A Tightening of the Fist, India’s Draft IT Rules and the Future of the Digital Public Square
Imagine this. You leave a sharp, satirical comment on social media or under a news article about rising fuel prices, and it gets a few likes. A few hours later, the comment disappears. The platform does not explain. Your account remains, but you notice that posts on similar topics no longer appear publicly. You have not been charged with any offence. No court has issued an order. Yet something has quietly shifted. This is not a far-fetched scenario. It is a plausible outcome under the draft amendments to India’s Information Technology Rules released by the Ministry of Electronics and Information Technology (MeitY) on March 30, 2026. Presented as technical clarifications, the changes mark a deeper transformation in how speech is governed online and who gets to decide its limits. The draft amendments, if implemented, would tighten the fist of the state over India’s digital public square, bypassing Parliament, circumventing the courts, and fundamentally altering the relationship between citizens, platforms, and the government.
Core Area of Concern: Expanding Executive Power Beyond Legal Bounds
At the centre of concern is a proposed expansion of executive power that risks bypassing Parliament and the courts. One provision, Rule 3(4) , would require platforms to comply with a wide array of government-issued instruments, including advisories, directions, and standard operating procedures, as a condition for retaining “safe harbour” protection under Section 79 of the IT Act. In plain terms, platforms would be legally safer if they follow government instructions, even when those instructions do not arise from formal law.
This sits uneasily with the Supreme Court of India’s landmark ruling in Shreya Singhal vs Union of India (2015) , which held that platforms are only required to act on unlawful content when they receive a court order or a government notification grounded in law. The Shreya Singhal judgment was a watershed moment for digital rights in India. It struck down Section 66A of the IT Act, which had been used to arrest citizens for “offensive” online posts, and established clear procedural safeguards for content takedowns. By allowing informal directives to trigger compliance obligations, the draft rules appear to dilute that constitutional safeguard.
The likely result is not targeted moderation but broad over-censorship. Faced with uncertain and potentially unpublished directives, platforms will err on the side of removal. It is the predictable logic of risk management. When liability is unclear, speech becomes expendable. A platform that ignores a government advisory risks losing safe harbour protection, exposing itself to legal liability for every piece of user-generated content. A platform that complies may remove content that is perfectly legal, simply to be safe. The chilling effect on speech is obvious.
The Expansion of Oversight: From Publishers to Ordinary Users
A second shift expands the scope of state oversight far beyond traditional publishers. Amendments to Rule 8 bring ordinary users who post or share news and current affairs content within the ambit of the government’s oversight mechanism. This includes the Inter-Departmental Committee (IDC), a body empowered to review content and recommend blocking.
This is not merely an administrative adjustment. It reintroduces, through a different route, a regulatory framework that has already faced judicial scrutiny. In 2021, the Bombay High Court stayed key provisions of the IT Rules, citing concerns under Article 19(1)(a) of the Constitution (freedom of speech and expression). The Madras High Court later observed that such oversight could undermine media independence. Those challenges remain pending. Yet, the new draft effectively reconstructs the same architecture while those questions are unresolved.
The expansion of the IDC’s role is particularly concerning because it applies to ordinary users. Under the current framework, a citizen who posts a comment on a news article is not typically subject to government pre-publication scrutiny. Under the draft rules, they would be. The comment could be flagged by the IDC, and the platform could be ordered to remove it, without the user ever having a chance to respond. This is prior restraint—the classic form of censorship that the Constitution prohibits.
The Transformation of the Inter-Departmental Committee
Equally troubling is the transformation of the Inter-Departmental Committee itself. Originally designed to address grievances, it is now empowered to examine any “matter” referred by the Ministry of Information and Broadcasting. The term is left undefined. There is no clear threshold for intervention, and no guarantee that affected users will be heard before action is taken.
This shift from grievance redress to proactive scrutiny changes the character of the body. It becomes less a forum for dispute resolution and more an instrument of preemptive control. The IDC can now initiate its own reviews, potentially based on anonymous complaints or political considerations. It can recommend blocking of content without a court order. It can act in secret, without publishing its reasons. This is a recipe for abuse.
