The RFMLR Editorial Board recently interviewed Mr. Shikher Deep Aggarwal, Partner, Luthra & Luthra Partners Law Offices on the topic exploring the proposed Digital India Act.

1.     The government intends to replace the present Information Technology Act, 2000 (IT Act) with the proposed Digital India Act. In light of the recent amendments to the IT Act, is it really necessary to bring out a new Act altogether? Can we not just further amend the IT Act to bring the requisite changes?

The existing regulatory framework in India is widely seen as outdated and inadequate in the face of rapid digital transformation and the emergence of cutting-edge technologies. Despite numerous amendments made to the IT Act over the years, these changes are perceived as insufficient in adequately governing the complexities brought forth by modern technologies. Innovations such as cloud computing, artificial intelligence (AI), blockchain, and the Internet of Things (IoT) present unique challenges and potential risks that demand tailored legal frameworks for regulation. Additionally, the continuous expansion of e-commerce, digital transactions, and cross-border payments further underscores the urgent need for updates to the legislative landscape governing these domains. Nowadays, everyone leads a dual existence that merges a private life with a social media presence, necessitating the need for protection in both realms.

An amendment-based approach can often result in a patchwork of provisions that may not provide a cohesive framework for governing the digital domain. Given the magnitude of changes required to accommodate these advancements within the existing IT Act of 2000, it has become increasingly apparent that we can’t keep using old maps to navigate new roads.

Recent issues surrounding notifications concerning the Fact Check Unit have highlighted potential constitutional hurdles associated with delegated legislation and amendments. Consequently, it appears more judicious to introduce a comprehensive new act that can effectively address these evolving concerns. India's trajectory toward becoming the host of the world's largest user base further underscores the necessity for an updated Digital Act that can adequately regulate and safeguard digital activities in the country. This comprehensive approach is seen as necessary to adequately protect users, foster innovation, and support India's goal of becoming a $1 trillion digital economy by 2026.

2.     As the Bill is just in a pre-drafting stage, what would be your suggestion regarding regulating AI and Blockchain technology? Does it require a separate regulating body for such complex new-age technologies?

The Supreme Court's move in 2020 to overturn the cryptocurrency ban was a notable milestone for the advancement of blockchain technology. Nonetheless, the ongoing consideration of the Crypto Currency Bill, 2021, coupled with the absence of legislation to date, highlights the critical need for blockchain technology regulation within the framework of the DIA. The government has expressed its interest in exploring the definition and regulation of high-risk AI, as well as establishing frameworks to ensure AI accountability and promote the ethical usage of AI-based tools. This may necessitate the creation of forward-looking law, potentially housed within a distinct chapter of the proposed Digital India Act.

The question of whether it is necessary to create a dedicated body to regulate AI and blockchain (or any other sophisticated digital creation), given the existing plans to establish other regulatory entities such as the 'internet regulator' under the DIB, remains. In my opinion, just as 'too many cooks spoil the broth', similarly, too many regulators may cloud the path. It might be more effective to have one regulatory authority with distinct divisions for different sectors. While TRAI has suggested the establishment of the 'Artificial Intelligence and Data Authority of India (AIDAI)', there is also a call from various stakeholders for a revamp of the current regulatory framework and enhancement of enforcement mechanisms to cope with the widespread deployment of AI.

3.     In recent times, the issue of deep fakes has been a major cause of concern for the government. MeITY had also issued an advisory to all the intermediaries, ensuring compliance with the existing IT rules. The directive specifically targets the growing concerns around misinformation powered by AI – Deepfakes. How do you think that the proposed Bill can deal with the issue of Deepfakes?

India lacks dedicated legislation aimed at combating deepfakes and related AI-driven offences. Notably, certain individuals, particularly public figures, have sought protection under personality and privacy rights, to counter unauthorized manipulations of their likeness. While laws targeting morphing, such as Section 66 of the IT Act, 2000, exist, it's imperative to recognize that deepfakes represent a significantly more sophisticated form of manipulation. Deepfake technology is employed with distinct motives, often for spreading misinformation or damaging the reputations of individuals. The existing penalties may prove inadequate in addressing the severity of offenses involving deepfakes. While various provisions of the Indian Penal Code and the Indecent Representation of Women (Prohibition) Act offer potential avenues for recourse, they are indirect and may necessitate adaptation to effectively combat deepfake-related crimes.

Hence, there exists a critical need for dedicated legislation specifically targeting deepfake technology. Following the circulation of a deepfake video involving an actress, MeitY publicly underscored the urgency of drafting legislation specifically addressing such incidents. However, the government is presently contemplating amending the IT Rules, 2021 instead of introducing new legislation. The proposed Digital India Act could strive to directly confront the menace posed by AI-generated misinformation, particularly by clearly defining deepfakes and prescribing specific remedies, stringent penal actions, and compensatory measures for aggrieved parties. Guidance may be taken from initiatives like the EU’s AI Act, which offers a framework for regulating AI technologies. Notably, countries such as the United States have established specialized task forces dedicated to addressing the proliferation of digitally manipulated content, providing potential models for India to consider in its efforts to combat the spread of deepfakes.

4.     The Ministry has plans to introduce penal consequences for certain regulatory violations. On the other hand, the Government had introduced the Jan Vishwas Act to amend several acts so that certain acts could be decriminalized and ease of doing business can be improved in India. Do you find this contradictory or certain penal actions are genuinely required under such an Act?

The Ministry's proposal to introduce penal consequences for regulatory violations, juxtaposed with the Jan Vishwas Act aimed at decriminalizing certain offenses to enhance the ease of doing business, may initially appear contradictory. However, this apparent contradiction can be reconciled by considering the objectives of each initiative.

