Filed by K.RAMANAMOORTHY SENIOR PANEL COUNSEL Standard Operating Procedure to curtail dissemination of Non-Consensual Intimate Imagery (NCII) content Under Clause (b) of sub-rule (2) of rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
Filed by K.RAMANAMOORTHY SENIOR PANEL COUNSEL
Standard Operating Procedure to curtail dissemination of Non-Consensual Intimate
Imagery (NCII) content
Under Clause (b) of sub-rule (2) of rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
Ministry of Electronics & Information Technology
October 2025
1. Introduction:
a. The present SoP has been put in place, in line with the directions of the Hon’ble High Court of Judicature at Madras, in WP 25017/2025 wherein the Hon’ble Court, vide order dated 15.07.2025, directed the Ministry of Electronics and Information Technology to “provide a prototype as to what a victim girl must do when faced with situations of dissemination of NCII content”.
b. This document, constituting a standard operating procedure (SoP), (i) provides guidance and procedure to be followed by an individual for curbing dissemination of their NCII content in cyber space and (ii) endeavours to ensure consistent and effective implementation of clause (b) sub rule (2) of rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereinafter referred to as the IT Rules, 2021), by the intermediaries. Following information/ activities/ content as detailed in clause (b) sub rule (2) of rule 3 of IT Rules, 2021, shall be removed by the intermediary from its platform when a request from an individual or an authorised representative or an appropriate government or its agency is received:
i. Content which is prima facie in the nature of any material which exposes the private area of such individual,
ii. Content that shows such individual in full or partial nudity, iii. Content that shows or depicts such individual in any sexual act or conduct or iv. such artificially morphed images of such individual .
c. The intermediaries shall remove/disable access to the flagged content:
A. Upon receiving intimation under section 79(3)(b) read with rules 3(1)(d), from an appropriate government or its agency as being reproduced herein below:
79. Exemption from liability of intermediary in certain cases
(1) Notwithstanding anything contained in any other law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.
(2) The provisions of sub-section (1) shall apply if —
(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or
(b) the intermediary does not —
(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;
(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.
(3) The provisions of sub-section (1) shall not apply if—
(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act;
(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
Explanation.—For the purpose of this section, the expression “third party information” means any information dealt with by an intermediary in his capacity as an intermediary
Extracts of rule 3(1)(d) of the IT Rules 2021:
An intermediary, on whose computer resource the information is stored, hosted or published, upon receiving actual knowledge in the form of an order by a court of competent jurisdiction or on being notified by the Appropriate Government or its agency under clause (b) of sub-section (3) of section 79 of the Act, shall not host, store or publish any unlawful information, which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court; defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force:
Provided that any notification made by the Appropriate Government or its agency in relation to any information which is prohibited under any law for the time being in force shall be issued by an authorised agency, as may be notified by the Appropriate Government:
Provided further that if any such information is hosted, stored or published, the intermediary shall remove or disable access to that information, as early as possible, but in no case later than thirty-six hours from the receipt of the court order or on being notified by the Appropriate Government or its agency, as the case may be:
Provided also that the removal or disabling of access to any information, data or communication link within the categories of information specified under this clause, under clause (b) on a voluntary basis, or on the basis of grievances received under sub-rule (2) by such intermediary, shall not amount to a violation of the conditions of clauses (a) or (b) of sub-section (2) of section 79 of the Act;
B. Upon receiving intimation from an individual under the Grievance redressal mechanism of intermediary as per rule 3(2)(b) and 3(2)(c) of the IT rules 2021 as being reproduced herein below:
Extracts of rule 3(2)(b) and 3(2)(c) of the IT Rules 2021:
(b) The intermediary shall, within twenty-four hours from the receipt of a complaint made by an individual or any person on his behalf under this sub-rule, in relation to any content which is prima facie in the nature of any material which exposes the private area of such individual, shows such individual in full or partial nudity or shows or depicts such individual in any sexual act or conduct, or is in the nature of impersonation in an electronic form, including artificially morphed images of such individual, take all reasonable and practicable measures to remove or disable access to such content which is hosted, stored, published or transmitted by it:
(c) The intermediary shall implement a mechanism for the receipt of complaints under clause (b) of this sub-rule which may enable the individual or person to provide details, as may be necessary, in relation to such content or communication link.
d. The scope of this SoP does not cover any content related to a third person, which may be considered obscene or otherwise unlawful.
