IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified by the Ministry of Electronics and Information Technology (MeitY) on 25 February 2021, superseding the Information Technology (Intermediaries Guidelines) Rules, 2011. Their statutory anchor is the Information Technology Act, 2000, principally Section 79, which grants intermediaries a conditional "safe harbour" immunity from liability for third-party content, and Section 69A, which empowers the government to block public access to information. Section 87(2) supplies the rule-making power. The 2021 framework was issued jointly under the IT Act and, for digital news and curated content, drew on the allocation of business that placed online news publishers and OTT platforms under the Ministry of Information and Broadcasting (MIB) by an amendment to the Government of India (Allocation of Business) Rules in November 2020. The Rules thus split regulatory authority: MeitY administers Part II (intermediaries) while MIB administers Part III (the digital media ethics code).

Part II prescribes due-diligence obligations that an intermediary must observe to retain Section 79 immunity. Every intermediary must publish rules, privacy policies, and user agreements; inform users of prohibited content categories; and remove or disable access to unlawful material within 36 hours of a court order or government notification. Upon receipt of a complaint about non-consensual intimate imagery or morphed content, the intermediary must act within 24 hours. The Rules create a sub-category of Significant Social Media Intermediaries (SSMIs) — platforms exceeding a registered-user threshold set at fifty lakh (five million). SSMIs face heightened duties: appointment of a Chief Compliance Officer (resident in India and personally liable), a Nodal Contact Person for round-the-clock law-enforcement coordination, and a Resident Grievance Officer. They must publish monthly compliance reports detailing complaints received and action taken, and deploy automated tools to identify child sexual abuse material and certain other content.

The most contested mechanic is the traceability mandate in Rule 4(2), which requires an SSMI providing messaging services to enable identification of the "first originator" of information when ordered by a court or a competent authority under Section 69A, in cases concerning sovereignty, security of the state, public order, or related offences carrying imprisonment of five years or more. Part III establishes a three-tier grievance and oversight structure for online news publishers and OTT curated-content providers: Level I is self-regulation by the publisher through a grievance officer; Level II is a self-regulating body headed by a retired judge of the Supreme Court, a High Court, or an independent eminent person; and Level III is an inter-departmental oversight mechanism within MIB, which can issue advisories, warnings, and, in emergencies under Rule 16, direct blocking of content. The Code of Ethics requires OTT platforms to self-classify content into age ratings (U, U/A 7+, 13+, 16+, A) and to deploy access-control mechanisms for adult content.

In contemporary practice the Rules have driven concrete confrontations. WhatsApp filed suit in the Delhi High Court in May 2021 challenging Rule 4(2)'s traceability requirement as a violation of the right to privacy affirmed in Justice K.S. Puttaswamy v. Union of India (2017). Twitter (now X Corp) lost interim safe-harbour protection in mid-2021 amid disputes over compliance officer appointments and government blocking orders, and litigated blocking directions before the Karnataka High Court, which ruled against the company in 2023. In 2022 MeitY notified amendments creating Grievance Appellate Committees (GACs), government-appointed bodies to hear appeals against platform grievance decisions, which became operational in 2023. A further 2023 amendment introduced a controversial Fact Check Unit empowered to flag "fake or false" information about the central government's business; the Bombay High Court struck this provision down in September 2024 after a split-verdict tie-breaker, finding it unconstitutionally vague.

The Rules must be distinguished from adjacent instruments. They are not the Digital Personal Data Protection Act, 2023, which governs the processing of personal data and consent rather than content liability and intermediary conduct. They differ from the proposed Digital India Act, intended to replace the IT Act, 2000 entirely and recalibrate intermediary classifications. They are also distinct from Section 69A blocking orders standing alone, since the Rules layer procedural due-diligence and oversight duties atop the bare blocking power. Unlike the European Union's Digital Services Act, the IT Rules impose individual criminal liability on a named compliance officer and embed a government appellate tier rather than relying solely on independent regulators.

Controversy has centred on three fault lines. Critics, including the Internet Freedom Foundation and the Editors Guild of India, argue that traceability necessarily breaks end-to-end encryption and erodes privacy. The three-tier structure for digital news has been challenged as executive overreach into press freedom; the Madras High Court in 2021 stayed Rule 9(1) and 9(3) insofar as they fastened the Press Council and Cable Network Act norms onto online publishers, and the Bombay High Court issued a parallel stay. The GAC mechanism is criticised for giving the executive appellate authority over speech-moderation decisions. These stays mean significant portions of Part III remain in legal suspension.

For the working practitioner, the IT Rules, 2021 are the operative compliance baseline for any platform, publisher, or streaming service operating in India, and a recurring subject in UPSC General Studies Paper III internal-security and governance questions. Desk officers tracking India's digital sovereignty posture, journalists covering platform-state friction, and policy researchers assessing the encryption debate must read the Rules alongside the pending Digital India Act consultations, the litigation pipeline in the Delhi, Bombay, Madras, and Karnataka High Courts, and the eventual Supreme Court transfer petitions that will determine the framework's constitutional fate.