top of page
Writer's picturePrashant Mara

India’s New Safe Harbor Law- Wait and Watch did not Work

Updated: Jul 7, 2021

- Prashant Mara and Vikram Jeet Singh


Since India’s new intermediary laws were notified 3 months ago, they have existed in a curious vacuum. The Indian Government did not issue any circulars, FAQs, or formats that indicated how these rules were to be complied with (which was surprising, given the multifarious ambiguities they contain). Indian courts were asked to opine on the constitutionality of a few aspects of these rules, but have not done so as yet. Perhaps most surprisingly, digital business majors and social media companies played things quite close to their chest, and did not let slip if they agreed or disagreed with the rules, and how they proposed to deal with them. Perhaps they thought that a ‘wait and watch’ approach was best, and that there was a chance the enforcement of the new 2021 rules would be as relaxed as that of the earlier 2011 ones or that an Indian court would ‘bell the cat’ for them, and strike down or read down these rules, a la Shreya Singhal.


The ‘wait and watch’ approach has not worked out. The Ministry of Electronics and Information Technology (MEITY) and the Ministry of Information and Broadcasting (MIB) issuing a letter asking SSMIs and digital publications to (on the same day as the rules came into effect!) furnish details of local officers and their addresses clearly signifies the direction that enforcement intends to take.


Mandatory ‘Skin in the Game’

The 2011 safe harbour rules failed in part because they did not provide the Indian Government with a way to ‘catch hold’ of Significant Social Media Intermediaries (SSMIs). Government requests could be fobbed off quite easily with a short letter and a suggestion that Mutual Legal Assistance Treaty (MLAT) procedures be used. This was possible to do because most SSMI’s don’t have officers or offices in India, and thereby have no ‘skin in the game’, so to speak. Given the outsize influence, SSMIs have in the Indian digital ecosystem, and despite "voluntary" compliance by SSMIs in many instances, this regulatory imbalance could not have endured for much longer.


With these rules, the government has breached the single biggest protection that foreign SSMIs had, i.e., that data is held outside of India and that Indian subsidiaries don’t have control over that data. To gain access to that data or enforce other requests, Law Enforcement (LE) had to follow the MLAT process. With local offices and local officers now available to LE to proceed against, MLAT will lose its significance substantially. Requests will be made to these local officers and at these offices, and refusal or failure to comply will result in action being taken against them in India. There will be no dual-entity or MLAT process to hide behind. These rules achieve what the government wanted to achieve in a uniquely Indian way – police officers turning up at SSMI offices with warrants.


In summary, the government has achieved what it set out to by gaining control over SSMIs and being able to physically catch hold of persons in India and hold those persons responsible. Admittedly, we all knew that this was coming (and not just in India) and some of it for valid LE purposes. However, the government has acted smartly and put companies in a bind in order to achieve its objective.


While SSMIs are busy challenging the constitutional validity of the rules (which may or may not dilute the rules), they leave their officers exposed to personal liability. There is no way for foreign SSMIs to avoid having ‘skin in the game’ now because the government now has the ability to hit them where it hurts. Everyone who has dealt with LE in India will have war stories of ‘raids’, whether they be for income tax, trademark, legal metrology, et al, and ways to handle these raids. A new SOP is now required for “intermediary liability raids”, which may be more consequential than any of these.


What the future holds?

This situation has arisen because SSMIs have been unable to or are unwilling to ‘bell the cat’ by challenging the provisions that are likely to hurt them most, i.e., those involving local officers and local offices. Without going into the reasons for this, it has become evident that all SSMIs have now agreed to comply with the provisions, including the ones requiring them to appoint local officers. This will likely lead to a raft of enforcement action against these local officers and the extent of damage caused and the compliance it forces remains to be seen. We will have to wait and watch if any person will readily agree to become the CCO, grievance officer or nodal contact person if they anticipate a lot of friction with the Indian Government. Even if they do, the question remains whether they will be empowered to actually action the LE request. If they are simply postboxes, they will be the fall guys in this whole picture, asked by LE to comply, but without the power to do so unless HQ deigns an approval.


Undoubtedly, there will be valid LE requests which ought to now, theoretically, be responded to quicker; all LE requests should not be treated with suspicion. Most of them are valid and it is a fact that the Internet will and should be regulated in the future, as even the most die-hard fans of “free” Internet will acknowledge now. Equally, this short-circuited route to get compliance will raise questions on whether due process is being followed and whether the process enables “invalid” requests to slip through. Whether the requests for information or action are legal or not is almost academic if the government has a method to force compliance quickly even before the issue is raised before a competent court. Therefore, by de facto agreeing to appoint local officers and provide local contacts, SSMIs have opened the door to potentially unfettered LE demands from all over the country without giving themselves the time nor the opportunity to resist such demands or to even check whether they are valid or not. In the very near future, SSMI legal counsels will face a stark choice, requiring them to decide whether to deny LE requests on the basis of a constitutional or jurisdictional challenge which will take months to resolve (if at all), or to comply irrespective, due to the risk of immediate enforcement against its employees in India.


In an earlier article (here), we talked about a balance needing to be struck between regulation and intermediary protection. The rules don’t strike that balance, as was expected. It was expected that SSMIs would mount a serious legal challenge to some of the provisions which are too onerous. Their failure to do this means that this balance has not been achieved and the field is set against SSMIs. It will be interesting to see how this plays out, and whether it will lead to a raft of enforcement action against SSMIs in the future.

bottom of page