(1) These rules may be called the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
(2) They shall come into force on the date of their publication in the Official Gazette.
(1) These rules may be called the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
(2) They shall come into force on the date of their publication in the Official Gazette.
Rule 1: Short Title and Commencement
Rule 2: Definitions
PART II: DUE DILIGENCE BY INTERMEDIARIES AND GRIEVANCE REDRESSAL MECHANISM
PART III: CODE OF ETHICS AND PROCEDURE AND SAFEGUARDS IN RELATION TO DIGITAL MEDIA
CHAPTER I: GRIEVANCE REDRESSAL MECHANISM
CHAPTER II: SELF REGULATING MECHANISM – LEVEL I
CHAPTER III: SELF REGULATING MECHANISM – LEVEL II
CHAPTER IV: OVERSIGHT MECHANISM – LEVEL III
CHAPTER V: FURNISHING OF INFORMATION
CHAPTER VI: MISCELLANEOUS
APPENDIX
Code Of Ethics (I News and current affairs; II Online curated content)
(1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under Rule (10).
(2) The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under Rule (4) for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.
(3) Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.
(4) Save as otherwise provided in sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.
(1) Any person who intentionally or knowingly, without authorisation under Rule (3) or Rule (4), intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.
(2) Any interception, monitoring or decryption of information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely–
(i) installation of computer resource or any equipment to be used with computer resource; or
(ii) operation or maintenance of computer resource; or
(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;
(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or
(v) accessing stored information from computer resource for the purpose of–
(a) implementing information security practices in the computer resource;
(b) determining any security breaches, computer contaminant or computer virus;
(c) undertaking forensic of the concerned computer resource as a part of investigation or internal audit; or
(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.
(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub-rule (2).