Many mysteries of 'Digital India Bill'

tl;dr

This post is dedicated towards throwing some light on the much talked, heard, and discussed about ‘Digital India Bill’ (DIB), which strangely hasn’t even seen the light of the day yet. We highlight the concerns arising from conflicting statements given by unnamed (and sometimes named) officials leading to confusion around the timeline of the Bill. We also list the user harms and issues reported to be considered under the DIB, and the possible consequence of absence of nuance due to the expanded scope of the Bill. Lastly, we re-emphasise the need to have greater inclusivity, more transparency, and a deliberative public consultation process for creating a ‘modern digital law’ that is truly reflective of the developments in the digital-technology ecosystems.

The beginning of the mystery misery

The DIB was initially, i.e. early last year, referred to as a “modern digital law”, aimed at overhauling the two-decade-old Information Technology (IT) Act, 2000. This overhaul is part of the government’s ‘comprehensive legal framework’ for the digital ecosystem, which supposedly encompasses a “new telecom law, information technology law, and user privacy law”. While the draft Indian Telecommunication Bill and draft Digital Personal Data Protection Bill were released for public consultation last year, a new draft IT law is yet to be released.

Over time, more information about the ‘DIB’ has been shared. It aims to provide a strong framework to catalyse its digital ambitions and govern the online ecosystem, with openness, user safety and trust as the guiding principles.

Rumour has it

There has been significant media coverage of the ‘DIB’ in the past year. However, most of the new articles that reported on the Bill, quoted unnamed officials from MeitY. This became increasingly concerning as the scope of the Bill kept expanding over time (more on that later). Further, since many of the details shared about the ‘DIB’ were attributed to unnamed sources, their accuracy and authenticity came into question. Reporting on the Bill, which often even captured ministerial statements, covered the tentative date of its release for public consultation, the overarching aim of the Bill, the contents of the Bill, the user harms to be considered by the Bill, etc., has contributed heavily on the discourse around it. But is any of it reliable, or backed by evidence of the government’s reasoning and underlying intent?

What’s (in) the name?

Initial unofficial statements around the Bill didn’t refer to it as the ‘Digital India Bill’. Around February - March last year, that is when media reports started covering the potential replacement of the IT Act, the Bill was referred to as a ‘new digital law’ or ‘new IT Act’.

“India needs a modern digital law to replace two-decade-old IT Act”

- Rajeev Chandrasekhar, February 2022

However, a few months later, the Minister of State for Electronics and IT (MoS IT) in an event referred to the Bill as ‘Digital India Act’ (‘DIA’).

“We'll be working on a new Digital India Act which will be a renewed policy for the digital ecosystem and the cyberspace in India”

- Rajeev Chandrasekhar, April 2022

The name stuck and has been since used informally to identify the Bill which will replace the IT Act, not just by unnamed MeitY officials but also by other stakeholders. However, the name ‘DIB’ or ‘DIA’ has interestingly never featured in an official press release. Similarly, no reference has been made to the ‘DIB’ or ‘DIA’ in the Parliamentary responses to starred and unstarred questions raised by Members of Parliament either.

Coming soon?

If we were to rely on the many unattributed quotes that state when the ‘DIB’ may be released for public consultation, there would be several rounds of consultation already. Reportedly, a concept note along with a draft version of the ‘proposed legislative framework to replace the IT Act’ was supposed to be released in May last year.

"I can't give a timeline, but concept note and what we propose will be out as early as May"

- Rajeev Chandrasekhar, April 2022

5 months and a missing Bill later, the MoS IT in an interview shared that the ‘DIB’ will be released by early 2023.

“My timeline is not aligned to the news industry's economic dynamics. I can certainly say this, we have done a significant amount of work….”

".....So, I don't want to put ourselves under pressure with an artificial timeline. But there is a clear process that we see and I don't see anything wrong if I predict that we will have a Digital India Act for discussion at least by early 2023."

- Rajeev Chandrasekhar, October 2022

Several other media reports over the next few months indicated a similar timeline for the release of the Bill for public consultation (see here, here, here, and here). The MoS IT said that the Bill will be released by end of December 2022, thus reportedly advancing its release.

