Digital India Act (DIA): Understanding India’s Proposed Successor to the IT Act, 2000

Introduction 

India’s digital economy has evolved dramatically since the enactment of the Information Technology Act, 2000 (“IT Act”). The IT Act was introduced at a time when e-commerce was in its infancy and long before the emergence of social media platforms, cloud computing, artificial intelligence, online marketplaces, digital content ecosystems and large-scale data-driven businesses. While the IT Act has undergone several amendments over the years and has been supplemented by subordinate legislation such as the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, concerns have persisted regarding its ability to address contemporary technological and regulatory challenges. 

Against this backdrop, the Government of India has proposed the Digital India Act (“DIA”), a comprehensive legislative framework intended to replace the IT Act and establish a modern regulatory regime for India’s digital ecosystem. Although no draft Bill has been publicly released as of the date of writing, consultations conducted by the Ministry of Electronics and Information Technology (“MeitY”), public statements by policymakers, industry submissions and media reports provide valuable insights into the possible direction of the proposed legislation. 

Given the absence of a publicly available draft, any discussion of the DIA remains necessarily speculative. Accordingly, the analysis below should be viewed as an examination of policy trends and likely regulatory themes rather than a definitive statement of future law. 

Legislative Background 

The IT Act was enacted primarily to facilitate electronic commerce, recognise electronic records and signatures, and address cybercrime. Over time, however, the rapid expansion of digital services has exposed limitations in a framework designed for a very different technological landscape. 

Recognising the need for reform, the Government has repeatedly indicated its intention to replace the IT Act with a more comprehensive digital law. The proposed DIA forms part of a broader digital regulatory architecture that also includes the Digital Personal Data Protection Act, 2023 (“DPDP Act”), cybersecurity initiatives, sector-specific regulations and emerging governance frameworks for artificial intelligence and digital infrastructure. 

Government consultations have consistently emphasised the objectives of creating an open, safe, trusted and accountable internet while simultaneously fostering innovation and economic growth. 

Key Themes Emerging from Consultations 

1. A Risk-Based Approach to Digital Intermediaries

One of the most significant themes emerging from policy discussions is the possibility of moving away from a “one-size-fits-all” approach to regulating intermediaries. 

Rather than treating all intermediaries similarly, policymakers have explored the idea of categorising digital services based on their functions, scale and potential impact on users. Such an approach could result in differentiated compliance obligations for social media platforms, cloud service providers, e-commerce marketplaces, online gaming platforms, AI systems and other digital services. 

If adopted, a risk-based framework would align India’s regulatory approach with global trends that increasingly impose obligations based on the nature and scale of digital services rather than applying uniform requirements across all platforms.

2. Enhanced Platform Accountability

The proposed DIA is also expected to focus on platform accountability and user safety. 

Public consultations have highlighted concerns relating to misinformation, online fraud, deepfakes, harmful content and digital harms more broadly. Consequently, the legislation may impose enhanced due diligence obligations on certain categories of intermediaries, including requirements relating to transparency, content moderation, user grievance mechanisms and risk mitigation measures. 

However, the precise nature and extent of these obligations remain uncertain and will depend on the eventual legislative text.

3. Reconsideration of the Intermediary Liability Framework

A recurring topic in discussions surrounding the DIA has been the future of intermediary liability and safe harbour protections. 

Under Section 79 of the IT Act, intermediaries are generally protected from liability for third-party content subject to compliance with prescribed due diligence requirements. Government statements and consultation discussions suggest that policymakers may seek to revisit this framework in light of concerns regarding platform accountability. 

At present, however, there is no clarity regarding whether the DIA will significantly modify, narrow or retain existing safe harbour protections. Businesses should therefore closely monitor future developments rather than assume any particular outcome.

4. Grievance Redressal and User Protection

Strengthening user grievance mechanisms has been another important policy objective. 

Future legislation may build upon the existing framework established under the Information Technology Rules, 2021 by introducing more structured complaint handling processes, enhanced transparency requirements and clearer avenues for user redress. 

