New IT Rules: The Great Stretching of ‘Due Diligence’ Requirements Under Section 79 

The lesson of the new intermediary guidelines is that legal immunity comes with greater responsibility. But will it withstand judicial scrutiny?

After a long wait, the Ministry of Electronics and Information Technology (MEITY) has notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

This version is significantly broader than the draft rules published by the ministry in 2019 for public consultation since it covers not just the liability of internet intermediaries but also creates a regulatory regime for digital media. It is not clear as to why both these issues have been combined into one set of rules. It is possible that the ongoing litigation before the Supreme Court has something to do with the government’s decision to include regulation of OTT and digital news media

This piece, however, will confine itself to the intermediary guidelines.  

The basic theme of the new rules is the imposition of new responsibilities on Internet intermediaries seeking to enjoy the legal immunities offered by Section 79 of the Information Technology Act, 2001. Previously, the law allowed internet intermediaries to enjoy unprecedented and wide-ranging immunity from legal liability at little to no cost.

Nobody in the information transmission business enjoys such immunities from legal claims of defamation, etc. For example, while newspapers and broadcasters have always operated under the threat of legal liability for defamation and other speech related offences, intermediaries have escaped liability despite behaving as publishers because of the immunity offered by Section 79.

This immunity is in the nature of a privilege or a subsidy since it reduces operating costs for intermediaries. Nobody, not at least social media giants, are entitled to legal immunity.

India’s flag is seen through a 3D printed Facebook logo in this illustration picture. Photo: Reuters/Dado Ruvic/Illustration/File Photo

The new law requires internet intermediaries, especially “significant social media intermediaries” (most likely Facebook, YouTube and WhatsApp), to earn the privilege of legal immunity under Indian law by discharging certain duties and responsibilities. These duties include the need to create a functional grievance redressal mechanism, a more accountable take down system, special expedited take down procedures for revenge porn cases, appointment of India based compliance officers, traceability requirements for certain specific purposes, deployment of automated filtering software, identification of a physical address for the purpose of service of legal notices, a right of users to seek verification of their accounts.

If an internet intermediary declines to abide by these new responsibilities, they lose the immunities offered under Section 79 making them legally liable for the acts of third parties on their platform. 

The general theme of these regulations, which is to make internet intermediaries, especially the Silicon Valley giants more transparent and accountable to their users is very welcome. In fact, I’ve written earlier in these pages on how the government should simply do away with the concept of legal immunities for internet intermediaries especially the Silicon Valley giants because the existence of such immunity is one of the reasons poorly designed broadcast platforms like WhatsApp exist. Without legal shields such as Section 79, platforms like Whatsapp are simply too risky to be financially viable. 

Also read: If WhatsApp Doesn’t Regulate Itself, Parliament May Have to Step In

Judicial challenge

The big question however with respect to these rules is whether it will sustain legal scrutiny as the government tries to push it through the route of delegated legislation rather than parliamentary legislation. 

The essential question is whether Section 79 of the IT Act gives the Central government the power to impose these new responsibilities on internet intermediaries as a precondition to enjoy the legal immunity offered by the same provision. 

I will argue that the legislative history of Section 79 makes it clear that the government lacks the power to impose preconditions on internet intermediaries looking to enjoy the immunities offered by Section 79.     

As it currently stands, Section 79 of the Information Technology Act, 2001 affords intermediaries broad ranging legal immunity if they exercise “due diligence” and follow “guidelines” laid down by the Central government. 

The use of the phrase “due diligence” in the law has never been popular with the industry because it is open-ended and leaves considerable discretion with judges who will decide whether particular measures taken by internet intermediaries meet the criteria of “due diligence”. In fact, there were several attempts to get the phrase “due diligence” out of the law more than a decade ago. When the law was being amended in 2006, there was a tussle between a Parliamentary Standing Committee and the government over the retention of the words “due diligence” in the law. The amendment proposed by the government in 2006 had done away with the “due diligence” requirement in Section 79. 

Also read: ‘New IT Rules Against Fundamental Principle of News’: Digipub Writes to Prakash Javadekar

The Standing Committee however objected and called for it to be reintroduced in the law. The relevant extract of the report is reproduced below: 

“What has caused further concern to the Committee, in the above context, is that the Bill proposes to delete the words ‘due diligence’ as has been existing in Section 79 of the principal Act. The Department’s logic for the proposed removal of the words ‘due diligence’ is the intention to explicitly define the provisions under Section 79 pertaining to exemption from liability of network service providers. The Department have further contended that the words ‘due diligence’ would be covered under the guidelines which the Central Government can issue under sub-section 4 of Section 79 of the principal Act. The Committee does not accept the reasoning of the Department as they feel that removing an enabling provision which already exists in the principal Act and leaving it to be taken care of by the possible guidelines makes no sense.”

The government dropped its resistance after the Standing Committee’s report and reintroduced the phrase “due diligence” in the law while also retaining the right to lay down guidelines. The final version of the law as enacted by parliament in 2008 required intermediaries to exercise “due diligence while discharging his duties under this Act and also observes such other guidelines as the Central government may prescribe in this behalf.” A simple reading of the law suggests two requirements – the first is compliance with “due diligence” and the second is observation of “guidelines” prescribed by the Central government. 

Illustration: The Wire

In 2011, when the Central government notified its guidelines, it sneakily tried to limit the original parliamentary intent by claiming the right to define “due diligence”. Section 3 of the guidelines was titled – “due diligence to be observed by intermediary”. The legislative history however indicates that parliament wanted to leave the term “due diligence” open-ended so as to allow the judiciary some flexibility in dealing with different fact scenarios. The Central government had no business trying to appropriate for itself the powers to define “due diligence” in its 2011 guidelines. 

Also read: Explainer: How the New IT Rules Take Away Our Digital Rights

At most, Section 79 allowed the Central government the power to prescribe some “guidelines”. The use of the phrase “observe” the “guidelines” as opposed to “rules” or “regulation” is also significant because “guidelines” in the Indian context typically lack the force of the law. Guidelines are only meant to be non-binding guidance.  Viewed from this perspective both the recently enacted Guidelines under discussion and the old guidelines from 2011 lack the binding force of the law.  

However, I must caution that the interpretation I have put forth above is the minority opinion. The majority consensus appears to be that the Central government can shape the requirements of ‘due diligence’ under Section 79 by drafting guidelines that will have the binding force of law. 

In any event it is unlikely that any of the Silicon Valley giants will lock horns with the Centre in court. 

It is more likely that third parties or smaller stakeholders will file some kind of constitutional challenge against these rules.  A simpler option for the government, therefore, is to try and push these rules through as legislation before parliament. After all, it is unlikely to face much political opposition. 

Prashant Reddy is a lawyer. A longer academic length piece on the issue of intermediary liability over here.