August 1, 2021

A Critical Analysis of Sec.79 of IT Act 2000

cyber law


The basis for enforcement and enactment of the Information Technology Act,2000 was to provide recognition to e-commerce and e-transactions and also to protect the users from digital crimes, piracy etc. The Ministry of Electronics and IT has prepared the Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 (hereinafter referred to as “2018 Rules”) in order to prevent spreading of fake news, curb obscene information on the internet, prevent misuse of social-media platforms and to provide security to the users.

The Information Technology (Intermediaries Guidelines) Rules, 2011(hereinafter referred to as “ 2011 Rules)created a lot of heat waves in the digital world with regard to the duties and liabilities of the intermediaries even after safe harbor protection provided under Section 79 of the Information Technology Act,2000(hereinafter referred to as “the Act”). Section 79 of the Act provided that the Intermediaries or any person providing services as a network service provider are exempted from the liabilities in certain instances. In 2018, the government has come out with certain changes in the 2011 Rules and has elaborately explained the liabilities and functions of the Intermediaries and to oversee that the social media platform is not misused

A Critical Analysis of Sec.79 of IT Act 2000

Section 79 of the Act is a ‘safe harbor’ provision which grants conditional immunity to intermediaries from liability for third party acts. Section 79(1) of the Act grants intermediaries a conditional immunity with regard to any third-party information, data or communication link made available or hosted by them. This immunity is subject to section 79 (2) and 79 (3) of the Act.

Section 79(2) essentially covers cases where the activity undertaken by the intermediary is of a technical, automatic and passive nature. Thus, for section 79(2) to be applicable, intermediaries are to have neither knowledge nor control over the information which is transmitted or stored.

Furthermore, Section 79(3)(b) envisages a ‘notice and take down’ regime, wherein the intermediary is required to take down unlawful content upon receiving actual knowledge of its existence.

Who is an Intermediary?

An ‘intermediary’ has been defined in Section 2(w) of the Act as “any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, web-housing service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.

This term has belied a narrow construction. Typically, intermediaries are persons who facilitate the use of the internet. Interestingly, the definition of an intermediary includes cyber cafes, and is not restricted to online intermediaries. Although a disparate range of functions are performed by intermediaries; common functions include hosting content, collecting information, evaluating scattered information, facilitating communication and information exchange, aggregating information, providing access to the internet etc. Internet service providers, search engines, social media platforms, cloud service provider, cyber cafes, are all intermediaries.

Section 79 of the Information Technology Act, 2000 provides that subject to the intermediary complying with certain requirements, it shall not be liable for any third party data or information made available by it. The conditions to be fulfilled by an intermediary include the following:

a) It needs to exercise due diligence while discharging obligations under the law;

b) It needs to comply with the provisions of the Information Technology Act, 2000 and rules and regulations made thereunder;

c) It must not need to conspire or abet in the commission of any offence;

d) Once called upon to remove or disable access to any content, it must expeditiously do so without vitiating the original electronic evidence.

If these conditions are fulfilled, the intermediary cannot be made liable for third party data. A majority of intermediaries are today hiding behind the judgement of the Supreme Court of India in the case of Shreya Singhal v/s Union of India.

This held that an intermediary will not remove or disable access to any third-party data on its network, unless it gets either an order from a court of competent jurisdiction or an order from a governmental agency to that effect. Ever since the Shreya Singhal judgment[1], a majority of intermediaries have chosen to hide behind this pronouncement.

The spread of fake news in the electronic ecosystem is an immense concern for India as a nation. The recent Indian elections saw massive dissemination of fake news. Given the fact that India does not have a fake news law, a majority of the intermediaries and media service providers have failed to take effective steps to prevent fake news disseminating on their networks. Clearly, existing legal frameworks on the subject under hand are not adequate.

It needs to be also noted that the government has been given powers under Section 87 of the Information Technology Act, 2000 to come up with rules to regulate the conduct of intermediaries. The government had notified the Information Technology (Intermediary Guidelines) Rules in 2011 but these rules provided very limited elements of due diligence.


Given the fact that today large numbers of intermediaries are emerging as strong media companies, it is time to regulate their legal activities by means of appropriate strong legal frameworks. There is also a need for revisiting Section 79 of the Information Technology Act, 2000 in such a manner that the rights, duties and responsibilities of the intermediaries as media companies need to be well defined.

Further, the kind of requirements that service providers and intermediaries need to perform in the context of protecting and preserving cyber security is another area where appropriate legal frameworks need to be beefed up. The government has been in the process of coming up with some draft guidelines for intermediaries. However, these have not yet been specified. It is time for a fresh look at the issue of intermediary liability

is clear that these intermediaries will play a very important role in the electronic ecosystem. The need to transform intermediaries from being mute spectators into legal entities, complying with the applicable law prevailing for the time being is an urgent necessity. Since a number of these intermediaries are often not located in India, many are complying with the Indian cyber law more in breach rather than in observance.

Intermediaries located outside India must be compelled to comply with applicable Indian cyber laws, so long as their services are made available on computers, computers systems and networks located in India. All eyes will now be on the government as to how it deals with the issue of intermediary liability and how it strengthens the rights of users and provides a substantial harmonious balance, in the context of media and electronic ecosystem stakeholders at large.


[1] Shreya Singhal vs UOI AIR 2015 SC 1523, Supreme Court of India.

Author Details: Madhav Mantri


Leave a Reply