Due Diligence Obligations of Intermediaries After IT Rules, 2021

Abstract

Whenever and wherever someone or you post, search something on the Instagram, send a image on WhatsApp or use Netflix to watch a show on, they communicate through a legislated licenced “Hosts” regarded as an “Intermediary”, they are a medium which stands between the producer and the consumer of a content. Our Indian legal system adopted a passive stance towards these platforms over the past years, unless their actions interfered with contents related to or posed by a user. They were not under much legal preview over the posting of malicious contents, consider them as a postal services who don’t put content of the letters delivered by them, the existing law back then backing this policy was enabled by Section 79 of the Information Technology Act, 2000 herein referred as IT ACT in later paragraphs of the paper, it legislated a ‘Safe Harbour’ immunity to ‘Internet Hosts’ examples- Social Media Sites, E-Commerce Websites, and other ISPs, from any liability caused by a content posted by a third party, however certain safety measures such as 1) The Internet Hosts should act as a Neutral Hosts 2) They should comply with other Due Diligence and requirements of the act 3) They should remove unlawful contents upon receiving knowledge from cybersecurity agencies or government were also put under provisions of this Section. These kind of approach enabled the “Indian Internet Economy” to grow steadily and become of the largest in the world, but a detrimental effect caused by this policy was rapid increase and lack of safety measures towards unregulated contents, misinformation, hate speeches, and contents posing dangerous threats towards national security, the main cause involved in this rapid increase of these contents was a lack of accountability from part of the intermediaries as their platforms hosted these contents, therefore to tackle this challenge the Indian Parliament in February of year 2021 legislated the Information Technology(Intermediaries Guidelines and Digital Media Ethics Code)Rules citing the same reasons of increasing misinformation, hate-speech, etc. These regulation shifted the essence of hosting, having and using Social Media Platforms in India and Sate’s Involvement in regulating cyberspaces. Platforms are no longer allowed to be passive. They must now overtly police content, have top compliance officers on the ground in India, answer user grievances within set timelines, and most scandalous of all, said the government in locating the initial message senders of any message deemed harmful, even among applications such as WhatsApp that have been specifically designed such that not even WhatsApp itself can read what you are sending other users. The question posed in this paper seems easy to answer, but in reality, is not, did the government get the balance right? In order to answer it, the authors follow the entire legal history of the regulation of online platforms in India, the internet in its early years, a landmark case in 2015 Supreme Court that resulted in the protection of platforms not to act as private censors, and the wholesale changes in 2021. They explore three particular issues in detail. The first is whether the government was even legally entitled to issue these rules at all since the original 2000 law was never intended to accommodate news channels broadcasting online or web series on OTT platforms and yet the 2021 Rules do so, without a debate on the matter in Parliament at all. The second is the technical issue underlying the traceability requirement end-to-end encryption, the technology that makes WhatsApp messages confidential, that actually makes it possible, because there is no record of who said what stored anywhere. Any *Author for Correspondence Aditya Anand E-mail: [email protected] 1,2Student, Department of Law, KIIT School Of Law, KIIT University, Bhubaneswar Orissa, India Received Date: March 24, 2026 Accepted Date: April 06, 2026 Published Date: April 08, 2026 Citation: Aditya Anand, Anurag Kumar Singh. Due Diligence Obligations of Intermediaries After IT Rules, 2021. National Journal of Cyber Security Law. 2026; 9(1): 1–7p. Due Diligence Obligations of Intermediaries After IT Rules, 2021 Anand and Singh © Law Journals 2026. All Rights Reserved 2 attempt to force platforms to crack such a system to find an original sender would, experts say, amount to a permanent backdoor into private communications revealing not only the person that the government is targeting, but also every user on the platform. The third issue is regarding who is the judge of last resort. The new rules provide that in the event of a challenge by a user of a decision to remove content, the final decision has to be made by a committee selected by the Central Government, not a court, not an independent regulator. To journalists and artists and anyone who publishes anything online, that would be a sharp change of power. The paper contrasts the action of India with the efforts of other democracies to address the same issues the Germany model of having a stringent yet court reviewed content removal law, the Brazil model of maintaining a distance between the government and editorial judgment, and the Singapore model of punishing intentional falsification. What is coming out of these comparisons is that the aims of regulation and individual liberty are not mutually exclusive, but that both are attained by a delicate institutional design, but not only powerful rules. The authors conclude that the 2021 Rules, despite the best intentions, have resulted in a system where digital platforms are essentially compelled to over-delete content, i.e. to delete posts and messages not because they are obviously illegal, but because the fines of doing so are so high. The effect is a more dawdling, paranoid internet, with self-censorship taking the vacuum of legal vagueness created. They suggest that India should step back and make this work: by having a specific law discussed in Parliament, a watchdog institution encompassing both judges and independent experts and non-government ministers and more specific rules as to what is considered harmful content - rules specific enough that platforms do not have to guess. The internet, they believe, doesn’t have to be moot law territory. But neither can it be made a glass house where the State can see all Introduction. On February 25, 2021, the Ministry of Electronics and Information Technology (MeitY) and the Ministry of Information and Broadcasting (MIB) announced the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which marked a paradigm shift in India's digital landscape. The 2011 Rules have governed internet intermediaries' "safe harbour" immunity under Section 79 of the IT Act, 2000 for almost ten years. However, there has been a shift towards a more "accountable" internet due to the rise of "fake news," the dissemination of false information online, and concerns about national sovereignty. But it's crucial to remember that these new rules represent a fundamental change in the Indian government's perspective on the accountability of commercial platforms rather than just technological improvements. It is clear that a new hierarchy of compliance has been established by categorizing these new regulations into a tiered system of Social Media Intermediaries and Significant Social Media Intermediaries (SSMIs) based on a user threshold of 5 million users. Despite the goal of empowering people through a comprehensive grievance redressal system, privacy groups have strongly opposed it, seeing it as a new era of "mass surveillance."