Independent Directors given a protection from liability under The Gaming Act

The Promotion and Regulation  of Online Gaming Act 2025 (PROGA 2025) is expected to be a law in due course.

One specific clause that attracts attention is Section 11(3) proviso which states

“Provided that nothing in this sub-section shall hold an independent director or a non-executive director of a company who is not involved in the actual decision making, liable for such offence.”

In contrast, Section 85 of ITA 2000 states as follows:

Section 85: Offences by Companies.

(1) Where a person committing a contravention of any of the provisions of this Act or of any rule, direction or order made there under is a Company, every person who, at the time the contravention was committed, was in charge of, and was responsible to, the company for the conduct of business of the company as well as the company, shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly: Provided that nothing contained in this sub-section shall render any such person liable to punishment if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.

(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the provisions of this Act or of any rule, direction or order made there under has been committed by a company and it is proved that the contravention has taken place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly.

Explanation- For the purposes of this section

(i) “Company” means any Body Corporate and includes a Firm or other Association of individuals; and
(ii) “Director”, in relation to a firm, means a partner in the firm

The entire section 11 of the  PROGA  2025 is otherwise similar to Section 85 of ITA 2000 and states as under:

11. (1) Where an offence has been committed by a company, every person who, at the time the offence was committed was in charge of, and was responsible to, the company for the conduct of that part of the business of the company as well as the company, shall be liable to be proceeded against and punished accordingly.

(2) Nothing contained in sub-section (1) shall render any such person liable to be proceeded against and punished accordingly under this Act, if he proves that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence.

(3) Notwithstanding anything contained in sub-section (1), where an offence under this Act has been committed by a company and it is proved that the offence has been committed with the consent or connivance of, or is attributable to any neglect on the part of any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly:
Provided that nothing in this sub-section shall hold an independent director or a non-executive director of a company who is not involved in the actual decision making, liable for such offence.

Explanation.—For the purposes of this section, the expressions—
(a) “company” means a body corporate, and includes—
(i) a firm; and
(ii) an association of persons or a body of individuals whether incorporated or not; and
(b) “director”, in relation to—
(i) a firm, means a partner in the firm;
(ii) any association of persons or

This is a welcome clarification and would now serve as a precedent  in other laws also. However whether this  is to be treated as a special statutory provision applicable only to this Act or considered as a principle will need a scrutiny of the Courts since the Supreme Court has earlier held that ” vicarious liability requires a statutory provision”. Sanjay Dutt & Ors. v. State of Haryana (2025).

Naavi

Also Refer:

Director’s Liabilities (eplaw.com) 

Vicarious Liability (rdlawchambers.com)

Posted in Privacy | Leave a comment

Does Online Gaming Act come under Concurrent List?

The Promotion and Regulation of Online Gaming Bill was passed by Rajyasabha yesterday and is soon likely to be signed by the President into an Act. We shall call it PROGA 2025. We still need the Rules to be notified and an E Sports Authority to be  formed. Going byor the precedence of DPDPA 2023, and the possibility of a legal challenge to the Bill under “State Jurisdiction” Vs “Central Jurisdiction”, there could be some time before the  provisions of the Act are notified for implementation.

I would like the constitutional experts to however consider that Cyber Space is not physical space. While opening a club where Real Money games or casinos or betting take place come under the State regulations, any activity in Cyber Space comes only under Central Jurisdiction.

State may have some jurisdiction to address the impact of an action in Cyber Space on people in the physical space but regulation of the Cyber Space activity itself is outside the jurisdiction of the State.

Just as the Maritime Zone and Sky or even the Electro mangetic signals in the Spectrum space come under the Central Jurisdiction, Cyber Space also comes under Central Jurisdiction.

Further the power to make  legislations on actions that affect the “Neuro Space” such as causing addiction of human beings, is also not under State powers.

At best, it can be considered  as coming under “Concurrent List” for jurisdictional purpose.

Hence Courts should consider this Act well within the domain of the Central Government. Hope this is taken note of by the authorities.

