submission of comments from the public. This raises questions as to why the new regulations had to be rushed through.
-
Political and Regulatory Environment: Several factors influenced the timing of the release of the new intermediary guidelines:
-
The U.S. presidential elections: The government was keen to hold back the release of the guidelines until the U.S. Presidential Elections were over and a new administration had been sworn in.
-
Discussions on the Personal Data Protection Bill (PDP Bill): The Joint Parliamentary Committee on the PDP Bill had also been examining issues related to intermediaries in their discussions and contemplating prospective amendments to the first draft of the PDP Bill.
-
Political Pressure: There has also been continuing and mounting political pressure from within the ruling party and affiliated groups to take action to rein in foreign platforms, particularly in the light of the recent farmer protests, which turned violent in late January.
-
These three factors, along with the government’s public altercation with social media giant Twitter related to user accounts posting in support of the farmer protests, made the release of the guidelines increasingly likely.
-
Constitutional & Potential Legal Challenges: The release of the 2021 Guidelines has raised important questions over the process of its release and constitutionality:
-
The government under Section 87 of the IT Act has the power to make the rules to “carry out the provisions of the Act.” However, given the wide scope of the 2021 Guidelines – and the fact that its subject matter goes beyond the IT Act (specifically Section 79 with respect to intermediary liability and safe harbour protections) – there are questions as to whether the notification of these guidelines was in fact outside the purview and powers provided to the government under Section 87.
-
Several provisions of the 2021 Guidelines could fall foul of judicial precedent laid down in the landmark Shreya Singhal case, in which the Supreme Court struck down Section 66A of the IT Act on the grounds that it “arbitrarily, excessively and disproportionately invades the right of free speech of citizens.” The Supreme Court found Section 66A to be unconstitutional (in respect to Article 19 on free speech and expression) for its vague and over-broad language, including words such as “active hunting,” “inconvenience,” and “grossly offensive.” The 2021 Guidelines use terms such as “public order,” “any injury,” etc. which courts may see as similarly vague and unclear in scope and definition.
-
There are also questions as to whether the 2021 Guidelines contravene the doctrine of separation of powers given the concentration of powers in the executive branch and limited oversight of those powers.
-
Implications for Companies
- Additional Compliance Requirements for Intermediaries: The 2021 Guidelines impose enhanced compliance requirements on all social media intermediaries (SMIs) – meaning any intermediary that “primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services” – and further require significant social media intermediaries (SSMIs), those that have a user base of more than 5m in India, to appoint resident compliance and grievance officers. These changes will likely increase compliance costs for SSMIs. There is also a requirement to appoint Indian residents as officers and to provide a local physical address in India, which could have tax implications for foreign companies that currently do not have a permanent establishment in India.
Other enhanced compliance requirements for intermediaries include:
-
Assistance to law enforcement: Intermediaries must provide information or assistance to law enforcement within 72 hours of receipt of a request from a relevant government agency.
-
Data retention: Intermediaries must preserve information for 180 days – a particularly long period given that India does not yet have a robust data protection law in place.
- Grievance redressal mechanisms: The 2021 Guidelines establish a more elaborate grievance redressal process than required under the 2011 Guidelines, with shorter timelines to address complaints.
Additional compliance requirements for SSMIs include:
-
Appointment of officers: SSMIs are required to appoint a chief compliance officer who will be responsible and liable for the SSMI’s compliance with the IT Act, a nodal contact person for 24/7 coordination with law enforcement agencies, and a grievance officer. All three positions are required to be held by Indian residents.
-
Voluntary verification of social media users: SSMIs are required to allow users to voluntarily verify their accounts and provide a visible mark identifying verification. The verification mechanism may raise privacy and freedom of speech concerns, along with concerns over misuse, depending on the type of data used by intermediaries to comply with this requirement and given that India does not yet have a robust data protection law.
-
Traceability: SSMIs must enable tracing of the originator (or the first originator of content in India) of information on their platform, if required by a competent court or a competent authority under Section 69A of the IT Act. While the traceability provisions under the 2021 Guidelines are narrower than under the 2018 Amendments, they still raise concerns over their potential to weaken end-to-end encryption.
- Proactive monitoring: SSMIs are now required to “endeavor” to develop and deploy technology-based measures such as automated tools or other mechanisms to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse, or previously removed material.
-
Increased Government Role in Digital News Media and OTT Platforms: The level of formal government intervention in digital news and OTT streaming established by the 2021 Guidelines could have a chilling effect on free speech. Creative freedom on OTT streaming platforms has consistently already been under pressure from ruling party affiliates and often from the government itself.
-
The extent of government involvement in content moderation, an onerous appeals process, required compliance reports, short timelines (such as the requirement for platforms to take decisions on user grievances within 15 days), and risks of censure and removal of content are all likely to promote a regime of self-censorship among creators.
-
The code of ethics for OTT platforms is especially problematic given the vague and open-ended language used – for example, publishers are required to take into consideration India’s multi-racial and multi-religious context and “exercise due caution and discretion” when featuring the activities, beliefs, practices, or views of any racial or religious group.
-
The 2021 Guidelines have extended the government’s blocking powers (over websites, accounts, etc.) under Section 69A of the IT Act to the Ministry of Information and Broadcasting – there are serious concerns over the opaque process, a lack of proper recourse for affected parties, a lack of public record of blocking orders, etc.
-
-
Differential Treatment of Digital and Print News Media: Considering the changes outlined above, while the government’s ostensible objectives for releasing the 2021 Guidelines is to empower users and create a level playing field, the 2021 Guidelines actually create a harsher regulatory environment for digital news media vis-à-vis traditional news media.
Path Ahead
While the 2021 Guidelines have only recently been rolled out, they seem to be – in both spirit and in their process of adoption – an indication of an increasingly hardline and authoritative stance toward freedom of speech and expression, the technology sector in general, and the internet in particular. These patterns are likely to continue into the decision-making processes on other regulations currently under consideration, such as the Personal Data Protection Bill, a framework for Non-Personal Data, and proposed amendments to the IT Act.
About ASG
Albright Stonebridge Group (ASG) is the premier global strategy and commercial diplomacy firm. We help clients understand and successfully navigate the intersection of public, private, and social sectors in international markets. ASG’s worldwide team has served clients in more than 120 countries.
ASG's South Asia Practice has extensive experience helping clients navigate markets across the sub-continent. For questions or to arrange a follow-up conversation please contact Arya Goel.