MHA Issues 290 Daily Takedown Notices for Online Content
Introduction
India's digital governance architecture is expanding rapidly — and controversially. The MHA now issues ~290 content takedown notices per day, while cyber incidents have surged to a five-year high — exposing a paradox where the state aggressively regulates digital speech yet struggles to secure digital infrastructure.
"The shield will not apply if platforms fail to take down content despite being flagged by government authorities." — Section 79(3)(b), IT Act, 2000
| Indicator | Figure |
|---|---|
| MHA takedown notices (daily average) | ~290 |
| Total content blocked (by March 2025) | 1,11,185 |
| CERT-In incidents (2025) | 29.44 lakh |
| CERT-In incidents (2024) | 20.41 lakh |
| Year-on-year increase | ~44% |
| Highest incident region | Delhi (NCT) |
Background and Context
Key Legal Framework:
| Provision | What It Does |
|---|---|
| IT Act Section 79(1) | Grants intermediaries (social media platforms) safe harbour — shields them from liability for user-generated content |
| IT Act Section 79(3)(b) | Removes safe harbour if platform fails to act on government takedown notices |
| IT Act Section 70B | Establishes CERT-In as national cybersecurity incident response agency |
| IT (Intermediary Guidelines) Rules, 2021 | Mandates takedown within 3 hours of court order or government notice |
Timeline of Key Developments:
- March 13, 2024: I4C designated as MHA's agency to issue notices under Section 79(3)(b).
- 2024–25: 1,11,185 content pieces blocked; ~290 notices/day average.
- 2025: Karnataka High Court dismisses X's challenge to Section 79(3)(b) and the Sahyog portal.
- 2025: CERT-In records 29.44 lakh cyber incidents — highest ever.
Key Concepts
The Safe Harbour Doctrine: Section 79(1) of the IT Act mirrors global intermediary liability frameworks — platforms are not publishers and therefore not liable for what users post. This incentivises open platforms and protects free expression. Section 79(3)(b) creates the conditionality: safe harbour is contingent on compliance with government takedown notices. This gives the government significant leverage over platform content moderation decisions.
The Sahyog Portal: A centralised platform that enables police across all states to send takedown notices to social media intermediaries through a common interface — dramatically scaling the government's content removal capacity. Its creation transformed what was once a slow, case-by-case process into a high-volume, automated pipeline of ~290 daily notices.
I4C — Indian Cyber Crime Coordination Centre: Established under MHA; functions as the nodal agency for cybercrime coordination across states and union territories. Its designation to issue Section 79(3)(b) notices centralises content removal authority within the home ministry's security apparatus.
CERT-In: The Indian Computer Emergency Response Team under MeitY — India's national agency for cybersecurity incident tracking, response, and coordination. Operates under Section 70B of the IT Act.
Data: Cybersecurity Incidents (CERT-In)
| Year | Cyber Incidents Reported |
|---|---|
| 2021 | Data not specified |
| 2022 | Data not specified |
| 2023 | Data not specified |
| 2024 | 20.41 lakh |
| 2025 | 29.44 lakh (highest ever) |
- Highest concentration: National Capital Territory of Delhi
- Year-on-year increase (2024→2025): ~44%
Implications and Challenges
1. Free Speech and Accountability Concerns: The MHA's takedown power raises significant civil liberties questions. Notably, nearly one-third of the 66 takedown notices sent to X by I4C sought removal of content about Union Ministers and Central government agencies — raising concerns about the use of security-framed powers to suppress political criticism.
The absence of a mandatory public disclosure requirement for takedown notices (unlike court orders) means the volume, nature, and targets of content removal remain largely opaque to the public and Parliament.
2. Platform Compliance vs. Resistance: X (formerly Twitter) challenged both Section 79(3)(b) and the Sahyog portal in the Karnataka High Court — the petition was dismissed in 2025. This legal battle reflects the global tension between platform autonomy and state regulatory authority over digital speech.
The 3-hour compliance window for takedowns is among the shortest globally — leaving platforms minimal time for independent review of notice validity.
3. Cybersecurity Governance Gap: The sharp rise in cyber incidents (29.44 lakh in 2025) points to a growing offensive–defensive asymmetry: India's digital footprint is expanding faster than its cybersecurity capacity. With Delhi as the highest-incident region, critical government infrastructure and financial systems face elevated risk.
4. Jurisdictional Overlap: Both MHA (I4C) and MeitY have content takedown powers — alongside courts. Multiple agencies issuing notices through different channels risks inconsistency, duplication, and accountability diffusion.
Comparison: Content Moderation Frameworks
| Parameter | India (IT Act) | EU (Digital Services Act) | USA (Section 230) |
|---|---|---|---|
| Safe harbour | Yes (Section 79) | Yes (with conditions) | Yes (broad) |
| Govt takedown power | Yes — MHA, MeitY, courts | Judicial/regulatory oversight required | No direct govt takedown power |
| Transparency requirement | Limited | Mandatory public reporting | Voluntary |
| Compliance window | 3 hours | Varies | N/A |
| Platform challenge rights | Limited | Stronger | Strong |
Conclusion
India's digital governance framework is evolving rapidly — but unevenly. The MHA's content takedown architecture has scaled effectively as a security instrument, yet the absence of robust transparency, independent oversight, and proportionality safeguards risks converting a legitimate security tool into an instrument of political control. Simultaneously, the surge in cyber incidents — 29.44 lakh in 2025 — reveals that while the state is aggressively regulating digital speech, it is struggling to protect digital infrastructure. India needs a dual-track approach: stronger, transparent, judicially accountable content governance on one hand, and significantly enhanced cybersecurity capacity — funding, skilled personnel, and inter-agency coordination — on the other. Digital sovereignty must mean both a safe internet and a free one.
Attribution
Original content sources and authors
Syllabus classification
How this article maps to GS papers
Main syllabus
GS3Communication NetworksQuick Q&A
What is Section 79 of the Information Technology Act, 2000, and how does it regulate intermediary liability in India?
Conditional Immunity: However, this protection is not absolute. Section 79(3)(b) withdraws immunity if intermediaries fail to remove or disable access to unlawful content after receiving actual knowledge through a court order or government notification. The recent empowerment of the Ministry of Home Affairs (MHA) and the Indian Cyber Crime Coordination Centre (I4C) to issue takedown notices strengthens this enforcement mechanism.
Operational Implications: For instance, intermediaries are required to act within three hours of receiving such orders. This creates a compliance-heavy environment where platforms must quickly assess and remove flagged content. While this ensures faster response to harmful content, it also raises concerns about over-censorship and due process, making Section 79 a critical tool in balancing digital governance and freedom of expression.
Why has the rise in government-issued takedown notices become a significant issue in India’s digital governance framework?
Balancing Security and Freedom: On one hand, such measures are justified to curb cybercrime, fake news, and threats to national security. For example, coordinated misinformation campaigns or content inciting violence require swift removal. On the other hand, concerns arise regarding freedom of speech under Article 19(1)(a), especially when a substantial portion of notices reportedly target content related to government authorities.
Broader Implications: This trend raises questions about transparency, accountability, and potential misuse of power. The lack of clear public disclosure on the nature of content being removed can undermine trust in digital governance. Thus, the issue is significant as it lies at the intersection of national security, democratic rights, and platform accountability.
How does the institutional framework involving MHA, I4C, and CERT-In function in addressing cyber threats and online content regulation?
Functional Mechanism:
- I4C: Acts as a nodal body to coordinate cybercrime investigations and issue content removal notices via platforms like the Sahyog portal
- CERT-In: Tracks, analyses, and responds to cybersecurity incidents such as hacking, phishing, and malware attacks
- Intermediaries: Required to comply with takedown requests within strict timelines
Illustrative Example: The sharp rise to 29.44 lakh cyber incidents in 2025 highlights the growing threat landscape. In such a scenario, coordination between CERT-In’s threat intelligence and I4C’s enforcement powers becomes crucial.
Challenges: Despite this framework, issues like overlapping jurisdictions, lack of coordination, and limited technical capacity persist. Strengthening inter-agency collaboration and ensuring accountability are essential for effective cyber governance.
What factors explain the sharp rise in cyber security incidents in India in recent years?
Key Contributing Factors:
- Weak Cyber Hygiene: Lack of awareness among users about secure practices
- Advanced Threat Actors: Rise of sophisticated cybercriminal networks and state-sponsored attacks
- Inadequate Infrastructure: Limited investment in cybersecurity systems across public and private sectors
Case Illustration: The data showing 29.44 lakh incidents in 2025, with Delhi reporting the highest numbers, reflects both higher digital activity and vulnerability in urban centres.
Implications: The surge in cyber incidents necessitates stronger institutional capacity, public awareness, and international cooperation. Without addressing these factors, India risks compromising its digital economy and national security.
Critically analyze the implications of empowering government agencies to issue direct takedown notices for online content.
Concerns and Risks: However, this power raises concerns about overreach and lack of transparency. The absence of robust oversight mechanisms may lead to arbitrary or excessive censorship. For instance, reports indicating that a significant portion of notices target content about government entities raise questions about potential misuse for political purposes.
Balancing Approach: A balanced framework should include judicial oversight, clear guidelines, and transparency reports to ensure accountability. Additionally, intermediaries should have the ability to challenge questionable orders.
Conclusion: While such powers are necessary for maintaining digital order and security, they must be exercised within a framework that safeguards fundamental rights and democratic values.
Examine the legal challenge by social media platform X against takedown provisions as a case study in platform-state relations.
Court’s موقف: The Karnataka High Court rejected the petition, upholding the government’s authority to issue takedown notices. The judgment reinforced the principle that intermediary immunity is conditional and subject to compliance with lawful orders.
Key Insights:
- State Sovereignty: Governments retain the right to regulate digital spaces for security and public order
- Platform Responsibility: Intermediaries must act as responsible gatekeepers
- Regulatory Tensions: Conflicts arise when global platforms operate within national legal frameworks
Broader Implications: This case illustrates the evolving nature of digital constitutionalism, where courts must balance innovation, free speech, and state control. It highlights the need for harmonised global norms and domestic legal clarity in regulating digital platforms.
Practice questions
1 question for mains preparation