This is the fit time to legally clarify and settleone important principle of defining “Cyber Space” and its jurisdictional aspects similar to Maritime Zone of Jurisdiction of the Sky above land or the Spectrum Space, as a “Space that comes under the jurisdiction of the Central Government. The passage of ITA 2000 itself is indicative of that principle that “The space created by binary signals ” is defined as “Cyber Space” and comes under the jurisdiction of the center. This can be re-iterated now.

Naavi

Posted in Privacy | Leave a comment

AI risks related to Foreign LLMs

In continuation of our previous discussions and in an era of the Anti India policies of US, it has become necessary to flag the “Country Risk” when we depend on software or platforms which are today under American control.

It is not only the Microsoft-Windows IS which is a big risk, even the G mail is a risk, dot com domain is a risk. Now experts are also flagging the risk of dependency on LLMs.

The article here  specifically addresses the issue of  Indian Companies developing applications based on LLMs particularly in the sensitive sectors such as Banking, Health care, Payment  Systems, FinTech in general etc.

The recent decision of Microsoft to stop services to Nayara is a critical redflag. This can happen to any company which uses Windows, GMail or LLMs like ChatGPT or LLaMa or others.

We have highlighted the data leak risk of DeepSeek in many  of our earlier articles and similar risks may be present in other LLMs also.

It is time that the Government initiates some effective measures along with the industry to develop indigenous systems for both AI and Quantum. When it comes to national security no American Company is reliable.

Hence “Country Risk” has to be part of any Risk Assessment from now onwards.

Unfortunately, Indian Industry is so greedy that they will try to make money without considering the national security issues.

Hope this trend  is reversed.

Naavi

Posted in Privacy | Leave a comment

Gaming Industry invited a ban since they ignored Self Regulation option

When the Intermediary Guidelines under ITA 2000 was amended on 6th April 2023, Government had defined “Online Gaming Intermediary” and suggested some self regulatory options such as setting up a registration with an industry body and appropriate  disclosures through Privacy Policy along with KYC of users.

Some of the exclusive due diligence requirements prescribed for online Gaming platforms were:

4A. Additional due diligence to be observed by online gaming intermediary.(1) In addition to the due diligence observed under rule 3 and, where applicable, rule 4, an online gaming intermediary shall, while offering online games, observe the following additional due diligence while discharging its duties, namely:

(a)          the online gaming intermediary shall display a demonstrable and visible mark of registration on all online games registered by the self-regulatory body, as referred to in sub-rule (5) of rule 4B;

(b)         the rules and regulations, privacy policy, terms of service and user agreements of the online gaming intermediary shall inform the user of its computer resource of

(i)                 all the online games offered by the online gaming intermediary, along with the policy related to withdrawal or refund of the deposit made with the expectation of earning winnings, the manner of determination and distribution of such winnings, and the fees and other charges payable by the user for each such online game;

(ii)              the risk of financial loss and addiction associated with the online game; 

(iii)            the know-your-customer procedure followed by the online gaming intermediary for registration of the account of a user; 

(iv)             the measures taken for protection of deposit made by a user; and

(v)               the framework of such self-regulatory body, as referred to in sub-rule (6) of rule 4B, of which the online gaming intermediary may be a member of;

(c)          the online gaming intermediary shall prominently publish on its website, mobile based application or both, a random number generation certificate and a no bot certificate from a reputed certifying body for each online game offered by it, along with relevant details of the same;

(d)         the online gaming intermediary shall, at the time of commencement of a user account based relationship for an online game, identify the user and verify his identity:

Provided that the procedure for such identification and verification shall, mutatis mutandis, be the procedure required to be followed by an entity regulated by the Reserve Bank of India under directions issued by it for identification and verification of a customer at the commencement of an account-based relationship;

(e)          the online gaming intermediary shall enable users who register for their services from India, or use their services in India, to voluntarily verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users, and where any user voluntarily verifies their account, such user shall be provided with a demonstrable and visible mark of verification, which shall be visible to all users of the service:

Provided that the information received for the purpose of verification under this clause shall not be used for any other purpose, unless the user has expressly consented to such use;

(f)           the Grievance Officer referred to in sub-rule (2) of rule 3 shall be an employee of the online gaming intermediary and shall be resident in India;

(g)         the online gaming intermediary shall appoint a Chief Compliance Officer, who shall be a key managerial personnel or such other senior employee of the online gaming intermediary who is resident in India, and who shall be responsible for—

