Digital Trust on Trial, The Shaadi.com Case and the Precarious Liability of Online Intermediaries

Digital Trust on Trial, The Shaadi.com Case and the Precarious Liability of Online Intermediaries

In an era where algorithms orchestrate human connections, a single fraud case in Hyderabad has escalated into a landmark legal battle that threatens to redefine the responsibilities of digital platforms across India. The Supreme Court’s recent intervention, granting interim protection from arrest to Shaadi.com founder Anupam Mittal, is not merely a procedural reprieve for a high-profile CEO. It is the epicenter of a seismic clash between evolving notions of digital trust, the legal “safe harbor” for online intermediaries, and the desperate public cry for accountability in an increasingly scam-ridden online world. This case, stemming from an alleged Rs. 11 lakh fraud on a matrimonial site, forces a fundamental question: To what extent should a platform be held criminally liable for the fraudulent actions of its users, and where does its duty of “due diligence” truly end?

The Anatomy of a Digital Deception

The incident that triggered this legal avalanche is, tragically, not uncommon. In January 2025, a Hyderabad-based doctor, seeking companionship on Shaadi.com, connected with a man who presented an alluring yet fabricated persona. Claiming wealth temporarily frozen by the Income Tax Department, and weaving a story about his mother flying from Chicago to finalize their union, the alleged fraudster engineered an emotional and financial trap. Over weeks, he persuaded the woman to transfer nearly Rs. 11 lakh to various bank accounts. When the promised meeting evaporated and she demanded her money back, the manipulation turned to blackmail, with threats to morph and circulate her photos unless she paid an additional Rs. 10 lakh.

The Hyderabad Police’s initial FIR targeted only the anonymous fraudster. However, in a dramatic and controversial escalation, the investigation turned towards the platform itself. Police invoked sections of the new Bharatiya Nyaya Sanhita (BNS) — Section 318(4) for cheating and Section 316(2) for criminal breach of trust — alongside IT Act provisions on identity theft and cheating by impersonation, to book Anupam Mittal, the CEO. The police’s core contention was a purported “failure in verification protocols,” specifically the absence of mandatory government ID checks or a robust “blue tick” verification system for the user in question. By this logic, the platform’s infrastructural shortcomings enabled the crime, making its management criminally complicit.

The Legal Fault Line: Intermediary Safe Harbor vs. Duty of Care

This accusation strikes at the heart of a legal framework designed for the internet age: Section 79 of the Information Technology Act, 2000. This provision is the bedrock of India’s digital economy, offering “safe harbor” protection to “intermediaries.” An intermediary, broadly defined, is any entity that receives, stores, or transmits third-party data or provides services on behalf of others. This includes ISPs, social media platforms, e-commerce marketplaces, and, crucially, matrimonial sites like Shaadi.com.

Section 79 stipulates that an intermediary shall not be held liable for any third-party information, data, or communication link made available or hosted by it, provided it fulfills two key conditions:

1. It does not initiate the transmission, select the receiver, or modify the information contained in the transmission.

2. It observes “due diligence” while discharging its duties and follows guidelines prescribed by the Central Government.

Mittal’s defence rests squarely on this provision. His legal team argues that Shaadi.com is a classic intermediary—a platform facilitating connections. It does not create user profiles, guarantee user intent, or participate in their communications. Holding the CEO personally criminally liable for a user’s deception, they contend, is legally unsustainable and would set a catastrophic precedent, making the founder of every social network, job portal, or e-commerce site liable for any fraud conducted by a user.

However, the prosecution’s case probes the ambiguous boundaries of “due diligence.” What exactly constitutes sufficient care? Is a basic email/phone verification enough for a platform dealing with profoundly personal, emotionally charged, and financially sensitive interactions like marriage? The police’s argument implies that for certain high-stakes platforms, “due diligence” must be proportional to the potential harm. A failure to implement know-your-customer (KYC) norms akin to financial services, they suggest, could amount to negligence.

The Judicial Pendulum: From High Court Avoidance to Supreme Court Scrutiny

The Telangana High Court’s handling of the case added a layer of procedural complexity. When Mittal approached it to quash the FIR, the court, in April 2025, sidestepped the core legal question. Noting that the alleged offences carried sentences of less than seven years, it invoked the Supreme Court’s Arnesh Kumar guidelines (aimed at curbing unnecessary arrests) and simply directed police to issue a notice to Mittal rather than arrest him. It refused to quash the proceedings, leaving the sword of a criminal investigation dangling over him.

