BharatNotes Key Concepts
Internet governance refers to the shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution of the internet. It involves a complex interplay of technical bodies, governments, civil society, and the private sector. For India, this domain sits at the intersection of sovereignty concerns, digital rights, and economic opportunity.
The Multistakeholder Architecture of the Internet
The global internet is not governed by any single authority. Instead, a distributed model of multistakeholder governance operates through several key institutions:
| Institution | Full Form | Role |
|---|---|---|
| ICANN | Internet Corporation for Assigned Names and Numbers | Manages domain names and IP address allocation globally |
| IANA | Internet Assigned Numbers Authority | Technical function within ICANN; manages root zone, IP addressing, protocol parameters |
| ISOC | Internet Society | Promotes open internet standards and development |
| IGF | Internet Governance Forum | Multi-stakeholder forum under UN auspices for dialogue (non-binding) |
| W3C | World Wide Web Consortium | Sets web standards (HTML, CSS etc.) |
The IGF was established in 2006 following the World Summit on the Information Society (WSIS) Tunis Agenda. It meets annually and brings together governments, civil society, the technical community, and the private sector. Critically, IGF resolutions are non-binding — it is a discussion forum, not a regulatory body.
US dominance concern: ICANN was historically overseen by the US Department of Commerce (NTIA). In October 2016, the NTIA formally transitioned the IANA stewardship function to the global multistakeholder community, a move India broadly welcomed while continuing to advocate for stronger intergovernmental participation.
India's Position: Multilateral vs Multistakeholder
India's stance on internet governance has been nuanced and at times internally divided:
- Ministry of External Affairs and the Department of Telecommunications have historically leaned toward a multilateral intergovernmental model — where sovereign states, through bodies like the ITU (International Telecommunication Union), exercise formal control over key internet resources.
- Ministry of Electronics and Information Technology (MeitY) has been more accepting of the multistakeholder model, acknowledging the role of industry, civil society, and technical experts.
India has flagged concerns about US dominance of critical internet infrastructure (root servers, ICANN governance) and has called for a more equitable distribution of internet governance responsibilities at forums like the IBSA (India-Brazil-South Africa) dialogue and through proposals for a UN Committee for Internet-Related Policies (CIRP). India's position can be characterised as seeking a hybrid approach — retaining intergovernmental authority on policy while keeping technical management multistakeholder.
IT Act 2000 and Major Provisions
The Information Technology Act, 2000 is India's primary legislation governing cyberspace, electronic commerce, and cybercrime. Key provisions include:
| Section | Subject |
|---|---|
| Section 43 | Penalty for damage to computer systems (civil liability) |
| Section 66 | Computer-related offences (hacking, data theft) |
| Section 66A | Sending offensive messages — struck down by the Supreme Court in 2015 |
| Section 66C/66D | Identity theft and cheating by impersonation online |
| Section 67 | Publishing obscene material in electronic form |
| Section 69A | Power to block websites in the interest of national security |
| Section 79 | Safe harbour protection for intermediaries |
Shreya Singhal v. Union of India (2015)
In a landmark judgment delivered on 24 March 2015, a two-judge bench of Justices J. Chelameswar and R.F. Nariman struck down Section 66A of the IT Act as unconstitutional. The Court held that:
- Section 66A violated Article 19(1)(a) (freedom of speech and expression) of the Constitution.
- The provision was unconstitutionally vague and overbroad — words such as "grossly offensive" or "menacing character" had no clear definition and were susceptible to arbitrary application.
- It had a chilling effect on legitimate online speech.
- The section was declared void ab initio (as if it never existed), and all pending prosecutions under it were to be dropped.
The Court simultaneously read down Section 79 (intermediary liability safe harbour) and upheld Section 69A (website blocking), subject to procedural safeguards.
IT Rules 2021 — Intermediary Liability Framework
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, notified by MeitY, replaced the earlier 2011 intermediary rules. They create a two-tier classification:
All Intermediaries must: publish privacy policy and user agreements; appoint a Grievance Officer; acknowledge complaints within 24 hours and resolve within 15 days.
Significant Social Media Intermediaries (SSMIs) — those with 50 lakh or more registered users in India — have additional obligations:
- Appoint a resident Chief Compliance Officer (ensuring legal compliance)
- Appoint a resident Nodal Contact Person (for law enforcement coordination)
- Appoint a resident Grievance Officer (for user complaints)
- Enable traceability — identify the first originator of a message on end-to-end encrypted platforms when required by a court or government order
- Publish monthly compliance reports
The traceability provision has been contentious; platforms like WhatsApp have legally challenged it, arguing it requires breaking end-to-end encryption. The 2023 amendment to IT Rules 2021 further added a Grievance Appellate Committee mechanism.
Net Neutrality
Net neutrality is the principle that internet service providers must treat all internet traffic equally, without discriminating based on source, destination, or content type.
TRAI's 2018 Recommendations: TRAI released net neutrality recommendations in November 2017, which were adopted by the Department of Telecommunications (DoT) in July 2018. India's net neutrality rules are considered among the strongest in the world. Key provisions:
- ISPs are prohibited from blocking, throttling, or granting preferential speeds to any content or application.
- Exceptions exist for specialised services (e.g., remote surgery, smart grid management) and critical IoT services.
- Violation can result in licence cancellation.
Digital India Act — Proposed Replacement for IT Act 2000
MeitY announced in March 2023 that a Digital India Act (DIA) would replace the two-decade-old IT Act 2000. The DIA is intended to cover artificial intelligence, deepfakes, data protection, online safety, and competition issues among internet platforms. As of 2026, the DIA has not yet been introduced in Parliament — it was deferred past the 2024 general elections and remains under consultation. The IT Act 2000, as amended in 2008, continues to govern India's cyberspace.
