#FactCheck- AI-Generated Video Falsely Linked to Iranian Attack on Amazon Data Center in Bahrain

Introduction
‍

The Ministry of Electronics and Information Technology (MEITy) released the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 on March 30, 2026, inviting public comments with a response window closing on April 14. This is a limited 15-day period for public input on proposed rules that will have major constitutional impacts. The brevity and timing of this opportunity demonstrate debatable commitment to stakeholder engagement and meaningful consultation by the drafting agency.

While MEITY describes the proposed amendments as "clarificatory and procedural nature," an analysis shows they will have substantive effects. Collectively, the amended language changes significantly how online speech will be regulated in India by providing the executive with more concentrated regulatory authority, limiting the required transparency of content enforcement, mandating greater retention of data without proportionality-based safeguards, and placing excessive compliance burden on intermediaries. Each of these changes has consequences beyond just changes in process and together, these changes collectively raise substantial concerns regarding compliance with Articles 14, 19, and 21 of the Constitution of India.

‍

The Constitutional Baseline: Shreya Singhal and the Limits of Intermediary Liability
‍

India’s Supreme Court decision in Shreya Singhal v Union of India (2015) 5 SCC 1 provides the foundation for intermediary liability, wherein the Court read down Section 79(3)(b) of the IT Act, 2000, holding that intermediaries are required to act upon receiving actual knowledge only through a court order or a valid notification by the appropriate government authority. The Supreme Court’s decision intended to provide a constitutional protection to intermediaries from being subjected to informal, unverified executive pressure to take down content by requiring that any such order be subject to some level of legal objective credibility or threshold.

‍

Rule 3(4) of the proposed amendments places that balance under significant strain. By requiring intermediaries to comply with advisories, directions, standard operating procedures, codes of practice, and guidelines issued by the Ministry — and tying non-compliance to the loss of safe harbour — the draft effectively lowers the constitutional threshold that Shreya Singhal was designed to maintain. Compliance obligations now potentially arise from instruments that carry no judicial sanction and no mandatory public disclosure.

‍

Rule 3(4): Delegated Legislation or Executive Overreach
‍

The rule-making power conferred on the Central Government under Section 87 of the IT Act is limited to carrying out the provisions of the Act. It does not authorise the creation of new substantive obligations. This principle has been consistently affirmed in Indian Express Newspapers v. Union of India (1985) 1 SCC 641 and Confederation of Ex-Servicemen Associations v. Union of India (2006) 8 SCC 399, where the Court held that delegated legislation must remain within the four corners of the parent statute.

Rule 3(4) tests those limits. It converts executive advisories into binding compliance instruments without a clear statutory foundation in either Section 79 or Section 87. Although the proposed rule requires that such instruments specify their legal basis, there is no requirement that they be published or made publicly accessible. This creates a framework in which legality risks becoming circular — instruments claimed to be lawful solely by reference to a provision that does not clearly authorise them, shielded from scrutiny by their own opacity. Justice Chandurkar’s judgment in Kunal Kamra v. Union of India identified precisely this defect in the Fact Check Unit amendment. Rule 3(4) replicates the structural problem in a broader form.

‍

Compliance Pressure and the Logic of Over-Censorship
‍

The practical consequence of Rule 3(4) lies not only in its legality but in how it reshapes incentive structures for platforms. An intermediary facing the permanent threat of safe harbour loss will not wait to assess the legal merit of each advisory. The rational calculation is to comply early, broadly, and without friction. Lawful content — particularly satire, political commentary, and journalism — becomes vulnerable not because it is unlawful, but because it presents regulatory risk.

This dynamic was visible on 18 March 2026, when stand-up comedian Pulkit Mani (@hunnywhoisfunny) found his satirical Instagram reel being restricted across India. The video had accumulated over 16.5 million views. Users encountered a notice citing Section 79(3)(b) of the IT Act. No reasons were publicly provided. No prior hearing was offered. The same night, several political parody and satire accounts were withheld on X. 

‍

Data Retention, Privacy, and the Proportionality Test
‍

The amendments to Rules 3(1)(g) and 3(1)(h) extend data retention obligations by making them additional to requirements under any other law. The existing 180-day floor for retained user data — covering removed content, registration information, and associated records — becomes a minimum rather than a ceiling. No maximum is specified, and no proportionality requirement accompanies the extension.

‍

This raises direct concerns under Article 21 as interpreted in Justice K.S. Puttaswamy v. Union of India (2017) 10 SCC 1, which held that any state intrusion into privacy must satisfy the triple test of legality, necessity, and proportionality. Undefined retention periods, with no statutory ceiling and no requirement of purpose limitation, risk failing all three. The longer user data is held, including metadata, device information, and records of removed content,  the greater the exposure to surveillance, unauthorised access, and use beyond the original justification.

‍

Circumventing Judicial Scrutiny Through Procedural Redesign
‍

The Bombay High Court, in its August 2021 order, stayed provisions of the IT Rules’ oversight mechanism as prima facie violative of Article 19(1)(a). The Madras High Court in T.M. Krishna v. Union of India affirmed that stay, cautioning that government-controlled media oversight risked undermining press independence. Both matters remain pending before the Delhi High Court.

