Explained: The Digital India Act 2023
Why is the Ministry of Electronics and Information Technology inviting pre-draft consultations to the Digital India Act 2023? How is it different from the 23 years old Information Technology Act (IT Act) of 2000 which the former seeks to replace?
The story so far: On 9th March 2023, Mr. Rajeev Chandrasekhar, the Minister of State for the Ministry of Electronics and Information Technology (MEITY), held a consultation to officially announce that the Information Technology Act of 2000 (IT Act) will be replaced with a new Digital India Act (DIA), a future-ready legislation. The contents of the new act were laid down in the presentation. The MEITY is conducting rounds of consultations in the coming months and soliciting feedback from various stakeholders. This draft has generated debates and discussions on the regulation of the Internet today.
What is the Digital India Act 2023?
In the year 2022, the Indian government proposed the enactment of the Digital India Act (DIA) that would give a global and coeval legal framework for India’s evolving digital ecosystem. The government intends to get the DIA within this year’s parliament session. The MEITY has held consultations in discussing the essential features and legal framework of DIA with different stakeholders. In accordance with the consultations, the skeleton of the DIA will have the legal framework and principles intact and the core constituents of the DIA will be online safety, trust and accountability, open internet, and regulations of new age technologies like artificial intelligence and blockchain technologies. This new framework will additionally comprise Digital Personal Data Protection Act, Digital India Act Rules, National Data Governance Policy, and IPC amendments for Cyber Crimes.
DIA will include the Digital India Goals of 2026 as a $1 trillion digital economy. Being a nation with the greatest number of internet users it aims at shaping the future of technologies worldwide through its Digital India goals. The act will ensure the openness, safety, trust, and accountability of the Internet. It will provide the rights to citizens. The provisions will be in synchronization with the continuously evolving market trends and international jurisprudence. There is an adoption of ‘principles and rule-based approaches’ to accommodate the modification of regulations for being compliant with the evolving laws in the proposed act. It also mandates the strict KYC requirement for wearable devices for retail sales along with criminal law sanctions and penalties. The ministry is also considering reviewing the ‘safe harbour’ principle which protects online platforms like Twitter and Facebook from being accountable for the content posted on them by the users.
In the second consultation, the Hon’ble Minister Rajeev Chandrasekhar reiterated the principles on which DIA is built upon i.e.., openness, accountability, and safety. There will be guidelines formulated for emerging new-age technologies like Artificial Intelligence (AI) and blockchain technology, regulations for content monetization, and equitable remuneration for the value chain. It also promotes startup innovation, Telecom Services Providers (TSPs) and Internet Service Providers (ISPs) will be unaffected and are not likely to be regulated unless issues are flagged by stakeholders in further consultations.
What was the need for Digital India Act 2023?
The current regulatory landscape is old and redundant in India due to the digital revolution and the advent of new technologies. From the time the IT Act of 2000 was enacted, there have been several amendments, it has also faced criticisms for being outdated and inadequate in terms of new-age technologies. There have been attempts to bring the IT Act of 2000 to par with the latest technologies. The IT Act 2000 was enacted when there were only 5.5. million internet users, the intermediaries were of one type and there were traditional forms of user harms like cybercrimes and hacking. In contrast to today, the internet users have reached 850 million, there have been multiple types of intermediaries (eCommerce, digital media, OTT, gaming, AI), and the definition of user harms has been expanded like catfishing, cyberstalking, cyber trolling doxing. In 2000 the internet was a source of information and news but today it is used to proliferate hate speech and fake news.
The current regulatory landscape of the IT Act 2000 includes Intermediary Guidelines and Digital Media Ethics Code; Sensitive Personal Data or Information (SPDI) Rules; Certifying Authorities Rules; Indian Computer Emergency Response Team (CERT) and Cyber Appellate Tribunal. However, these tend to be insufficient when it concerns the regulation of new-age technologies.
Technology has significantly evolved since the enactment of the IT Act 2000. New technologies such as cloud computing, AI, blockchain, and the Internet of Things (IoT) have emerged, requiring legal frameworks to address their unique challenges and potential risks. As cyber threats become more sophisticated, it is crucial to enhance provisions related to cybersecurity and data protection in the IT Act. Amendments may aim to strengthen measures for preventing cybercrimes, improving incident response, and safeguarding personal and sensitive data. The growth of e-commerce, digital transactions, and cross-border payments necessitates updates to the legal framework governing them. Therefore, the DIA will comprise issues like consumer protection, electronic contracts, digital signatures, online dispute resolution, and liability of intermediaries. The rise of social media platforms and online content sharing has brought forth challenges related to misinformation, hate speech, cyberbullying, and defamation. The DIA will address these issues and regulate online content, establish mechanisms for content takedown, and hold intermediaries accountable for illegal or harmful content.
As India engages in global digital interactions, the regulations are necessary to align with international standards, best practices, and obligations. This alignment can facilitate cross-border data flows, cooperation in cybercrime investigations, and international cybersecurity frameworks. The DIA’s legislative framework has been made taking inspiration from jurisdictions that have the best digital technologies legislations like the European Union, Singapore, the United Kingdom, and the United States of America.
A way forward
The intention behind the DIA is laudable and this legislation will be revamping India’s technology sector regulations. It is for the first time that consultations are taking place during the pre-draft stage of the bill. Policymakers are aware of the challenges that might arise therefore the opinions of important stakeholders are being valued. The need for comprehensive and relevant legislation was much needed for the evolving technology sector in India.
While the DIA will promote the growth of India’s digital economy, and address the challenges which new-age technologies bring with them like data privacy and cyber security. However, doing away with the safe harbour principle will be criticized by Bigtechs. Additionally, it will require specialists and developed infrastructure for law enforcement, tackling the uncertainties of new-age technologies, AI, deep fakes, and dispute resolution in the proposed legislation. Defining territorial jurisdiction is necessary due to the borderless nature of information and interactions over the Internet. While transparency and accountability are the founding pillars of the act it will also have to balance the interests of important stakeholders like users, big techs, government, businesses, and civil society.
Undoubtedly, it will be one of the most landmark legislations in the jurisprudence of the country as it will protect the freedom of expression and the fundamental rights of citizens on social media platforms. Along with enhancing privacy, online safety, and security, it will also safeguard citizen’s data. It will foster innovation and growth of new-age technologies which will be beneficial in education, health, and administration. It will be interesting to see how building this proposed legislation plays out in the coming future.
Filed Under
About the Authors
Sanhita is a Project Fellow at Vidhi Delhi. She is currently working in the area of FinTech (CBDCs, cryptoassets, blockchain) and Applied Law and Technology Research (ALTR). She graduated from Delhi University with a B.A. (Political Science) Degree and further did her LL.B. in 2018. Her areas of interest include financial regulations, data protection laws, commercial laws, and the emerging frameworks of new financial technologies. She has previously worked at the Delhi High Court, the Supreme Court of India, and Saikrishna & Associates. She also holds an LL.M. degree from King's College London in Intellectual Property and Information Laws in 2022.