The Ministry of IT and Electronics (MeitY) released a set of proposed changes to the rules which operationalize the IT Act, last week. These rules govern how intermediaries are to behave under Section 79.

The existing rules provide safe harbour to these platforms for content published by users on their platforms. Under the current law, intermediaries have to comply with legal government requests to pull down unlawful content and provide information on users.

In December 2018, a MeitY official discussed the 5-page draft rules with the Cyber Law Division and representatives from ShareChat, Google, Facebook, WhatsApp, Amazon, Yahoo, Twitter, SEBI and Internet Service Providers Association of India (ISPAl), reported the Indian Express.

The government had given the platforms until January 7 to respond. However, soon after the Indian Express reported the development, it made the proposed changes public and invited public comments by January 15. Note that the previous IT Rules, passed in March 2011 were also drafted with public consultation.

What are the major proposed amendments?

  • Traceability, and information within 72 hours: The new rules require platforms to introduce traceability to find where a piece of information originated. For this, platforms may have to break end-to-end encryption. The rules require the intermediary to hand over information or assistance to government bodies in 72 hours, including in matters of security or cybersecurity, and for investigative purposes. [Rule 3(5)]
  • Platforms are required to be registered under the Companies Act, have a physical address in the country, have a nodal officer who will cooperate with law enforcement agencies, etc. [Rule 3(7)]
  • Platforms have to pull down unlawful content within a shorter duration of 24 hours from the earlier 36 hours. They also have to keep records of the “unlawful activity” for 180 days – double the period of 90 days in the 2011 rules – as required by the court or government agencies [Rule 3(8)]
  • Platforms have to deploy tools to proactively identify, remove and disable public access to unlawful information or content. [Rule 3(9)]
  • The new rules insert a monthly requirement on platforms to inform users of the platforms’ right to terminate usage rights and to remove non-compliant information at their own discretion. [Rule 3(4)]

Read the 5-page draft of the proposed rule changes (pdf).

Comments to MeitY can be submitted by January 15, 2019 here: Gccyberlaw[at]meity[dot]gov[dot]in / Pkumar[at]meity[dot]gov[dot]in / dhawal[at]gov[dot]in