The ongoing saga of disappointing amendments to the IT Rules, 2021
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 [“IT Rules, 2021”], initially notified in February 2021, extended overbroad and stricter government control over social media platforms, digital news media platforms and on-demand video streaming platforms. These Rules were contested and criticised by several experts, civil society, digital rights groups, industry bodies, technology companies, technical groups and members of the press since its inception, primarily for introducing unreasonable restrictions on online free speech and user rights.
Recognising the threat posed by Part III of the IT Rules, 2021, the Bombay High Court ordered a stay on the operative provisions of Part III, in August 2021. In September 2021, the Madras High Court agreed that the IT Rules, 2021 may threaten the independence of the media, and also that “Article 19 (1) (a) of the Constitution may be infringed in how the Rules may be coercively applied to intermediaries.”. A transfer petition has been filed in the Supreme Court, and the Supreme Court is considering whether to club all the various challenges and hear them together, though the stay orders issued by the High Courts against the operation of the IT Rules, 2021 have not been disturbed.
Instead of curing deficiencies noted by courts, the Union Government notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022 (hereinafter, “IT Amendment Rules, 2022”). One such notable provision was the establishment of a Grievance Appellate Committee (“GAC”), which is essentially a government censorship body for social media that will make bureaucrats arbiters of our online free speech.
Regulation of online gaming now under the IT Rules
On January 2, 2023, the Ministry of Electronics and Information Technology [“MeitY”] proposed further amendments to the IT Rules, 2021 in relation to online gaming [“draft amendments, 2023”]. These draft amendments, 2023 will further the inadequacies and illegalities of the IT Rules, 2021 that were noted by the Bombay and Madras High Courts, since the draft amendments, 2023 seek to expand the scope and application of the IT Rules, 2021 and introduce provisions for the regulation of online gaming under Part II of the Rules. The draft amendments, 2023 have been published a week after MeitY was appointed as the nodal ministry for online gaming.
Online gaming was not previously regulated under the provisions of the IT Act, 2000. Although the government notified a change in Allocation of Business rules designating MeitY was appointed as the nodal ministry for online gaming, while this confers administrative clarity on which ministry gets to administer the sector,it does not, in fact, create the power to exercise it. For this, a clear parliamentary enactment is necessary. However, instead of going to parliament, the IT Rules framed under the IT Act seek to expand the scope of regulation under the purview of the IT Act to include online gaming.
MeitY has invited public comments and feedback for these draft amendments, 2023 by January 17, 2023. Comments under the public consultation process may be submitted on the MyGov website. The procedure for submitting comments is similar to what was introduced during the public consultation of the draft Digital Personal Data Protection Bill, 2022 [“DPDPB, 2022”], wherein individuals or organisations were required to log in on the MyGov website and submit comments. This procedure introduces frictions in the consultation process, and is not reflective of the current digital realities of the country. On another disappointing note, the submissions made during this public consultation process will not be made publicly available. This has unfortunately been the case for major public consultations held by MeitY, most recently seen in the public consultation for DPDPB, 2022. Such practices adopted by the Ministry reduce public trust in the policy consultation process and make it harder for interested stakeholders to meaningfully engage with the government.
These draft amendments, 2023 have been introduced without the release of any discussion or white paper, outlining the government’s intention with respect to regulating the online gaming industry. The Public Notice states that the need for introducing these draft amendments was to safeguard users of such games against potential harm. However, in the absence of any discussion paper being open to the public, underlining the Government’s intent, we are unsure as to how they assess “potential harms” to users. Thus, we request the Ministry to publish a discussion/ white paper that clearly sets out the Ministry’s conception of ‘user harms’ in the Indian context and to facilitate a stakeholder consultation around it. The need for this was also highlighted in a letter addressed to MeitY dated November 17, 2022, and has thus been our consistent request.
For the purposes of these Rules, an intermediary under Part II is sought to be expanded to include social media intermediary, significant social media intermediary and “online gaming intermediary”. An online gaming intermediary is defined under the proposed Rule 2(1)(qb) as an intermediary that offers one or more than one online game. The logical reasoning and justification behind introducing yet another category of intermediaries has not been shared by the Ministry. Furthermore, ambiguity exists on whether a non-gambling online games will also be regulated under these Rules. Vagueness around classification of online gaming intermediaries will not just negatively impact the innovation in the industry but also hinder its growth. This is in direct contrast to the sentiment captured in the Public Notice released by MeitY along with the draft amendments, 2023, which aims to enable the growth of the online gaming industry in a responsible manner.
Moreover, the very definition of online gaming intermediaries is very broad, and thus leads to some ambiguity. For instance, it is not clear whether services that host games/ a range of games, such as Google Play Store, Apple App Store, or games that include single player offline modes as well as online multiplayer modes such as EA Sports titles, etc., will be considered as online gaming intermediaries. Subsequently, if both the service provider platform and game provider offers online gaming services, will both services be obligated to observe the due diligence requirements listed under the Rules? These are just some of the several questions that arise due to the lack of clarity and nuance in the definition for online gaming intermediaries.
