The Ministry of Electronics and Information Technology is likely to finalise amendments to the Intermediary Liability Rules by the end of July or the beginning of August, multiple industry sources have confirmed to MediaNama. According to some of these sources, the new rules are likely to retain the demand for traceability from platforms (i.e. WhatsApp) by government agencies, and will drop the requirement for proactive monitoring and takedowns. On being contacted by MediaNama, a MEITY official declined to comment.

Called the Intermediaries Guidelines (Amendment) Rules 2018 under the IT Act, 2000, the rules were first put out for public consultation in December 2018. The rules place more responsibility on platforms for what their users do on it, with the presumable aim to make platforms accountable for harmful content online. The rules have received widespread criticism for infringing upon user privacy, being blunt and disproportionate, and encouraging surveillance, among other things. A global coalition of internet businesses, Asia Internet Coalition, had said that the draft rules disregard the principles upheld by its parent IT Act, 2000. Moreover, the demand for traceability meant that platforms like WhatsApp will have to break end-to-end encryption to hand over data to government agencies. Internet Freedom Foundation had pointed out that the rules are in violation of the Supreme Court’s judgment in Shreya Singhal.

The rules have gone through a consultation process which had both comments and counter comments, and came after months of the IT Minister Ravi Shankar Prasad calling on WhatsApp to provide traceability of messages, citing fake news and misinformation as a primary reason for this demand.

Changes proposed in the Intermediary Rules Amendment

The Intermediary Guidelines Rules govern platforms and their behaviour under the IT Act 2000. The proposed amendments by MeitY seek to place larger responsibility on platforms by inserting legal requirements of traceability, proactive monitoring, registration, etc. Here the changes proposed in the amendments put out in December 2018:

  • Traceability, and information within 72 hours: Platforms will have to introduce traceability to find where a piece of information originated, and hand over information or assistance to government bodies within 72 hours, including in matters of security or cybersecurity, and for investigative purposes. [Rule 3(5)]
  • Platforms with over 50 lakh users have to register under the Companies Act, have a physical address in the country, a nodal officer who will cooperate with law enforcement agencies, etc. [Rule 3(7)]
  • Platforms have to pull down unlawful content within a shorter duration of 24 hours from the earlier 36 hours. They also have to keep records of the “unlawful activity” for 180 days – double the period of 90 days in the 2011 rules – as required by the court or government agencies [Rule 3(8)]
  • Platforms have to deploy tools to proactively identify, remove and disable public access to unlawful information or content. [Rule 3(9)]
  • The new rules insert a monthly requirement on platforms to inform users of the platforms’ right to terminate usage rights and to remove non-compliant information at their own discretion. [Rule 3(4)]