#FactCheck-Fake Claim Links White House Dinner Shooting Suspect to ‘Indian Wife’; Viral Images Likely AI-Generated

Introduction
‍

The Ministry of Electronics and Information Technology (MEITy) released the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 on March 30, 2026, inviting public comments with a response window closing on April 14. This is a limited 15-day period for public input on proposed rules that will have major constitutional impacts. The brevity and timing of this opportunity demonstrate debatable commitment to stakeholder engagement and meaningful consultation by the drafting agency.

While MEITY describes the proposed amendments as "clarificatory and procedural nature," an analysis shows they will have substantive effects. Collectively, the amended language changes significantly how online speech will be regulated in India by providing the executive with more concentrated regulatory authority, limiting the required transparency of content enforcement, mandating greater retention of data without proportionality-based safeguards, and placing excessive compliance burden on intermediaries. Each of these changes has consequences beyond just changes in process and together, these changes collectively raise substantial concerns regarding compliance with Articles 14, 19, and 21 of the Constitution of India.

‍

The Constitutional Baseline: Shreya Singhal and the Limits of Intermediary Liability
‍

India’s Supreme Court decision in Shreya Singhal v Union of India (2015) 5 SCC 1 provides the foundation for intermediary liability, wherein the Court read down Section 79(3)(b) of the IT Act, 2000, holding that intermediaries are required to act upon receiving actual knowledge only through a court order or a valid notification by the appropriate government authority. The Supreme Court’s decision intended to provide a constitutional protection to intermediaries from being subjected to informal, unverified executive pressure to take down content by requiring that any such order be subject to some level of legal objective credibility or threshold.

‍

Rule 3(4) of the proposed amendments places that balance under significant strain. By requiring intermediaries to comply with advisories, directions, standard operating procedures, codes of practice, and guidelines issued by the Ministry — and tying non-compliance to the loss of safe harbour — the draft effectively lowers the constitutional threshold that Shreya Singhal was designed to maintain. Compliance obligations now potentially arise from instruments that carry no judicial sanction and no mandatory public disclosure.

‍

Rule 3(4): Delegated Legislation or Executive Overreach
‍

The rule-making power conferred on the Central Government under Section 87 of the IT Act is limited to carrying out the provisions of the Act. It does not authorise the creation of new substantive obligations. This principle has been consistently affirmed in Indian Express Newspapers v. Union of India (1985) 1 SCC 641 and Confederation of Ex-Servicemen Associations v. Union of India (2006) 8 SCC 399, where the Court held that delegated legislation must remain within the four corners of the parent statute.

Rule 3(4) tests those limits. It converts executive advisories into binding compliance instruments without a clear statutory foundation in either Section 79 or Section 87. Although the proposed rule requires that such instruments specify their legal basis, there is no requirement that they be published or made publicly accessible. This creates a framework in which legality risks becoming circular — instruments claimed to be lawful solely by reference to a provision that does not clearly authorise them, shielded from scrutiny by their own opacity. Justice Chandurkar’s judgment in Kunal Kamra v. Union of India identified precisely this defect in the Fact Check Unit amendment. Rule 3(4) replicates the structural problem in a broader form.

‍

Compliance Pressure and the Logic of Over-Censorship
‍

The practical consequence of Rule 3(4) lies not only in its legality but in how it reshapes incentive structures for platforms. An intermediary facing the permanent threat of safe harbour loss will not wait to assess the legal merit of each advisory. The rational calculation is to comply early, broadly, and without friction. Lawful content — particularly satire, political commentary, and journalism — becomes vulnerable not because it is unlawful, but because it presents regulatory risk.

This dynamic was visible on 18 March 2026, when stand-up comedian Pulkit Mani (@hunnywhoisfunny) found his satirical Instagram reel being restricted across India. The video had accumulated over 16.5 million views. Users encountered a notice citing Section 79(3)(b) of the IT Act. No reasons were publicly provided. No prior hearing was offered. The same night, several political parody and satire accounts were withheld on X. 

