SUPPORT SFLC.IN
Initial Statement on the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026

Initial Statement on the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026

Posts

The Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 (“Draft Amendments”) were released on 30th March, 2026. The stated purpose of the Draft Amendments is to “strengthen compliance with clarifications, advisories and directions issued by the Ministry under Part II, and to enhance the effectiveness of regulatory oversight of content regulation mechanisms under Part III (Code of Ethics relating to Digital Media) of the IT Rules, 2021.”

 

The Draft Amendments briefly introduce the following changes-

 

  1. Retention Obligations: Rule 3(1)(g) and Rule 3(1)(h) now state that retention obligations under the Rules are without prejudice to retention obligations under any other legislation (such as the Digital Personal Data Protection Act, 2023).
  2. Compliance with Directions issued by the Ministry: A new clause inserted states that intermediaries are to comply with and give effect to any clarification, advisory, order, direction, standard operating procedure, code of practice or guideline issued by the Ministry in relation to Part II of the IT Rules. The standards set are that they must be issued in writing; clearly specify the legal basis under which they are issued; specify the scope, applicability and compliance requirements of the intermediaries to whom it will apply; and be consistent with the provisions of the Act and Rules. Importantly, compliance with the same is stated to form part of the due diligence obligations of the intermediary under section 79 of the Act.
  3. Applicability of Part III to Users: A newly inserted proviso to Rule 8 (1) states that Rules 14, 15, and 16 of the IT Rules will apply  to news and current affairs content hosted by non-publisher users, as well as intermediaries.
  4. Expansion of Scope of Inter-Departmental Committee: In Rule 14(2), the scope of the Inter-Departmental Committee (“IDC”) is expanded to consider “matters” beyond complaints, including those referred by the Ministry. Similarly Rule 14(5) has an expanded scope to consider “matters”, instead of solely complaints and grievances.

 

While the Rules are stated to be “clarificatory and procedural in nature”, the implications are manifold and far-ranging.

 

Implications

 

  • Retention obligations could dilute Data Privacy Rights under DPDPA.

The retention obligations introduced by the Draft Amendments would have an effect on the Right to Erasure introduced under Section 8(7) of the Digital Personal Data Protection Act, 2023. The section states that a Data Fiduciary is to erase personal data, upon the Data Principal withdrawing her consent or as soon as it is reasonable to assume that the specified purpose for which data was collected is no longer being served. The caveat to this is if retention is required by any other law.

Data retention under the present Draft Amendments will mean that the right to erasure under the Digital Personal Data Protection Act, 2023  will be subject to the government mandate to preserve data for at least 180 days after purpose limitation has been served, with the added caveat that the same could be extended further, vitiating the privacy rights of users. While there are provisions for data retention under financial laws for sensitive data to be stored, there is no purpose requirement for data to be stored for longer periods of time by intermediaries.

 

  • Mandatory compliance with clarifications, advisories, SOPs, guidelines etc., is worrisome owing to the lack of democratic processes in their issuance, the lack of any transparency mandate, and their non-binding nature.

The requirement to comply with clarification, advisory, order, direction, standard operating procedure, code of practice or guideline issued by the Ministry is particularly worrisome. The issues that arise out of this requirement are manifold.

 

Rules made under Section 87 of the IT Act, 2000 are to be laid before Parliament, while it is in session, for a total period of thirty days. This is a way to ensure legislative and bipartisan oversight. However, under the current draft Rule 3(4), such legislative rulemaking is delegated entirely to the executive branch of government, with no means of oversight, review, or deliberation. The lack of oversight is compounded when the nature of delegation is in the form of advisories, guidelines, which so far have been issued without legal consequences, carry with them the threat of loss of safe harbour. Advisories such as the one on AI Models, LLMs, and Gen AI would be binding, if passed after the Rules come into force.

 

Another concerning issue is that such policies are inherently opaque, such as the Directions mandating installation of the Sanchar Saathi app on all devices, which were never made public. The potential for obfuscation, reduced transparency, and lack of public participation increases exponentially when delegated legislation devolves into guidelines, code of practices, etc. The simple alternative to this practice is to pass the same under the democratic process of rulemaking, ensuring public participation and transparency, while still advancing policy positions.

 

Additionally, linking the loss of safe harbour to non-compliance comes with the very real threat of over-censorship and a chilling effect on free speech for all users.

 

  • Applicability of Part III to all users publishing news and current affairs content raises concerns  of free speech restriction.

 

The Draft Amendments significantly broaden the scope of the Rules to include not just publishers, defined under Rule 2(1)(t) as “online paper, news portal, news aggregator, news agency and such other entity called by whatever name, which is functionally similar to publishers of news and current affairs content”, but also to intermediaries and users who upload news and current affairs content. These two entities are now subject to the decisions of the IDC under Rule 14, directions issued by the Authorised Officer under Rule 15, and emergency blocking provisions under Rule 16. This is added to the already existing blocking provisions under Section 69A and Section 79(3) read with Rule 3(1)(d). Bringing users under the ambit of the IDC and the provisions of blocking that the MIB wields in addition to the pre-existing methods of blocking is a way to further clamp down on free speech and expression.

 

  • Additional Scope of IDC is concerning owing to pending litigations. 

 

Broadening the scope of the IDC is problematic, especially in light of the multiple challenges to Part III of the IT Rules that are currently pending adjudication. To include not only grievances and complaints, but also the broad ambit of “matters” including user generated news and current affairs content is a way to circumvent such proceedings.

 

Conclusion

 

The Draft Amendments, while framed as clarifying in nature, in practice introduce substantive changes to the regulatory structure: it expands data retention requirements in ways that may dilute the right to erasure, significantly enhances executive authority by considering advisories and guidelines as binding without any corresponding legislative or democratic oversight, and broaden the scope of content regulation to include ordinary users. Collectively, these changes could undermine the right to privacy of users, increase opacity in platform governance, and create a chilling effect on free expression. A more balanced approach would require transparent, democratically accountable rule-making processes, with clear safeguards to prevent overreach and protect fundamental rights.

PrintLinkedIn

Agentic AI: Use Cases, Risks, and Harms

Statement on Opaque and Arbitrary Takedowns of Online Speech

Statement on Opaque and Arbitrary Takedowns of Online Speech

Statement on Internet Shutdowns in Iran