Data Localisation Debate
India has debated requiring companies to store certain categories of data (especially sensitive personal data and critical personal data) physically within India. The Digital Personal Data Protection Act, 2023 (DPDPA) does not mandate blanket data localisation but empowers the government to restrict cross-border data transfers to certain countries. The earlier draft Personal Data Protection Bill 2019 had more stringent localisation norms that were dropped after industry pushback.
Recent Developments (2024–2026)
Digital Personal Data Protection Rules 2025 — Privacy Framework for 850 Million Users
India's Digital Personal Data Protection Act 2023 (DPDPA) received its implementing rules on 13 November 2025, covering approximately 800 million internet users. The rules provide 18-month compliance timelines (effective 13 May 2027). Key obligations include mandatory appointment of Data Protection Officers by Significant Data Fiduciaries, Data Protection Impact Assessments (DPIAs), consent management frameworks, and data localisation provisions — the government may restrict cross-border data transfers to specified countries via a "negative list" (a softer approach than the blanket localisation mandate originally proposed in the 2019 Bill).
The rules empower parents/guardians to give verifiable consent for processing children's data (under 18), banning behavioural tracking and targeted advertising to minors. India joined the global trend towards data sovereignty without adopting GDPR's extraterritorial prescriptiveness. The DPDP framework's consent-based architecture directly affects social media platforms, AI companies, healthcare data processors, and government databases — intersecting with ABDM health records and Aadhaar data.
UPSC angle: DPDP Rules 2025 (13 November 2025, effective 13 May 2027), DPIA mandate, children's data protection, India's "negative list" data localisation approach, and distinction from GDPR are Prelims and Mains GS-2/GS-3 content.
IT Amendment Rules 2025 — Synthetic Content and Deepfake Regulation
The IT (Amendment) Rules 2025 introduced mandatory labelling requirements for AI-generated/synthetic content (deepfakes, AI-synthesised audio, manipulated videos) on digital platforms. Platforms must deploy technical measures to identify and label synthetic media before it reaches users. The rules also expanded the Grievance Appellate Committee (GAC) mechanism established under IT Rules 2021, enabling users to appeal platform content moderation decisions to a government-constituted body — a provision criticised by free speech advocates as creating state oversight over private platform decisions.
India's Telecommunications Act, December 2023, replaced the 138-year-old Indian Telegraph Act 1885 — a landmark legal modernisation bringing spectrum management, satellite communications, OTT services, and cybersecurity into a unified framework. The proposed Digital India Act (DIA), intended to replace the IT Act 2000, remained under consultation as of early 2026, expected to classify cyberbullying, doxxing, identity theft, and non-consensual intimate image sharing as new criminal offences and establish a comprehensive intermediary liability regime.
UPSC angle: IT Amendment Rules 2025 (synthetic content labelling, GAC expansion), Telecommunications Act 2023 (replaced Telegraph Act 1885), proposed Digital India Act, and Shreya Singhal (2015) as constitutional baseline for cyber speech regulation are Mains GS-2/GS-3 content.
Internet Governance — UN Pact for the Future and India's Position 2024
At the UN Summit of the Future (September 2024), countries adopted the "Pact for the Future" including the "Global Digital Compact" — a non-binding framework for governing AI, digital public infrastructure, and internet governance. India supported the compact, particularly provisions on AI for development, data governance, and digital capacity building for developing nations. India's longstanding position on internet governance — that the state should have more formal authority in internet policy while supporting a multi-stakeholder technical model — found partial endorsement in the compact's recognition of government roles.
The Internet Governance Forum (IGF) 2024 was held in Riyadh, Saudi Arabia (December 2024), with India advocating for affordable connectivity, digital public infrastructure models (India Stack, ABDM), and AI governance frameworks suited to developing economies. India's ITU Tier 1 cybersecurity ranking (2024) and its leadership in DPI exports (CoWIN, UPI models shared with other nations) strengthened its international positioning on digital governance debates.
UPSC angle: UN Global Digital Compact (September 2024), India's internet governance position (state authority + multi-stakeholder), IGF Riyadh 2024, ITU Tier 1 India cybersecurity ranking, and India's DPI diplomacy (CoWIN/UPI exports) are Mains GS-2/GS-3 and essay content.
PYQ Relevance
- 2022 GS3: "What are the different elements of cyber security? Keeping in view the challenges in cyber security, examine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy."
- 2019 GS3: "What is the CyberDome Project? Explain how it can be useful in controlling internet crimes in India."
- 2018 GS3: "What are the areas of concern for the security of critical information infrastructure? What measures has India taken in this regard?"
- The Shreya Singhal case appears frequently in GS2 (fundamental rights) as well.
- Internet governance, digital sovereignty, and India's position on multistakeholder vs. multilateral models are anticipated Mains GS3 topics for opinion-based questions.
Exam Strategy
- Differentiate ICANN/IANA (technical management) from IGF (policy dialogue) — examiners test conceptual clarity.
- On India's internet governance stance: state clearly that India holds a nuanced/evolving position — not purely multilateral or multistakeholder.
- For IT Rules 2021, remember the three resident officers (CCO, Nodal Contact, Grievance Officer) for SSMIs — a common MCQ point.
- The Shreya Singhal case is relevant to both GS2 (Article 19 rights) and GS3 (cyber law) — note the bench composition (Chelameswar + Nariman), date (24 March 2015), and constitutional ground (Article 19(1)(a)).
- Net neutrality: TRAI recommended in Nov 2017; DoT adopted in July 2018 — examiners check the year.
- Connect Digital India Act with ongoing governance reforms in essays and opinion-based questions.
- For current affairs integration, track developments on the Digital India Act and DPDPA implementation at Ujiyari.com.
