What India’s Draft IT Second Amendment Rules, 2026 Are About

On how the Draft IT Rules Second Amendment extend content oversight to all users, modify safe harbour conditions for platforms, and reconfigure state regulation of digital speech

Apr 05, 2026

Picture a school teacher in Patna who runs a modest YouTube channel covering local civic issues - potholes, water shortages, the occasional state government policy. Her videos rarely cross a hundred thousand views, but a few times a year, they touch on elections or official conduct. Or consider a WhatsApp group of forty-odd college alumni that forwards news articles and adds running commentary on political events. Neither the teacher nor the group administrator thinks of themselves as journalists. They are simply people participating in the digital public space that hundreds of millions of Indians now inhabit.

A proposed set of rule changes could affect both.

Under existing norms, individuals are largely treated as private users whose speech is governed by general community guidelines. Per the new rules, however, the teacher’s YouTube channel, the WhatsApp group, and anyone else who uploads, shares, or comments on news and current affairs online would become subject to a content oversight and blocking framework that was previously reserved for registered professional news publishers and massive, professional news networks. And, if the platform hosting the video fails to follow a specific, written advisory from the government regarding such content, the platform itself could lose its legal protection for all user-generated content it hosts.

On March 30, 2026, the Ministry of Electronics and Information Technology (MeitY) released the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 (that I will refer to as the Draft Second Amendment hereafter). While these changes may be framed or even seem merely procedural or clarificatory, the amendments introduce a structural reconfiguration of how the state interacts with online speech and how platforms manage their legal risks.

However, the Draft Second Amendment has not emerged in isolation; it exists as a part of a larger regulatory push. With some help from Claude, I put together an interactive timeline. If you want to get a sense of the regulatory arc before diving into the analysis, click through the events… It is worth a few minutes of exploration!

Find the interactive timeline (a Claude artefact) here: https://claude.ai/public/artifacts/559a9f61-be33-4cb9-adbe-61cbc75a4e14

The Background: The IT Act and the 2021 Framework

Indian internet law is anchored by the Information Technology Act, 2000. The most critical component of this Act for digital platforms is Section 79, which provides what is known as Safe Harbour. Safe harbour is a legal shield that protects intermediaries from being held legally liable for third-party content. An Intermediary is defined as any entity, such as social media companies, search engines, or internet service providers, that hosts or transmits data on behalf of others. Without safe harbour, a platform could be sued or prosecuted for every illegal post made by its millions of users, a burden that would make the modern social internet functionally impossible.

In 2021, the government notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the IT Rules 2021). These rules operate in three parts:

Part I covers definitions and general application.
Part II sets out the due diligence obligations that intermediaries must follow to retain safe harbour under Section 79 of the IT Act. These include maintaining a privacy policy, informing users of what is and is not permissible on the platform, appointing a grievance officer, and taking down certain categories of unlawful content when instructed by competent authorities or notified of it. For large platforms, defined as Significant Social Media Intermediaries with more than fifty lakh (five million) registered users in India, there are additional requirements such as appointing a nodal officer and publishing monthly compliance reports.
Part III creates a Code of Ethics and a three-tier grievance redressal framework specifically for “publishers of news and current affairs content”. The definition of a publisher under Rule 2(1)(t) covers entities such as online newspapers, news portals, news aggregators, and news agencies. This Part is administered by the Ministry of Information and Broadcasting (MIB), not MeitY, and it includes a body called the Inter-Departmental Committee (IDC), which can hear grievances escalated to it and recommend actions ranging from warnings to content deletion to blocking. Emergency blocking powers under Rule 16, read with Section 69A of the IT Act, allow the MIB to direct a publisher to take down content rapidly in urgent circumstances.

Part III of these rules is of extreme relevance to us, especially in the context of the recent amendment.

The 2021 Rules marked a major shift in how tech and the internet are governed in India, moving beyond simple takedown procedures and establishing an executive-led oversight system. But the rules were highly controversial. Critics argued it gave the executive branch significant discretionary power over digital news media without the traditional safeguards of judicial review.

