This post is meant for dissecting the meetings held by the Ministry of Electronics and Information Technology (MeitY) on and the official discourse around the upcoming Digital India Bill (DIB). Quick recap: this legislation seeks to replace the two decade old Information Technology (IT) Act, 2000 in order to keep up with the evolving digital landscape. The meetings were held in Bengaluru and Mumbai, in a hybrid mode. In addition to the statements made by the Minister of State (MoS), we are also going to be relying on the presentation shared by the Minister in both meetings to conduct our analysis of the upcoming bill.
All talk, no walk
The DIB, much like the weather these days, is quite unpredictable. As we elaborated upon in our previous post about the Bill, ‘Many mysteries of the Digital India Bill’, the mystery around its timeline and content has majorly brought misery. We’re aware that good things only come to those who wait, but based on the reporting and statements around the bill, we’ve done a lot of the latter and are expecting none of the former. [We’ve updated the table in our previous post to reflect the developments around the DIB - see the updated version of what it will cover/ regulate (as per media coverage) here].
As per media reports dated late May, the consultation on the DIB was supposed to begin on June 7, 2023. As per other unnamed sources, the draft was “likely to be ready by early July”. These are just the latest in the long list of publicly assured, but ultimately unmet, timelines. More recently, on June 30, the MoS admitted to the delay in the release of the Bill, and promised that it will be released “very soon”. While we have been tracking these timelines internally, the focus of this post is not that. The MoS has stressed on the need to consider deep consultations and consensus around the legislation from all stakeholders as equally important as the timelines by which the legislation is enacted. While we believe that a clear, concrete timeline helps prepare stakeholders for a bill with such significance and alleviates a lot of mystery-led misery around the bill, we do consider the consultation process to be equally, if not more, important as the timeline. So for the purpose of this post, we shall shift our focus to the pre-consultation conversations held around the bill by the Ministry.
Some more talk…
MeitY organised two meetings, prior to the release of the DIB, under its banner of ‘Digital India Dialogue’. The meetings held in Bengaluru, on March 09, and in Mumbai, on May 23, were structured around the “principal architectural design of legislation”, as per the MoS. These meetings were attended by as many as 300 stakeholders, several of whom joined virtually as well. The stakeholders consisted of law firms, industry, startups, technology companies, policy advocates, etc.
Sources also revealed that MeitY received very few suggestions from stakeholders after the 1st meeting held in Bengaluru. This may be reasoned by the high degree of ambiguity that existed, even after the presentation, with respect to the principles, architecture, and/or content of the bill. Despite discussing the draft publicly for over a year, the Ministry has only covered “broad principles” until now. Greater specificity, nuance, and depth may have resulted in a better response rate.
We had written to MeitY prior to both the meetings, requesting them to invite civil society organisations (including IFF) for the meetings in Bengaluru (letter dated March 06, 2023) and Mumbai (letter dated May 22, 2023).
In a podcast interview with the MoS and hosted by Ranveer Allahbadia, aka ‘beerbiceps’ on June 24, the MoS stated that some aspects of the internet, such as addictive and harmful content, needs to be regulated. Throwing light on the Ministry’s decision to ban PubG and TikTok, he clarified that their content was judged on the basis of specific criterias prior to their ban and there was no subjectivity involved. It is unfortunate that these criterias have not been adequately defined and/or listed in a legislation, which would otherwise serve as a testament to the legitimacy of this claim. With respect to AI, the MoS emphasised on the need for guardrails and the need to define the “no-go areas for AI”, which will be defined in the forthcoming DIA. He spoke about regulating AI through the prism of user harm and imposing a responsibility on companies to cause no harm to any user by creating such guardrails. While the stated intention to balance innovation with user rights is commendable, the government has not shed light on how they plan to achieve this. This question becomes pertinent in light of the recent amendments to IT Rules, which in the name of regulating user harms, such as addiction through online gaming or online misinformation, hampers innovation and infringes upon the right to online free speech.
The MoS shared a presentation (mostly identical) in both meetings, which listed the broad goals, principles and structure of the bill. As per the MoS, the Bill seeks to manage the complexities of the internet and rapid expansion of the types of intermediaries, protect citizens' rights, address emerging technologies and risks, and be future-proof. Below, we have elaborated upon the presentation structure and raised some questions, which have either risen due to the information shared in the presentation or remain unanswered despite it.
Context setting: The presentation began by setting context about the evolving landscape of the internet, and the rapid change it has undergone in the past two decades. He elaborated upon the birth of newer or more advanced technologies which have led to new complex forms of user harms. Some examples of user harms listed in the presentation are: defamation, cyber-bullying, doxxing, salami slicing, revenge porn, cyber-flashing, catfishing, cyber stalking, cyber trolling, gaslighting, phishing, hate speech, disinformation, misinformation, fake news, etc. He stressed on the need for creating more types of intermediaries to tackle the emergence of new harms such as misinformation and hate speech. In addition to the categories of intermediaries listed in the image below, the Ministry added several other categories of intermediaries in the Mumbai presentation, namely, dating/matrimonial apps, internet service providers (ISPs), aggregators, fact checkers, and influencers. It is unclear as to how and/or why MeitY chose to categorise these services/ platforms as intermediaries, how the Ministry defines them, and why the number of intermediaries expanded from 9 in the Bangalore meeting to 12 in the Mumbai meeting. As we will explore below, while some examples of types of user harms and types of intermediaries were listed in the presentation, an exhaustive list as well as the justification behind considering it were left to our imagination.