The Ministry's intention to introduce penal consequences likely stems from the need to uphold regulatory compliance and ensure accountability within the digital landscape. Under the Digital India Act, such measures may be deemed necessary to deter malicious activities, safeguard data integrity, and instill trust in digital transactions. Penal actions could serve as a deterrent against cybercrimes, data breaches, and other digital malpractices, thereby reinforcing the regulatory framework under the Digital India initiative. Conversely, the Jan Vishwas Act, while aiming to decriminalize certain offences, primarily focuses on streamlining business operations and reducing regulatory burdens. By removing criminal penalties for minor regulatory non-compliances, the Act aims to foster a more conducive environment for business growth and investment. Therefore, while seemingly contradictory, these initiatives serve distinct purposes within the broader scope of governance and economic development.

In essence, while penal actions may indeed be necessary under the Digital India Act to address specific regulatory violations and ensure digital security, the Jan Vishwas Act seeks to balance regulatory enforcement with the facilitation of business activities, ultimately contributing to India's socio-economic progress.

5.     The current presentation of the bill presupposes that the current model of flagging fake news by social media platforms is "discretionary". It provides for critically examining the mode of dissecting news as fake or true, emphasizing alignment with constitutionally provided rights of freedom of speech and expression. How do you think the government should approach the issue and devise a mechanism to verify and categorize the news as false or fake?

I believe the government needs to take a multi-pronged strategy that strikes a balance between fighting misinformation and upholding constitutional freedoms. This strategy should include creating a strong system that focuses on transparency, accountability, and precision. To achieve this, there should be cooperative efforts between government bodies, independent verification groups, media specialists, and community representatives to guarantee thorough and reliable outcomes. The "Prohibition of Fake News on Social Media Bill, 2023" proposes something similar, and I think it merits further discussion.

Fact-checking processes should be rigorous, incorporating both technological tools and human expertise to verify the accuracy of information. Transparency in the evaluation process is paramount. Moreover, mechanisms for appeals and corrections should be in place to address any inaccuracies or disputes effectively. Crucially, any efforts to combat misinformation must safeguard freedom of speech and expression. Censorship should be avoided, and legitimate dissent should be protected.

However, recent developments, such as the government's notification designating the Press Information Bureau (PIB) as the fact-checking unit (FCU), have faced legal challenges. The Supreme Court has stayed this notification pending a judgment from the Bombay High Court, indicating the need for careful consideration and alignment with legal principles in implementing such initiatives. I believe this emphasizes the necessity of entrusting the verification and classification of news as true or fake to an impartial entity, free from affiliations with any political party or interest group.

6.     The proposed Bill will work in coordination with the Digital Personal Data Protection Act, 2023, the National Data Governance Policy, and other notable legislations. Given the multifaceted nature of the internet, the activities of the regulatory body may inevitably interfere with areas of other regulatory authorities. How do you think this will be addressed? Further, would this leave the regulatory body with only limited and nominal powers?

The coordination between these legislations is crucial for ensuring comprehensive governance of the digital landscape. However, the multifaceted nature of the internet may indeed lead to potential overlaps and conflicts between regulatory bodies, raising concerns about the distribution of powers and potential limitations on their effectiveness.

To address these challenges, drawing parallels with existing regulatory bodies like the Narcotics Control Bureau (NCB), Enforcement Directorate (ED), National  and the Central Bureau of Investigation (CBI), which operate harmoniously despite having similar fields of jurisdiction, can offer valuable insights. These agencies often collaborate on cases, share information, and coordinate investigations to ensure efficient and effective enforcement of laws. Similarly, regulatory bodies in digital framework can adopt a cooperative approach, facilitating dialogue, information sharing, and joint initiatives to address overlapping areas of jurisdiction. By this the Digital India Act can leverage the collective expertise and resources to effectively address the complexities of the digital ecosystem while avoiding the dilution of powers or limitations on their effectiveness.

At this stage, I think it is premature to make any definitive statements. Clarity on the matter will emerge once these bodies become operational.

7.     The Bill categorizes intermediaries based on risk and size across sectors like e-commerce, AI, digital media, gaming, OTTs, SSMIs, etc. Some countries, like the EU with its Digital Services Act, use a 3-tier system, while Australia employs an 8-tier system. Do you believe transitioning from a 3-tier classification in the IT Act to an 8-tier classification of intermediaries in India's new bill is feasible?

Given that intermediaries often wear multiple hats in their operations, it's crucial to craft a solution that doesn't attempt to fit square pegs into round holes.  Recognizing the multifaceted functions of these intermediaries is crucial for multiple reasons such as, it clarifies their legal accountability for user-generated content and platform-provided services, and it acknowledges that the regulatory needs of different intermediary types may vary significantly. Such differentiation is essential for crafting law that is both precise and effective, aimed at mitigating specific risks and ensuring compliance within each unique category.

The new framework introduces a classification for intermediaries into three broad categories: those focused on infrastructure, content, and services, each subject to regulatory requirements and responsibilities. By sorting intermediaries by risk and scale, the system clearly separates varying degrees of duty and accountability. The legislation specifies added responsibilities for key intermediaries, including the appointment of a Regulatory Liaison Officer, establishing a physical address in India, and facilitating voluntary user account verification. It also aims to balance regulatory burdens, exempting smaller entities from stringent requirements, thus promoting level playing field.

Shifting from the IT Act's three-tier classification to a more detailed approach based on user interaction, content management, and service provision marks a progressive step for India. This shift is both practical and crucial for grappling with the complex functions that digital platforms now serve. Through this enhanced classification strategy, India seeks to apply law more adeptly, acknowledging the diverse risks and operational nuances of various digital service models.