“We expect both the bills (Digital Personal Data Protection bill and Digital India Bill) to be taken to parliament together”

- Rajeev Chandrasekhar, December 2022

While stakeholders eagerly (or cautiously) waited for the release of the ‘DIB’, an unnamed government official told CNBC-TV18 in the same month that MeitY is ‘likely to miss its year-end deadline’. The news report stated that the Union government ‘hopes to complete public and stakeholder consultation in time to table the Bill in the Monsoon Session of Parliament.’

As it stands today, we don’t know when the ‘DIB’ will be released for public consultation and introduced in Parliament. But what we do know is that the conflicting information and ever-shifting goal posts have contributed to a lot of confusion around its timeline. Moreover, the fact that a lot of the information around its timeline is based on unattributable quotes from unnamed MeitY officials creates room for a lack of accountability for statements.

Unpacking the Bill:

The idea behind the ‘DIB’ is to reportedly create a ‘jurisprudential policy framework that addresses the issue that the internet and tech space must remain open’. The Bill is likely to introduce regulations for ensuring accountability of social media companies, especially for algorithms deployed to present content to users. MoS IT, while referring to the then 22 year old IT Act which provides “legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce?"....”, indicated the need for a more contemporary Act.

“22 years in the internet age is like three centuries, five centuries. I think it is clear in our minds, and I think to any observer’s mind, that we need a new digital law”

- Rajeev Chandrasekhar, March 2022

This is what we know so far with respect to what the ‘DIB’ will it cover/ regulate (as per media coverage):

July 15, 2022 (link)	Artificial intelligence, Blockchain, “Deliberate” misinformation, Doxxing
November 16, 2022 (link)	Metaverse
December 06, 2022 (link)	Advanced quantum computing
December 10, 2022 (link)	"Fake news"
December 12, 2022 (link)	AI based platforms, E-commerce entities, Fact-checking portals
December 27, 2022 (link)	Social Media companies, Content against national security, Digital fraud, Online misinformation, OTT platforms
January 17, 2023 (link)	Data storage, Online gaming
January 21, 2023 (link)	Catfishing, Cyberbullying of children, Gaslighting, Identity theft, Impersonation
March 4, 2023 (link)	llegal, criminal and child sexual abuse material
March 9, 2023 (link)	cyber stalking, cyber trolling, phishing, hate speech, digital media, gaming, disinformation
March 9, 2023 (link)	fintech platforms, safe harbours, deep fakes, “content that causes psychological harm to children”, “apps that have addictive impact”
March 10, 2023 (link)	invasive devices like “camera eyeglasses”
March 24, 2023 (link)	organised information wars, radicalisation and circulation of hate speech, regulate monopolistic trade practices by big companies to promote competition
June 9, 2023 (link)	Porn, religious incitement material, patent violation material, copyright infringement, misleading content, impersonation, “content deemed against India's unity and integrity”, computer malware, “anything else that is illegal”

The MoS IT also stated that the ‘DIB’ should handle not only all of the opportunities and rules that go along with them, ‘but also user harm issues and other areas of the internet for which there are presently no rules’. Additionally, a news report dated January 03, 2022 referenced a discussion paper circulated internally by MeitY, which recognised that “while technology and internet have many advantages, several challenges in user harm, security, child safety have emerged that need legislative response”. In the absence of any such discussion paper being open to the public, underlining the Government’s intent, we are unsure as to how they assess “user harms”.

We are also concerned with the expanded scope of the Bill, as a Bill that aims to regulate a lot of complex issues and harms may lose the much needed nuance to firstly understand and then deal with these unique harms/risks/issues. Thus, we also request the Ministry to clearly set out its conception of ‘user harms’ in the Indian context, which may take the form of a whitepaper, and to facilitate a broad-based stakeholder consultation around it. Such clarity is essential to frame rules that are consistent with the aims of balancing the digital rights of India and ensuring their safety on the internet.

Hey MeitY, take the road less travelled.

We appreciate MeitY’s recognition of the rapidly changing digital ecosystem and the need to revamp the two-decade old IT Act, 2000. We have also previously, in a letter addressed to MeitY, stressed on the urgent need to “update” the IT Act, 2000. In a representation to the Parliamentary Standing Committee on Information Technology, dated July 10, 2021, we highlighted that the IT Act, 2000 was originally promulgated to govern e-commerce in India and how the Act requires updating to reflect significant technological, policy and legal developments as well as modern technological realities.