‍

Data Retention, Privacy, and the Proportionality Test
‍

The amendments to Rules 3(1)(g) and 3(1)(h) extend data retention obligations by making them additional to requirements under any other law. The existing 180-day floor for retained user data — covering removed content, registration information, and associated records — becomes a minimum rather than a ceiling. No maximum is specified, and no proportionality requirement accompanies the extension.

‍

This raises direct concerns under Article 21 as interpreted in Justice K.S. Puttaswamy v. Union of India (2017) 10 SCC 1, which held that any state intrusion into privacy must satisfy the triple test of legality, necessity, and proportionality. Undefined retention periods, with no statutory ceiling and no requirement of purpose limitation, risk failing all three. The longer user data is held, including metadata, device information, and records of removed content,  the greater the exposure to surveillance, unauthorised access, and use beyond the original justification.

‍

Circumventing Judicial Scrutiny Through Procedural Redesign
‍

The Bombay High Court, in its August 2021 order, stayed provisions of the IT Rules’ oversight mechanism as prima facie violative of Article 19(1)(a). The Madras High Court in T.M. Krishna v. Union of India affirmed that stay, cautioning that government-controlled media oversight risked undermining press independence. Both matters remain pending before the Delhi High Court.

The amendments to Rules 8(1) and 14 restructure the same oversight machinery through a modified procedural design. By extending the Inter-Departmental Committee’s jurisdiction to cover “matters” referred by the Ministry with no requirement of a complainant, no defined subject matter, and no guaranteed prior hearing, the proposed rules effectively reconstitute what courts found constitutionally suspect. Individual users posting news and current affairs content are now brought within reach of blocking mechanisms originally designed for institutional publishers.

‍

Conclusion
‍

As seen above, the Draft IT Rules 2026 are unable to meet the constitutional and judicial requirements to regulate free speech. What the proposed amendments construct is a durable system in which platforms self-censor under liability pressure, data is retained without proportionate justification, and content oversight expands through procedural adjustment rather than parliamentary legislation. Regulation of the digital public sphere is both legitimate and necessary. But it must be anchored in law, not in the quiet authority of executive advisories. The law must ultimately remain anchored in constitutional values, guided by the enduring principles of justice, equity, and good conscience.

‍

The comment period closes on 14 April 2026. 

Submissions may be sent to itrules.consultation@meity.gov.in.

‍

References
‍

1. https://www.meity.gov.in/static/uploads/2026/03/30591fc6e322dcbcc9dae84a0f02e9e7.pdf 
2. https://www.meity.gov.in/static/uploads/2026/03/a71a21d35c107f2e528363d3eb17646a.pdf 
3. https://www.meity.gov.in/static/uploads/2026/02/550681ab908f8afb135b0ad42816a1c9.pdf 
4. https://neopolitico.com/india/government-blocks-viral-satirical-reel-impersonating-pm-modi-raising-fresh-questions-on-free-speech-and-digital-regulation/
5. https://internetfreedom.in/sound-the-alarm-iffs-first-read-on-meitys-draft-it-rules-second-amendment-2026/ 

‍

Executive Summary:

This report deals with a recent cyberthreat that took the form of a fake message carrying a title of India Post which is one of the country’s top postal services. The scam alerts recipients to the failure of a delivery due to incomplete address information and requests that they click on a link (http://iydc[.]in/u/5c0c5939f) to confirm their address. Privacy of the victims is compromised as they are led through a deceitful process, thereby putting their data at risk and compromising their security. It is highly recommended that users exercise caution and should not click on suspicious hyperlinks or messages.

False Claim:

The fraudsters send an SMS stating the status of delivery of an India Mail package which could not be delivered due to incomplete address information. They provide a deadline of 12 hours for recipients to confirm their address by clicking on the given link (http://iydc[.]in/u/5c0c5939f). This misleading message seeks to fool people into disclosing personal information or compromising the security of their device. 

‍

‍

The Deceptive Journey:

• First Contact: The SMS is sent and is claimed to be from India Post, informs users that due to incomplete address information the package could not be delivered.

• Recipients are then expected to take action by clicking on the given link (http://iydc[.]in/u/5c0c5939f) to update the address. The message creates a panic within the recipient as they have only 12 hours to confirm their address on the suspicious link.

