Safe Harbour Principle And The Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules (2021)

Posted On - 14 July, 2021 • By - Rajdev Singh

Understanding the Safe Harbour Principle – The newly notified Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (IT Rules 2021)[1] have caused major shockwaves in the digital technology industry across the world and in India ever since they replaced the previous decade-old Information Technology (Intermediary Guidelines) Rules 2011 (IT Rules 2011). The IT Rules 2021 bring to the forefront several new obligations for social media and digital streaming platforms to follow.

It is important to mention here that these new rules are mandatory for social media and digital streaming platforms if they want to claim the “intermediary safe harbour” status – which is basically protection from being held liable for any third-party content that they carry on their platform. The IT Rules 2021 have inarguably brought about a drastic change to the requirements as compared to IT Rules 2011 that had required minimal compliance for claiming safe harbour protection.

The very need to expand safe harbour provisions came to light in the year 2008, when the officer of a website was charged under the Indian Penal Code for an obscene video uploaded on its website by a third-party entity. Following this incident, the Information Technology Act 2000 was amended in the year 2008 (2008 Amendment) wherein it was inserted that the intermediaries which merely acted as platforms for the transmission of information shall not be held accountable for any liability accrued through an offence being committed on their platform without their knowledge.

Further, the 2008 Amendment widened the definition of ‘intermediary’ which included online payment sites, search engines, internet service providers, etc. It is significant to mention here that such intermediaries have been exempted from any liability under ‘any law’ after the 2008 Amendment as opposed to the limited protection from offences offered earlier under the Information Technology Act 2000.


While the IT Rules 2011 regulated all “intermediaries” without any distinction in terms of their user base or the content hosted on their platform, the IT Rules 2021 are divided into two parts based on their applicability. Part II regulates intermediaries and Part III is applicable to digital media including publishers of news and current affairs or publishers of online content as follows:

  1. Social Media Intermediary < 50 lakh registered Indian users;
  2. Significant Social Media Intermediary > 50 lakh registered Indian users-
  3. Additional due diligence to be observed by these intermediaries include: (i) appointing a chief compliance officer to ensure compliance with the IT Act and the Rules, (ii) appointing a grievance officer residing in India, and (iii) publishing a monthly compliance report. 
  4. Publisher of news and current affairs content including news aggregators;
  5. Publisher of online curated content which covers all online streaming platforms including Over-the-Top (‘OTT’) platforms.

Safe Harbour Principle (Section 79 Of Information Technology Act 2000)

Section 79 of the Information Technology Act 2000 introduced the safe harbour immunity clause that protected an intermediary from being held liable for third-party content on its platform – provided that the intermediary observed ’due diligence’ as prescribed by the Central Government. In cases where the ‘due diligence’ was not followed by the intermediary as prescribed by the Central Government, it was then made liable for the third-party’s actions even if the same was done without the knowledge of the intermediaries.

This did not change much following the 2008 Amendment, as intermediaries were permitted to continue using the safe harbour principle to safeguard themselves against being held accountable for any actions of an external third-party that was carried out without the intermediary’s knowledge.

In fact, after the 2008 amendment, it was further settled that whether an intermediary could claim safe harbour hinged largely on two factors, i.e., actual knowledge about the unlawful act and compliance with due diligence obligations, as prescribed. The rules were then left untouched for a decade up until recently.

Intermediaries And Liability

The main function of an intermediary is to receive, store and transmit the information which it has received. An intermediary plays no role whatsoever in creating such information. The users (i.e., third parties) are the ones who create the content or information that is received by the intermediary and transmitted to other users. The intermediary merely acts as a medium between the content creator and the consumers/viewers/users.

Therefore, making an intermediary liable for anything posted on the platform by a third-party user is unreasonable due to the vast amounts of data exchanged (between users) that is impossible to track constantly and also infringes upon the freedom of speech and expression of the users owing to possible arbitrary censorship of online content. This is also problematic since it puts the power to decide the limits of the freedom of speech and expression in the hands of private corporations.

As such, to avoid excessive prosecution, the ‘safe harbour’ principle explained above becomes valuable to such entities. This is because it provides an exemption to such intermediaries from any form of liability unless they are aware of the illegal content being stored and transmitted on their platform and have not upon it within a reasonable span of time. The safe harbour principle not only preserves such entities from the imposition of arbitrary penalties but also prevents the fundamental rights of users from being decided upon by private, foreign companies.

In current times, the safe harbour principle has gradually become irrelevant, with various jurisdictions across different continents introducing stringent legislation to bypass the principle in order to hold companies liable for not regulating user data and imposing excessive self-regulation duties upon such intermediaries. For example, Facebook, through multiple court hearings, is being made to accept responsibility for influencing the elections of various countries by allowing the spread of misinformation on its platform by users or bots.

This is a pivotal moment in the sphere of governmentally enforced social media regulation after years of indifference and has sparked a huge debate as to what extent must a private company regulate conversations on its platform, especially when it comes to politically significant events such as riots or elections.

As we have also covered in a previous post, intermediaries that fail to comply with the updated 2021 legislation will lose their safe harbour protection. This infers that any person can initiate legal action against such intermediaries for any unlawful third-party content that violates the rules, and intermediaries would thus be held solely liable for the same. Recently, we witnessed the Delhi High Court Judgement where the Delhi High Court has not provided any interim protection to a leading social media platform and has also elaborated that the State is free to take any action against them as per the relevant laws of the country.

This implies they could become liable for offences under not just one but several laws including the Information Technology Act 2000 and the Indian Penal Code 1860, as the case may be.

  1. Delhi High Court issued a notice on a petition filed by Quint Digital Media Ltdwhich owns the online news portal ‘The Quint’, challenging the constitutional validity of the IT Rules 2021, to the extent it regulates the publishers of news and current affairs content. The petition has been tagged with an earlier petition filed by the publisher of ‘The Wire’ against the same rules.[2]
  2. The Kerala High Court issued a notice to the Centre on a petition filed by Live Law in this regard. The High Court also passed an interim order restraining coercive action under Part 3 of the Rules against the Chief Editor MA Rashid and Managing Editor, Manu Sebastian of Live Law, stating that they were publishers of law reports and legal literature.[3]
  3. WhatsApp has also filed a Writ Petition challenging the requirement in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 that private messaging intermediaries must share “the identification of the first originator of the information” in India on their end-to-end data encrypted messaging services (commonly referred to as “traceability”) upon Government or Court order. They respectfully argue that this requirement forces them to break end-to-end data encryption policy on its messaging service and thus, the privacy principles underlying it – and that this infringes upon the fundamental rights to privacy and free speech of the hundreds of millions of citizens using WhatsApp to communicate privately and securely


In recent times, we are already witnessing the battle between the Indian Central Government and Twitter – India regarding ‘compliance’ as mentioned in the IT Rules 2021, but since the IT Rules 2021 are self-explanatory, non-compliance would automatically mean that the intermediaries would not be able to claim the safe harbour principle and therefore would be responsible for any acts committed of the third party even if the same has been done without the knowledge of the intermediary.

The penalties for non-compliance are very much severe and therefore, the intermediaries ought to comply with the IT Rules 2021 to secure themselves against penalties and to avoid losing the virtual guardrail that is the safe harbour principle. With that in mind, however, the future of the IT Rules 2021 is still on a very slippery slope and there could be further challenges to the validity of the same by different intermediaries in a bid to preserve their autonomy and control.

Contributed by – Raj Dev Singh, Partner & Yash Raj, Associate