Naavi.org

Government of India
Ministry of Electronics and Information Technology
*****
NOTICE

Subject: Inviting feedback/comments of stakeholders on the Draft amendments to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 – in relation to synthetically generated information – reg.

Dated: 22nd October, 2025

The Ministry of Electronics and Information Technology invites feedback on the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

The Government of India remains committed to ensuring an Open, Safe, Trusted and Accountable Internet for all users of Internet-enabled services. With the increasing availability of generative AI tools and the resulting proliferation of synthetically generated information (commonly known as deepfakes), the potential for misuse of such technologies to cause user harm, spread misinformation, manipulate elections, or
impersonate individuals has grown significantly.

Recognising these risks, and following extensive public discussions and parliamentary deliberations, MeitY has prepared the present draft amendments to the Information Technology (Intermediary Guidelines  and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021”). The draft aims to strengthen due diligence obligations for intermediaries, particularly social media intermediaries (SMIs) and significant social media intermediaries (SSMIs), as well as for platforms that enable the creation or modification of synthetically generated content.

2. The proposed amendments as outlined in the draft notification introduce:

• A clear definition of “synthetically generated information”;
• Labelling and metadata embedding requirements for such information to ensure users can distinguish synthetic from authentic content;
• Visibility and audibility standards requiring that synthetic content be prominently marked, including a minimum 10% visual or initial audio duration coverage; and
• Enhanced verification and declaration obligations for SSMIs, mandating reasonable technical measures to confirm whether uploaded content is synthetically generated and to label it accordingly.

These amendments are intended to promote user awareness, enhance traceability, and ensure accountability while maintaining an enabling environment for innovation in AI-driven technologies.

3. The Draft Notification for amendments, along with an Explanatory Note of the amendments in plain and simple language to facilitate ease of understanding are available on Ministry’s website at the following link:

https://www.meity.gov.in/documents/act-and-policies/amendments-to-the-information-technologyintermediary-guidelines-and-digital-media-ethics-code-rules-2021-it-rules-2021-IjN4QjMtQWa?pageTitle=Amendments-to-the-Information-Technology-(Intermediary-Guidelines-andDigital-Media-Ethics-Code)-Rules,-2021-(IT-Rules,-2021) 

The consolidated text of the IT Rules, 2021 as they would stand after the amendments proposed (with the amendments shown in coloured text) is also placed at above link for ease of reference.

4. The submissions will be held in fiduciary capacity in MeitY and shall not be disclosed to any one at any stage, enabling persons to submit feedback/comments freely without any hesitation.

5. The feedback/comments on the draft rules in a rule wise manner may be submitted by email to itrules.consultation@meity.gov.in in MS Word or PDF format by 6th November, 2025.

Consolidated amended copy of the Guideline

FDPPI is a “Not for Profit” organization by the professionals and for the professionals and always believes in providing more than value for money in its programs.

Since the registered participants  are senior  pros, we need  to accommodate more discussions during the  two day training program for C.DPO.DA. on November 1 and 2. Hence it has  been decided to provide some background videos on DPDPA, DPDPA Rules as well as GDPR.

When the new DPDPA Rules are released, there will be a separate session on the rules online  which could be a three  hour session on a Sunday .

In order to further provide post training engagement, all the participants will be provided with one year complimentary membership of FDPPI worth Rs 6000/-.

Additionally, from out of the participants FDPPI will create two Special Interest Groups one on the New DPDPA Rules so that  the Group could identify the pain points related to different  sectors and create documents that can be shared with the  DPB and MeitY, and the second on evaluation of the Data Discovery, Classification and Consent Management software available for Data Fiduciaries  with reference to DPDPA requirements and generate customization guidelines for the  Data Fiduciaries.

With this unique approach, the C.DPO.DA. program of FDPPI will be unique and  bring   more value.

Details of the program are available below at with registration at www.fdppi.in

Naavi

It is estimated that there are around 5000 active professionals in India who are certified as Lead auditors for conducting ISO 27001 audits. The actual number may be higher and there are a number of persons who are not active as auditors but have gone through the certification process.

With the release of ISO 27701:2025 as a certifiable audit, many of them are now equipping themselves to take up the ISO 27701 audit and there will be many clients in EU who would ask their data processors in India whether they are certified under ISO 27701.

It is therefore time to discuss how companies in India should respond to these queries particularly when the  Indian DPDPA 2023 is getting ready for implementation and professionals need to be ready to be DPOs in India and Data Auditors for Indian Significant Data Fiduciaries.

With the increased use of AI in business, AI related risks for Data Fiduciaries is a reality and the risk is considered unpredictable and therefore significant. Hence the number of Significant Data Fiduciaries in India is likely to be very large and we need thousands of DPOs and  hundreds of Data Auditors.

