Internet & Online Safety - India

The IT Rules, 2021 (issued under s.87 of the IT Act) mandate due-diligence, a grievance officer, monthly compliance reports and time-bound content removal; 'significant social media intermediaries' must appoint India-resident Chief Compliance, Nodal and Grievance Officers and enable traceability of message originators.

Section 79 grants intermediaries conditional immunity for third-party content, but they lose 'safe harbour' if they fail to observe due diligence or to act on government/court takedown orders; courts have held s.79(3)(b) lets authorities require removal of unlawful content.

Section 69A empowers the government to block online content on grounds such as sovereignty, security and public order; the MeitY 'Sahyog' portal centralises takedown notices and was upheld by the Karnataka High Court on 24 Sept 2025 in X Corp v. Union of India, a ruling X is appealing as enabling censorship beyond s.69A safeguards.

The IT (Amendment) Rules notified 10 Feb 2026 (effective 20 Feb 2026) define 'synthetically generated information' and require AI/deepfake content to be clearly labelled with provenance metadata, with platforms acting on flagged sexual or impersonation content within ~2 hours and other unlawful synthetic content rapidly.

The DPDP Act, 2023 (s.9) and DPDP Rules, 2025 define a 'child' as under 18 and require verifiable parental consent before processing minors' data (e.g. via DigiLocker-backed identity checks), and prohibit tracking, behavioural monitoring and targeted advertising directed at children; compliance is being phased in toward 2027.

MeitY is consulting on a proposed Digital India Act to replace the 2000 IT Act, expected to introduce risk-based platform classification, stronger online-safety/accountability duties and dedicated rules for AI and emerging tech; it remains at the consultation/proposal stage in 2026.