How India Regulates Social Media Platforms
India's social media regulatory framework is built on the Information Technology Act, 2000 (IT Act) and its subordinate rules — principally the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, amended in 2022 and 2023, and further amended in 2026.
The framework distinguishes between ordinary "social media intermediaries" (any platform with users in India) and "Significant Social Media Intermediaries" (SSMIs — platforms with more than 5 million registered users) with enhanced compliance obligations for the latter category.
The core regulatory logic uses "safe harbour" protection — exemption from liability for user-generated content — as a compliance incentive: platforms that follow the Rules' requirements retain their safe harbour under IT Act Section 79; those that fail to comply lose it, exposing them to civil and criminal liability for every piece of user-generated content.
 |
| Representational Image: How India Regulates Social Media Platforms |
This three-hour takedown requirement — which applies to any government-designated authority's order, not just MeitY or courts — has attracted significant domestic and international criticism. The WION analysis (April 2026) described the rules as enabling "the privatisation of censorship without accountability," noting that they expand the range of authorities that can issue takedown orders and potentially allow private bodies registered as "self-regulatory bodies" to exercise takedown authority over individual content creators.
The US Trade Representative (USTR) has
characterised India's takedown requirements as "impractical and
politically motivated." Between 2024 and 2025, India's Cybercrime
Coordination Centre blocked 1,11,185 items of "suspicious" online
content — approximately 290 takedown notices per day.
What You Need to Know
- IT
Rules 2021 (amended 2022, 2023, 2026): SSMI threshold at 5 million
registered users; SSMIs must appoint India-resident Chief Compliance
Officer, Nodal Contact Person, and Resident Grievance Officer; enable
identification of message originators (for traced forwarded messages);
deploy automated content detection; publish monthly compliance reports;
comply with Grievance Appellate Committees.
- 2023
amendment: established a government Fact Check Unit empowered to label
content about government business as "false or misleading,"
requiring platforms to remove or label such content to retain safe
harbour; Supreme Court stayed this provision in 2024, finding it raises
"serious constitutional question" regarding freedom of speech.
- 2026
amendment: compressed takedown timelines from 24–36 hours to 3 hours;
expanded scope from publishers to individuals including independent
journalists, YouTubers, and Instagram creators; granted IT Ministry power
to issue binding advisories that intermediaries must comply with to retain
safe harbour.
- Section
69A blocking: MeitY (Ministry of Electronics and Information Technology)
can direct blocking of content under IT Act Section 69A on grounds
including sovereignty, defence, security, and public order; orders are not
required to be publicly disclosed; between 2024–25, I4C (Indian Cybercrime
Coordination Centre) sent 66 takedown notices to X (Twitter) of which a
third sought removal of content.
- Safe
harbour stakes: IT Act Section 79 provides intermediaries exemption from
liability for third-party content provided they observe due diligence;
loss of safe harbour exposure means platforms face criminal and civil
liability for all user content — a potentially existential risk for large
platforms, creating strong compliance incentives.
How It Works in Practice
1. The Grievance Appellate Committee (GAC): The 2023
IT Rules amendments created government-appointed Grievance Appellate Committees
— three-member bodies with government appointees — that hear appeals from users
whose content removal complaints were rejected by platforms' internal grievance
officers. Platforms must implement GAC decisions to retain safe harbour. Civil
society organisations and Internet Freedom Foundation argue that GACs give the
government effective editorial control over platform content without judicial
oversight.
2. Significant Social Media Intermediary compliance
machinery: SSMIs — which includes Twitter/X, Meta (Facebook, Instagram,
WhatsApp), Google (YouTube), Snap, and others with 5+ million Indian users —
must maintain India-based compliance officers who are personally liable for
non-compliance. These officers face potential criminal liability for
platform-level failures; this personal liability provision is viewed by
platforms as a significant overreach, discouraging companies from employing
India-based compliance officers.
