On 29th December 2025, the Ministry of Electronics and Information Technology [“MeitY”] issued an Advisory to all Intermediaries, including social media intermediaries, to curb sensitive content [“vulgar, indecent, obscene, pornographic, paedophilic, or sexually explicit content and other unlawful content”] [“Advisory”]. The Advisory does not create any new due diligence obligations but rather reiterates the existing ones under the Information Technology Act, 2000 [“IT Act”] and the Information Technology [Intermediary Guidelines and Digital Media Ethics Code] Rules, 2021 [“IT Rules” or “2021 Rules”] thereunder.
This Advisory came as a result of multiple representations and reports on the continued circulation of content that violates personal rights, as well as the decency and obscenity laws in place. These concerns have also been raised in parliamentary and court proceedings, making them all the more necessary to address.
This also comes in light of the recent Standard Operating Procedure [“SOP”] to curb the dissemination of non-consensual intimate imagery content [“NCII”]. This SOP focuses on the steps that a victim may follow when their NCII is uploaded/disseminated on any intermediary platform, and the procedure that must be followed by the relevant intermediary in such a case. As a continuation of these efforts, the Advisory also focuses on ensuring the consistent and uniform implementation of privacy, data protection, and cybersecurity laws and regulations.
KEY HIGHLIGHTS
This Advisory applies to all intermediaries, whether it is a social media intermediary service provider or any other kind of digital service provider for third-party data storage, as defined in Section 2[1][w] of the IT Act and strictly reiterates their statutory obligations under the IT Act and 2021 Rules.
The requirements mentioned in the Advisory would apply, based on the scope and size of operations, to entities assisting in hosting, storing, transmitting, or sharing third-party information. The Advisory reiterates the significance of an intermediary’s due diligence obligations to remain eligible for safe-harbour provisions.
- Precautions: The Advisory reminds intermediaries of their duty under Rule 3[1][b] to make “reasonable efforts” to ensure that users on their platforms do not host, display, upload, or share any information that is “obscene, pornographic, paedophilic, harmful to children, or otherwise unlawful.” To implement this, the intermediaries must deploy accessible reporting and grievance redressal systems.
- Takedown Orders and Grievance Redressal: In case intermediaries receive takedown orders by the Courts, or the Appropriate Government or its authorised agency, the intermediary must immediately remove such content or make it unavailable within prescribed timelines as per Rule 3[1][d]. The Advisory also reiterates Rule 3[2] requirement of quick removal or disabling access to prima facie mature content within twenty-four hours of receiving a complaint by the victim or anyone on their behalf.
- Consequences of Non-Compliance: It cautions intermediaries that non-compliance with any of these provisions can lead to the removal of the safe harbour protection under Section 79 of the IT Act. It can also lead to possible criminal actions under the Bharatiya Nyaya Sanhita, 2023 [“BNS”]. It also noted that such dissemination of sensitive content is also a punishable offence under specialised statutes like the Protection of Children from Sexual Offences Act, 2012 and the Representation of Women [Prohibition] Act, 1986.
- Actionable Advice: Intermediaries are advised to conduct an immediate review of their compliance frameworks, content moderation arrangements, and user-facing enforcement processes, and to maintain continuous compliance with the requirements of the IT Act and the IT Rules.
- Additional Measures by SSMIs: The Advisory also prescribes the additional measures required by Significant Social Media Intermediaries [“SSMIs”], i.e., the social media intermediaries that have more than fifty lakh registered users in India, given the vast amounts of Personal Data they deal with. Specifically, SSMIs are required to make use of automated technology for timely compliance, in addition to general precautions taken.
LEGAL AND REGULATORY OBLIGATIONS
The Advisory reiterated the Intermediaries’ due diligence obligations to obtain safe harbour protections, as under Section 79 of the IT Act, read with Rules 3 and 4 of the 2021 IT Rules. In particular, under Rule 3[1][b], the intermediary must make every reasonable effort to ensure that the users do not host, upload, publish, transmit, store, or share any sensitive content, as described above. Moreover, under Rule 3[1][d], the intermediary must remove or disable access to such unlawful content expeditiously if the intermediary receives actual knowledge as a result of a court order or a reasoned intimation from the appropriate Government or its authorised agency.
Further, Rule 3[2] mandates the maintenance of an effective and efficient grievance redressal and reporting mechanism by all intermediaries. Specifically, Rule 3[2][b] requires the take down or access disablement to any content portraying a person in a sexual act, full or partial nudity, or impersonation, within 24 hours of receiving a notice from the aggrieved person or their authorised representative.