The 2026 Amendments

In 2026, we’ve seen an acceleration in regulatory activity.

On February 10, 2026, the government notified the First Amendment to the IT Rules. This amendment was content-specific, focusing on the rise of Synthetically Generated Information (SGI), commonly known as deepfakes. SGI is defined as information created or modified artificially or algorithmically to appear real, authentic, or accurate, and that portrays individuals or events in a manner indistinguishable from reality.

The First Amendment required intermediaries to label SGI and embed provenance metadata, which are technical markers showing the origin and modification history of content. Crucially, the February amendment also introduced a list of exceptions for what is not considered SGI. These include routine editing, such as colour adjustments, noise reduction, or transcription that does not materially distort the content. It also exempts standard document creation, such as PDFs or presentations, and technical improvements for accessibility or translation. These nuances were intended to separate benign creative uses of artificial intelligence from malicious deceptions.

In contrast, the Draft Second Amendment, released on March 30, 2026, is structural. It does not focus on a specific type of content like deepfakes. Instead, it alters the procedural functioning of the IT Rules. While the First Amendment was a reaction to a specific technological challenge, the Second Amendment is an effort to structure the government’s authority over the entire digital ecosystem in a particular direction. It changes the legal relationship between the government and platforms by making ministerial guidance legally binding and expanding the scope of who falls under government oversight.

The Four Pillars of the Draft Proposal

4.1. Rule 3(4): Hard-Coding Safe Harbour to Ministry Directions

This rule requires intermediaries to comply with and give effect to any clarification, advisory, order, direction, standard operating procedure (SOP), code of practice, or guideline issued by MeitY in writing. Crucially, the draft states that compliance with these instruments shall form part of the due diligence obligations required to maintain safe harbour under Section 79 of the IT Act.

This change turns once-informal advisories into hard legal obligations. Previously, advisories were seen as suggestions or “soft law” that platforms could contest or delay. Under Rule 3(4), a suggestion becomes a command backed by the threat of platform-wide liability. For a platform, the stakes are existential: ignoring a ministerial advisory regarding a specific content category could lead to the loss of immunity for every single post on the platform. This creates an environment where the executive can bypass the traditional rule-making process to impose new standards on the fly.

4.2. Rules 3(1)(g) and (h): The Retention Clause

The draft introduces “without prejudice” language to the rules governing data retention. This means that an intermediary’s obligation to delete content or user data under the IT Rules is subordinate to any other law that requires data to be kept. Specifically, this links the IT Rules to the Digital Personal Data Protection (DPDP) Act, 2023.

While the IT Rules might suggest data should be deleted after a user’s request, this new clause ensures that broader state mandates for data preservation for law enforcement or financial regulations take priority. For the user, this means the “right to erasure” is significantly diluted. Even if a platform removes a post, the underlying data may be preserved for long periods if another law demands it. This creates a permanent digital footprint that users cannot easily manage or delete.

4.3. Rule 8(1) Proviso: Extending Part III to Ordinary Users

Under the 2021 Rules, the oversight machinery of Part III applied primarily to institutional news publishers. The Draft Second Amendment proposes to change this by extending the application of Rules 14, 15, and 16 to “news and current affairs content” shared by users who are not publishers.

This change, in de facto terms, does away with the distinction between a professional news agency and a citizen journalist or an influencer. If an individual shares news-related content on a platform, they are now technically subject to the same blocking and oversight framework as a major media house. This allows the government to apply the IDC and MIB blocking machinery directly to individual creators, potentially exposing them to government reprimands for content that was previously considered private speech.

4.4. Rule 14: The IDC’s Expanded Mandate

The draft proposes to broaden the remit of the Inter-Departmental Committee. Currently, the IDC primarily hears grievances that have been escalated from lower levels of the redressal process. The amendment would allow the IDC to meet and hear “matters” referred to it directly by the Ministry.

