India’s Intermediary Guidelines and Digital Media Ethics Code 2021

Research support: Ritwik Tandon

Ready or not – Here it is!

India, in a state of virile potential in the digital sphere has rolled it’s code to regulate Digital Media disseminated through intermediaries, OTTs and curated content. The Indian Government recognises this virility and it’s own precarious over exposure, both political and commercial on this front. It has proposed an aggressive and somewhat stringent guidelines through Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. 

On the up side, some clever moves, by making appointment of grievance and compliance officers from India, foreign companies (as defined in the Companies Act) will have to set shop in India.  All of digital media under one net with accountability on intermediaries of broad classification. Shooting for 100% compliance.

On the flip though, the Code is skewed to control with room for bureaucracy and mechanism which may suffer failure due to the time frames it has to meet and the extent to which it has reach for implementation and success. As compared to western counterparts, India’s dispute resolution and legal framework suffer under lax and political pressures.   

It can be a viable and beneficial approach in mature economies, but in economies prone to political and financial instability it can breed inefficiencies and contribute to confusion.

Legal dilemma on implementation of the Code,

– raises conflict around encryption commitment based on the obligation on intermediaries to reveal the originator of a violation. Also, the Internet Freedom Federation (IFF) believe that the requirement of traceability will break end-to-end encryption. IFF purports involving technical experts in an open consultative process, in absence of data protection law or surveillance reform, “traceability” could backfire.

– The benefits of Safe Harbour do not seem kosher anymore with compelling Due Diligence obligations, which if failed the safe harbour status will not hold.

– The complaint – redressal and appeal mechanism seem extremely arduous and bureaucratic for successful implementation. The timelines will definitely be either hard to meet or result in summary dismissal.

– expect significant disagreement from News companies and opaque interpretation in digital advertising terms and tools.

What follows in the subsequent pages is an attempt to simply the Code for you.

---

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (Code), introduced u/s 87 (2) of the Information Technology Act, 2000 (IT Act). Significantly different from the proposed earlier Information Technology (Intermediary Guidelines) Rules 2011.

The Code aims at regulating social media platform through intermediaries* as defined under the IT Act, digital media and OTT platforms under it.

*Section 2(w)- intermediaries as intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes Telecom service providers, network service providers, internet service providers, web hosting service providers, online payment sites, online auction sites, online market places and cyber cafes.

The Code comes at a time when globally, Facebook, Google, WhatsApp, Twitter and YouTube are facing challenging times. GoI is facing it’s own challenges in regulating content available on OTT channels and faces the problem of fake news and controlling the spread of such news.

What is the coverage and regulating mechanism under the Code?

The Code is built on principles of accountability by way of due diligence, self-regulation, classification, oversight and redressal.

High degree of accountability on “intermediaries” which as per the definition in the IT Act is a catch all and include websites, apps and portals of social media networks, media sharing websites, blogs, online discussion forums and other such functionally similar intermediaries. In addition, the Code has overarched to digital news, curated content and OTT content.

The Safe Harbour legal liability protection has been reduced by emphasising self-regulation, reporting and grievance redressal obligations. Safe harbour protections are contained in Section 79 of the IT Act.

For e.g. Internet Service Providers (ISPs) are not legally liable if their subscribers use the internet for unlawful acts, Cloud Service Providers (CSPs) are not legally liable if people store illegal data on their server, e-commerce platforms are not liable if people sell spurious goods and social media platforms are not liable for defamatory content people post.

However, the Code places a Due Diligence obligation in the context of the users and make it obligatory for the Intermediaries to comply with access denial and removing of content in violation of the Code.

Who are proposed to be regulated?

• Social Media Intermediaries, Significant Social Media Intermediaries;
• Digital Media including OTT (publishers of online content);
• News and Current Affairs Curated Content.

The definition of Digital Media is vast and expansive and covers almost everything that is happening on the internet.

What do Intermediaries need to do?

Broad obligations on the intermediaries is to-

• place declarations as due diligence protocols to forewarn users not to violate the Code;
• Self-declarations;
• time bound removal and access denial to violators;
• co-operate with tracing origin and with investigations;
• set up and be part of self-regulatory bodies;
• subscribe to classification based on parameters of age and themes;
• appoint grievance and compliance officers and set up time bound redressal mechanism.

‘Intermediary’ is divided into ‘Significant Social medial Intermediary’ and ‘Social media intermediary’. The introduction of “significant” is based on number of users (fifty lakh registered) on the social media platform of a particular intermediary and as offered by the Meity in it’s notification dated February 25, 2021.

S.O. 942(E).—In exercise of power conferred by clause (v) of sub-rule (1) of rule 2 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Central Government hereby specifies fifty lakh registered users in India as the threshold for a social media Intermediary to be considered a significant social media intermediary.

What does News and Current Affairs curated Content include and mean?

