The government is envisaging a four-pronged approach to create a comprehensive regulatory framework to address the digital economy.
The fast-paced digitization due to technological transformation both by corporates and the government has positioned India as one of the fastest growing digital economies. India has over 900 million internet users, and a growing online market, which is second only to China*. As per a 2022 InvestIndia report, India witnessed 14% of the total 2018 billion app installations in the world.
To keep up with this exponential growth, the government has been contemplating an overhaul of the two-decade old Information Technology Act, 2000 (IT Act), since 2018. With the Digital Personal Data Protection Bill, 2022 (DPDP Bill) and the recent consultation on the Digital India Act, 2023 (DIA), the government has made affirmative strides towards establishing the much-needed legal framework to support this growth. The government plans to move ahead with both DPDP and DIA working in tandem with each other.
Why do we need a new law?
Although, there have been many revisions and amendments to define the digital space, India lacks a comprehensive legislation that addresses the growing sophistication of the cyber world, acts as a catalyst for the digital economy, more particularly in the context of start-ups, as well as protects the rights of the Indian citizens.
The government is envisaging a four-pronged approach to create a comprehensive regulatory framework to address the digital economy. The Digital India Act, which would replace the current IT Act of 2000, a revised telecommunications law framework, called the Indian Telecommunications Bill; the proposed Digital Personal Data Protection Bill, 2022, which deals with personal data; and the National Data Governance Framework Policy. The government is also contemplating changes in the Indian Penal Code (IPC) with respect to cybercrimes. All of these are currently in various draft/public consultation stages.
Key Provisions under the Digital India Act, 2023
Classification of Intermediaries
One of the criticisms of the current IT Act and rules is one size fits all approach for intermediaries. The proposal for DIA includes classification of intermediaries, examples of which include e-Commerce platforms, search engines, social media platforms, digital media entities, gaming platforms, and pure-play intermediaries such as Telecom Service Providers, Internet Service Providers. There is a need to treat each of them distinctly in terms of the role played by them and introduce a nuanced regulatory approach for them.
Safe Harbour Protection for Intermediaries
Under the current regulatory regime, Section 79 of the IT Act provides for the Safe Harbour protection to social media giants. It provides immunity to intermediaries from any third-party information, data, or communication link made available on its platform. With the proposed classification of intermediaries, it is expected that DIA will include different guardrails and levels of immunities for them.
The DIA will also provide some of the regulatory safeguards required for emerging technologies, including AI, IoT, and other prominent emerging technologies. This is just the beginning and regulators have the enormous task of matching the speed of innovation in terms of quality testing frameworks, algorithmic accountability, threat and vulnerability assessments, content moderation, etc.
One of the key considerations under the DIA is online safety and trust of internet users. The law will likely address protection from online offences such as cyber-flashing, cyber-bullying, and doxing. The government, in its presentation, included specific references to age-gating and preserving children’s privacy as tools to protect children from the fall outs of internet. There is emphasis on rights of digital users, such as right to be forgotten, secured electronic means by empowering agencies like CERT-IN for cyber resilience, right to redressal, and digital inheritance.
The DIA is expected to include an accountability framework which includes adjudicatory and appellate mechanisms for digital operators. There is a proposal to empower agencies like CERT-In for cyber resilience and to strengthen the penalty framework for non-compliance. It is also expected that there will be a unified responsive governance architecture including a dedicated inquiry agency and grievance redressal framework.
The proposed Digital India Act, along with other complementary legislation, has the potential to establish a comprehensive regulatory framework that supports the growth of the digital economy while protecting the rights of Indian citizens. With the proliferation of emerging technologies and increasing concerns around cybersecurity and data privacy, a well-defined legal framework is essential for India to maintain its position as one of the fastest-growing digital economies in the world. The proposed legislation includes provisions for the classification of intermediaries, safe harbor protection, emerging technologies, online safety, and governance mechanisms. If the government effectively implements the proposed legislation, India could become a global leader in the digital economy, providing a fair playing field for digital operators, ensuring online safety and trust, and protecting the rights of digital users.