India’s Intermediary Liability Law Out of Step With Global Norms

At the end of May, India is set to begin enforcing a new set of rules that drastically alter its approach to online intermediary liability. The new rules, known as the Intermediary Guidelines and Digital Media Ethics Code, were only announced by India’s Ministry of Electronics and Information Technology in February 2021, and without a formal review period, giving businesses very little time to seek clarification or comply, especially as the country has been facing a devastating second wave in the COVID-19 pandemic. These changes risk moving India out of line with global norms on a host of important digital policy issues, including content moderation, data localization, and encryption, undercutting its digital economy, especially as the country attempts an economic recovery.

The new rules cover a lot of ground, imposing new obligations not just on online intermediaries like social networks and search engines, but also online news publishers and over-the-top (OTT) platforms, such as streaming video services. To be clear, some of the policies and objectives are quite positive, such as a requirement for online intermediaries to quickly remove sexually explicit images from their platforms that are shared without an individual’s consent and obligations for social media sites to use technology to proactively identify potential child sexual abuse material. While a complete overall of the rules is unlikely in the short term, there are some specific changes the Indian government can make to bring the policies into alignment with global norms.

First, the government should eliminate the requirement that large online intermediaries designate a chief compliance officer who would be personally liable for any failure to comply with the law. Not only is it unlikely that companies would be willing to find individuals willing to personally take on this type of personal risk, but even if they could, this would create a significant amount of pressure on companies to restrict more content than is legally required to avoid any potential legal exposure. The result would be to diminish free speech online.

Second, the government needs to modify the strict timelines for compliance, such as the 72-hour obligation to respond to a government order, which would impose substantial administrative burdens on businesses. The rules are vague and ambiguous which will make compliance difficult. For example, it is not clear exactly how these timelines work, such as whether the clock stops if companies receive an incomplete request for content removal. Moreover, the timeline is unreasonable to obtain data from abroad using existing international legal frameworks, such as mutual legal assistance treaties (MLATs). As a result, this obligation, if enforced, would create a de facto data localization requirement for online intermediaries.

Third, the government should clarify in the rules that companies are under no obligation to limit the use of end-to-end encryption. The new rules require intermediaries providing messaging services to be able to identify the “first originator” of potentially unlawful messages. Not only could this requirement potentially force communication services like WhatsApp to break their encryption to comply, but it could also spur other smaller players to exit the Indian market.

Creating clear and narrow rules is important to avoid abuse of this law. Already, the number of government requests is on the rise. For example, in India the number of government requests for data from Facebook is seven-times highernow that it was five years ago. And the Indian government has recently come under criticism for ordering social media sites to remove nearly 100 posts that critiqued the government’s response to the ongoing health crisis.

The goal of online intermediary liability laws should be to strike a balance between protecting users, fostering free speech, and allowing online innovation. While many countries are moving to impose more obligations on online intermediaries to protect users, they should be careful not to impose obligations that would undermine these other worthwhile goals. Moreover, India will not be able to maintain its reputation as a leader in the Internet economy if it creates a regulatory environment that is out of step with the rest of the world.