The amendments to Rules 8(1) and 14 restructure the same oversight machinery through a modified procedural design. By extending the Inter-Departmental Committee’s jurisdiction to cover “matters” referred by the Ministry with no requirement of a complainant, no defined subject matter, and no guaranteed prior hearing, the proposed rules effectively reconstitute what courts found constitutionally suspect. Individual users posting news and current affairs content are now brought within reach of blocking mechanisms originally designed for institutional publishers.

‍

Conclusion
‍

As seen above, the Draft IT Rules 2026 are unable to meet the constitutional and judicial requirements to regulate free speech. What the proposed amendments construct is a durable system in which platforms self-censor under liability pressure, data is retained without proportionate justification, and content oversight expands through procedural adjustment rather than parliamentary legislation. Regulation of the digital public sphere is both legitimate and necessary. But it must be anchored in law, not in the quiet authority of executive advisories. The law must ultimately remain anchored in constitutional values, guided by the enduring principles of justice, equity, and good conscience.

‍

The comment period closes on 14 April 2026. 

Submissions may be sent to itrules.consultation@meity.gov.in.

‍

References
‍

1. https://www.meity.gov.in/static/uploads/2026/03/30591fc6e322dcbcc9dae84a0f02e9e7.pdf 
2. https://www.meity.gov.in/static/uploads/2026/03/a71a21d35c107f2e528363d3eb17646a.pdf 
3. https://www.meity.gov.in/static/uploads/2026/02/550681ab908f8afb135b0ad42816a1c9.pdf 
4. https://neopolitico.com/india/government-blocks-viral-satirical-reel-impersonating-pm-modi-raising-fresh-questions-on-free-speech-and-digital-regulation/
5. https://internetfreedom.in/sound-the-alarm-iffs-first-read-on-meitys-draft-it-rules-second-amendment-2026/ 

‍

Executive Summary:

‍The internet has become a hub for fraudsters, and a new fraudulent scheme has been circulating, stating a free 84-day recharge of ₹719 given by the Honourable Prime Minister Narendra Modi  in celebration of the BJP Government formation in 2024. This is yet another scam that uses tricks to lure the users, for instance by fake questionnaires, fake promises and the use of the Honourable Prime Minister Narendra Modi’s image to give a fake impression of legitimacy. The following blog post analyzes the scam and offers recommendations on how to recognize similar frauds and avoid them.

False Claim:

A viral link trending on various social media platforms states that Narendra Modi, the Honourable Prime Minister of India, is giving a free 84-day free recharge worth ₹719 to all users in India and this is an Election Bonus  in celebration of the BJP government formation in 2024.  The claim insists the users are required to click on the link (https://offerraj.in/Congress2024-Recharge/id=9jMiaeN1) and complete a questionnaire to get the offer.

‍

The Deceptive Scheme:

1. Mobile-Only Access:  The malicious link (https://offerraj.in/Congress2024-Recharge/id=9jMiaeN1) is designed to open only on mobile devices; this makes it easier for more people to be affected. 
2. Multiple Redirects: After clicking the link, the users are led through a sequence of other links in order to conceal the actual source of the deception, and probably a try of making it difficult to track the notorious activity.
3. Fake Comments & Images: First, the landing page contains a banner with the photo of India’s Honourable Prime-Minister Narendra Modi which gives the site’s visitors the impression of the official source. Also, fake comments can be made for the same reason, stating that the author has received a free recharge and supporting the so-called initiative.
4. Fake Prize Notifications: For instance, after responding to the questions in the questionnaire, users may be presented with messages such as ‘Congratulations, you have won a free recharge’; this further creates an impression of a genuine offer.
5. Social Sharing Requirement: To collect the so-called ‘prize’, the users are requested to share the link in the WhatsApp or other social networks, thus contributing to the spread of the scam.

‍

Analyzing the Fraudulent Campaign:

1. No Official Announcement: The internet and other social platforms are the only places where such an offer has been mentioned, and there is no official announcement from the Government or any other authorized body.
2. Multiple Redirects: After clicking the link, users are taken through multiple redirects to obfuscating the source of the deception and to trace the malicious activity. 
3. Suspicious Domain and Hosting: The campaign is hosted on a third-party domain (offerraj.in) instead of any official government website, raising suspicion about its authenticity.
4. Personal Data Collection: The questionnaire prompts users to provide personal information, which legitimate Government initiatives would not typically request through unofficial channels.
5. Insecure HTTP Link: The link provided is an insecure HTTP link, whereas legitimate government websites employ secure HTTPS encryption.

