The Ministry of Electronics and Information Technology (“Ministry”) has, in a Notification dated 24th December, 2018, issued a draft of the Information Technology [Intermediaries Guidelines ](Amendment) Rules, 2018 {“Draft Amendment Rules”} proposing to amend the Information Technology (Intermediaries Guidelines) Rules, 2011 (“Principal Rules”). The Amendment Rules will come into force on the date of their publication in the Official Gazette.
The Ministry has invited comments and suggestions from all relevant stakeholders on the Draft Amendment Rules within 15th January, 2019. The comments and suggestions may be sent to gccyberlaw@meity.gov.in / pkumar@meity.gov.in / dhawal@gov.in
Key Highlights of the Draft Amendment Rules:
i)The definitions of the terms – (i) Appropriate Government and (ii) Critical Information Infrastructure have been inserted under regulation (2) of the Principal Rules.
ii)In the Draft Amendment Rules, under regulation (3) defining the Due Diligence to be observed by the intermediaries, in sub-regulation (2), two new clauses have been inserted, namely (j) and (k) have been inserted.
Clause (j) states that the intermediaries must publish rules and regulations, privacy policy terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that threatens public health or safety; promotion of cigarettes or any other tobacco products or consumption of intoxicant including alcohol and Electronic Nicotine Delivery System (ENDS) & like products that enable nicotine delivery except for the purpose & in the manner and to the extent, as may be approved under the Drugs and Cosmetics Act, 1940 and Rules made thereunder.
Clause (k) states that the intermediaries must publish rules and regulations, privacy policy terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that threatens critical information infrastructure.
iii) Under regulation (3) defining the Due Diligence to be observed by the intermediaries the existing sub-regulation (4) has been removed and substituted with a new sub-regulation (4) which states that the intermediaries must inform its users at least once every month, that in case of noncompliance with rules and regulations, user agreement and privacy policy for access or usage of intermediaries’ computer resource, the intermediaries have the right to immediately terminate the access or usage rights of the users to the computer resource of such Intermediary and remove non-compliant information.
iv)Under regulation (3) defining the Due Diligence to be observed by the intermediaries, in sub-regulation (5), insertions have been made which state that the intermediaries must, within 72 hours of communication, provide such information or assistance as asked for by any government agency or assistance concerning security of the State or cyber security; or investigation or detection or prosecution or prevention of offence(s); protective or cyber security and matters connected with the same. Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance. The intermediaries must enable tracing out of such originator of information on their platforms as may be required by government agencies which are legally authorised.
v)Under regulation (3) defining the Due Diligence to be observed by the intermediaries, a new sub-regulation (7) has been inserted in the Draft Amendment Rules which state that the intermediary having more than fifty lakh users in India or is in the list of intermediaries specifically notified by the government of India must:
(a) be a company incorporated under the Companies Act, 1956 or the Companies Act, 2013;
(b) have a permanent registered office in India with physical address; and
(c) Appoint in India, a nodal person of contact and alternate senior designated functionary, for 24×7 co-ordinations with law enforcement agencies and officers to ensure compliance to their orders/requisitions made in accordance with provisions of law or rules.
vi)Under regulation (3) defining the Due Diligence to be observed by the intermediaries, a new sub-regulation (8) has been inserted in the Draft Amendment Rules which state that upon receiving actual knowledge in the form of a court order, or on being notified by the appropriate Government or its agency under section 79(3)(b) of the Information Technology Act, 2000, the intermediary must remove or disable access to that unlawful acts relatable to Article 19(2) of the Constitution of India such as in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, on its computer resource without vitiating the evidence in any manner, as far as possible immediately, but in no case later than twenty-four hours in accordance with sub-rule (6) of Rule 3 of the Principal Rules.
Further, the amount of time for which the intermediaries must preserve such information and associated records for investigation purposes has been increased from ninety days to one hundred and eighty days, or for such longer period as may be required by the court or by government agencies which are lawfully authorised.
vii) Under regulation (3) defining the Due Diligence to be observed by the intermediaries, a new sub-regulation (9) has been inserted which states that intermediaries must deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information and content.
Source: Ministry of Electronics and Information Technology