However, to ensure that any draft ‘DIB’ is reflective of the recent developments in the digital ecosystem, the existing lacunae and inadequacies in the IT Act, 2000 must be subject to significant scrutiny and examination of various issues from diverse perspectives. To that end, the government must, in collaboration with multiple and diverse stakeholders, work towards building a statutory framework that safeguards ordinary Indians. In addition to an open, transparent, deliberate public consultation, MeitY must underline its intent and understanding behind introducing any forthcoming governance framework for the digital ecosystem by drawing independent experts from varied fields that can create an actionable blueprint for a comprehensive legislative proposal. This may take the form of a single or series of whitepapers/discussion papers. The white paper(s) or discussion paper(s) should include, but not be limited to, a clear articulation of the issues/risks/harms considered by the government, the results and analysis of any cost-benefit analysis undertaken by the government, the types/kinds of options and/or alternatives considered by the government to deal with these issues/risks/harms and their position(s) on each of them, and so on. Further, the new digital legal framework must be based on constitutional principles, enshrining constitutionally guaranteed fundamental rights.

A suitable reference point for an inclusive, transparent and diverse drafting, consultation and legislative process is the United Kingdom’s Online Safety Bill (OSB), wherein the UK Government has been invested in understanding the opportunities and challenges of online safety regulation since 2019. Even the Digital Services Act (DSA), which aims to create a secure and safe online environment for all internet users, was only approved after it went through three years of negotiations. We would like to assert here that while these pieces of legislation are not without their faults, their commitment to a deliberative, public consultation process is worth noting.

The table below, which provides a rough timeline of the OSB and DSA, reflects the multiyear process through which these pieces of legislation were formulated, drafted, debated, discussed, amended, and adopted.

Online Safety Bill (UK)	Digital Services Act (Europe)	Digital India Bill (India)
Online Harms White paper released in April 2019 and the consultation on the proposal closed in July 2019.	Opened for public consultation between June 02, 2020 and September 08, 2020.	Maybe 30 days (?)
A full Government response to the White Paper was published in December 2020.	The European Commission presented a digital services package comprising the DSA and a Digital Markets Act (DMA) on December 15, 2020.
A draft Online Safety Bill was included in the Queen’s Speech of May 11, 2021. The draft Bill was published the following day, along with Explanatory Notes, an Impact Assessment and a Delegated Powers Memorandum.	Feedback on the draft DSA invited between December 16, 2020 and March 31, 2021.
A Joint Committee of both Houses was established in July 2021 to scrutinise the draft Bill. The Committee’s report was published on 14 December 2021.	The Commission welcomed the political agreement between the European Parliament and EU Member States on the proposal on the DSA on April 23, 2022.
In February and March 2022, the Government announced changes to the forthcoming Bill.	The European Parliament approved the DSA along with the Digital Markets Act on July 05, 2022.
Introduced in the House of Commons on March 17, 2022.	On October 04, 2022, the European Council gave its final approval to the Regulation on a Digital Services Act.
Considered by a Public Bill Committee over 17 sittings between May 24 and June 28, 2022.	It was published in the Official Journal of the European Union on October 19, 2022.
The Government announced plans to amend the Bill on November 28, 2022. The Bill was recommitted to a Public Bill Committee to enable debate on the amendments and new clauses.	DSA entered into force on November 16, 2022 and certain sections started to apply from that date.
Introduced in the House of Lords on January 18, 2023 (currently in the Committee stage).	The provisions of the DSA will apply to all in-scope service providers by February 17, 2024.

Within this broader exercise, we also hope that the specific drafting and review process for the ‘DIB’ is in line with the Pre-legislative Consultation Policy (PLCP), 2014, adopted on February 05, 2014. The process must also respect several healthy precedents for public consultations set in the past, including provisions to send comments/submissions within a reasonable duration (no less than 30 days), making the comments publicly available and allowing for counter comments. Additionally, the Ministry must proactively publish information on all its working groups on draft legislations, including any position papers/ white papers and minutes of meetings of all inter-departmental groups, in line with the public authority’s obligations under Sections 4(1)(b) and 4(1)(c) of the Right to Information Act, 2005.

This post was updated on March 06, 2023.