On October 25, the Ministry of Electronics and IT issued an advisory aimed at social media companies, in light of recent hoax bomb threats received by airlines across the country. Broadly, this advisory asks social media platforms to do three things -- observe due diligence obligations linked to misinformation and unlawful information under the IT Rules, report offences committed by users that threaten the country’s sovereignty, integrity and economic security, in line with the Bharatiya Nyaya Suraksha Sanhita, 2023 (“BNSS”), and cooperate with authorised government agencies by providing information within the timelines specified under the IT Rules. While MeitY's advisory is well-intentioned, it raises several concerns. For one, the IT Rules' due diligence obligations related to misinformation and unlawful information are unclear, raise concerns for free speech, and possibly insufficient to address hoax bomb threats. This is a problem because the advisory also hints that platforms may lose their safe harbour if they fail to adhere to these obligations. Further, while MeitY's advisory suggests that social media platforms have "additional liability" to report users committing offences under the BNSS, it is unclear how this obligation interplays with the Information Technology Act, 2000 and the IT Rules.
Recently, India’s Ministry of Electronics and IT (“MeitY”) issued an advisory aimed at social media platforms, in light of several airlines receiving hoax bomb threats via their services. The advisory notes that features like forwarding and re-sharing on such platforms have led to the “dangerously unrestrained” spread of fake threats, impacting public order, security of the state, and the operational security of airlines. It thus urges social media platforms to do three things. The first is to observe their due diligence obligations under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules”), by removing or disabling access to such misinformation and unlawful information. The second is to report offences committed by users that threaten the country’s sovereignty, integrity and economic security, in line with their liability under the Bharatiya Nyaya Suraksha Sanhita, 2023 (“BNSS”). The third is to cooperate with authorised government agencies that investigate any offences, by providing information within the timelines specified under the IT Rules.
Although MeitY’s advisory is well-intentioned, it raises several concerns. For one, platforms may find it difficult to observe due diligence obligations related to misinformation, because of uncertainty around their scope and constitutional validity. Under Rule 3(1)(b)(v) of the IT Rules, social media platforms must ensure that users do not “knowingly or intentionally” communicate any misinformation or information that is “patently false and untrue”. However, these terms are not defined under the IT Rules. They also restrict free speech on grounds beyond those laid down under Article 19(2) of the Constitution, in violation of the Supreme Court’s decision in Shreya Singhal v Union of India. These concerns were echoed in an Opinion of the Bombay High Court in Kunal Kamra v Union of India, which held that amendments to Rule 3(1)(b)(v) allowing the Centre to constitute a fact-check unit are unconstitutional. The Madras High Court also made similar observations regarding this provision in a 2021 interim order related to the constitutionality of the IT Rules. In such a scenario, expecting social media platforms to identify and remove hoax bomb threats makes them arbiters of online truth without sufficient legal safeguards.
As the advisory indicates, one way around this concern is to treat hoax bomb threats as “unlawful information” under Rule 3(1)(d) of the IT Rules. However, this poses difficulties of its own. Rule 3(1)(d) enables social media platforms to remove unlawful information (defined as “information prohibited under any law”) – but only if they receive a court order or notification from the government that directs them to do so. This condition prevents platforms from adjudicating the legality of any content. However, it also constrains their ability to use Rule 3(1)(d), despite such threats constituting a possible offence under the BNSS. Thus, this provision is unlikely to address the problem either.
Despite these challenges, MeitY’s advisory reminds platforms that failing to observe due diligence obligations can result in liability for these threats under the Information Technology Act, 2000 and the BNSS. While the Information Technology Act generally exempts platforms from liability for user-generated content, Rule 7 of the IT Rules takes away this safe harbour if platforms do not abide by their due diligence obligations. Many have filed petitions challenging the constitutionality of Rule 7 before the higher judiciary, on the grounds that it restricts free speech and gives excessive power to law enforcement officials. Although Rule 7 is still in force, some High Courts have held that any action taken under it is subject to the outcome of the larger constitutional challenge. Since these petitions are pending final adjudication, it is not desirable for the government to take action against social media platforms under this provision.
MeitY’s advisory also states that under the BNSS, platforms must mandatorily report offences committed by users that threaten the “unity, integrity, sovereignty, security and economic security of India”. Such conduct constitutes an offence under Section 113 of the Bharatiya Nyaya Sanhita ("BNS"), which pertains to terrorist acts like the use of bombs and other explosives. Theoretically, it is possible to argue that sending hoax bomb threats falls within the ambit of Section 113, if the relevant criminal intent exists. Nonetheless, an obligation to report this offence under the BNSS may conflict with the Information Technology Act, 2000 and the IT Rules. Under Section 33 of the BNSS, every person "aware" of the commission of any offence under the BNS is obliged to report it. However, under the Information Technology Act and IT Rules, platforms are only considered to be aware of unlawful information if they receive actual knowledge via a court order, or a notification from the appropriate government. Further, Section 81 of the Information Technology Act states that it has an overriding effect over any other law. Thus, it is unclear how the BNSS' reporting obligation interplays with the Information Technology Act and IT Rules.
Ensuring that social media platforms behave responsibly is a laudable policy objective. However, it is also important to ensure that their obligations are clear and proportionate. MeitY’s advisory unfortunately muddies the waters in this regard, and raises more questions than it answers.