• Click the Link: Inquiring or worried recipients click on the link.

• User Data: When the link is clicked, it is suspected to  launch possible remote scripts in the background and collect personal information from users.

• Device Compromise: Occasionally, the website might also try to infect the device with malware or take advantage of security flaws.

The Analysis:

• Phishing Technique: The scam allures its victims with a phishing technique and poses itself as the India Post Team, telling the recipients to click on a suspicious link to confirm the address as the delivery package can’t be delivered due to incomplete address. 
• Fake Website Creation: Victims are redirected to a fraudulent website when they click on the link (http://iydc[.]in/u/5c0c5939f) to update their address.
• Background Scripts: Scripts performing malicious operations such as stealing the visitor information, distributing viruses are suspected to be running in the background. This script can make use of any vulnerability in the device/browser of the user to extract more info or harm the system security.
• Risk of Data Theft: This type of fraud has the potential to steal the data involved because it lures the victims into giving their personal details by creating fake urgency. The threat actors  can use it for various illegal purposes such as financial fraud, identity theft and other criminal purposes in future.
• Domain Analysis: The iydc.in domain was registered on the 5th of April, 2024, just a short time ago. Most of the fraud domains that are put up quickly and utilized in criminal activities are usually registered in a short time.
• Registrar: GoDaddy.com, LLC, a reputable registrar, through which  the domain is registered. 
• DNS: Chase.ns.cloudflare.com and delilah.ns.cloudflare.com are the name servers used by Cloudflare to manage domain name resolution. 
• Registrant: Apart from the fact that it is in Thailand, not much is known about the registrant probably because of using the privacy reduction plugins. 

• Domain Name: iydc.in
• Registry Domain ID: DB3669B210FB24236BF5CF33E4FEA57E9-IN
• Registrar URL: www.godaddy.com
• Registrar: GoDaddy.com, LLC
• Registrar IANA ID: 146
• Updated Date: 2024-04-10T02:37:06Z
• Creation Date: 2024-04-05T02:37:05Z (Registered in very recent time)
• Registry Expiry Date: 2025-04-05T02:37:05Z
• Registrant State/Province: errww
• Registrant Country: TH (Thailand)
• Name Server: delilah.ns.cloudflare.com
• Name Server: chase.ns.cloudflare.com

Note: Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open the messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never reveal sensitive data such as your login credentials and banking details to entities where you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• Verify the authenticity of alluring offers before taking any action.
  

Conclusion:

The India Post delivery scam is an example of fraudulent activity that uses the name of trusted postal services to trick people. The campaign is initiated by using deceptive texts and fake websites that will trick the recipients into giving out their personal information which can later be used for identity theft, financial losses or device security compromise. Technical analysis shows the sophisticated tactics used by fraudsters through various techniques such as phishing, data harvesting scripts and the creation of fraudulent domains with less registration history etc.  While encountering such messages, it's important to verify their authenticity from official sources and take proactive measures to protect both your personal information and devices from cyber threats. People can reduce the risk of falling for online scams by staying informed and following cybersecurity best practices.

‍

Overview of the India-UK Joint Tech Security Initiative

India and the UK have been deepening their technological and security ties through various initiatives and agreements. One of the key developments in this partnership is the India-UK Joint Tech Security Initiative, which focuses on enhancing collaboration in areas like cybersecurity, artificial intelligence (AI),telecommunications, and critical technologies. Building upon the bilateral cooperation agenda set out in the India-UK Roadmap 2030, which seeks to bolster cooperation across various sectors, including trade, climate change, antidefense, the UK and India launched the Joint Tech Security Initiative (TSI) on July 24, 2024. This initiative will priorities collaboration in critical and emerging technologies across priority sectors. Coordinating with the national security agencies of both countries, the TSI will set priority areas and identify interdependencies for cooperation on critical and emerging technologies. This, in turn, will help build meaningful technology value chain partnerships between India & the UK.