The article notes that a procedure is currently in place under Rule 14, but compliance remains an issue. Even if the procedure is followed, the fundamental concern remains: the IDC is an executive body, not a judicial one. It is subject to political pressure. It is not bound by rules of evidence or principles of natural justice. Its decisions are not appealable to a court in any meaningful sense.
Expanded Data Retention: The Long Arm of the State
The third major concern lies in expanded data retention obligations. The draft clarifies that platform duties to retain user data operate in addition to requirements under any other law. In practice, this could mean that personal data—browsing activity, communication records, location history, and more—are stored for extended periods, potentially years, depending on overlapping legal mandates.
The risks here are not abstract. Longer retention increases the surface area for misuse, whether through unauthorised access, data breaches, or function creep. Data that is collected for one purpose (say, combating terrorism) can be used for another (say, monitoring political dissent). It also alters the relationship between citizens and digital spaces. When every interaction may be archived indefinitely, self-censorship follows naturally. A citizen who fears that their comments may be scrutinised years later will be less likely to speak freely today.
India already has a data protection law—the Digital Personal Data Protection Act, 2023. That law includes provisions on data retention, requiring that data be deleted when the purpose for which it was collected is no longer served. But the draft IT Rules create an exception: platforms must retain data as required by “any other law.” Since there are many laws with overlapping and inconsistent retention mandates, the effect is to create a permanent archive. The right to be forgotten? Not under these rules.
The Cumulative Effect: A Shift Toward Executive Discretion
Taken together, these amendments signal a shift toward a model where executive discretion plays a dominant role in shaping online speech. The concern is not only about individual provisions but about their cumulative effect. Each change reinforces the other. Informal directives gain force through safe harbour rules. Oversight expands to include ordinary users. Data retention deepens the state’s informational reach.
The draft rules are presented as “technical clarifications,” but they are nothing of the sort. They are substantive changes to the legal framework governing the internet in India. They would give the government unprecedented power to shape what citizens can see, say, and share online. They would undermine the Shreya Singhal judgment, the constitutional guarantee of free speech, and the principle that censorship requires judicial oversight.
The Procedural Concern: A Short Consultation Period
Supporters of the policy may argue that governments require flexible tools to manage harmful content. That is true in principle. But constitutional systems impose limits on how that power is exercised. Delegated legislation must remain within the bounds of its parent statute, a principle affirmed in cases such as Indian Express Newspapers v Union of India (1986) . When rules begin to create new obligations that are not clearly grounded in law, the balance between regulation and overreach begins to tilt.
The short public consultation period, which ended on April 14, only heightens the concern. Changes of this magnitude deserve wider debate, legislative scrutiny, and careful alignment with existing judicial rulings. The government released the draft rules on March 30 and gave the public just 15 days to comment. This is insufficient time for civil society organisations, digital rights groups, and ordinary citizens to analyse the changes, prepare submissions, and mobilise opposition. It suggests a desire to push the rules through without meaningful public input.
The Stakes: Preserving India’s Digital Public Sphere
India’s digital public sphere has grown precisely because it has allowed a diversity of voices, from professional journalists to ordinary citizens. That openness has always required some regulation. No one argues that platforms should be lawless spaces. But the question now is whether the new rules preserve that openness or narrow it through administrative control.
The answer will shape not only how platforms operate but also how freely citizens can speak, critique, and participate in public life. The draft IT Rules of 2026 represent a tightening of the fist. They are a step backward for digital rights, for free speech, and for democracy. They must be withdrawn, redrafted, and subjected to genuine public consultation and parliamentary scrutiny. The alternative is a digital public square where speech is permitted only at the pleasure of the executive. That is not the India that the Constitution envisioned.
Q&A: The Draft IT Rules (2026) and Digital Rights in India
Q1: What is Rule 3(4) of the draft IT Rules, and why does it raise constitutional concerns?