The Supreme Court found this approach deficient. In granting interim protection and sending the matter back to the High Court for a fresh decision “on its legal merits,” the apex court made a critical observation. It noted that the High Court had failed to examine the “merits of the quashing”—that is, whether the facts alleged in the FIR, even if assumed true, could possibly constitute a crime by Mittal. The Supreme Court underscored that the gravity of potential punishment should not preclude an examination of whether there is any legal basis for prosecution at all. This intervention reaffirms a fundamental legal principle: the process itself, especially a criminal investigation, is a punishment, and courts must act as robust gatekeepers to prevent its misuse.

The Broader Implications: A Precedent for the Digital Ecosystem

The ramifications of this case extend far beyond Shaadi.com’s corporate offices.

1. The Chilling Effect on Innovation and Entrepreneurship: If platform founders and CEOs can be held personally criminally liable for user fraud, it would impose an intolerable risk on running any user-generated content platform in India. Startups, already navigating a complex regulatory landscape, would face existential threats from local law enforcement actions anywhere in the country. This could stifle innovation in the social tech sector and push platforms towards extreme over-censorship or exit the market.

2. The “Due Diligence” Standards Quagmire: The case will force a judicial interpretation of what “due diligence” means for different categories of intermediaries. Should a matrimonial site have the same verification standard as a financial tech app? Or a gaming platform? A one-size-fits-all definition is impossible, yet a complete lack of definition creates uncertainty. The court’s ruling could push the government to formulate clearer, sector-specific guidelines under the IT Act.

3. User Expectations and the Trust Deficit: The public sentiment, often reflected in media and political discourse, increasingly demands that “Big Tech” be held accountable. Victims of online fraud feel platforms profit from their engagement but disclaim all responsibility when things go wrong. This case is a manifestation of that anger. A ruling that entirely absolves platforms, without nudging them towards higher safety standards, could deepen the trust deficit in digital services, particularly in sectors involving sensitive personal data and life-altering decisions.

4. The Path of Proportionate Responsibility: A balanced outcome would likely involve a rejection of criminal liability for the platform for a user’s independent criminal act, while simultaneously affirming a stronger civil liability for failing to meet a defined standard of care. It could encourage, or even mandate, platforms operating in high-risk spaces (matrimonial, financial, real estate) to implement verified profile systems, promote user education on scams, and establish swift, effective internal grievance redressal and cooperation with law enforcement.

A Comparative Lens: Global Approaches to Platform Liability

Globally, jurisdictions are grappling with similar dilemmas. The United States’ Section 230 of the Communications Decency Act offers even broader immunity, shielding platforms from liability for user-generated content. The European Union’s Digital Services Act (DSA) takes a more nuanced approach. While maintaining the core intermediary principle, it imposes tiered “due diligence” obligations based on platform size and risk, including measures to trace traders (KYC for business users), risk assessments, and crisis response protocols. India’s legal evolution may well follow a path closer to the EU’s risk-based, proportionality model rather than the US’s near-absolute immunity.

The Way Forward: Towards a Framework of Shared Accountability

The Supreme Court has rightly kicked the substantive legal question back to the High Court for a reasoned decision. The ideal resolution would be a multi-stakeholder one, emerging from this judicial guidance but extending beyond it:

• For the Judiciary: The High Court should quash the criminal charges against Mittal, affirming that Section 79 immunity cannot be pierced to impose vicarious criminal liability for a user’s independent fraud, absent evidence that the platform actively participated in or knowingly permitted the crime. However, it should issue an obiter dicta (observational remark) highlighting the need for enhanced self-regulation and safety standards in the matrimonial services sector.

• For the Legislature and Executive: The government should use this incident to accelerate the formulation of clear, sector-specific “due diligence” guidelines under the IT Rules. These guidelines could create a graded system where platforms facilitating high-value transactions or intimate connections are required to offer (and prominently promote) government-ID-verified profile options, conduct regular risk audits, and maintain transparent reporting channels for fraud.

• For the Platforms: Matrimonial and similar high-trust platforms must proactively move beyond minimal compliance. Investing in advanced verification tools (Aadhaar-based without storage, video KYC), AI-driven pattern recognition to flag suspicious behavior, in-app safety tutorials, and dedicated trust and safety teams is no longer just good ethics—it is essential business risk management.

• For Users: Digital literacy is the first line of defence. Users must be educated to understand that a profile is not a credential, to be wary of financial requests from online connections, and to use platform safety features.