Disclaimer:
(a)This document lays out a standard operating procedure/guidelines for takedown of content under clause (b) of sub-rule (2) of rule 3 of the IT Rules, 2021, as a supporting document and does not seek to replace, amend or alter any part of the IT Rules, 2021 and in no manner should be considered as part of the IT Rules, 2021.
(b) This SoP is an evolving document and hence the versions of this document may undergo change. It is requested that the concerned stakeholders verify the latest version on MeitY website and ensure that the latest version is used at any given time.
2. Purpose of the SoP:
The SoP provides guidance and procedure for an individual seeking to request an intermediary or an appropriate government or its agency, either directly or through a duly authorised person or entity or appropriate government or its agency, for removal or disabling access of any information, data or communication link residing on the platform of the intermediary, which violates the privacy of the individual as detailed in para 1(b) of this SoP and as prescribed in;
a. Information Technology Act, 2000 including Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
b. The Indecent Representation of Women (Prohibition) Act, 1986;
c. Bhartiya Nyaya Sanhita, 2023.
3. Guidelines for individuals requesting NCII content removal:
An individual may approach any of the following/adopt any of the following methods to report their grievance for removal of their NCII content [as described in 1(b) of this SoP]:
One Stop Centres (OSCs):
Reporting:
The affected individual (a female victim) or any person/entity/government agency, on her behalf may report the dissemination / circulation / availability of her NCII content to the nearest One Stop Centre (OSC) falling under the aegis of Ministry of Women and Child Development[1].
Action to be taken by OSCs:
The OSCs, upon receipt of such grievance from an individual:
a. Shall provide assistance with the NCRP portal, to the individual (National Cybercrime Reporting Portal accessible at “www.cybercrime.gov.in”);

b. May provide legal and/or psychological counselling to the individual, if requested by the individual;
c. May provide assistance with filing of complaint with the LEAs (law enforcement agencies / police station) of appropriate jurisdiction, if requested by the individual;
d. May assist the individual to get legal assistance through District Legal Service Authority (DLSA) or empanelled lawyers, if requested by the individual.
Approach Intermediaries:
Reporting:
a. Individual or any person/entity/appropriate government or its agency on their behalf, can approach the concerned intermediary / website to remove the content either through their user reporting channel/ by contacting the concerned Grievance Officer [appointed by the intermediary in compliance of clause (a) sub rule (2) of Rule 3 of IT Rules, 2021] as per the details available on their website/App or by clicking the abuse/report button in the website / App or through the Trusted Content Flaggers onboarded by the intermediary.
b. Additionally, individual may also report to the particular intermediary through NCRP
(National Cyber Crime Reporting Portal) platform through an integrated link :
https://cybercrime.gov.in/Webform/report_abuse_social_media.aspx
c. In case the complainant receives no response from the Grievance Officer of the Intermediary within the stipulated time or is dissatisfied with the resolution offered by the Grievance Officer, the complainant may appeal before the Grievance Appellate Committee (GAC) established under Rule 3A of the IT Rules 2021 against such decision or their failure to act within applicable timelines. The URL for filing the appeal is “www.gac.gov.in”.
Action to be taken by Intermediaries:
The intermediaries shall align their community guidelines (and similar terms and conditions forming part of the contracts entered in with the users) as per the provisions of the IT Rules, 2021.