3. Message traceability for WhatsApp: The IT Rules
require platforms to "enable identification of the first originator of the
information" on request for content related to certain categories
(national security, public order). WhatsApp's end-to-end encryption makes
originator tracing technically incompatible with the encryption design; Meta
has challenged this requirement in courts; the Madras High Court referred the
question to the Supreme Court; the originator tracing requirement remains
constitutionally contested.
4. The three-hour takedown and operational challenges:
The 2026 amendment's three-hour compliance window for government takedown
orders is operationally challenging even for platforms with Indian compliance
teams; complex content decisions that may be constitutionally protected speech
cannot reasonably be assessed in three hours; the USTR noted that the timeline
is "impractical" for platforms processing millions of posts daily.
5. The Grok NCII incident (December 2024–January 2026):
Elon Musk's X's Grok AI image generator was used to create non-consensual
intimate imagery (NCII) that spread on the platform in December 2024. MeitY
issued an advisory (December 29, 2025) to all platforms and a specific letter
to X (January 2, 2026) citing failure to comply with IT Act due diligence
obligations. TechPolicy.Press analysis noted that MeitY's response — routing
through intermediary liability rather than AI regulation — exposed a regulatory
gap: Grok as an AI system is not directly regulated, only X as an intermediary;
standalone generative AI platforms without intermediary status could fall into
a regulatory grey zone.
What People Often Misunderstand
- Safe
harbour is a conditional protection, not an absolute right: Indian
safe harbour under Section 79 is available only if platforms observe due
diligence as defined in IT Rules; this makes it a conditional benefit
rather than a baseline protection, creating compliance pressure that
critics say is used for political content control.
- The
government FCU's Supreme Court stay is significant: The 2024 Supreme
Court stay of the government Fact Check Unit provision — finding that the
state designating itself as arbiter of truth about government business
raises a "serious constitutional question" — is an important
press freedom protection; the provision is stayed, not struck down; the
final ruling may still go either way.
- Section
69A blocking lacks transparency mechanisms: Blocking orders under
Section 69A are not publicly disclosed; this opacity means the scope of
government content blocking cannot be systematically assessed; the
Internet Freedom Foundation and AltNews attempt to document blocks but
coverage is necessarily incomplete.
- The
IT Rules apply to OTT platforms as well as social media: The IT Rules'
Part III covers OTT (streaming) platforms and digital news publishers; the
three-tier grievance mechanism applies to news content on OTT; this
extension of IT Rules to journalism content is constitutionally contested.
- Compliance
does not equal censorship in all cases: Many IT Rules requirements —
appoint a grievance officer, respond to complaints within defined
timelines, report monthly compliance data — are reasonable platform
accountability measures; the concern is specifically about
government-directed content removal and the GAC mechanism, not the
entirety of the IT Rules framework.
What Changes Over Time
The Supreme Court's consolidated hearing on IT Rules constitutionality — covering the GAC mechanism, message traceability, and FCU provisions — is the most consequential pending legal development for India's social media regulation.
The USTR's Special 301 report has consistently
identified India's platform takedown requirements as trade concerns; this
international regulatory dialogue creates some pressure on India's approach.
The Digital India Act — a proposed replacement for the 2000-era IT Act — remains
unintroduced in Parliament as of May 2026 despite years of consultation.
Sources and Further Reading
- ITIF
— India's Content Moderation Regulation: https://itif.org/publications/2025/06/09/india-content-moderation-regulation/
- Drishti
IAS — Changing Architecture of Social Media Regulation: https://www.drishtiias.com/daily-updates/daily-news-editorials/changing-architecture-of-social-media-regulation-in-india
- WION
— India's new digital rules 2026: https://www.wionews.com/india-news/india-new-digital-rules-2026-social-media-regulation-digital-authoritarianism-1775214164383/amp
- TechPolicy.Press — Grok debacle regulatory gaps: https://www.techpolicy.press/analyzing-regulatory-gaps-revealed-by-indias-response-to-the-grok-debacle/
- MediaNama — India AI law stalled: https://www.medianama.com/2025/12/223-india-ai-law-digital-india-act-stalled/