On November 1st, 2021, the Ministry of Electronics and Information Technology (“MEITY”) released a set of Frequently Asked Questions (“FAQs”) on the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Rules“). We had previously provided an overview of these Rules here.
The FAQs are restricted to Part II of the Rules which seek to define the obligations considered as “due diligence” expected from intermediaries for them to avail of the “safe harbour” under Section 79 of the Information Technology Act of 2000. This Part also imposes additional requirements on entities qualifying as significant “social media intermediaries” (“SMIs“).
Some key highlights of the FAQs are as follows:
- They try to narrow the definition of an SMI by discussing some indicative features to clarify the phrase “enables online interaction”. These features include enabling users to: (i) engage in socialising or social networking (ii) increase their reach and following (iii) interact with unknown persons (iv) make content go viral by sharing.
- They also clarify that intermediaries will not be treated as an SMI if their primary purpose to enable commercial or B2B transactions, provide internet access or provide specific services, such as “search engine services, search-engine services, e-mail service or online storage service, etc.“. This is not an exhaustive list.
- They attempt to clarify expectations in relation to takedown requests from an appropriate government/approved agency by stating that these should contain: (i) the platform-specific identified URL(s) (ii) the law being administered by that government body and the specific legal clause being violated (iii) justification and evidence and (iv) other relevant information (e.g., time stamps for videos).
- They attempt to circumscribe the kinds of data to be retained by intermediaries about users at the time of account registration by stating that this should cover “mainly the location, time and date stamp of the user to understand when and where the account was created“.
- They clarify that, while significant SMIs cannot appoint the same person to serve as the Chief Compliance Officer and the nodal contact person, they can appoint the same person to concurrently be the latter and the Resident Grievance Officer (“RGO“). Further, a parent SSMI can have the same set of officers across products and services.
- They also clarify which content-related actions taken by a significant SMI when “acting on its own accord” need to be notified to users under rule 4(8). These are: taking down content that is prohibited under any law and (ii) taking down content in accordance with their grievance redressal mechanism on the advice of their RGO.
- They clarify that MEITY can only call for additional information from SSMIs that pertains to their grievance redressal mechanism or what the Miinistry can seek under the IT Act for implementing Part II of these Rules and that this would typically exclude “any commercially sensitive, trade secret or otherwise confidential information”.
Notably, the FAQs are also intended to be an “evolving” document. This suggests that they may be updated from time to time as and when issues with the implementation and interpretation of the Intermediary Rules 2021 arise. This is a generally practical and flexible approach and allows for guidance on the Rules to be updated as and when needed.
However, as MEITY also clarifies on Page 1, the FAQs are not a binding legal document. They cannot prevail over or go beyond what is in the Rules and cannot be used to restrict or modify the application of the letter of law in those Rules. This is necessary to remember when considering reliance on the FAQs.
NASSCOM has been engaging with MEITY on different aspects of the Intermediary Rules 2021 since they were notified in February 2021. One concern raised in these engagements is the need for MEITY to release a Standard Operating Procedure (SOP) to clarify how authorised agencies may be appointed by Appropriate Governments under Rule 3(1)(d).
MEITY has now indicated that such a SOP is currently being developed (see here) and is likely to be released soon. We are following these developments closely and will keep issuing updates as and when necessary. Should you have any questions in relation to the FAQs or NASSCOM’s engagement on issues pertaining to these Rules, please reach out to firstname.lastname@example.org or email@example.com.