1. Introduction
Intermediary liability in India is governed by section 79 of the Information Technology Act (“IT Act”).This section provides safe harbour protection to intermediaries for third-party information, subject to compliance with due diligence obligations under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Intermediary Rules”), particularly Part II, which governs intermediary conduct. On March 30, 2026, the Ministry of Electronics and Information Technology (“MeitY”) released draft amendments for public consultation. These seek to expand regulatory oversight over intermediaries. In particular, the amendments propose to recognise guidelines issued by MeitY as binding due diligence obligations and expand the regulatory ambit of Ministry of Information and Broadcasting (“MIB”) to intermediaries, including news and current affairs hosted by ordinary users. The amendments blur the distinction between intermediaries and publishers by extending elements of a publisher-focused regulatory framework to intermediaries and to user-generated news and current affairs content. Additionally, on April 21, 2026, MeitY issued a notice introducing additional due diligence obligations for intermediaries in relation to synthetically generated information.
This newsletter examines the proposed amendments and assesses their potential implications on intermediaries.
2. Proposed Amendments to the IT Intermediary Rules
The IT Intermediary Rules contain 19 provisions in six chapters divided into three parts. Additionally, there is a Code of Ethics in the appendix and a classification of curated content in a schedule. The IT Act distinguishes between intermediaries, users and publishers, where intermediaries provide access to platforms, users create or transmit content, and publishers exercise editorial control over curated or news content. This distinction determines the allocation of regulatory obligations and forms the basis of the current regulatory framework, which treats intermediaries and publishers differently.
2.1 Data Retention Obligations: Rule 3(1)(g) requires intermediaries to preserve information and associated records for 180 days, or longer if required by a court or government authority for investigation. This obligation arises where content is removed, or access is disabled following a breach of platform policies, identification of unlawful content or on receipt of a grievance. The proposed amendment clarifies that this 180-day period operates only as a minimum threshold and does not override longer retention obligations under the IT Act or other applicable laws.
Rule 3(1)(h) requires intermediaries to retain information relating to user registration for 180 days after the cancellation or withdrawal of such registration. The amendment clarifies that this timeline does not override longer retention obligations under the IT Act or other applicable laws. In practice, these obligations may operate together. Where an account is removed and the associated information is also relevant to an investigation, the retention periods may run concurrently from different starting points. This can result in overlapping timelines, requiring retention beyond a single 180-day period based on multiple triggers.
2.2 Due Diligence in relation to synthetically generated information: Rule 3(3)(a)(i) states that intermediaries are required to deploy appropriate technical measures to prevent the creation, generation or modification of synthetically generated information that contains child sexual exploitative material, relates to the preparation of explosive material, results in the creation of a false electronic record and falsely depicts a natural person or real-world event. Rule 3(3)(a)(ii) mandates that synthetically generated information that is not covered under 3(3)(a)(i) must be clearly and prominently labelled and embedded with permanent metadata or technical provenance mechanisms, to the extent technically feasible, including a unique identifier. For instance, an AI-generated video explaining basic mathematics concepts would have to carry appropriate labelling indicating its synthetic origin.
The proposed amendment enhances an intermediary’s obligation by mandating that labels are continuously and clearly visible throughout the duration of visual media content. This marks a shift from static or point-in-time disclosures to persistent labelling such that a one-time label, caption, or description is unlikely to suffice. In practice, this elevates labelling from a compliance formality to a design requirement, necessitating integration directly into the visual layer of the content. For example, this can happen through overlays or watermarks. The requirement also reflects a regulatory focus on mitigating risks of deception, particularly when content is consumed in fragments, reshared, or encountered outside its original context. By mandating continuous visibility, the amendment seeks to ensure that users are continuously aware of the synthetic nature of content, thereby reducing the likelihood of misinterpretation or misuse.
2.3 Compliance with Clarifications, Advisories and Directions issued by the Ministry:Section 79 of the IT Act provides that an intermediary shall not be liable for any third-party information hosted on its platform when it does not initiate or modify the information contained in the transmission. This protection is available solely when the intermediary fulfils its due‑diligence obligations under the IT Act and adheres to the guidelines prescribed by the Central Government. Rule 3 of the IT Intermediary Rules and section 79 together give effect to these due diligence obligations, requiring intermediaries to publish their privacy policy, establish grievance redressal mechanisms and comply with specific content-related obligations for synthetically generated information.
