Let's Build a Responsible Cyber Society




Guidelines regarding Due Diligence Requirement of  Intermediaries

After ITA 2008 was notified on October 27, 2009, and more than 15 months of deliberations, a draft regulation has been released by MCIT on the responsibilities of "Intermediaries" such as portal owners under Section 79  with a request for public comments to be sent to grai@mit.gov.in before 28th February 2011.

Salient features of this notification is provided below:

There are 14 different clauses of "Due Diligence" indicated in the proposed notification.

1: Disclosures:

Apart from the requirement to publish terms and conditions and privacy policy for the use of the site, the intermediary is expected to notify the users not to commit contraventions of different kinds mentioned in ITA 2008. It also includes a provision regarding "not using data that belongs to another person" which loosely refers to IPR protected information.

2. Action on Receipt of Notice

On receipt of knowledge about any contravention (including through a digital signature affixed e-mail ) about any objectionable content, the intermediary shall take expeditious steps to remove access to such information and also inform the police of such information and preserve the records for 90 days.

3.Security Obligations

Apart from taking steps to secure the information in its custody, the intermediary shall report Cyber Security incidents (to Police?) and to CERT-IN

4. Assigned Responsibility:

The Intermediary shall designate a person and provide his contacts on the website for the purpose of receiving notices.

The guidelines are on expected lines and along with the privacy related guideline under Section 43 A, provides a good starting point for the use of Intermediaries.


February 20, 2011

Any Comments on this article can be sent to naavi@vsnl.com


Draft Guideline-Intermediaries


 Comments are Welcome at naavi@vsnl.com