Upon receipt of such grievance (as mentioned above) from an individual;
a. The intermediaries shall remove/disable access to the content within 24 hours of reporting by the individual, as prescribed in clause (b) sub rule (2) of Rule 3 of IT Rules, 2021, for violation of their community guidelines and shall also acknowledge the same to the complainant.
b. SSMIs shall deploy crawler technology/other similar technology to identify the hashes collated with the reported NCII content and shall takedown similar content as soon as possible in other URLs/sources, for prevention of further uploads of such identified
NCII content, as prescribed in sub-rule (4) of rule 4 of the IT Rules, 2021
c. The hashes so collated shall also be communicated to I4C through the Sahyog Portal (if onboarded) for creation and maintenance of secure hash banks, to prevent resurfacing of the flagged content.
d. Intermediaries shall periodically inform the individual about the removal of the flagged content as well as the resurfaced content.
e. Intermediaries, which are in the nature of search engines, shall also de-index any such content from the search results.
f. The intermediaries, in case of content posted on other websites, shall immediately report the same to I4C through Sahyog Portal if onboarded, for immediate action and also intimate the same to the individual.
g. The content delivery networks (CDNs) and Domain Name Registrars (DNRs) shall render the flagged content inaccessible, either by deregistering the website hosting the flagged content or by directing the website owner to remove the content from the source, as early as possible but not beyond 24 hours.
h. The CDNs and DNRs shall also ensure that the content if uploaded through different URLs, be rendered inaccessible, within 24 hours of detection by them or brought to their notice by the individual or authorized Government agency or entity or LEAs.
National Cybercrime Reporting Portal (NCRP):
Reporting:
Individual may report through the National Cyber Crime reporting Portal (NCRP) under the aegis of I4C (MHA), either through the online mode (at www.cybercrime.gov.in) or by dialling 1930.
Action to be taken:
a. Standard Operating Procedure for the National Cyber Crime Reporting Portal details the procedure for handling ‘NCII’ complaints including initiation of investigation and expedited removal of such content.
b. In case of content circulating on social media, the same can be actioned through issuance of notices to expeditiously remove or disable access to that material under clause (b) of sub-section (3) of section 79 of the Information Technology Act, 2000 r/w clause (d) of sub-rule (1) of Rule 3 (of IT Rules, 2021, for removal of the flagged content as soon as possible but not beyond 24 hours, as prescribed in clause (b) sub rule (2) of Rule 3 of IT Rules, 2021.
c. Content (other than that hosted upon social media platforms) may be actioned through intimation to DoT (Department of Telecommunications, Ministry of Communications) for appropriate action.
Law Enforcement Agencies (LEAs) / Police Station:
Reporting:
Individual may file a complaint with the local law enforcement agencies ie the local police station.
Action to be taken:
a. The LEAs shall immediately report the flagged content on NCRP and also through
Sahyog Portal and intimate the same to the individual;
b. The LEAs may register the complaint of the individual, if requested by the individual and initiate appropriate legal action;
c. The LEAs may assist the individual in connecting with the nearest One Stop Centre (OSC), if requested by the individual for psychological counselling and/or legal assistance.
General Coordination & Follow-up:
a. I4C, MHA through the NCRP shall act as the aggregation point, for all NCII content removal requests/grievances received from OSCs, LEAs and those directly reported to NCRP.
b. I4C, MHA shall also act as the aggregation point for the secure NCII hash bank to be created and maintained in conjunction with inputs from intermediaries.
c. DoT shall coordinate with the internet service providers to block the access to the flagged URLs/links, based upon the reference received from the appropriate Government or its agency/LEAs/I4C.
d. MeitY (Ministry of Electronics and Information Communication Technology) shall coordinate with the intermediaries along with other stakeholders, for compliance in a timely manner.
*****
- [1] The contact details of OSCs are available on Mission Shakti Portal developed by Ministry of Women and Child Development, available at https://missionshakti.wcd.gov.in/statisticsOsc