The TSI will be coordinated by the National Security Advisors (NSAs) of both countries through existing and new dialogues. The NSAswill set priority areas and identify interdependencies for cooperation on critical and emerging tech, helping build meaningful technology value chain partnerships between the two countries. Progress made on the initiative will be reviewed on a half-yearly basis at the Deputy NSA level. A bilateral mechanism will be established led by India's Ministry of External Affairs and the UK government for promotion of trade in critical and emerging technologies, including resolution of relevant licensing or regulatory issues. Both countries view this TSI as a platform and a strong signal of intent to build and grow sustainable and tangible partnerships across priority tech sectors. They will explore how to build a deeper strategic partnership between UK and Indian research and technology centres and Incubators, enhance cooperation across UK and India tech and innovation ecosystems, and create a channel for industry and academia to help shape the TSI.

The UK and India are launching new bilateral initiatives to expand and deepen their technology security partnership. These initiatives will focus on various domains, including telecoms, critical minerals, semiconductors, and energy security.

In telecoms, the UK and India will build a new Future Telecoms Partnership, focusing on joint research on future telecoms, open RAN systems, testbed linkups, telecoms security, spectrum innovation, software and systems architecture. This will include collaboration between UK's SONIC Labs, India's Centre for Development of Telematics (C-DOT), and Dot's Telecoms Startup Mission.

In critical minerals, the UK and India will expand their collaboration on critical minerals, working together to improve supply chain resilience, explore possible research and development and technology partnerships along the complete critical minerals value chain, and share best practices on ESG standards. They will establish a roadmap for cooperation and establish a UK-India ‘critical minerals’ community of academics, innovators, and industry.

Key Areas of Collaboration:

• Strengthening cybersecurity defense and enhancing resilience through joint cybersecurity exercises and information-sharing and developing common standards and best practices while collaborating with their respective organisations, ie, CERT-In and NCSC.
• Promotion of ethical AI development and deployment with AI ethics guidelines and frameworks, and efforts encouraging academic collaborations. Support for new partnerships between UK and Indian research organizations alongside existing joint programmes using AI to tackle global challenges.
• Building secure and resilient telecom infrastructure with a focus on security and exchange of expertise and regulatory cooperation. Collaboration on Open Radio Access Networks tech to name as an example.
• Critical and emerging technologies development by advancing research and innovation in the quantum, semiconductors and biotechnology niches. Promoting and investing in tech startups and innovation ecosystems. Engaging in policy dialogues on tech governance and standards.
• Digital economy and trade facilitation to promote economic growth by enhancing frameworks and agreements for it. Collaborating on digital payment systems and fintech solutions and most importantly promoting data protection and privacy standards.

Outlook and Impact on the Industry

The initiative sets out a new approach for how the UK and India work together on the defining technologies of this decade. These include areas such as telecoms, critical minerals, AI, quantum, health/biotechnology, advanced materials and semiconductors. While the initiative looks promising, several challenges need to be addressed such as the need to put robust regulatory frameworks in place, and develop a balanced approach for data privacy and information exchange in the cross-border data flows. It is imperative to install mechanisms that ensure that intellectual property is protected while the facilitation of technology transfer is not hampered. Above all, geopolitical risks need to be navigated in a manner that the tensions are reduced and a stable partnership grows. The Initiative builds on a series of partnerships between India and the UK, as well as between industry and academia.  Abilateral mechanism, led by India’s Ministry of External Affairs and the UK government, will promote trade in critical and emerging technologies, including the resolution of relevant licensing or regulatory issues.

Conclusion

This initiative, at its core, will drive forward a bilateral partnership that is framed on boosting economic growth and deepening cooperation across key issues including trade, technology, education, culture and climate.  By combining their strengths, the UK and India are poised to create a robust framework for technological innovation and security that could serve as a model for international cooperation in tech.

References

• https://www.hindustantimes.com/india-news/india-uk-launch-joint-tech-security-initiative-101721876539784.html
• https://www.gov.uk/government/publications/uk-india-technology-security-initiative-factsheet/uk-india-technology-security-initiative-factsheet
• https://www.business-standard.com/economy/news/india-uk-unveil-futuristic-technology-security-initiative-to-seal-fta-soon-124072500014_1.htm
• https://bharatshakti.in/india-uk-technology-security-initiative/