Section 3: Due diligence

Q: What does Section 3 of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (TITIGDMECR) deal with?

Section 3 TITIGDMECR pertains to "Due diligence". It is part of the The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, a legislation enacted by the Parliament of India. Section 3 of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (TITIGDMECR) governs due diligence. As verified on 19 May 2026.

Q: Is Section 3 TITIGDMECR still in force?

Yes, Section 3 of the The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 is currently in force across the Republic of India.

Q: What is धारा 3 TITIGDMECR?

धारा 3 TITIGDMECR is the Devanagari Hindi reference for Section 3 of the The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Section 3 of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (TITIGDMECR) governs due diligence. As verified on 19 May 2026.

Q: What is Dhara 3 TITIGDMECR?

Dhara 3 TITIGDMECR is the Roman Hindi reference for Section 3 of the The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. "Dhara" means "Section" in Hindi. Section 3 of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (TITIGDMECR) governs due diligence. As verified on 19 May 2026.

Q: How to cite Section 3 of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021?

Cite as: "Section 3, The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (TITIGDMECR)" in legal briefs. For academic writing, use the BlueBook format: The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, § 3 (India).

Law on Tips Editorial Board

(1)

Due diligence by an intermediary:

An intermediary, including a social media intermediary, a significant social mediaintermediary and an online gaming intermediary, shall observe the following due diligence while discharging itsduties, namely:—

(a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy

(b) the intermediary shall inform its rules and regulations, privacy policy and user agreement to the user in English or any language specified in the Eighth Schedule to the Constitution in the language of his choice and shall make reasonable efforts by itself, and to cause the users of its computer resource to not host, display, upload, modify, publish, transmit, store, update or share any information that,—

(viii) contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer

(ix) is in the nature of an online game that is not verified as a permissible online game;

(x) is in the nature of advertisement or surrogate advertisement or promotion of an online game that is not a permissible online game, or of any online gaming intermediary offering such an online game;

(xi) violates any law for the time being in force.

(c) an intermediary shall periodically inform its users, at least once every year, that in case ofnon-compliance with rules and regulations, privacy policy or user agreement for access orusage of the computer resource of such intermediary, it has the right to terminate the accessor usage rights of the users to the computer resource immediately or remove non-compliantinformation or both, as the case may be;

(d) an intermediary, on whose computer resource the information is stored, hosted orpublished, upon receiving actual knowledge in the form of an order by a court ofcompetent jurisdiction or on being notified by the Appropriate Government or its agencyunder clause (b) of sub-section (3) of section 79 of the Act, shall not host, store or publishany unlawful information, which is prohibited under any law for the time being in force inrelation to the interest of the sovereignty and integrity of India; security of the State;friendly relations with foreign States; public order; decency or morality; in relation tocontempt of court; defamation; incitement to an offence relating to the above, or anyinformation which is prohibited under any law for the time being in force:Provided that any notification made by the Appropriate Government or its agencyin relation to any information which is prohibited under any law for the time being in forceshall be issued by an authorised agency, as may be notified by the Appropriate Government:

(e) the temporary or transient or intermediate storage of information automatically by anintermediary in a computer resource within its control as an intrinsic feature of thatcomputer resource, involving no exercise of any human, automated or algorithmic editorialcontrol for onward transmission or communication to another computer resource shall notamount to hosting, storing or publishing any information referred to under clause (d);

(f) the intermediary shall periodically, and at least once in a year, inform its users in English or any language specified in the Eighth Schedule to the Constitution in the language of his choice of its rules and regulations, privacy policy or user agreement or any change in the rules and regulations, privacy policy or user agreement, as the case may be; [Substituted by Amendment Rules 2022]

(g) where upon receiving actual knowledge under clause (d), on a voluntary basis on violationof clause (b), or on the basis of grievances received under sub-rule (2), any information hasbeen removed or access to which has been disabled, the intermediary shall, withoutvitiating the evidence in any manner, preserve such information and associated records forone hundred and eighty days for investigation purposes, or for such longer period as maybe required by the court or by Government agencies who are lawfully authorised;

(h) where an intermediary collects information from a user for registration on the computerresource, it shall retain his information for a period of one hundred and eighty days afterany cancellation or withdrawal of his registration, as the case may be;

(i) the intermediary shall take all reasonable measures to secure its computer resource andinformation contained therein following the reasonable security practices and procedures asprescribed in the Information Technology (Reasonable Security Practices and Proceduresand Sensitive Personal Information) Rules, 2011;

(j) the intermediary shall, as soon as possible, but not later than seventy two hours and in case of an online gaming intermediary who enables the users to

(k) the intermediary shall not knowingly deploy or install or modify technical configuration ofcomputer resource or become party to any act that may change or has the potential tochange the normal course of operation of the computer resource than what it is supposed toperform thereby circumventing any law for the time being in force:Provided that the intermediary may develop, produce, distribute or employtechnological means for the purpose of performing the acts of securing the computerresource and information contained therein;

(l) the intermediary shall report cyber security incidents and share related information with theIndian Computer Emergency Response Team in accordance with the policies andprocedures as mentioned in the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.

(m) the intermediary shall take all reasonable measures to ensure accessibility of its services to users along with reasonable expectation of due diligence, privacy and transparency; [inserted by 2022 Amendment Rules]

(n) the intermediary shall respect all the rights accorded to the citizens under the Constitution, including in the articles 14, 19 and 21. [inserted by 2022 Amendment Rules]

(2)

Grievance redressal mechanism of intermediary:

(a) The intermediary shall prominently publish on its website,mobile based application or both,as the case may be, the name of theGrievance Officer and his contact details as well as mechanism by which a user or a victim may make complaint against violation of the provisions of this rule or sub-rules (11) to (13) of rule 4, or in respect of any other matterspertaining to the computer resources made available by it, and the Grievance Officer shall -

(ii) receive and acknowledge any order, notice or direction issued by the Appropriate Government, any competent authority or a court of competent jurisdiction.

(b) The intermediary shall, within twenty-four hours from the receipt of a complaint made by an individual or any person on his behalf under this sub-rule, in relation to any content which is prima facie in the nature of any material which exposes the private area of such individual, shows such individual in full or partial nudity or shows or depicts suchindividual in any sexual act or conduct, or is in the nature of impersonation in an electronicform, including artificially morphed images of such individual, take all reasonable andpracticable measures to remove or disable access to such content which is hosted, stored,published or transmitted by it:

(c) The intermediary shall implement a mechanism for the receipt of complaints underclause(b)of this sub-rule which may enable the individual or person to provide details, as may benecessary, in relation to such content or communication link.