Significant publisher, a concept which includes a publisher if publishes news and current affairs content as a systematic business, operates in India, has 5,00,000 subscribers and 50,00,000 followers on any significant social media intermediary) of news and current affairs have to notify the Broadcast Seva* in India.

*Broadcast Seva- online portal of the Ministry as per Rule 16 of the Code for receiving, processing and transmitting applications and communications received therein, for enabling communication and co-ordination with applicants, Government organisations and other persons, and capable of generating analytics and other such information with regard to various parameters.

Advertisement related to online curated content and News and Current Affairs content has to adhere to Consumer Protection Act, 2019 and the Advertising Codes under Cable Television Networks (Regulation) Act, 1995 and the codes of Advertising Standard Council of India.

What do the Digital Media* and OTT content platforms need to do?

The OTT platforms, referred to as the publishers of online curated content in the Code, have to self-classify their content into five, age based categories-

• U (Universal),
• U/A 7+,
• U/A 13+,
• U/A 16+, and
• A (Adult).

Content classification for these 5 categories is based on themes and messages; violence; nudity; sex; language; drug and substance abuse; and Horror. Parental locks, access control mechanisms, age verification mechanism for viewership will have to be made available to users.

Publishers of news on digital media* will be required to observe norms of journalistic conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act. The GoI claims this is for the purposes of level playing field between the offline (Print, TV) and digital media and eliminating potential disparity.

Industry players are of a different view on this and believe this to be over regulation in an over-arching manner.

*In the Code, (Rule 2(k)) Digital Media- means digitised content that can be transmitted over the internet or computer networks and for the purposes of these rules includes content received, stored or transmitted by, an intermediary or a publisher of news and current affairs content or online curated content.

What are the kinds of information/ content the Code proposes to regulate?

The definition of Digital Media clarifies that the Code intends to regulate all information in the internet.

The kind of Content which is proposed to be monitored under the Code include-

• Impacting Sovereignty and integrity of India;
• Threatening, endangering and jeopardising security of State;
• Detrimental to India’s friendly relations with foreign countries.

What does Due Diligence by Intermediaries, Significant Social Media Intermediaries, mean?

The due diligence requirement circles back to Section 79(2)(c) of the IT Act, intermediary needs to observe due diligence prescribed by the Central Government in discharging his duties. Failure to follow these will cause the Intermediaries to lose the Safe Harbour positions.

Intermediaries Due Diligence, includes-

1. Prominent publication on website, apps the rules, privacy policy and user agreement for access or usage of its computer, publishing name and contact details of Grievance Officer, mechanism of making complaint and a self-declaration that the concerned intermediary confirms to the Code;
2. Through these publications on the site, the intermediary is expected to inform user not to host, display, upload, modify, publish, transmit, store, update or share any information-
3. Belongs to another person and the user does not have a right to;
4. Is defamatory, obscene, pornographic, paedophilic, invasive of other’s privacy/ bodily privacy, insulting / harassing on the basis of gender, libellous, racially or ethnically objectionable, encouraging money laundering or gambling or inconsistent with laws of India;
5. Harmful to minors;
6. Infringes intellectual property rights;
7. Violates any law in force;
8. Deceives or misleads about the address or the origin of the message;
9. Impersonates a person;
10. Threatens unity, integrity, sovereignty of India, relations with neighbouring state, public order, incite cognizable offence, prevents investigation;
11. Contains software virus or a computer code meant to destroy functionality of computer resource;
12. False and untrue and is written or published to mislead, harass for financial gain or injury.
13. Once a year inform the users that failure to comply with these can result in stopping of access and removal of the content.
14. In event of a court order, the intermediary will have to remove or disable access within 36 hrs.
15. Additionally, intermediaries can voluntarily also disable access;
16. Information collected in any manner will have to be retained for 180 days even if any user withdraws registration;
17. Information received will be covered under security practices contained in Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011;
18. For an investigation, information will be provided to government within 72 hrs. against a written order;
19. Grievance Officer has to acknowledge a complaint within 3 days and resolve the same within a month, receive and acknowledge any order, notice or direction from the government;
20. Report cyber security incidents as per procedures of Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013;
21. For sexual and related images and transmission within 24 hrs remove and disable access;

Significant Social Media Intermediary Due Diligence include:

