What India’s Draft Second Amendment To The IT Rules, 2026 Means For Intermediaries, Digital Platforms And Technology Businesses?

Introduction

On 30 March 2026, the Ministry of Electronics and Information Technology (“MeitY”) released the draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 (“Draft Second Amendment Rules”) for public consultation. The proposed amendments have largely been discussed through the lens of content regulation, platform accountability and government oversight of online information ecosystems. While those issues undoubtedly form part of the proposal, the draft may have far wider implications for intermediaries operating in India.

In particular, the proposed insertion of Rule 3(4) raises an important question regarding the future operation of Section 79 of the Information Technology Act, 2000 (“IT Act”). If notified in its present form, the amendment could significantly expand the sources from which intermediary due diligence obligations are derived and, in doing so, reshape the practical operation of India’s safe harbour framework.

For social media platforms, online marketplaces, AI-enabled services, SaaS providers, digital publishers and other intermediaries, the Draft Second Amendment Rules are therefore not merely another compliance update. They may represent a structural shift in how intermediary obligations are created and enforced.

What do the draft second amendment rules, 2026 propose?

The Draft Second Amendment Rules introduce a number of amendments affecting both intermediary due diligence obligations under Part II of the IT Rules and the regulatory framework governing digital news and current affairs content under Part III.

1. The most significant amendment from an intermediary liability perspective is the proposed insertion of Rule 3(4). The provision would require intermediaries to comply with and give effect to any clarification, advisory, order, direction, standard operating procedure, code of practice or guideline issued by MeitY relating to compliance with Part II of the IT Rules. The breadth of the proposed language is notable. The obligation extends beyond statutory rules and encompasses a wide range of regulatory instruments that the Ministry may issue from time to time.
2. The Draft Second Amendment Rules propose amendments to Rules 14, 15 and 16. Among other changes, the amendments seek to expand the scope of the regulatory framework applicable to news and current affairs content made available through intermediary platforms.
3. The draft also proposes to broaden the role of the Inter-Departmental Committee by replacing references to “complaints” with the wider term “matters”, thereby potentially increasing the range of issues that may be considered under the mechanism established by the IT Rules.

Viewed collectively, the amendments signal a move towards greater regulatory oversight of digital platforms and stronger compliance expectations for intermediaries. However, the practical implications of Rule 3(4) extend far beyond the text of the amendment itself.

Understanding the existing safe harbour framework under section 79

Section 79 provides conditional immunity to intermediaries in respect of third-party information, data or communication links hosted or transmitted through their platforms. The provision recognises that intermediaries cannot reasonably monitor or verify every item of user-generated content and therefore protects them from liability, provided certain statutory conditions are satisfied. One of those conditions is compliance with prescribed due diligence obligations.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 constitute the primary source of those due diligence obligations. Failure to comply with the Rules may expose an intermediary to the risk of losing safe harbour protection and being required to defend claims arising from content hosted on its platform. The importance of safe harbour has repeatedly been recognised by Indian courts. Even the Supreme Court emphasised that intermediary liability cannot be expanded in a manner that compels private entities to become arbiters of legality or unlawfulness. The decision remains one of the most significant judicial pronouncements on intermediary liability and online speech in India. Against this backdrop, any amendment affecting intermediary due diligence obligations deserves careful scrutiny.

Why does proposed rule 3(4) matter?

Historically, intermediary compliance obligations have been derived from identifiable legal sources. An intermediary could review the IT Act, the IT Rules, judicial decisions, and statutory directions issued under law and determine the obligations applicable to its platform.

The proposed Rule 3(4) introduces an additional layer. If notified, intermediaries would be required to comply not only with statutory provisions and notified rules but also with clarifications, advisories, standard operating procedures, codes of practice and guidelines issued by MeitY relating to Part II compliance. Even though this change may appear procedural in reality, it alters the nature of intermediary compliance.

