Internet & Online Safety · India
Online safety & content laws in India (2026)
India shaded by its internet & online safety status
India regulates online content and safety comprehensively through the IT Act, 2000 and the binding IT Rules, 2021, which impose due-diligence, grievance-redressal and rapid takedown duties on intermediaries and extra obligations on 'significant social media intermediaries.' The regime pairs platform-liability/safe-harbour conditions (s.79) and government blocking powers (s.69A, plus the Sahyog portal) with new 2026 rules on AI-generated 'synthetically generated information' and DPDP-based age/parental-consent requirements for under-18 users. A broader Digital India Act to replace the IT Act is under consultation.
Key points
The IT Rules, 2021 (issued under s.87 of the IT Act) mandate due-diligence, a grievance officer, monthly compliance reports and time-bound content removal; 'significant social media intermediaries' must appoint India-resident Chief Compliance, Nodal and Grievance Officers and enable traceability of message originators.
Section 79 grants intermediaries conditional immunity for third-party content, but they lose 'safe harbour' if they fail to observe due diligence or to act on government/court takedown orders; courts have held s.79(3)(b) lets authorities require removal of unlawful content.
Section 69A empowers the government to block online content on grounds such as sovereignty, security and public order; the MeitY 'Sahyog' portal centralises takedown notices and was upheld by the Karnataka High Court on 24 Sept 2025 in X Corp v. Union of India, a ruling X is appealing as enabling censorship beyond s.69A safeguards.
The IT (Amendment) Rules notified 10 Feb 2026 (effective 20 Feb 2026) define 'synthetically generated information' and require AI/deepfake content to be clearly labelled with provenance metadata, with platforms acting on flagged sexual or impersonation content within ~2 hours and other unlawful synthetic content rapidly.
The DPDP Act, 2023 (s.9) and DPDP Rules, 2025 define a 'child' as under 18 and require verifiable parental consent before processing minors' data (e.g. via DigiLocker-backed identity checks), and prohibit tracking, behavioural monitoring and targeted advertising directed at children; compliance is being phased in toward 2027.
MeitY is consulting on a proposed Digital India Act to replace the 2000 IT Act, expected to introduce risk-based platform classification, stronger online-safety/accountability duties and dedicated rules for AI and emerging tech; it remains at the consultation/proposal stage in 2026.
Timeline - major decisions & events
The IT (Intermediary Guidelines) Amendment Rules, 2025 restrict content-takedown orders to senior officers (Joint Secretary/DIG level or above), require reasoned orders, and mandate monthly Secretary-level review, adding accountability to government removal directions.
PIB / MeitY ↗MeitY amended the 2021 Intermediary Rules (notified 22 Oct 2025, in force 15 Nov 2025) to define 'synthetically generated information,' mandate AI-content labeling, and require platforms to remove such content on reasonable efforts. India's first explicit statutory framework for AI/deepfake content.
MeitY ↗India's first comprehensive data-protection statute received Presidential assent, setting obligations for data fiduciaries, rights for data principals, and penalties up to ₹250 crore, forming a core pillar of online safety regulation.
MeitY ↗MeitY amended the Intermediary Rules to regulate online real-money gaming and empower a government fact-check unit to flag 'fake or misleading' content about government business, which platforms must act on to retain safe harbour; the fact-check provision was later struck down by the Bombay High Court.
PIB / MeitY ↗MeitY and the Ministry of I&B notified sweeping rules imposing due-diligence duties, grievance officers, traceability of 'first originator' for messaging apps, and a code of ethics for digital news and OTT platforms — the central framework governing online content today.
MeitY ↗Citing sovereignty, security and data-privacy concerns amid border tensions, MeitY blocked 59 Chinese-origin apps including TikTok, UC Browser and ShareIt — a landmark use of Section 69A blocking powers against entire platforms.
MediaNama ↗The Court struck down Section 66A (criminalizing 'offensive' online messages) as unconstitutionally vague and overbroad under Article 19(1)(a), read down the Section 79 intermediary-liability framework, and upheld Section 69A blocking — the foundational free-speech ruling for the Indian internet.
Supreme Court of India (via Indian Kanoon) ↗The first dedicated intermediary rules under Section 79 set out due-diligence and notice-based content-takedown obligations for platforms, establishing the safe-harbour framework later replaced by the 2021 Rules.
MeitY ↗The IT (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 created the formal, confidential process for the government to order blocking of online content — the legal basis for later app and website bans.
Centre for Internet & Society ↗Major overhaul of the IT Act adding Section 66A (offensive messages), Section 69A (blocking powers), Section 69 (interception/monitoring), and a revised Section 79 intermediary safe-harbour — the architecture that defines online content control in India.
India Code (Govt. of India) ↗India's foundational cyber-law gave legal recognition to electronic records and digital signatures and first introduced intermediary liability concepts, providing the statutory base on which all later online-safety regulation is built.
India Code (Govt. of India) ↗India - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →