Non-consensual intimate imagery (NCII), often known as revenge porn, is a major breach of individual digital privacy, autonomy and dignity. Following a direction from the Madras High Court, the Ministry of Electronics and Information Technology (MeitY) issued a standard operating procedure (SOP) in October 2025. This aims to streamline, clarify and institutionalise the obligations of intermediaries under the Information Technology Act, 2000 (act) and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (rules).
Aman Avinav
Partner
Phoenix Legal
The SOP sets out a structured mechanism to rapidly remove NCII, strengthen victims’ redress and standardise the conduct of intermediaries. The safe-harbour provision of section 79 of the act removes intermediaries’ liability for third-party content, provided they exercise due diligence and expeditiously remove unlawful material after discovering it. Rule 3(1)(d) of the rules requires unlawful content to be taken down within 36 hours of a judicial or governmental direction. More importantly, rule 3(2)(b) imposes a standalone, victim-centric obligation on intermediaries to remove, within 24 hours of a complaint, content that exposes private areas, depicts nudity or sexual conduct or consists of morphed intimate imagery. The SOP is a uniform, enforceable process that reduces inconsistencies of interpretation and procedural delays.
The SOP imposes time-bound duties on all intermediaries. They must restrict access to NCII content within 24 hours of a complaint from the affected person or their authorised representative. This recognises the harm caused by the continued online circulation of NCII. Significant social media intermediaries (SSMI) have additional obligations. They must use automated tools, including crawler technology and perceptual hash-matching, to detect and eliminate reloads or near-identical iterations of known NCII. Such hashes must be transmitted to the Indian Cybercrime Co-ordination Centre, or I4C, for inclusion in a centralised, secure national repository.
The SOP applies to search engines, content delivery networks (CDN) and domain name registrars (DNR). Search engines are required to remove NCII content, limiting public availability. CDNs and DNRs must, in turn, restrict access to or deregister domains hosting such content.
These measures underline the government’s targeting of NCIIs, both at the point of consumption and also at infrastructural nodes where systemic intervention might be necessary to prevent persistent circulation. Co-ordinating the work of the Department of Telecommunications, I4C and the MeitY builds a cohesive, multi-agency enforcement ecosystem.
The SOP aims to protect victims. It provides several channels through which individuals may seek redress, regardless of their technological proficiency or social circumstances. Victims may contact intermediaries directly, complain through the National Cybercrime Reporting Portal or seek help from the One Stop Centres supported by the Ministry of Women and Child Development. Inadequate or delayed responses by intermediaries may be referred to the Grievance Appellate Committee, which reviews the decisions of grievance officers and orders compliance.
Despite its merits, the SOP raises significant questions. Requiring SSMIs to use automated tools to identify similar content may lead to excessive removal. Automated systems, particularly those relying on inference-based detection rather than exact hash matching, may generate false positives. This may lead to lawful expression, including journalistic content, artistic works and contextually legitimate imagery, being suppressed.
The SOP lacks procedural safeguards. In the absence of verification of complainants’ identities, intermediaries may comply with malicious or fraudulent takedown demands. Although rapid takedown is vital, evidence must be preserved. The loss of logs, metadata and transactional information may impede criminal investigations and frustrate prosecutions.
The SOP is a significant and timely response to digital malpractices. It increases victims’ access to remedies. However, to preserve fundamental rights and control automated governance, implementation must be cautious, accountable and subject to oversight.
Aman Avinav is a partner at Phoenix Legal
Phoenix Legal
Phoenix House,
254, Okhla Industrial Estate
Phase III, New Delhi – 110 020,
India
Vaswani Mansion, 3/F
120 Dinshaw Vachha Road,
Churchgate
Mumbai – 400 020
India
Contact details:
T: +91 11 4983 0000,
+91 11 4983 0099
+91 22 4340 8500
E: delhi@phoenixlegal.in | mumbai@phoenixlegal.in
