Platform Liability in the Digital Age, The Shaadi.com Case and the Battle Over Intermediary Safe Harbor

Platform Liability in the Digital Age, The Shaadi.com Case and the Battle Over Intermediary Safe Harbor

The arrest of a CEO over the criminal actions of a user on their platform is a watershed moment for the digital economy. The Supreme Court’s recent interim order protecting Shaadi.com founder Anupam Mittal from arrest, while directing the Telangana High Court to re-examine the case on its legal merits, has thrust into the national spotlight a complex and urgent question: Where does the liability of a digital platform end and the responsibility of its users begin? This case, stemming from a distressing scam on a matrimonial website, is not merely about one executive or one company; it is a legal crucible that will test the foundational principles of internet governance, consumer protection, and corporate accountability in India. The outcome will set a precedent with far-reaching implications for social media giants, e-commerce marketplaces, fintech apps, and the entire architecture of our online lives.

The Anatomy of a Digital Swindle: Trust Betrayed

The facts of the case, as reported, present a classic but devastating online confidence trick. A Hyderabad-based doctor, seeking a life partner on Shaadi.com, connected with a man who fabricated an elaborate narrative of wealth temporarily constrained by tax authorities. Exploiting the inherent trust and emotional vulnerability of the matrimonial search process, the alleged fraudster concocted a story about his mother flying in from Chicago to finalize the alliance. This emotional hook was followed by a financial one: a plea for urgent help, resulting in the transfer of nearly ₹11 lakh. When the promised meeting evaporated and the victim demanded restitution, the scam turned predatory with threats of image morphing and public shaming to extort more money.

This case is a stark microcosm of a pervasive problem. Matrimonial platforms, by their very nature, deal in the most sensitive personal data—aspirations, family backgrounds, photographs, and life goals. Users are incentivized to be open and trusting, making them prime targets for bad actors posing as potential partners, a scam category often termed “romance fraud” or “sweetheart swindles.” The emotional damage here is compounded by significant financial loss. The Hyderabad Police’s decision to escalate the charges beyond the individual fraudster to the platform’s CEO marks a dramatic escalation in law enforcement’s approach to cyber-enabled crime.

The Legal Quagmire: From User to “Abettor”?

The police’s case against Anupam Mittal hinges on a charge of failure in duty. By booking him under sections of the Bharatiya Nyaya Sanhita (BNS) for cheating and criminal breach of trust, the implication is that the platform’s allegedly insufficient verification protocols facilitated the crime. The specific cited failure was the absence of mandatory government ID verification or a robust “blue tick” system. The legal theory appears to be that by not implementing stringent enough checks, Shaadi.com did not exercise “due diligence,” and thus its management could be seen as negligently enabling the fraud.

This argument strikes at the heart of the “intermediary” defense, the legal shield upon which the modern internet is built. Section 79 of the Information Technology (IT) Act, 2000, grants “safe harbor” to intermediaries. It states that an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by it, provided the intermediary observes “due diligence” and follows prescribed guidelines, including expeditious removal of unlawful content upon receiving actual knowledge (typically via a court or government order).

Mittal’s defense is straightforward: Shaadi.com is a classic intermediary—a platform that hosts user-generated profiles. The fraudulent communications and actions were undertaken solely by the user, not the platform. Holding the CEO personally criminally liable for a user’s independent criminal act, his lawyers argue, is legally unsustainable and sets a dangerous precedent. It would mean the head of any messaging service (WhatsApp), social network (Meta), or classifieds site (OLX) could be jailed for a crime planned or executed by a user on their service.

The Judicial Tug-of-War: Procedure vs. Merit

The procedural journey of this case is as instructive as the substance. The Telangana High Court’s initial order in April 2025 became the focal point of controversy. The Court did not delve into the core legal question of platform liability. Instead, it noted that the offences alleged carried a sentence of less than seven years and, invoking the Supreme Court’s Arnesh Kumar guidelines (designed to prevent automatic arrests in such cases), it simply directed the police to issue a notice to Mittal rather than arrest him. While this provided temporary procedural relief, it crucially refused to quash the FIR itself, leaving the sword of prosecution dangling.

The Supreme Court’s intervention was a rebuke of this approach. It held that the High Court had failed in its duty. A petition to quash an FIR requires the court to examine whether the allegations, even if taken at face value, disclose a cognizable offence against the accused. Dismissing such a petition merely because arrest isn’t immediate, the apex court stated, is an abdication of judicial responsibility. The Supreme Court’s directive to re-examine the case “afresh on its legal merits” is a command to answer the hard question: Do the actions (or inactions) of Shaadi.com, as alleged, make its CEO criminally liable for a user’s cheating?

The Broader Implications: A Precedent in the Making

The Shaadi.com case is a proxy battle for much larger debates raging globally about platform power and responsibility.