(i)                 ensuring compliance with the Act and the rules made thereunder and who shall be liable in any proceedings relating to any relevant third-party information or data or communication link made available or hosted by the online gaming intermediary where he fails to ensure that such online gaming intermediary observes due diligence while discharging its duties under the Act and the rules made thereunder;

(ii)              coordination at all times with law enforcement agencies and their officers to ensure compliance with their orders or requisitions made in accordance with any law for the time being in force:

Provided that no liability under the Act or the rules made thereunder may be imposed on such online gaming intermediary without giving him an opportunity of being heard;

(h)         appoint a nodal contact person for 24×7 coordination with law enforcement agencies and officers to ensure compliance to their orders or requisitions made in accordance with the provisions of law or rules made thereunder;

Explanation.—For the purposes of this clause “nodal contact person” means the employee of the online gaming intermediary, other than the Chief Compliance Officer, who is resident in India;

(i)           the online gaming intermediary shall have a physical contact address in India published on its website or mobile based application, or both, for the purposes of receiving any communication addressed to it; 

(j)           the online gaming intermediary shall implement an appropriate mechanism for the receipt of complaints under sub-rule (2) of rule 3 and grievances in relation to the violation of provisions under this rule, which shall enable the complainant to track the status of such complaint or grievance by providing a unique ticket number for every complaint or grievance received by the online gaming intermediary:

Provided that the online gaming intermediary shall, to the extent reasonable, provide such complainant with reasons for any action taken or not taken by it in pursuance of the complaint or grievance received by it;

(k)         notwithstanding anything contained in clause (f) of sub-rule (1) of rule 3, the online gaming intermediary shall inform its users of the change referred to in the said clause immediately after such change is effected, in English or any language specified in the Eighth Schedule to the Constitution, in the language of his choice; and

(l)           notwithstanding anything contained in clause (j) of sub-rule (1) of rule 3, the online gaming intermediary shall provide the information referred to in the said clause within twenty-four hours of receipt of the order referred to therein.

(2) The requirements under sub-rule (1) shall be applicable upon expiry of a period of three months from the commencement of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, ____.

4B. Safeguards for online gaming intermediaries in relation to issue of directions under section 69A of the Act.(1) While considering the necessity or expediency of issuing a direction under section 69A of the Act in respect of an online game that is registered with a self-regulatory body referred to in sub-rule (2) as being in conformity with the framework evolved by such body to secure the interests referred to in the said section, the Central Government, may refer to the report communicated by such body under sub-rule (7).

(2)               For the purposes of sub-rule (1), the self-regulatory body referred to therein shall be one that has been registered by the Ministry, in accordance with sub-rule (3), for the purpose of evolving a framework to secure conformity with the interests referred to in section 69A of the Act:

Provided that the number of such bodies so registered may be one or more than one. 

(3)               The Ministry may, upon submission of an application for registration under sub-rule (2) by a company incorporated under section 8 of the Companies Act 2013 (18 of 2013) by online gaming intermediaries, or a society registered under the Societies Registration Act, 1860 (21 of 1860) by online gaming intermediaries, which is desirous of being registered as a selfregulatory body referred to in sub-rule (2), register the same, having regard to the following criteria, namely:—

(a)    the number of online gaming intermediaries who are its members;

(b)    its track record in promoting responsible online gaming;

(c)    the general repute, the absence of conflict of interest and the relevance and suitability of the individuals comprising its Board of Directors or governing body;

(d)    the presence of the following in the Board of Directors or governing body of such self-regulatory body, namely:—

(i)            an independent eminent person from the field of online gaming, sports or entertainment, or such other relevant field;

(ii)         an individual who represents online game players;

(iii)       an individual from the field of psychology, medicine or consumer education, or such other relevant field; and

(iv)        an individual with practical experience in the field of public policy, public administration, law enforcement or public finance, to be nominated by the Central Government;

(v)          an individual from the field of information communication technology:

Provided that no act or proceeding of the Board of Directors or governing body shall be invalid merely on the ground of absence for the time being of any such individual on it;

(e)    the provisions in its Articles of Association or bye-laws to ensure its functioning independently and at arm’s length from its member online gaming intermediaries;

(f)     its capacity, in terms of deployment of technology, expertise and other relevant resources, for evolving the desired framework, testing and verifying conformity of online games with the same, and continuously updating and further evolving such framework, testing and verification protocols:

Provided that the Ministry may consult any appropriate Government or any of its agencies before registering such a self-regulatory body. 