The amendment deems all written MeitY Guidelines[1] – citing legal authority and specifying the relevant intermediary class – to form part of an intermediary’s due‑diligence obligations. Failure to comply with these Guidelines can strip an intermediary of section 79 protection, thereby converting advisory documents into enforceable obligations. This requires intermediaries to treat all regulatory communications as binding for compliance purpose, regardless of their earlier non‑binding character.
2.4 Inclusion of Intermediaries: Originally, rule 8 of Part III of the IT Intermediary Rules applied to “publishers of online curated content and publishers of news and current affairs content” and was administered by the MIB. Part III was extended to intermediaries only for the purpose of issuance of directions to delete, modify or block information and emergency blocking requiring immediate takedown. The amendments now widen the framework to include intermediaries and user‑generated news and current‑affairs content, placing both under the Inter‑Departmental Committee’s (“IDC”) oversight.
The change effectively subjects intermediaries to MIB’s regulatory jurisdiction for such content. It reflects a structural reorientation in which publisher‑focused oversight mechanisms are now being extended to non‑publisher entities. The expansion significantly recalibrates the compliance landscape for intermediaries. User‑provided content that constitutes news or current affairs may now attract regulatory scrutiny under the applicable rules. This may compel intermediaries to adopt more active content‑management practices, including structured systems for classification, assessment, and escalation.
2.5 Inter-Departmental Committee: Part III of IT Intermediary Rules establishes a three-tier grievance redressal framework for digital media content.
- At Level I, publishers appoint a grievance officer to address complaints.
- At Level II, self-regulatory bodies review unresolved grievances.
- At Level III, MIB exercises oversight, including through the IDC.
The IDC functioned as an appellate body, examining violations of Code of Ethics that prescribes standards for digital content, arising from decisions taken at Level I and Level II, including complaints unresolved within the stipulated time and grievances referred to by the MIB.
Under the proposed amendment rule 14(2), the IDC is empowered to examine “matters” including those stated above, as well as those that may not arise from complaints alleging violations of the Code of Ethics. The introduction of the term “matters” may potentially expand the scope of IDC’s jurisdiction beyond the statutory framework within which it was constituted. The provision for direct MIB referrals could, in practice, short‑circuit the first two stages of grievance redressal, reducing the operational significance of the three‑tier mechanism.
Under the proposed amendment, Rule 14(5) replaces “complaints” and “grievances” with the defined term “matters,” thereby expanding the IDC’s jurisdiction from complaint‑handling to any issue referred for its consideration.
3. Action Framework for Intermediaries
The amendments signal a shift from reactive compliance to continuous regulatory alignment. Intermediaries will need to realign internal data retention practices, including through data mapping, particularly where obligations extend beyond the 180-day period. Guidelines now operate as live compliance triggers, necessitating systems to track, interpret, and implement such directives in real time.
Intermediaries will be expected to maintain robust, structured records of key decisions, backed by reasoning that can withstand regulatory scrutiny. This begins with a comprehensive gap assessment of existing policies against shifting regulatory expectations, followed by continuous refinement. Public disclosures on compliance measures may also become pertinent in the event of scrutiny. Organisationally, these obligations will extend well beyond legal teams, demanding coordinated execution across legal, design, operations, and engineering with explicit ownership and accountability. Compliance will be judged not merely on outcomes but on the transparency and defensibility of internal decision‑making.
4. Conclusion
Though presented as “clarificatory and procedural,” the amendments substantially reshape intermediary liability by broadening enforceable duties and strengthening the compliance consequences of regulatory communications. This ushers in a prescriptive, monitoring‑heavy compliance model that narrows interpretive leeway and emphasises demonstrable internal controls spanning data retention, classification tools and escalation pathways. The centre of gravity shifts to operational alignment with evolving obligations. In aggregate, the amendments recast intermediaries as active stakeholders in content governance rather than neutral hosts.
Author
Srishti Sinha
[1] These will cover advisory, clarification, order, direction, standard operating procedure, code of practice or guidelines