1. The End of “Hands-Off” Intermediary Status?
For decades, the “mere conduit” principle has allowed platforms to scale without being paralyzed by the fear of liability for billions of user actions. The Indian IT Act’s Section 79 was modeled on similar laws like the US’s Communications Decency Act (Section 230). If courts begin to interpret “due diligence” to mean platforms must proactively verify the truthfulness of every user’s claim (not just their identity) to avoid criminal liability, it would fundamentally break the business model of social networks, dating apps, and online marketplaces. The cost and complexity of pre-vetting would be astronomical.

2. The “Verification” Mirage and Its Limits
The police’s focus on the lack of a government ID check is a populist but technologically simplistic argument. A verified ID proves a person is real, not that they are honest. A fraudster with a real Aadhaar card is still a fraudster. A “blue tick” only confirms authenticity of profile ownership, not intent. Demanding that platforms guarantee the character of their users is an impossible ask. Should LinkedIn be liable if a verified user commits corporate fraud? Should Uber be liable if a driver-verified user assaults a passenger? The line between hosting a platform and vetting character is crucial.

3. The Chilling Effect on Innovation and Entrepreneurship
If founders and CEOs of Indian startups face personal criminal liability for user misconduct, the risk calculus for founding or investing in consumer internet companies changes dramatically. It introduces a personal criminal risk that no amount of venture capital can mitigate. This could stifle innovation in India’s tech sector, pushing entrepreneurs towards less legally perilous B2B ventures and chilling the development of platforms that require user trust.

4. The Consumer Protection Conundrum
On the other side is the legitimate cry of victims for greater protection. The Digital Personal Data Protection (DPDP) Act, 2023, imposes significant obligations on data fiduciaries (like Shaadi.com) regarding consent, data security, and grievance redressal. The proposed Digital India Act is also expected to revisit intermediary liability. Users argue that platforms that profit from facilitating sensitive connections have a heightened duty of care. They are not neutral pipes like telecom carriers; they use algorithms to match profiles, charge subscription fees, and build brands on trust. This “curation” and monetization, critics argue, should come with greater accountability.

5. The Global Context: A Shift Towards “Duty of Care”
India is not alone in this debate. The European Union’s Digital Services Act (DSA) imposes a detailed “due diligence” framework on very large online platforms, requiring risk assessments and mitigation measures for societal harms. The UK’s Online Safety Act imposes a “duty of care” on platforms to protect users from illegal content. The global trend is moving away from pure immunity towards proportional liability. However, these are largely civil and regulatory frameworks. The singular aspect of the Shaadi.com case is the attempt to impose direct criminal liability on a corporate executive, a step most jurisdictions have been hesitant to take.

The Path Forward: Balancing Protection with Prudence

The legal resolution of this case must navigate a narrow path. A blanket immunity for platforms is untenable in an age of large-scale cyber fraud and hate speech. Equally, treating platform owners as guarantors of user virtue is a legal and practical dead end that would collapse the digital ecosystem.

A more nuanced framework is needed, and the Supreme Court’s guidance will be pivotal:

• Clarifying “Due Diligence”: The government and judiciary must clearly define what constitutes “due diligence” for different categories of intermediaries. A matrimonial site’s duties regarding profile verification should be stricter than a public microblogging site’s, but must be defined by law/rule, not created ad-hoc by police in a criminal complaint.

• Distinguishing Criminal from Civil/Regulatory Liability: The primary recourse for a defrauded user should be against the fraudster. Platforms could be held to account through consumer protection law (for deficient services), data protection law (for failing to secure data), or sectoral regulations (mandating certain verification standards). Jumping directly to criminal charges against executives is disproportionate and sets a dangerous precedent.

• Emphasizing Grievance Redressal and Cooperation: The obligation of a platform should be to maintain a robust, transparent grievance redressal mechanism, to cooperate with law enforcement in investigation (providing logs, information under proper legal process), and to take down fraudulent profiles promptly upon being notified. Their liability should stem from a failure to perform these clear, actionable duties, not from a failure to prevent the crime itself.

• Promoting User Education and Shared Responsibility: A significant part of the solution lies in digital literacy. Platforms must actively educate users about common scams and safe practices, but users must also exercise caution. Sending large sums of money to someone unmet is a risk in any context, online or offline.

Conclusion: Defining the Guardians of the Digital Mandir

The Shaadi.com case is ultimately about defining the role of digital platforms in Indian society. Are they the new-age town squares and community mandaps, where society gathers and interactions happen, with the platform merely providing the space? Or are they more like regulated matchmakers or marriage bureaus of old, with a fiduciary duty to vet and stand behind their introductions?

The Supreme Court’s intervention to ensure a merits-based hearing is a welcome step toward a principled ruling. The final judgment must carefully balance the imperative of protecting citizens from online predation with the need to preserve the innovation-friendly, open nature of the internet. It must delineate a clear line: platforms must be responsible guardians of process—maintaining secure systems, cooperating with authorities, and addressing reported harms swiftly. But they cannot be made the guarantors of outcome for every human interaction they facilitate. Getting this balance wrong would not just affect one matrimonial site; it would redefine risk, liability, and freedom for the entire digital republic of India.

Q&A on Platform Liability and the Shaadi.com Case

1. What is the core legal defense invoked by Shaadi.com‘s Anupam Mittal, and why is it considered fundamental to the internet?

Anupam Mittal’s primary defense rests on Section 79 of the Information Technology Act, 2000, which provides “safe harbor” or legal immunity to “intermediaries.” An intermediary is defined as a service that hosts, stores, or transmits third-party content. The law states that an intermediary is not liable for any third-party information, data, or communication made available through its platform, provided it observes “due diligence” and follows certain guidelines, like removing unlawful content when notified. This principle is fundamental because it allows platforms like Facebook, WhatsApp, YouTube, Amazon, and Shaadi.com to operate without being sued or criminally charged for the actions or posts of their billions of users. Without this protection, the cost and risk of hosting user-generated content would be prohibitive, stifling innovation and free expression online.

2. Why did the Hyderabad Police book the platform’s CEO, and what is the potential flaw in their legal argument?

The Hyderabad Police booked CEO Anupam Mittal, arguing that Shaadi.com‘s lack of stringent verification protocols (like mandatory government ID checks or a reliable “blue tick” system) constituted a failure in “due diligence.” Their theory is that this failure facilitated the fraud, making the platform’s management indirectly liable for the user’s crime.
The potential flaw is twofold. First, it confuses identity verification with character verification. A government ID proves a person exists, not that they are honest. A fraudster with a real Aadhaar card can still commit fraud. Second, it seeks to impose direct criminal liability for a user’s independent criminal act. If this logic is accepted, the CEO of any messaging app could be jailed for a threat sent via their service, or the head of an e-commerce site for a seller selling counterfeit goods. It stretches the concept of abetment or negligence to an unworkable degree and ignores the intermediary’s core function as a host, not a participant.

3. What was the key procedural error identified by the Supreme Court in the Telangana High Court’s order?

The Supreme Court held that the Telangana High Court failed to exercise its proper jurisdiction. When hearing a petition to quash an FIR, the court must examine the “merits of the quashing”—that is, it must determine whether the allegations in the FIR, even if taken as entirely true, disclose a cognizable offence against the accused. The High Court avoided this central question. Instead, it merely noted that the offences carried a sentence of less than seven years and, citing the Arnesh Kumar guidelines (which prevent automatic arrest), simply directed police to issue a notice rather than arrest Mittal. The Supreme Court ruled that a court cannot refuse to examine the merits of a quashing petition solely because arrest may not be immediate; it must decide if the accused should face prosecution at all.

4. How does this case connect to larger global trends in regulating online platforms?

Globally, there is a clear trend moving away from the old model of blanket intermediary immunity towards a model of “proportional liability” or “duty of care.” Laws like the EU’s Digital Services Act (DSA) and the UK’s Online Safety Act require large platforms to conduct risk assessments, implement measures to mitigate systemic harms (like disinformation or illegal content), and establish robust grievance mechanisms. However, these are largely civil and regulatory frameworks enforced by dedicated agencies with fines and sanctions. The Shaadi.com case is striking because it involves an attempt by law enforcement to impose direct personal criminal liability on a corporate executive—a much more severe step that most advanced jurisdictions have been cautious about taking, as it could have a severe chilling effect on the tech sector.

5. What would be a balanced regulatory approach to protect users while preserving a vibrant digital ecosystem?

A balanced approach would involve:

• Sector-Specific “Due Diligence” Rules: Clearly define, through law or regulation, what “due diligence” means for different types of intermediaries. A matrimonial site’s obligations regarding profile authenticity should be higher than a general social network’s, but must be predictable and legally defined.

• Strong Civil & Consumer Redressal: Empower users through robust consumer protection laws and data protection laws (like the DPDP Act). Platforms should be held civilly liable for clear failures in their promised service (e.g., not acting on reported fraudulent profiles) or for data breaches.

• Emphasis on Process, Not Outcome: Hold platforms accountable for maintaining transparent grievance mechanisms, cooperating with law enforcement via lawful processes, and promptly acting on court/government orders to remove content. Their liability should be for failing in these clear procedural duties, not for failing to prevent a specific crime by a user.

• Education and Shared Responsibility: Mandate platforms to run prominent user safety campaigns, while also promoting digital literacy so users understand that online interactions, like offline ones, require caution. The law cannot outsource all human judgment to an algorithm or a platform’s terms of service.