(4)               Every self-regulatory body registered under this rule, may grant membership to an online gaming intermediary, having regard to the following criteria, namely:—

(a)    the adherence by such online gaming intermediary and all online games offered by it with the criteria referred to in sub-rule (5);

(b)    the adherence by such online gaming intermediary to the due diligence and additional due diligence required under these rules;

(c)    track record of such online gaming intermediary in offering online games responsibly while securing the interests referred to in section 69A. 

(5)               Every self-regulatory body registered under this rule, may register an online game having regard to the criteria that it—

(a)    is offered by an online gaming intermediary which is a member of the self-regulatory body, who has been granted membership in accordance with the provisions of subrule (4);

(b)    does not contain anything which is not in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order, or incites the commission of any cognizable offence relating to the aforesaid; 

(c)    is in conformity with laws for the time being in force in India, including any such law that relates to gambling or betting or the age at which an individual is competent to enter into a contract, and shall thereby allow the online gaming intermediary offering such online game to display a demonstrable and visible mark of registration stating that the online game is registered with the self-regulatory body.

(6)               Every self-regulatory body registered under this rule shall evolve a framework to secure the said interests, undertake testing and verification to establish conformity of online games with such framework, continuously update and further evolve such framework, testing and verification protocols, and shall prominently publish the same on its website, mobile based application or both, as the case may be:

Provided that such framework may, among other things, also include suitable criteria regarding—

(a)   the content of an online game registered or to be registered with such body, with a view to safeguard users against harm, including self-harm;

(b)   appropriate measures to be undertaken to safeguard children;

(c)   measures to safeguard users against the risk of gaming addiction and financial loss, including repeated warning messages at higher frequency beyond a reasonable duration for a gaming session, provision to enable a user to exclude himself upon user-defined limits for time and money spent; and (d) measures to safeguard against the risk of financial frauds.

(7)               Every self-regulatory body registered under this rule shall communicate the fact of recognition of every online game registered with it to the Central Government, along with a report regarding the bases on which it has recognised it as such.

(8)               Every self-regulatory body registered under this rule shall establish a mechanism for timebound resolution of such complaints of users that have not been resolved by the grievance redressal mechanism of its member online gaming intermediary under sub-rule (2) of rule 3, and the provisions of rule 3A shall apply in respect of a complaint relating to an online gaming intermediary that is a member of such a self-regulatory body only after such a user has exhausted the opportunity to resolve it under such mechanism.

(9)               Where the Ministry is of the view that a self-regulatory body registered under this rule has not complied with the provisions of this rule, it may, in writing, communicate the fact of such non-compliance to such self-regulatory body and direct it to undertake measures to rectify the non-compliance.

(10)           The Ministry may, if it is satisfied that it is necessary so to do, after issuing notice to selfregulatory body giving it an opportunity of being heard, by order, for reasons to be recorded in writing, suspend or revoke the registration of a self-regulatory body, having regard to the requirements under and the criteria referred to in sub-rules (2) to (9):

Provided that the Ministry may, in the interest of the users of any online game that was registered with such body,—

(a)   at the same time as the issuance of such a notice, or at any subsequent time, give such interim directions as it may deem necessary; and

(b)   at the same time as the issuance of such an order, or at any subsequent time, give such directions as it may deem necessary.]

It  appears that the industry did not take appropriate action to create the suggested self regulatory bodies. As a result the Government was forced to act with the Gaming Bill now.

With the passage of “the Promotion and Regulation of Online Gaming Bill 2025” into an Act, the rules notified under ITA 2000 will now get additional meaning. Just as the DPDPA 2023 has been passed two years back and is yet to be notified, it is possible that the Gaming Act also may be delayed in implementation since an authority has to be formed for the purpose. It is also likely that the industry will go to the Supreme Court challenging the ban.