‍

Domain Analysis:

The actual url is hosted on a third party domain instead of the official website of the BJP or any Government website. This is the common way to deceive users into falling for a Phishing scam. Whois information reveals that the domain has been registered recently i.e on 28-03-2023 and the domain is registered with godaddy.com and state is from Rajasthan, India. Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

‍

• Domain Name: offerraj.in
• Registry Domain ID: D9483D0EB38264263958C9609D2DCEA70-IN
• Registrar WHOIS Server:
• Registrar URL: www.godaddy.com
• Updated Date: 2024-05-03T07:30:03Z
• Creation Date: 2023-03-28T04:33:12Z
• Registry Expiry Date: 2026-03-28T04:33:12Z
• Registrar: GoDaddy.com, LLC
• Registrar IANA ID: 146
• Registrant State/Province: Rajasthan
• Registrant Country: IN
• Name Server: johnathan.ns.cloudflare.com
• Name Server: braelyn.ns.cloudflare.com

‍

Similar offer surfing with different links: Several similar kind of offers through various links such as https://offerintro.com/BJP2024-Recharge/id=QYntPBDU,  https://mahaloot2.xyz, https://mahaloot3.xyz, https://pmoffer4.online,  are available in the social media. All these links are analysed and validated to be malicious or phishing links. 

CyberPeace Advisory and Best Practices:

‍

1. Stay Informed: Be aware of potential scams and rely on official government channels for verified information.
2. Verify Website Security: Do not click on links that have the ‘http’ at the beginning and focus on sites that have encryption (‘https’).
3. Protect Personal Information: Be careful when there is any request to send some type of personal information, especially if it is done through informal companies.
4. Report Suspicious Activity: When you notice that you have been scammed or a certain activity is fraudulent, ensure to report the incidents to the necessary authorities and the platforms to prevent others from being scammed.

‍

Conclusion: 

The claim of 84 day free recharge worth ₹719 to all users in India as an “Election Bonus”  is false and similar kinds of various links are consistently surfing through the internet. The deceptive practices employed in these kinds of links are insecure and it has multiple redirects to false promises which highlights the need for heightened awareness and caution among internet users.  In this digital world, it is important to stay informed, verify the authenticity of resources to protect personal information. Individuals can safeguard themselves against such fraudulent schemes and contribute to a safer online environment.

‍

Introduction

Data protection has been a critical aspect of advocacy and governance all across the world. Data fuels our cyber-ecosystem and strengthens the era of emerging technologies. All industries and sectors are now dependent upon the data of the user. The governments across the world have been deliberating internally to address the issue and legality of Data protection and privacy. The Indian government has witnessed various draft bills and policies focusing on Data protection over the years, and the contemporary bill is the Digital Personal Data Protection Bill, 2023, which was tabled at the Lok Sabha (Lower House of Parliament) on 03 August for discussions and parliamentary assent.

What is DPDP, 2023?

The goal of the complete and comprehensive Digital Personal Data Protection Bill of 2023 is to establish a framework for the protection of personal data in India. The measure acknowledges the significance of protecting personal data and seeks to strike a balance between the necessity to process personal data for legitimate purposes and the right of individuals to do so. The bill establishes a number of crucial expressions and ideas associated with the protection of personal data, including “data fiduciary,” “data principal,” and “sensitive personal data.” It also emphasises the duties of data fiduciaries, including the need to establish suitable security measures to preserve personal data and the need to secure data principals’ consent before processing their personal information. The measure also creates the Data Protection Board of India, which would implement its requirements and guarantee data fiduciaries’ compliance. The board will have the authority to look into grievances, give directives, and impose sanctions for non-compliance.

Key Features of the Bill

The bill tabled at the parliament has the following key features:

• The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.
• Under the 2023 bill, a new Data Protection Board is established, which will ensure compliance, remedies and penalties.
• Under the new bill, the Board has been entrusted with the power equivalent to a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.
• The 2023 bill also secures more rights of Individuals and establishes a balance between user protection and growing innovations.
• The bill creates a transparent and accountable data governance framework by giving more rights to individuals.
• There is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
• The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.
• The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.
• The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.
• Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’ pertaining to the conditions in regard to Sovernity and Intergrity of India.
• There is an introduction of the negative list, which restricts cross-data transfer.

Additionally, the measure makes special provisions for the processing of children’s personal data and acknowledges the significance of protecting children’s privacy. Additionally, it highlights the rights of the data subjects, including their right to access their personal information, their right to have wrong information corrected, and their right to be forgotten.

Drive4CyberPeace

A campaign was undertaken by CyberPeace to gain a critical understanding of what people understand about Data privacy and protection in India. The 4-month long campaign led to a pan-India interaction with netizens from different areas and backgrounds. The thoughts and opinions of the netizens were understood and collated in the form of a whitepaper which was, in turn, presented to Parliamentarians and government officials. The whitepaper laid the foundation of the recommendations submitted to the Ministry of Electronics and Information Technology as part of the stakeholder consultation.

Conclusion

Overall, the Digital Personal Data Protection Bill of 2023 is an important step towards safeguarding Indian citizens’ privacy and personal data. It creates a regulatory agency to guarantee compliance and enforcement and offers a thorough framework for data protection. The law includes special measures for the protection of sensitive personal data and the personal data of children and acknowledges the significance of striking a balance between the right to privacy and the necessity of data processing.