Intermediaries listed in the Bangalore meeting (left) vs the Mumbai meeting (right)
Goals of DIB: As per the Ministry, the upcoming legislation should be “evolvable and consistent with changing market trends, disruption in tech, and development in international jurisprudence and global standards”. The Minister suggested the adoption of a “principles and rule based approach”, wherein the legislation will be non-prescriptive in nature and will evolve by notification of Rules in order to be able to “rapidly modify and create regulation”.
To our surprise, the presentation failed to list the principles on which the upcoming legislation will be based. Although the key components “Open, Safe, Accountable, and Trusted” have often been used by the Ministry in relation to ‘Digital India’, stakeholders probably expected (we certainly did!) more concrete principles from the Ministry in the two pre-drafting meetings. This, too, unfortunately has been left to our imagination.
Structure of DIB: The presentation shared the tentative index of the upcoming draft bill. Unfortunately, the presentation did not elaborate on the first three chapters. Thus, your guess on the contents of the chapter on “Digital Government” is as good as ours.
The MoS voiced his wish for an open internet which promotes choice, competition, and online diversity. He also stated that an open internet will ideally allow fair market access and provide non-discriminatory access to digital services to start-ups. Achieving a truly open internet will be an achievement and we hope the Ministry can work towards that. A lot of this intention was reflected in the Ministers’ statements in the Mumbai meeting, wherein he clarified that the Ministry will refrain from banning emerging technologies (artificial intelligence, blockchain, robotics, internet of things, virtual reality etc.) in order to safeguard innovation. He even suggested defining guardrails for such emerging technology as opposed to heavily regulating them as that could potentially create another layer of compliance.
However, the Minister also clarified that they will regulate through the prism of user harm (but they haven’t defined user harm). Some examples of regulatory interventions proposed in the presentation are:
- Critical examination and regulation of ‘discretionary moderation of fake news’ by social media platforms.
- Intervention to tackle the failure of intermediaries to deter cyber crimes and illegal content due to anonymity on the internet.
- Stringent regulation of privacy invasive devices (spy camera glasses, wearable tech) before market entry with strict KYC requirements for retail sale as well as appropriate criminal law sanctions.
- Content Monetisation Rules for platform-generated and user-generated content.
- Age-gating by regulating addictive tech.
- Strengthening penalties for non compliance.
- Re-thinking the safe harbour provision under Section 79 of the IT Act.
Most notably, the Minister shared his apprehension with the safe harbour provision currently enjoyed by certain intermediaries, which awards immunity from liability from third party content hosted by them. During the presentation, he posed two questions to the stakeholders: “Should there be safe harbour provision at all? If there is a safe harbour, what is the criteria of those intermediaries or platforms that are entitled to it?" He hinted towards having safe harbour for only certain categories of intermediaries, whereas other classes of intermediaries (like e-commerce, fact-checking, online gaming) would need separate rules. At a later point, the Minister told Economic Times, “Stakeholders suggested that safe harbour should be retained only for pure/classic intermediaries who do not have the power to moderate or modify content hosted on their platforms." Not only would such a move negatively affect innovation, but it also holds the potential to severely impact free speech online as platforms may undertake proactive censorship to avoid liability for it. Safe harbour can’t just be viewed as meaning absolute protection supposedly enjoyed by intermediaries. This narrow view held by the Ministry fails to take into account the complexities and nuances of discourse on the internet. These complexities include diversity in language and contextual information. An expectation on intermediaries to understand the nuance of content posted on their platform, and then to take action against it within a limited time frame, may lead to proactive censorship to avoid penalties and threats to their immunity. Ideally, the intermediary will have training in understanding the contextual sub-text for each piece of content, for example the ironic or comic positive usage of terms meant to reclaim derogatory terms. However, it is reasonable to question the likelihood of this scenario. Thus, safe harbour needs to be viewed in the context of online free speech, wherein platforms are now playing a big role in helping users exercise their right to free speech and expression.
The MoS also clarified to the Economic Times that the Ministry does not want “a huge monolithic regulator [akin to the Telecom Regulatory Authority of India for the digital space] …. regulating the young, innovations and startups” and would instead prefer something that is “light touch”. At the same time, he clarified that “when it comes to user harm and criminality, there should be effective deterrent power to address those issues”. He also added that MeitY didn’t have clarity yet on what the regulatory design would look like. While some form of regulation for protecting users from cyber harms and crimes is expected, the creation of such a strict regulatory environment will create market barriers and negatively throttle innovation. It is worth wondering what such a strict regulatory environment may look like or lead to, especially in the absence of any known effort to comprehensively define and place in the public domain the concept of ‘user harm’.