Conclusion: Beyond the Legal Battle, a Quest for Digital Responsibility

The Shaadi.com case is more than a legal tussle; it is a societal referendum on digital trust. While the principle of intermediary liability is crucial for the open internet, it cannot be an inviolable shield that allows platforms to completely outsource the ethical and safety implications of their business models. The courts must protect innovation from the chilling effect of disproportionate criminal liability. Simultaneously, regulators and platforms must collaborate to build environments where “due diligence” is a dynamic, meaningful commitment to user safety, not a legal checkbox.

The final outcome will shape not just the future of online matrimony, but of every digital space where Indians trust, transact, and connect. In navigating this delicate balance, India will define what it means to be a responsible digital society in the 21st century.

Q&A: The Shaadi.com Case and Platform Liability

Q1: What is the core legal protection that Shaadi.com and similar platforms are relying on in this case?

A1: The core legal protection is Section 79 of the Information Technology Act, 2000. This provision grants “safe harbor” to “intermediaries.” It states that an intermediary (a platform that hosts, stores, or transmits third-party data) is not liable for any third-party information, data, or communication, provided it does not initiate or modify the content and observes “due diligence” as per prescribed guidelines. Shaadi.com‘s defense argues it is a neutral intermediary facilitating connections, not a guarantor of user behavior, and thus should be shielded from criminal liability for a user’s independent fraudulent actions.

Q2: Why did the Hyderabad Police book the CEO, Anupam Mittal, and what is their legal argument?

A2: The Hyderabad Police booked Anupam Mittal under criminal charges (BNS sections for cheating and criminal breach of trust, and IT Act sections) based on the argument of a “failure in verification protocols.” Their contention is that the platform’s lack of stringent verification—such as mandatory government ID checks or a reliable “blue tick” system for the alleged fraudster—amounted to negligence that enabled the crime. By extension, they sought to hold the platform’s management criminally liable for this failure, treating it not as a passive intermediary but as an entity whose insufficient safeguards contributed to the offense.

Q3: What was the procedural flaw identified by the Supreme Court in the Telangana High Court’s order?

A3: The Supreme Court found that the Telangana High Court failed to examine the case on its “legal merits.” Instead of assessing whether the allegations in the FIR, even if taken as true, could legally constitute a crime committed by Mittal, the High Court only applied the Arnesh Kumar guidelines (which prevent automatic arrest in cases with sentences under 7 years). The Supreme Court held that the potential for a lighter sentence does not eliminate the need to first determine if there is any legal basis for prosecution at all. The High Court’s avoidance of this core question left Mittal exposed to the burdens of a criminal investigation without a judicial determination of its validity.

Q4: What are the potential wider consequences if the platform (or its CEO) is held criminally liable in this case?

A4: Holding the platform or its CEO criminally liable would set a dangerous precedent with a severe chilling effect:

• Startup and Innovation Risk: Founders of any user-generated content platform (social media, marketplaces, job portals) could face personal criminal liability for user fraud anywhere in India, making entrepreneurship in the digital sector prohibitively risky.

• Over-regulation and Censorship: Platforms would likely respond by over-policing users, pre-screening all communications, or requiring intrusive levels of verification (e.g., mandatory Aadhaar for all), stifling free expression and accessibility.

• Fragmentation of Enforcement: It would empower any local police station in the country to implicate the leadership of national platforms based on local user disputes, leading to legal chaos and inconsistent enforcement.

• Erosion of Intermediary Principle: It would fundamentally undermine Section 79 of the IT Act, which has been pivotal to the growth of India’s internet economy by providing legal certainty to platforms.

Q5: What might a balanced and sensible resolution to this issue look like, beyond the immediate court verdict?

A5: A balanced resolution requires separating criminal liability from accountability:

• Judicial Outcome: The courts should quash the criminal charges against Mittal, reaffirming that intermediary safe harbor protects against vicarious criminal liability for user crimes. However, they could emphasize the platform’s civil responsibilities and the need for robust safety measures.

• Regulatory Clarification: The government should issue clear, risk-based “due diligence” guidelines. Platforms in high-sensitivity sectors (matrimonial, finance, real estate) could be required to offer and promote government-ID-verified profile tiers, conduct regular risk audits, and maintain efficient grievance channels.

• Platform Initiative: Platforms must proactively invest in trust and safety—advanced verification options, AI fraud detection, user education campaigns, and dedicated teams to cooperate with law enforcement.

• User Empowerment: Enhanced digital literacy initiatives are crucial to educate users on recognizing scams and using platform safety tools.

This multifaceted approach would protect the legal framework enabling innovation while pushing the industry towards higher standards of user protection, fostering a more trustworthy digital ecosystem.