I therefore urge professionals to think  whether they should no prioritize for Indian DPO training or ISO 27701 training.

At FDPPI, we are interested in making existing ISO 27001 auditors in India to upgrade themselves to be DPDPA auditors first before anything else. It is our desire that during 2026-27, at least 1000 ISO 27001 auditors should be certified as C.DPO.DA. professionals (Certified Data Protection Officer and Data Auditor).

Kindly remember that the foreign vendors who ask us about ISO 27701 audits need to be informed that

1. If I am an Indian Data Processor for a EU Data Controller and am processing the personal data with a GDPR stake, I will take such steps as are necessary to mitigate the risk of GDPR non compliance to levels which are significantly low
2. We shall initiate measures of security which  are recommended under DPDPA to ensure that the risks are reduced substantially which will be suitably insured.

In the meantime train atleast one of your designated DPOs under FDPPI to be a C.DPO.DA. so that you can understand and implement measures to be compliant with the laws of India.

Since getting a ISO 27701 certificate is not an insurance against data risks, the measures to be initiated by us under DPDPA 2023 shall be enough assurance against the risks envisaged for which the vendor is suggesting ISO 27701.

Naavi

Despite the delay in the release of the DPDPA Rules for reasons which are not presently known to public, it is expected that sooner or later the rules will be released after the risk of Bihar elections and the possibility of a quick stay on the implementation of the Act by Supreme Court which is being speculated, is behind  us.

As a proactive measure Naavi/FDPPI is forming a Special Interest  Group on DPDPA Rules to study the rules when released, identify pain points for different sectors and provide a feedback to MeitY/DPB.

The SIG will be formed out of the persons who attend the C.DPO.DA. program in Mumbai on November 1 and 2 who will be the most recent trainees of  FDPPI on relevant issues.

This SIG will submit a report  asap  on the rules as notified and will continue to monitor the public views for  some time to enable the industry to absorb the impact of the rules and build it into compliance.

Naavi

Keeping in tune with the developments in the DPDPA 2023 scenario, the course on  Nov 1 and 2 to be conducted will cover the challenges of DPDPA Compliance in the AI driven technology environment.

Simultaneously we presume the new Rules will be notified by the Government. If the release of the rules is delayed, we will provide a free online session on the rules separately to all the participants.

The curriculum currently planned is

1. Legal nuances of DPDPA and the DPDPA  Rules
2. Classification of DPDPA protected Data (DPD)
3. ROPA as a strategic tool of Compliance
4. Governance  Structuring for meeting the obligations under DPDPA by a Data Fiduciary
5. Technical challenges of Management of Legal Basis for processing and Rights of Data  Principal
6. AI and its challenges in meeting the obligations
7. The Roles of DPO and Data Auditor in the DPDPA era
8. Use of DGPSI as a Compliance Management framework
9. Discussions and case studies

Within the time available, it is proposed that the focus would be on implementation challenges through examples.

To enable all to be equally aware of the basics of DPDPA 2023 as a law, advance video material may be provided to all the participants on the previous day (October 31).

All participants would also be provided a free one year Basic membership of FDPPI worth  Rs 6000/- so that they can be in touch with further developments.

The Early Bird Discount has closed. However  for registrations of groups of 3 or more, we may provide additional discounts. Kindly register immediately if interested.

We specially welcome some participants who are travelling from Delhi and Kolkata for their commitment to  learn. We hope too provide them complimentary membership for 3 years instead of  one year.

The examination will be available only after 1st December. The examination is online, Open book, Multiple choice question and can be taken at the convenience  of the  participants till end December 2025.

Please let us know if there are any other doubt. Naavi will clarify.

Naavi

Yesterday,  a virtual International seminar was conducted by DY Patil Law College Pune, Maharashtra in collaboration with Ram-Krishna Law firm, Chikodi, Karnataka. The theme  of the seminar was “Artificial Intelligence and Rule of Law, Challenges of Accountability, Transparency and Fairness”

During the conference several speakers discussed the emerging developments related to the Judiciary and the use of AI in drafting pleadings, Arbitrations, and even Judgements including automated settlements.

In the light of these developments discussions veered around the future.

Naavi delivering the Valedictory address  acknowledged the role of AI in reducing pendency of cases in Courts but highlighted that  until “Hallucination Free AI” is developed, it would be difficult to avoid fake and incorrect judgements.

Naavi also highlighted that there is a school of thought that AI has to be recognized as a juridical entity  and the  recent  developments such as the Albanian Government  appointing a Chat Bot as a  Minister indicate that developments may be getting out of hand before regulations  come in.

Naavi also highlighted that India opting to go for soft legislation in the form of voluntary guidelines is not  effective and we need a full fledged law with appropriate deterrents and a regulatory body.

Naavi