By replacing the word “complaints” with “matters,” the government expands the IDC’s discretion significantly. The committee no longer needs to wait for a user or publisher to file a formal grievance. It can now act on its own motion, or “suo motu”, at the direction of the Ministry. This allows the government to bypass the citizen-initiated trigger for censorship, turning the IDC into a proactive monitoring body.

Inferring The Government’s Rationale: Certainty and Accountability

In its consultation notice dated 30 March 2026, MeitY describes the proposed amendments as “clarificatory and procedural in nature”. The notice states that the primary purpose of the new Rule 3(4) is to make explicit that compliance with MeitY’s written clarifications, advisories, directions, standard operating procedures, and codes of practice “shall form part of the due diligence obligations of the intermediary under section 79” of the IT Act.

The government frames this as improving legal certainty: by formally embedding these instruments within the due diligence framework, the rules would give platforms an unambiguous basis for understanding what compliance requires.

On the extension of Part III to intermediaries and non-publisher users, the consultation notice uses the language of “clarification of applicability,” suggesting that this change is meant to resolve interpretive ambiguity about who falls within the existing oversight framework rather than to introduce substantively new obligations.

Here, it is important to note that the consultation notice does not explain why these particular clarifications require a rule amendment rather than a ministerial circular, nor does it address why the same oversight mechanisms designed for professional news publishers are appropriate for individual users.

Concerns on Censorship and Oversight

Digital rights organisations and legal experts have characterised the current draft rules as a shift toward centralised executive control. I find there are four broader criticisms and concerns that need attention:

1. Free Expression:

Critics argue that the amendments can crucially restrict and surveil online speech. When platforms face the loss of safe harbour for failing to follow a ministerial advisory, they are likely to become hyper-cautious. This could lead to prior restraint, where platforms preemptively remove or downrank controversial content to avoid government scrutiny. The compressed timelines for content removal, which can be as low as three hours for government takedown orders, eliminate any meaningful human review. This forces platforms toward automated over-removal, creating a secretive process where the person whose content is removed is often never even provided a copy of the notice or a hearing, which is a violation of natural justice.

2. Executive Overreach and the “Ultra Vires” Argument

A major legal concern is whether these rules are Ultra Vires, a legal term meaning beyond one’s legal power or authority. Rule 3(4) effectively allows the executive branch to create new laws through advisories and SOPs without the democratic scrutiny of Parliament. Under the IT Act, rules must be laid before Parliament for thirty days of oversight. However, advisories and guidelines are issued directly by the Ministry. Tying these informal instruments to a platform’s legal immunity may exceed the rule-making power granted to the Ministry by the parent IT Act, as it creates legal consequences for instruments that were never intended to be binding.

3. Proportionality and the Burden on Individual Creators

The extension of Part III oversight to ordinary users is arguably disproportionate. Individual creators most often do not have the legal teams, resources, bandwidth, or capacity to navigate government committees and blocking orders that institutional publishers do. This vulnerability may discourage independent commentators and citizen journalists from reporting on sensitive issues for fear of targeted enforcement.

4. Privacy and Data Retention

The prioritised data retention mandates can potentially contribute to a dilution of privacy rights. While the DPDP Act 2023 includes a right to erasure, these amendments prioritise state mandates for data preservation. Critics fear this will lead to expanded surveillance, as user data could be retained post-deletion for 180 days or longer, even if the original purpose for collecting that data has been served. Furthermore, a specific addition to the rules, Rule 3(1)(ca)(ii)(III), mandates that platforms disclose the identities of users directly to complainants who claim to be victims. Because this rule lacks anchoring language requiring a court order, it creates a serious risk of harassment, doxing, and vigilante action against dissenting voices.

Assessing Who Is Affected

The proposed rules will have different implications for various stakeholders who are a part of the digital ecosystem.