For SSMIs, this obligation extends under Rule 4 to further adopt technology-based measures, such as automated and crawler tools, to proactively identify sensitive content, whether explicit or implicit, or any content identical to information that has previously been removed. Additionally, they must implement a stricter and more robust grievance redressal system, ensuring the appointment of a Chief Compliance Officer, Nodal Contact Person, and Resident Grievance Officer, and publish their contact details on the platform.
Adherence to these strict timelines and proactive measures is a prerequisite for obtaining the Safe Harbour protection under Section 79 of the IT Act. The failure to comply with these guidelines not only revokes this protection but can also result in criminal action taken and penalties imposed against them.
An intermediary might be held criminally liable for publishing, transmitting, storing, or providing access to sensitive content under Indian law and regulations. Sections 67, 67A, and 67B of the IT Act criminalise the publishing, transmitting, and/or storing of obscene content, sexually explicit material, and children in sexual acts in electronic form. Moreover, in line with sections of the BNS, the Indecent Representation of Women [Prohibition] Act, 1986, the Protection of Children from Sexual Offences Act, 2012, and the Young Persons [Harmful Publications] Act, 1956, there are penal repercussions for publishing, creating, and/or facilitating access to obscene, indecent, and child sexual abuse materials.
Failure on the part of the due diligence obligation required by Section 79 of the IT Act and IT Rules, 2021 can make third-party content liable for direct action on the part of the intermediaries, and their loss of immunity. In this manner, third-party content hosted on these websites and portals can make the intermediaries liable, which, in turn, can make these websites and portals and their responsible officers liable for criminal offences in pursuit of the IT Act, the BNS, and other relevant laws and regulations.
LOOKING FORWARD
In light of this Advisory, the intermediaries hosting third-party content are mandatorily required to examine and tighten up their existing compliance structure, and ensure they do so periodically. This Advisory re-stresses the requirement to exercise higher caution on the part of social media platforms and intermediaries to prevent illegal content from being shared on platforms.
Considering MeitY’s consistent stress on compliance with the law recently, this Advisory acts as an important reminder for intermediaries to make appropriate investments in content moderation systems and automation tools. Adequate measures to enable the time-bound identification and deletion of sensitive content must be strictly implemented. Otherwise, it will pose risks to the continued application of the Safe-Harbour protection available to them.
LOOKING FORWARD
- Ensure that users are clearly informed of prohibited categories of content through platform policies, terms of service, and user notifications. Such documents must be clearly accessible on their platform.
- Conduct an internal assessment of compliance frameworks, content moderation practices and user enforcement mechanisms, ensuring that they strictly adhere to the IT Act, the 2021 Rules thereunder and other relevant laws and regulations.
- Regularly review and update the user terms of service and the community and platform guidelines to prevent the upload/dissemination of any obscene, indecent, pornographic, sexually explicit, paedophilic, and promptly remove any such material, if uploaded.
- Ensure the presence of a notice and takedown system in accordance with Rule 3[1][d] of the 2021 Rules, respecting the required timelines.
- Have an easily accessible grievance redressal mechanism with the complaint being acknowledged and resolved in terms of Rule 3[2] of the 2021 Rules.
- Establish processes to remove content containing persons in Sexual Acts within 24 hours of the receipt of a valid complaint based on Rule 3[2][b] of the 2021 Rules.
- Where necessary, technologically enabled and automated processes can and must be employed to trace and prevent the uploading and dissemination of prohibited content as specified by provisions outlined in Rule 4 of the 2021 Rules for SSMIs.
- SSMIs must also ensure the appointment of a Chief Compliance Officer, Nodal Contact Person, and Resident Grievance Officer, and the publishing of their contact details on the platform as required under Rule 4 of the IT Rules, 2021.
- Ensure that content moderation, grievance redressal and other policies comply with applicable privacy and data protection obligations.
- To ensure more holistic protection, update your “User Terms” to mandate the necessary identification/labelling of AI-generated/modified content and implement a “Report AI/Deepfake” category in your grievance redressal portal.
- Engage in training of internal staff on a routine basis with respect to content, compliance, and grievances.
- Preserve/retain all relevant information and maintain all necessary records and audit trails related to the receipt of take-down notifications, grievance procedures, etc., for reporting purposes in case of any queries from the concerned authorities, as required by law.
