IT Intermediary Guidelines Second Amendment Rules 2026: Safe Harbour and AI Content Obligations

The rapid rise of synthetic media and artificial intelligence has prompted Indian regulators to act decisively. In February 2026, the Ministry of Electronics and Information Technology notified the second amendment to the Information Technology Rules 2021 (IT Rules), introducing comprehensive obligations for handling synthetically generated information (SGI). These rules, effective February 20, 2026, fundamentally reshape how digital platforms, intermediaries, and content creators must manage AI-generated content. The centerpiece is a new framework requiring mandatory labelling and metadata embedding for AI content, coupled with accelerated takedown procedures for court orders and stringent safe harbour conditions. As of March 30, 2026, a further draft amendment has proposed even wider compliance obligations. Understanding these rules is critical for compliance officers at digital platforms, content creators, and businesses relying on intermediaries for distribution.

Background and Legal Context

The original IT Rules 2021 established the framework for intermediary liability under Section 79 of the Information Technology Act 2000, providing safe harbour protections to platforms that comply with prescribed conditions. Section 79 shields intermediaries from liability for user-generated content if they exercise due diligence and promptly remove unlawful material upon notification. However, the emergence of deepfakes, synthetic audio, and AI-generated video content created regulatory gaps. These synthetic materials posed novel risks: they could spread misinformation at scale, violate privacy of individuals whose likeness was used without consent, and evade traditional content moderation approaches. The February 2026 amendment directly addresses this gap by introducing specific rules for SGI. The rules apply to all intermediaries that host, transmit, or distribute content, ranging from social media platforms to video hosting services and messaging platforms with file-sharing capabilities. The regulatory approach balances innovation with consumer protection, requiring transparency about AI-generated content while preserving legitimate uses in entertainment, education, and research.

SGI Definition and Mandatory Labelling Requirements

The amendment defines Synthetically Generated Information (SGI) as audio, visual, or audiovisual content created or substantially modified using machine learning, generative adversarial networks (GANs), or other algorithmic means to appear as though it originated from a real person or genuine event. The definition captures deepfakes, synthetic speech, and photorealistic AI-generated imagery. Critically, the rules exclude content generated for lawful entertainment, satire, or parody with clear context, and exclude educational or research content where the synthetic nature is apparent. The core obligation is mandatory labelling and metadata embedding: creators and platforms must visibly mark SGI with a standardized label indicating the content is synthetically generated. Metadata embedded in the file must include: (1) the date of creation, (2) the method or tool used to generate the content, (3) the creator's identity or pseudonym, and (4) any known modifications or alterations. The metadata format follows international standards to ensure interoperability. Non-compliance with labelling obligations is particularly severe: intermediaries that fail to label or verify SGI lose Section 79 safe harbour protection, exposing them to full liability for the harms caused by that content, including damages claims and criminal prosecution.

Safe Harbour Implications and Intermediary Obligations

Section 79 safe harbour is now conditional on SGI-specific compliance. Intermediaries must implement reasonable technical systems to detect synthetically generated content within their platforms. These systems need not achieve 100 percent accuracy, but must represent a good-faith effort using state-of-the-art detection technology. Intermediaries must also establish expedited takedown procedures: upon receiving a court order or valid notification of prohibited SGI, the platform must remove the content within three hours. This 3-hour window is substantially faster than the general 36-hour notification period under the original rules, reflecting the urgent harms of deepfakes. Platforms must also cooperate with law enforcement and statutory bodies investigating SGI-related crimes. The rules impose a duty to maintain records of SGI flagged or removed, with these records subject to inspection by authorized government agencies. Failure to maintain such records or to comply with the 3-hour takedown timeline jeopardizes safe harbour status. The practical effect is that intermediaries cannot adopt a passive stance toward SGI. Investment in detection technology, staff training, and operational processes is now mandatory for safe harbour protection.

SSMIs and Additional Rule 4(1A) Obligations

Significant Social Media Intermediaries (SSMIs), defined as platforms with over 50 million monthly users in India, face heightened obligations under amended Rule 4(1A). SSMIs must appoint a Chief Compliance Officer (CCO) resident in India responsible for SGI compliance. SSMIs must establish and publish a detailed policy on SGI handling, outlining their approach to detection, labeling, removal, and user education. These platforms must conduct quarterly compliance audits and file audit reports with the Ministry. SSMIs must implement user complaint mechanisms specifically for SGI-related harms and respond to complaints within 72 hours. SSMIs must also run awareness campaigns educating users about the dangers of deepfakes and the platform's SGI policies. The rules recognize that large platforms exert outsized influence over public discourse and thus warrant stricter accountability. SSMIs cannot outsource SGI compliance to third parties: the CCO and enforcement must remain under direct platform control. Failure to comply triggers penalties including monetary fines, suspension of safe harbour, and potential block of the platform in India.

March 2026 Draft Amendment: Further Regulatory Expansion

On March 30, 2026, the Ministry released a draft second amendment proposing significant expansions to the SGI framework. The draft proposes treating influential content creators and social media personalities as de facto news publishers, subjecting them to editorial accountability standards and fact-checking obligations similar to news media. This proposal seeks to address the phenomenon of influential individuals disseminating SGI without verification, reaching audiences comparable to traditional news outlets. The draft also proposes widening regulatory oversight to include payment platforms and financial intermediaries, requiring them to flag and prevent transactions related to deepfake creation tools or services. Additionally, the draft proposes mandatory government reporting of SGI incidents by all intermediaries, with detailed incident logs submitted quarterly to the Ministry. Public consultation on this draft is open until April 14, 2026. The industry consensus is that the expanded proposals, if notified, would significantly increase compliance costs and regulatory burden, particularly for smaller platforms and creators. The final shape of these rules remains uncertain pending the public feedback period.