However, in the meantime, the  rules under ITA 2000 will get a provisional legal background and the industry should take efforts for measures such as “Registration with a MeitY registered self regulatory Body”, “Privacy Policy with Disclosures”, “Self verification and KYC of participants”, “Grievance Redressal” etc.

Had the industry implemented the  Intermediary Guidelines promptly, they would have been able to present a stronger case with the Supreme Court today. They have lost the opportunity since they had no intention of running a fair online gaming industry taking suitable precautions to mitigate the damage to the society.

A similar situation may arise in the AI regulations that if the industry fails to come up with appropriate self regulatory measures, it will invite the Government to step in with its own regulations which  may not be to the liking of the industry.

Hope this message will go through..

Naavi

Posted in Privacy | Leave a comment

Harm Caused by Online Money Games in India

With the passing of the “Promotion and Regulation of  online gaming bill 2025” in the Loksabha  without contest, the possibility of the Bill becoming the law in the next few days is imminent.

There is one section of the market which is lamenting that a $3.7 billion industry would be lost . The industry was expected to grow to around $9.2 billion by 2029. The extent of job losses are not clear with estimates varying anywhere between 20000 to 130000.  Industry warns that there could be tax losses to the  extent of Rs 20000 crores.

Over 300 companies are likely to be affected  including companies like Dream11,  Poker Baazi, DeltaCorp,99Games, KheloFantacy  etc. Many of these companies may close down . Some would survive and use their talents to build other e-Sports facilities which would be promoted by the Bill. Some would develop social games without the betting or money component.

At the same time we need to take note that due to the presence of these online money games and betting, several instances of harm to youngsters have been recorded. Leaving aside the “Addiction” part which cannot be easily assessed, there are instances of “Suicides”, “Large financial losses” etc.

A rough collection of statistics indicate that between 2022-2025 48 suicides were recorded in Tamil Nadu, 18 in Karnataka, 20 in Telengana, 3 in Madhya Pradesh.

In financial losses, a Mumbai businessman  reportedly lost Rs 12 crores in August 2025. It is estimated that India loses over Rs 23000 crores annually in betting scams.

Sharp increase of domestic violence, family breakdowns and debt have also been observed widely.

Considering these adverse effect, the Bill must be welcomed.

The Bill will be creating an E-Sports Authority which may promote e-Sports as a category,, conduct events etc. These developments could compensate the financial loss arising out of the closure of some of the companies who are today making money at the cost of the society.

Some of the Gaming companies have been enabling “Black Money holding” and “Money laundering”. The Bill will now put an end to such practices.

Hopefully Government will extend this kind of regulation to curtain Private Crypto currencies also.

Naavi

 

Posted in Privacy | Leave a comment

Gaming Regulation Bill Introduced

The Promotion and Regulation of Online Gaming Bill, 2025 was introduced in the Indian Lok Sabha on August 20, 2025, by IT Minister Ashwini Vaishnaw.

The key objectives of the bill is to ban online money games while promoting legitimate sectors including e-Sports, educational  games and social gaming.

The Bill proposes stringent punishments for online games involving monetary stakes, betting and gambling along with advertising and Banks conducting financial transactions.

Penalties under the Bill are as follows:

Violation First Offense Repeat Offense
Operating money games Up to 3 years jail + ₹1 crore fine 3-5 years jail + ₹1-2 crore fine
Advertising money games Up to 2 years jail + ₹50 lakh fine 2-3 years jail + ₹50 lakh-1 crore fine
Financial facilitation Up to 3 years jail + ₹1 crore fine 3-5 years jail + ₹1-2 crore fine

The also proposes to  establishes central regulatory authority.

According to the Bill “online money game” means an online game, irrespective of whether such game is based on skill, chance, or both, played by a user by paying fees, depositing money or other stakes in expectation of winning which entails monetary and other enrichment in return of money or other stakes; but shall not include any e-sports.

This means that even a game of Rummy would now be  covered under the Bill if there is monetary considerations attached. The offending websites are also liable to be blocked not withstanding any  thing contained under Section 69A of the ITA 2000.

The introduction of the Bill is welcome given the adverse impact of online  games on the  youth.

The Bill is awaiting passage.

Copy of the Bill is available here: 

Naavi

Posted in Privacy | Leave a comment