Such measures would be consistent with the Government’s broader objective of increasing trust in digital services and improving accountability across the digital ecosystem.

5. Artificial Intelligence and Emerging Technologies

Artificial intelligence has featured prominently in discussions concerning the DIA. 

The Government has repeatedly expressed concerns regarding deepfakes, algorithmic harms, misinformation and the broader societal impact of AI systems. At the same time, policymakers have emphasised the importance of ensuring that regulation does not unnecessarily hinder innovation. 

While no formal AI regulatory framework has yet been proposed under the DIA, it is reasonable to expect that the legislation may provide enabling provisions or regulatory powers that allow the Government to address risks arising from emerging technologies, including AI, blockchain-based systems, the Internet of Things and future digital innovations. 

The challenge for policymakers will be balancing innovation with accountability while ensuring that regulation remains technology-neutral and future-proof.

6. Alignment with the DPDP Act

The DIA is expected to operate alongside the DPDP Act rather than replace or duplicate it. 

While the DPDP Act focuses primarily on the processing of personal data and the protection of privacy rights, the DIA is expected to address broader issues relating to digital governance, intermediary regulation, online safety, cybersecurity and emerging technologies. 

The interaction between these two frameworks will be critical for businesses operating in India. Organisations will need to evaluate compliance obligations under both regimes and ensure that governance structures are capable of addressing overlapping regulatory requirements. 

Potential Challenges and Areas of Debate

Freedom of Expression 

One of the most significant issues likely to arise during the legislative process concerns freedom of expression. 

Any framework that grants authorities broad powers to regulate online content will inevitably be scrutinised against constitutional protections under Article 19(1)(a) of the Constitution of India. The Supreme Court’s decision in Shreya Singhal v. Union of India continues to serve as an important benchmark for evaluating restrictions on online speech. 

Accordingly, future content moderation obligations and takedown mechanisms under the DIA are likely to attract close judicial scrutiny. 

Privacy and Encryption 

Another area of debate concerns the relationship between user privacy and regulatory accountability. 

Measures designed to enhance traceability, law enforcement access or platform accountability may raise questions regarding encryption, user privacy and the constitutional right to privacy recognised by the Supreme Court in Justice K.S. Puttaswamy v. Union of India. 

Balancing these competing interests will be one of the most complex challenges facing policymakers. 

Compliance Burdens 

Industry stakeholders have broadly supported efforts to modernise India’s digital regulatory framework. However, concerns remain regarding the possibility of excessive compliance burdens, particularly for startups and smaller technology companies. 

The effectiveness of the DIA will depend in part on whether it adopts a proportionate and risk-based approach that promotes innovation while addressing legitimate regulatory concerns. 

What Businesses Should Do Now 

Although the DIA has not yet been introduced, organisations should begin preparing for increased regulatory oversight of digital services. 

Businesses should consider: 

• Monitoring legislative and regulatory developments; 

• Reviewing existing intermediary and platform compliance programmes; 

• Strengthening governance and risk-management frameworks; 

• Assessing AI governance and responsible technology practices; 

• Evaluating content moderation and user grievance processes; and 

• Aligning digital compliance strategies with obligations under the DPDP Act and other sector-specific regulations. 

Organisations that proactively develop robust governance frameworks will be better positioned to adapt once the final contours of the DIA become clear. 

Conclusion 

The proposed Digital India Act represents one of the most significant anticipated developments in India’s digital regulatory landscape. Although the final legislative framework remains uncertain, consultations and policy discussions indicate a clear focus on platform accountability, user safety, emerging technologies and the creation of a trusted digital ecosystem. 

The ultimate success of the DIA will depend on its ability to balance innovation, privacy, free expression and regulatory accountability. Until a draft Bill is published, businesses should view current discussions as indicators of regulatory direction rather than settled legal requirements. Nevertheless, the message from policymakers is clear: India’s digital economy is moving toward a more structured and comprehensive regulatory framework, and organisations should begin preparing accordingly.