New Delhi: In a significant step toward protecting online privacy and curbing the spread of non-consensual intimate images (NCII), the Ministry of Electronics and Information Technology (MeitY) on Tuesday released a Standard Operating Procedure (SOP) directing intermediaries, including social media platforms and other digital service providers, to remove or disable access to such content within 24 hours of receiving a complaint. The move comes in the wake of repeated incidents where private images of individuals have been circulated online without consent, and follows a Madras High Court direction in October addressing the case of a woman lawyer whose private images repeatedly surfaced on the internet.

The newly released SOP lays out detailed responsibilities for intermediaries to act promptly when a complaint is received from an affected individual, an authorised representative, or a government agency. Platforms are required to acknowledge the complaint and update the complainant about actions taken, ensuring transparency and accountability in the takedown process.

Proactive Detection and Prevention

Beyond responding to complaints, the SOP emphasizes proactive measures to prevent the reuploading of NCII. Significant social media intermediaries are expected to deploy technologies such as crawlers to automatically detect reuploads of reported content. Additionally, platforms are mandated to generate digital hashes—unique fingerprints of the reported images or videos—and share them with the Indian Cybercrime Coordination Centre (I4C) through the Sahyog Portal. These hashes will be maintained in a secure hash bank by the I4C, helping to prevent the resurfacing of the same material across platforms.

The SOP also instructs intermediaries to periodically inform complainants about the removal status of their content and provide updates in cases where the same content reappears online. This ensures that victims are kept in the loop and reassured that their concerns are being actively addressed.

Responsibilities of Search Engines and Hosting Services

Search engines are directed to de-index flagged content from search results, effectively reducing its visibility and accessibility. If the content is hosted on external websites, intermediaries must notify the I4C via the Sahyog Portal for immediate follow-up, while keeping the affected individual informed.

Content Delivery Networks (CDNs) and Domain Name Registrars are required to make the flagged content inaccessible within 24 hours. This can be achieved by deregistering the hosting website or instructing the website owner to remove the content. The SOP further emphasizes that any reuploaded versions of the content appearing under new URLs must also be addressed within the same timeframe.

Centralised Coordination and Oversight

To ensure streamlined action, the SOP establishes a coordination mechanism between intermediaries and government entities. The I4C, operating under the Union Home Ministry, will serve as the central point for aggregating all NCII-related takedown requests and maintaining the secure hash bank. The Department of Telecommunications will collaborate with internet service providers to block flagged URLs where necessary, while MeitY will coordinate with intermediaries to ensure compliance and consistent enforcement of the guidelines.

Dhruv Garg, partner at the Indian Governance & Policy Project, described the SOP as consolidating existing obligations rather than creating a new legal regime. He emphasized that the main benefit of the SOP lies in publicising the remedies available to victims, enabling them to quickly manage the dissemination of non-consensual content. Garg further noted that awareness campaigns and educational outreach are critical for the SOP to have its intended effect, highlighting the need for resources to inform citizens about their rights and the mechanisms available to protect them online.

Alignment with IT Rules and Future Updates

The SOP requires intermediaries to align their community guidelines and terms of service with the provisions of the IT Rules, 2021, ensuring uniform enforcement across platforms. MeitY described the SOP as an evolving document and requested stakeholders to verify that they are referring to the latest version available on the ministry’s website to ensure compliance with current procedures.

The release of this SOP marks a key step in the government’s efforts to create a safer online environment, particularly for victims of non-consensual content. By mandating strict timelines, introducing technological safeguards, and establishing central coordination, the SOP seeks to provide both deterrence and remedial mechanisms for individuals whose privacy has been violated.

As online harassment and the unauthorized circulation of private images remain pressing concerns, the SOP aims to empower victims while holding intermediaries accountable for rapid action. Experts and activists have welcomed the initiative, emphasizing that effective implementation, coupled with public awareness, will be crucial in reducing the incidence of NCII and protecting individuals’ rights in the digital space.

---