Large Platforms (SSMIs): Significant Social Media Intermediaries, those with more than 50 lakh (5 million) registered users in India, face the highest compliance burden. They are now operating under a hybrid verification model where they must require users to self-declare SGI, while also deploying automated tools to verify those declarations. The amendment to Rule 4(4) removes the discretion previously accorded to SSMIs, replacing it with proactive monitoring obligations.
Digital News Publishers: While they are already under the 2021 framework, the expanded mandate of the IDC means they may face more frequent “matters” referred directly by the Ministry. This allows the government to bypass the traditional grievance process to scrutinise news coverage.
Influencers and Content Creators: This group faces a massive shift in status. They are now subject to the same blocking and oversight framework as institutional publishers. This significantly increases their exposure to government reprimands and content deletion, particularly for those whose reach rivals traditional media outlets.
Citizen Journalists: These individuals, who often operate without institutional support or legal resources, are disproportionately vulnerable to the new oversight machinery. This could lead to significant self-censorship on local or political issues, as the risk of a blocking order is much harder for an individual to navigate than for a media corporation.
Ordinary Social Media Users: Even users with small followings may be affected if they share news content that the Ministry deems problematic. Additionally, all users face a heightened privacy risk due to the prioritised data retention mandates and the possibility of identity disclosure to complainants.

Legal and Constitutional Context

The Draft Second Amendment must be viewed through the lens of the Indian Constitution, specifically Article 19(1)(a), which guarantees the right to freedom of speech and expression. This right is not absolute and is subject to “reasonable restrictions” under Article 19(2) in the interests of national security, public order, and other specified categories.

The central legal question is whether these rules represent a reasonable restriction or an unconstitutional overreach. A foundational precedent is the 2015 case of Shreya Singhal v. Union of India, where the Supreme Court struck down Section 66A of the IT Act for being overbroad and vague. The Court emphasised that procedural safeguards are essential when the state restricts online speech. To a certain extent, using informal advisories to trigger the loss of safe harbour reintroduces the same vagueness the Court sought to eliminate, as platforms cannot know with certainty which “advisory” might lead to a total loss of legal protection.

Furthermore, the use of delegated legislation, which is rules made by the executive under authority granted by a parent Act, must stay within the boundaries of that Act. If Rule 3(4) allows the Ministry to create new legal standards through advisories, it may be challenged as an uncanalised delegation of power.

Current litigation is already testing the limits of the 2021 framework. Organisations like the Software Freedom Law Centre (SFLC) have noted that multiple cases before High Courts are challenging the constitutionality of Part III. Notable cases include:

Foundation for Independent Journalism & Ors v. Union of India
TM Krishna v. Union of India
Live Law Media Private Limited v. Union of India
Nikhil Mangesh Wagle v. Union of India
AGIJ Promotion Ninteenonia Media Private Ltd. v. Union of India
Digital News Publishers Association (DNPA) v. Union of India

In March 2024, the Supreme Court accepted the Union government’s transfer petition and consolidated all cases before the Delhi High Court as a single forum to avoid conflicting judgments. As of October 2024, the Delhi High Court bifurcated proceedings, hearing Part III challenges first, then Part II.

Concluding Remarks

The Draft Second Amendment rules currently remain open to consultation and stakeholder feedback with a submission deadline of April 14, 2026. These amendments do not exist in isolation,, but are part of a broader digital roadmap that includes the implementation of the DPDP Act 2023, the development of the proposed Digital India Act, and an evolving framework for artificial intelligence governance.

But presently, the tension lies between the government’s stated goal of creating a safe and trusted internet and the constitutional requirement for procedural safeguards in a digital democracy. If the rules remain in their current form, the balance of power will shift significantly toward the executive branch. Platforms will face an environment of high compliance risk, often forced to choose between challenging a ministerial direction and risking their entire business model. Simultaneously, individual creators may find the space for critical or independent commentary significantly narrowed as the distinction between a private citizen and a regulated media entity gets blurry.

Thinking In Questions

Discussion about this post

Ready for more?