Rule 2(1)(qa) defines “online game” as a “game that is offered on the Internet and is accessible by a user through a computer resource if he makes a deposit with the expectation of earning winnings”. It is worth noting that both “deposit” and “winnings” have been defined to include both cash and kind. While the ‘kind’ component may have been introduced to cover for non-monetary ‘token’ or ‘online game currencies’, it may lead to the consequence of including games that don’t require any monetary deposit from the user or promise any monetary incentives to the user under the ambit of “online games” for the purpose of these Rules and thus subjecting such games to regulation.
Yet another breach of powers: MeitY introduces mandatory KYC norms for verification
The draft amendments, 2023 also introduce due diligence requirements under a new Rule 4A to be observed by online gaming intermediaries, which will operate in addition to the ones already observed under the existing Rule 3. These due diligence requirements introduce a know-your-customer (KYC) procedure to be followed by the online gaming intermediary for registration of the account of a user. Under the proposed Rule 4A(d), the online gaming intermediary is also required to identify the user and verify his identity at the time of commencement of a user account based relationship for an online game. This KYC procedure is required, under the proposed Rule 4A(d), to be the same as the procedure required of an entity regulated by the Reserve Bank of India under directions issued by it for identification and verification of a customer at the commencement of an account-based relationship. The introduction of this process under the IT Rules, 2021 is concerning because it vests with the Union Government over-broad powers of classifying an intermediary as an online gaming intermediary and exercising regulatory power for KYC, all of which is in the absence of clear legislative basis. Since the IT Act, 2000 does not expressly contemplate the regulation of online gaming entities, their regulation via such Rules issued by the executive, without parliamentary deliberation, is misguided, undemocratic, and may even be unconstitutional.
The draft amendments, 2023 also gives the Ministry the power to assess the application of and register a self-regulatory body. The proviso of Rule 4B(3) allows the Ministry to consult any appropriate Government or any of its agencies before registering such a self-regulatory body. The Rules require all online gaming intermediaries to be registered under a self-regulatory body, and requires all online games to have a demonstrable and visible mark of registration.
In addition to the over-broad powers assigned to MeitY, the Ministry may also, by order, for reasons to be recorded in writing, suspend or revoke the registration of a self-regulatory body. The wording in Rule 4B(10) makes the exercise of this power further arbitrary by including the phrases “as it may deem necessary” and “if it is satisfied that it is necessary so to do (sic)” alongside the ability to issue directions / interim directions. Rule 4B(10) does however introduce some safeguards for the self-regulatory body, by giving an online gaming intermediary an opportunity to be heard before MeitY issues an order. Rules 4B(2) till 4B(9) lists the criteria for taking such a decision. As per Rule 4B(9), if the Ministry is of the view that the self-regulatory body has not complied with the provisions of these Rules, it may communicate this fact to the self-regulatory body, in writing, and direct it to undertake measures to rectify the non-compliance. While the self-regulatory bodies are empowered with registering online gaming intermediaries, the broad powers given to the Ministry further bring a high level of government discretion in determining which self-regulatory body will exercise these powers, and more importantly, how it will exercise these powers.
Such power is further reinforced by Rule 6A which empowers the Ministry to declare any game, which is accessible to the user without making any deposit, as an online game for the purposes of these rules if it is satisfied that such a game may create a risk of harm to the sovereignty and integrity of India or security of the State or friendly relations with foreign States or public order, “on account of causing addiction or other harm among children”. The Ministry is required to do so by publishing a notification in the Official Gazette, and recording its reasons in writing. Here, once again, the Ministry has failed to expand on what it means/ understand by “harm among children”. We have expressed before the need for a white paper outline the government’s understanding of such concepts. Such clarity is useful to avoid inconsistent application of rules and to prevent misuse.
The penalty for non-observance of these Rules are the same as have been for the other categories of intermediaries. Under Rule 7, in case of failure to observe these Rules, sub-section (1) of section 79 of the IT Act, 2000, i.e. exemption from liability for 3rd party information, shall not be applicable to such intermediary. Furthermore, the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the IT Act, 2000 and the Indian Penal Code.
Our concerns with the IT Rules 2021 have been prominently voiced by us since it first began the consultation process back in 2018. 5 years later, not only have wounds to the digital rights of users remained unrepaired, but they have deepened. The need for legal as well as regulatory clarity is pressing, and must not be avoided any longer. We urge the Government to address the issues highlighted by Constitutional /Courts before introducing any further amendments that increase executive control. Given that the IT Rules have been widely criticised as well as legally challenged for undermining freedom of speech and expression, our broad recommendation remains its withdrawal in their entirety. Further, we urge MeitY to publish a white-paper detailing the government's intent with respect to online gaming regulation as well as ‘user harm’.
A table summarising our concerns:
- Draft amendments proposed to the IT Rules, 2021 in relation to online gaming (link)
- Public notice for draft amendments, 2023 (link)
- The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 (link)
- The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022. (link)
- Our deep dive on how the IT Rules 2021 are unconstitutional and undemocratic, and how they will fundamentally change an Indian user's experience on the internet. (link)