For any modern digital business, social media platform, e-commerce store, or SaaS provider operating in India, the term “Intermediary” is the cornerstone of legal survival.
If your website or application allows users to upload, share, or host content—whether it’s a product review, a blog comment, a video, or an online listing—you are legally classified as an intermediary under Indian law. With this classification comes a strict set of regulations known as the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules.
Failing to comply with these rules doesn’t just mean a fine; it strips away your “Safe Harbor” protection, rendering your business personally liable for any illegal content posted by your users.
As a premier firm specializing in cyber and technology laws, SPG Legal Consultancy breaks down the legal mechanics of the Intermediary Rules, the critical requirements for compliance, and how to protect your digital platform from severe legal liabilities.
What is an Intermediary?
Under Section 2(1)(w) of the Information Technology (IT) Act, 2000, an intermediary is any entity that receives, stores, or transmits electronic records on behalf of someone else.
This includes:
-
Telecom and Internet Service Providers (ISPs): Airtel, Jio, etc.
-
Social Media Platforms: Instagram, X (formerly Twitter), Facebook.
-
E-commerce Marketplaces: Amazon, Flipkart, or your custom P2P marketplace.
-
Web Hosting Services & Cloud Providers: AWS, Hostinger VPS, or Google Cloud.
-
Online Discussion Forums: Blogs with active comment sections, review portals, and news aggregators.
The Shield of Safe Harbor: Section 79 of the IT Act
The most vital legal shield for any online platform is Section 79 of the IT Act. This section grants intermediaries immunity from legal liability for any third-party data, information, or communication link hosted by them.
The Rule of Law: If a user posts a defamatory comment or uploads copyrighted content on your website, you cannot be sued or criminally prosecuted for it—provided you act strictly as a passive pipeline and observe mandatory due diligence.
If you fail to comply with the Intermediary Rules, you lose this Safe Harbor protection. Consequently, your platform can be treated as the publisher of that illegal content, opening your business up to criminal lawsuits, defamation claims, and copyright infringement actions.
Key Compliance Requirements Under the Intermediary Rules
To maintain your Safe Harbor immunity, your platform must actively implement the following due diligence frameworks:
1. Robust Terms of Service and Privacy Policy
Your website must prominently publish user agreements that explicitly prohibit users from hosting, displaying, uploading, or sharing any information that:
-
Infringes upon copyrights, trademarks, or patents.
-
Deceives or misleads the addressee about the origin of the message (Phishing/Spoofing).
-
Is defamatory, obscene, pornographic, pedophilic, or threatens the unity and integrity of India.
-
Features deepfakes or impersonates another individual.
2. The 72-Hour Takedown Rule (Grievance Redressal)
You cannot simply ignore complaints about illegal content. Intermediaries must appoint a Grievance Officer whose name and contact details are clearly listed on the website.
-
The Grievance Officer must acknowledge any user complaint within 24 hours.
-
The platform must resolve or take down the infringing content within 15 days of receiving the complaint.
-
Critical Timeline: If the complaint comes via a government agency or a court order regarding content that threatens public order, decency, or national sovereignty, the intermediary must remove or disable access to that content within 72 hours.
3. Immediate Removal of Explicit Content (24-Hour Rule)
If a complaint is received regarding content that depicts full or partial nudity, sexual acts, or impersonation/deepfakes of an individual in an explicit manner, the platform must remove access to such material within 24 hours.
Special Rules for “Significant Social Media Intermediaries” (SSMIs)
If your platform grows rapidly and crosses the threshold of 50 lakh (5 million) registered users in India, it is classified as a Significant Social Media Intermediary (SSMI). This status triggers secondary, highly stringent compliance mandates:
-
Appoint Resident Officers: You must appoint a Chief Compliance Officer, a Nodal Contact Person (for 24/7 coordination with law enforcement), and a Resident Grievance Officer. All three must reside in India.
-
Monthly Compliance Reports: SSMIs must publish a monthly report detailing the number of complaints received, actions taken, and URLs proactively removed by automated monitoring tools.
-
Traceability Mandate: For messaging platforms, the rules require the capability to identify the “first originator” of information if ordered by a court or competent authority for serious offenses (such as threats to national security or sexual abuse content).
Practical Action Plan: Setting Up Compliance for Your Website
If you are launching a portal, a forum, or managing client web properties, use this structured sequence to integrate compliant frameworks immediately:
Secure Your Digital Platform with SPG Legal
Navigating the shifting regulatory landscape of IT laws in India can be incredibly challenging for startups, developers, and established digital portals. A single unaddressed grievance or an outdated privacy policy can expose your business to catastrophic legal liabilities.
At SPG Legal Consultancy, we specialize in technology law, cyber compliance, digital platform auditing, and data protection frameworks. We assist businesses in drafting airtight user agreements, managing regulatory compliance, and legally defending platforms against third-party liability claims.
Contact SPG Legal Consultancy Today to consult with a dedicated cyber law expert and secure your platform’s legal safety frameworks.