A1: Rule 3(4) would require platforms to comply with a wide array of government-issued instruments, including advisories, directions, and standard operating procedures, as a condition for retaining “safe harbour” protection under Section 79 of the IT Act. This means platforms would be legally safer if they follow government instructions, even when those instructions do not arise from formal law. This conflicts with the Supreme Court’s landmark Shreya Singhal vs Union of India (2015) ruling, which held that platforms are only required to act on unlawful content when they receive a court order or a government notification grounded in law. The article argues that the likely result is “broad over-censorship” as platforms, facing uncertain and potentially unpublished directives, will “err on the side of removal.” When liability is unclear, “speech becomes expendable.”
Q2: How would the draft rules expand the scope of state oversight to ordinary users?
A2: Amendments to Rule 8 bring ordinary users who post or share news and current affairs content within the ambit of the government’s oversight mechanism, including the Inter-Departmental Committee (IDC) , which is empowered to review content and recommend blocking. This is significant because the IDC was originally designed to address grievances but is now empowered to examine any “matter” referred by the Ministry of Information and Broadcasting—a term left undefined. The article notes that this “reintroduces, through a different route, a regulatory framework that has already faced judicial scrutiny.” In 2021, the Bombay High Court stayed key provisions of the IT Rules citing concerns under Article 19(1)(a) (freedom of speech); the Madras High Court later observed such oversight could undermine media independence. Those challenges remain pending, yet the draft effectively reconstructs the same architecture.
Q3: How does the draft rules transform the Inter-Departmental Committee (IDC), and why is this transformation concerning?
A3: Originally designed to address grievances, the IDC is now empowered to examine any “matter” referred by the Ministry of Information and Broadcasting, with no clear threshold for intervention and no guarantee that affected users will be heard before action is taken. The article states that this shift from “grievance redress to proactive scrutiny changes the character of the body”—it becomes “less a forum for dispute resolution and more an instrument of preemptive control.” The IDC can initiate its own reviews (potentially based on anonymous complaints), recommend blocking without a court order, and act in secret without publishing reasons. The IDC is an “executive body, not a judicial one,” subject to political pressure, not bound by rules of evidence or natural justice, and its decisions are not appealable to a court “in any meaningful sense.”
Q4: What are the data retention obligations under the draft rules, and what risks do they pose?
A4: The draft clarifies that platform duties to retain user data operate in addition to requirements under any other law. This could mean that personal data (browsing activity, communication records, location history) are stored for extended periods, “potentially years, depending on overlapping legal mandates.” The article identifies three risks:
-
Increased surface area for misuse: Longer retention increases opportunities for unauthorised access, data breaches, and “function creep” (data collected for one purpose used for another).
-
Self-censorship: When every interaction may be archived indefinitely, citizens will be less likely to speak freely.
-
Undermining the right to be forgotten: India’s Digital Personal Data Protection Act, 2023, requires data deletion when the purpose is served, but the draft rules create an exception for requirements under “any other law,” effectively creating a “permanent archive.”
Q5: What procedural concerns does the article raise about the consultation process for the draft rules?
A5: The article notes that the draft rules were released on March 30, 2026, with a public consultation period that ended on April 14, 2026—just 15 days. The article states: “This is insufficient time for civil society organisations, digital rights groups, and ordinary citizens to analyse the changes, prepare submissions, and mobilise opposition. It suggests a desire to push the rules through without meaningful public input.” The article argues that changes “of this magnitude deserve wider debate, legislative scrutiny, and careful alignment with existing judicial rulings.” It cites the principle from Indian Express Newspapers v Union of India (1986) that delegated legislation must remain within the bounds of its parent statute. The article concludes that the draft rules “must be withdrawn, redrafted, and subjected to genuine public consultation and parliamentary scrutiny.” The alternative is a digital public square where “speech is permitted only at the pleasure of the executive. That is not the India that the Constitution envisioned.” The answer will shape not only how platforms operate but also “how freely citizens can speak, critique, and participate in public life.”