Some other listed regulatory interventions include protection of minors’ data, algorithmic transparency and periodic risk assessment by digital entities, ethical use of AI based tools, disclosure norms for data collection, and mandatory ‘do not track’ requirement to prevent children from getting targeted by ads. How these interventions will be implemented and how overlap with other legislations which undertake similar interventions will be resolved is unclear at this moment. The bill also lists some digital rights of users, including right to be forgotten, right to secure electronic means, right to redressal, right to digital inheritance, right against discrimination, rights against automated decision making, etc. It is unclear whether these rights will be inserted in the legislation, but nevertheless, recognition of these rights is a step in the right direction.
The presentation suggests updating provisions of the Competition Act, 2002. During the meeting, the MoS admitted to talking about certain competition and anti-competition aspects which are currently dealt with by the Competition Commission of India in the Competition (Amendment) Act, 2023. Acknowledging the overlap, he stated that the Ministry will eventually take a call on whether it should be within the DIB or the Competition Act.
Responding to a question about regulatory overlap with other sectoral regulations, for instance for e-commerce platforms or cloud service providers, the Minister shared that “if there is an omnibus law, we suspect that a lot of it will be subsumed into this”. Providing some additional clarity, but not exactly addressing doubts, he also stated that “There are platforms of the internet that are domain specific, like health, finance etc. As far as their conduct and user harm is concerned, MeitY or the internet regulator will regulate but in terms of what services they offer, the sectoral regulators will regulate. Also, there certainly will be joint regulation for several platforms between MeitY and sectoral regulators". Such regulatory overlap must be clarified soon, so as to alleviate the concerns around increased compliance burden and to facilitate efficient grievance redressal for users.
One recent example of such overlap is the imposition of a 28% GST levy on the total game value for online gaming, ultimately equating skill-based online games (non-gambling games) with online games of chance (gambling games) under India’s tax regime. This move was introduced by the GST Council, consisting of the Union Finance Minister and representatives from all States and Union Territories, leading to speculations around a fundamental difference of opinion between MeitY’s views and those of the states. As per reports, the MoS said that MeitY would approach the GST Council and urge it to consider the evolving framework of permissible online real money gaming, as defined by the recently notified IT Amendment Rules, 2023. This is indicative of the complexity that overlapping regulations can inevitably lead to.
Upon being asked about the inclusion of telecom service providers under the list of intermediaries, the MoS admitted that the Ministry should have an answer to that but doesn’t have one at the moment. He stated that the DIB currently does not envisage regulating the ISPs and TSPs because they are regulated by the Ministry of Communications and is thus out of its scope. However, he added that if someone can make a case for them to be included/ regulated under the DIB, the Ministry would be willing to consider it. These sort of statements raise doubts and concerns about the jurisdictional regulation of service providers. Notably, TSPs was already included as a category of intermediary in the Bengaluru presentation and ISPs was added in the Mumbai presentation. Thus, if the scope of the bill is expanded to include regulation of TSPs and ISPs, which have been governed by the Department of Telecommunication for decades, it may have far reaching implications for growth in the sector. This is the sort of clarity that was expected in the two meetings that have been held by MeitY.
Q1. What are the specific principles beyond ‘Open, Safe, Trusted and Accountable’ on which the DIB will be based?
Q2. How will the government ensure that the DIB does not become outdated, much like the IT Act, in face of the rapidly evolving digital ecosystem?
Q3. What are the types of user harms that the DIB will tackle, and how will the Ministry define them? What is the justification for including these harms in its ambit?
Q4. What are the criterias based on which a piece of content is identified or classified as “addictive” and/or “harmful”?
Q5. How will the DIB ensure that the fundamental right to freedom of speech and expression is not undermined while regulating online user harms such as misinformation, ‘fake news’, gaslighting, etc.? Will the government regulate ‘legal but harmful’ content through the DIB?
Q6. How will the DIB regulate/ tackle cyber crimes while also not infringing upon the right to anonymity?
Q7. Will the DIB account for the increased compliance costs that medium and small sized enterprises will encounter due to these additional due diligence requirements?
Q8. How will the DIB strike a balance between promoting competition as well as innovation and addressing online user harms? What will the regulatory design under the DIB look like, especially for cyber crimes and other harms?
Q9. What are the types of intermediaries that the DIB will create, and the justification for creating them.
Q10. What will be the various criterias for deciding the threshold for various intermediaries? Upon what criteria will the intermediaries receive safe harbour provisions? If criterias for retaining safe harbour is tweaked, which services/platforms will retain it?
Q11. Will the intermediaries be categorised based on the size of their user base, the functions performed, or scope to cause harm, etc.?
Q12. Will the separate rules for separate classes of intermediaries, as suggested in the presentation, be included in the parent legislation or be notified at a later stage.
Q13. Will intermediaries who perform and provide multiple functions be required to abide by multiple regulations.
Q14. How will the DIB approach the regulation of emerging technology such as AI, Web3, IoT, while ensuring that innovation of this emerging industry is not hampered.
Q15. Will competition related provisions currently governed under the Competition Act be dealt under the DIB? Will there be a jurisdictional overlap with other sectoral regulators?