The distinction between a statutory rule and an advisory has traditionally been significant. Statutory rules derive their authority directly from the parent legislation and are notified through a prescribed legislative process. Advisories and guidelines have generally been viewed as instruments intended to guide implementation or communicate regulatory expectations.

The proposed amendment narrows that distinction. As a result, future executive guidance may acquire considerably greater practical significance for intermediaries seeking to demonstrate compliance with due diligence obligations under the IT Rules.

From rule-based compliance to continuous compliance

The Draft Second Amendment Rules may also change how intermediaries approach regulatory compliance. Until now, compliance programmes have generally been structured around statutory obligations. Legal teams assess the requirements of the IT Act, the IT Rules and applicable judicial decisions, develop policies and controls, and update those controls when legal requirements change.

The proposed Rule 3(4) introduces a more dynamic model. Intermediaries may need to continuously monitor advisories, guidance documents, standard operating procedures and codes of practice issued by MeitY. Internal compliance functions may need mechanisms to identify, review, assess and implement new regulatory guidance on an ongoing basis.

For large technology companies, this may require dedicated governance structures. For start-ups and emerging technology businesses, the compliance burden may be more significant given resource constraints. The practical impact is therefore not limited to legal interpretation. It has direct implications for governance frameworks, risk management processes, compliance monitoring systems and internal reporting structures.

The expanding compliance burden for digital businesses

The definition of intermediary under the IT Act is intentionally broad and encompasses a wide range of digital businesses. Online marketplaces, communication services, cloud service providers, SaaS platforms, AI-enabled applications, digital advertising platforms and numerous technology businesses may fall within its scope. For such businesses, the proposed amendment raises important operational questions.

1. How should organisations track future advisories issued by MeitY?
2. What internal processes should be established to evaluate and implement regulatory guidance?
3. How should compliance decisions be documented in anticipation of future regulatory scrutiny?
4. How should boards and management teams oversee compliance with evolving regulatory expectations?

These questions are likely to become increasingly relevant if the proposed amendment is adopted.

The administrative law question behind the draft

The most important legal debate arising from the Draft Second Amendment Rules may ultimately be an administrative law debate rather than a technology law debate. The proposed Rule 3(4) raises a fundamental question regarding delegated legislation.

1. Can a statutory rule require intermediaries to comply with future advisories, guidelines and codes of practice that have not yet been issued?
2. To what extent can executive guidance influence the practical scope of intermediary due diligence obligations under Section 79?

These questions are likely to attract judicial attention if the amendment is notified in its current form. The issue is not whether MeitY can issue guidance. Regulators across sectors routinely issue guidance and clarifications. The issue is whether compliance with such instruments becomes effectively integrated into the statutory due diligence framework governing intermediary liability. That distinction may prove critical in any future challenge concerning the scope of intermediary obligations and the continued availability of safe harbour protection.

What should businesses be doing now?

Although the Draft Second Amendment Rules remain under consultation, businesses should not wait for final notification before assessing potential implications.

1. Technology companies should review whether existing compliance programmes include processes for monitoring and operationalising regulatory advisories and guidance.
2. Organisations should also assess how intermediary obligations are currently allocated within governance structures and whether responsibility for ongoing regulatory monitoring is clearly defined.
3. Businesses that rely heavily on Section 79 protections should pay particular attention to the final wording of Rule 3(4) and any explanatory material accompanying the final notification.

The ultimate significance of the amendment will depend not only on the text adopted but also on how future guidance is issued and implemented.

Conclusion

The proposed amendments to Rules 14, 15 and 16 undoubtedly expand the regulatory framework governing digital content. However, the proposed Rule 3(4) may have even broader consequences.

For the first time, the draft contemplates a framework in which intermediary compliance obligations may be shaped not only by statutes and notified rules but also by continuing executive guidance issued by the regulator.

If adopted in its current form, the amendment could alter the practical operation of Section 79 safe harbour, transform how intermediaries approach compliance, and create new questions regarding the relationship between delegated legislation and executive guidance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.