1. In addition to the above, additionally appoint a Chief Compliance Officer (employee of the intermediary, residing in India and holding Indian passport) to confirm compliance with the Act. Such Chief Compliance Officer is meant to be liable for proceedings relating to relevant third-party information, data or communication link hosted by the particular intermediary where the duties were not discharged;
2. Appoint a nodal officer (other than the compliance officer, employee of the intermediary, residing in India, holder of Indian passport) contact for 24×7 co-ordination with law enforcement and confirming compliance of orders;
3. Appoint resident Grievance Officer (employee of the intermediary, residing in India and holding Indian passport) for complaints under the Code;
4. Publish compliance report every 6 months with details of complaints received and action taken and specific disablement performed as a part of proactive measure;  
5. For services of messaging, enable identification of the first originator of message as required under a court order or section 69 of the IT Act as per Information Technology (Procedures and Safeguards Interception, Monitoring and Decryption of Information) Rules, 2009;
6. Clear identifiability of advertisement, sponsored, sales directed content;
7. Will have to provide a physical contact address in India;
8. Complainants should have the facility of tracking the status of a complaint on a ticket system and also provide reasons for action taken or not taken in respect of the complaint;
9. Self-verification of account;
10. Intimation of disabling an account will precede such disablement along with reasons, give the user opportunity to dispute the action and Resident Grievance Officer will have to maintain a reasonable oversight of the same and display a notice of this action taken;  

Who are the stakeholders of Digital and Online Media and Curated Content?

The category includes:

• Publishers of News and Current Affairs;
• Intermediaries transmitting news and current affairs;
• Intermediaries enabling transmission of news and current affairs;
• Publishers of online curated content;
• Intermediaries enabling transmission of online curated content.

The categories are linked to “systematic activity” and  “physical presence within the territory of India”. These are for section 69A(2) of the IT Act and Information Technology (Procedure and Safeguards for Blocking of Access of Information by the Public) Rules, 2009.

How will self-regulation be used to regulated the OTT?

For Adherence and observance for Digital and Online Media guidelines, a 3 tier structure of regulation and redressal is proposed-

Level I- Self Regulation

• Establish a Grievance Redressal mechanism and appoint Grievance Redressal Officer (GRO) based in India;
• prominently display these details on the Grievance portal and on the website;
• ensure Grievance Officer takes a decision within 15 days of a complaint.
• For complaints received outside of the Grievance Portal then the GRO has to register the complaint on the Grievance Portal within 48 hrs.,
• be a member of the self-regulating body.
• The GRO is also a nodal point for complainant, self-regulating body and ministry.
• Online curated content has to be classified in the categories provided in the Schedule to the Code;
• obtain a relevant certificate, display the certificate and descriptors of such classification to ensure users are aware of the classification before accessing the content;

Level II- Self Regulation by the Self Regulating Bodies

• Independent body constituted by the entities and more than one body can be constituted.
• Headed by a retired judge of SC or a HC appointed from the panel prepared by the Ministry with 6 other expert members from media, entertainment, broadcasting and technology.
• Register with the Grievance Portal.
• Oversee and ensure adherence with the Code.
• Provide guidance on the Code, address grievances not resolved within 15 days, hear appeals, issue guidances to ensure compliance with the Code and register such guidances with Grievance Portal within 24 hrs.
• Empowered with issuing warning, censuring, admonishing or reprimanding, requiring an apology, require including a warning card or disclaimer, re-classify rating, modify content descriptor, age classification, access control, edit synopsis;
• Refer matter to Oversight Mechanism,
• failure to comply with the advisory of the self-regulating body will empower it to refer the matter to the Oversight Mechanism within 15 days of expiry of the date;

Level III- Oversight mechanism by central government.

• Ministry co-ordinates through Oversight Mechanism,
• publish a charter with Code of Practices for self-regulating bodies, develop Grievance Portal for prompt disposal,
• set up Inter Departmental Committee* for taking up grievances,
• refer to Inter Departmental Committee grievances from the decisions of self-regulating body or other complaints relating to violation,
• issue guidances based on recommendation of the committee for adhering to the Code.
• Ministry can appoint officer not below the rank of Joint Secretary as Authorised Officer for blocking access for public to any information as per section 69A of the IT Act.

*Inter Departmental Committee shall be formed with representatives of I&B Ministry, Women and Child Development, Law & Justice, Home Affairs, Meit, External Affairs, Defence, Indian Computer Emergency Response Team and any other ministries.

What is the Grievance Mechanism under the Code?

• Establishment of a Grievance Portal by the Ministry as a repository of receipt and processing of grievance from public.
• A registered complaint will have to be responded to within 24 hrs.
• Grievance redressal has to be within 15 days of registering a complaint,
• if response is not communicated within 15 days then it will be escalated to the self-regulating level,
• if complainant is not satisfied with the outcome of the grievance then the same can be appealed within 15 days of the resolution to the self-regulating body.
• The self-regulating body has to address and communicate this within 15 days of receiving such.
• If the complainant is not satisfied with this outcome then it can appeal within 15 days to Oversight Mechanism on the Grievance Portal.

The Intermediary Ethics Code, 2021 overview is only for information purposes. Nothing contained herein is, purports to be, or is intended as legal advice and you should seek legal advice before you act on any information or view expressed herein.
Endeavoured to accurately reflect the subject matter of this alert, without any representation or warranty, express or implied, in any manner whatsoever in connection with the contents of this. This isn’t an attempt to solicit business in any manner.