Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
The Indian social media landscape, the offence taxonomy across cyberbullying, grooming, stalking, fake accounts, NCII, sextortion and romance scams, the deepfake era from the Rashmika Mandanna case onwards, and the IT Act, BNS, POCSO and Intermediary Guidelines 2021 frame that prosecutes each.
Social media is the single largest crime surface in Indian cyber investigations. The I4C portal at cybercrime.gov.in tags Meta, X and WhatsApp content in a majority of registered complaints across financial fraud, sexual offences and harassment categories. The forensic problem is not access to content; victims usually arrive with screenshots already taken. The forensic problem is taxonomy, statutory matching and evidentiary qualification: deciding which offence the conduct fits, which provision of the IT Act 2000 and BNS 2023 to invoke, and how to qualify the platform-side records under BSA Section 63 once they arrive on subpoena.
This topic walks the Indian social media landscape platform-by-platform, the recurring categories of social media crime with the IT Act and BNS provisions that prosecute each, the emerging deepfake and AI-voice-clone vector that dominates 2024 and 2025 case load, and the regulatory frame set by the Intermediary Guidelines 2021 and the DPDP Act 2023. The companion topic on evidence collection across API, direct, indirect and OSINT methods covers the acquisition side; this one covers the offence side and the statutory matching.
Eleven platforms, four threat classes, one regulatory frame.
The Indian social media stack is broader than the western Meta plus X picture. The examiner has to recognise platform-specific affordances because the offence pattern follows the affordance.
| Platform | Indian footprint | Forensic notes | Recurring offence pattern |
|---|---|---|---|
| Facebook (Meta) | Largest installed base, 350M+ users | Graph API, Law Enforcement Request System | Defamation, fake account, romance scam, communal hate speech |
| Instagram (Meta) | Stories, Reels, DMs, dominant 18-30 cohort | Same Meta LERS workflow as Facebook | NCII, sextortion, grooming, cyberbullying |
| WhatsApp (Meta) | End-to-end encrypted, 535M+ users | Provider holds metadata; content is local to device | Misinformation virality, mob-violence trigger, scam links |
| X (formerly Twitter) | Public discourse, journalists, politicians | X v2 API, Premium edit history visible 60 minutes | Defamation, communal hate speech, impersonation, deepfakes |
Five conduct classes, the IT Act and BNS provisions that prosecute each.
Indian prosecution of social media offences runs through a small set of provisions. The examiner has to match the conduct to the statute before drafting the report.
| Conduct | Primary provision | Companion provision | Indian case anchor |
|---|---|---|---|
| Cyberbullying / criminal intimidation | BNS Section 351 (criminal intimidation, was IPC 503/506) | BNS Section 75 (sexual harassment) when sexualised | Shreya Singhal v Union of India (2015) struck down IT Act 66A |
| Cyberstalking | BNS Section 78 (stalking, both physical and electronic) | IT Act Section 66E (privacy violation) for image-based stalking | State of Maharashtra v Yogesh Pandurang Prabhu (2017) |
| Defamation | BNS Section 354 (defamation, was IPC 499/500) | IT Act Section 66 if joined with computer-resource damage | Subramanian Swamy v Union of India (2016) upheld criminal defamation |
| Hate speech / communal incitement | BNS Section 196 (was IPC 153A), Section 299 (was IPC 295A), Section 302 (was IPC 505) |
Where IT Act Sections 67, 67A and 67B meet POCSO and BNS.
The sexual-offence side of social media crime runs through three IT Act sections plus the POCSO Act 2012 plus BNS sexual-offence provisions. The matching has to be precise because penalties differ sharply.
| Conduct | Statutory match | Penalty |
|---|---|---|
| Publishing obscene material in electronic form | IT Act Section 67 | First conviction: up to 3 years and Rs 5 lakh; subsequent: up to 5 years and Rs 10 lakh |
| Publishing sexually explicit material (adult) | IT Act Section 67A | First conviction: up to 5 years and Rs 10 lakh; subsequent: up to 7 years and Rs 10 lakh |
| Child sexual exploitation material (CSAM) | IT Act Section 67B + POCSO Sections 13-15 | Up to 5 years and Rs 10 lakh (first); aggravated POCSO 14 carries higher |
| Online sexual offence against a child (grooming, solicitation) | POCSO Act 2012 Section 11 (sexual harassment) read with IT Act 67B, post-2019 amendment | Up to 3 years; aggravated forms up to 5 |
| Voyeurism / image-based privacy violation | IT Act Section 66E + BNS Section 77 (voyeurism) |
The identity-fraud surface and the AI-generated content era.
Identity-side offences on social media split into three patterns: fake accounts that impersonate a real person, identity theft that uses stolen credentials of a real account, and AI-generated imagery that creates the appearance of a person who has not consented.
What the platform owes, what the State can compel, where the litigation sits.
The Intermediary Guidelines 2021 (formally the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021) replaced the 2011 rules and set the operational obligations for every intermediary serving users in India. The rules apply across three tiers: ordinary intermediaries, significant social media intermediaries (SSMI, more than 50 lakh users) and digital news / OTT publishers (covered by Part III of the rules, separately litigated).
| Obligation | Applies to | Source | Compliance mechanic |
|---|---|---|---|
| Privacy policy and user agreement | All intermediaries | Rule 3(1)(a)-(c) | Published in 22 scheduled languages, includes prohibited content list |
| Grievance redressal in 15 days | All intermediaries | Rule 3(2) | Acknowledge in 24 hours, resolve in 15 days, faster for sexual-content complaints (72 hours) |
| Chief Compliance Officer (CCO) | SSMI only | Rule 4(1)(a) | Resident in India, key managerial personnel, personally liable for compliance |
| Nodal Contact Person |
How the typical Indian social media FIR moves.
The complaint-to-charge-sheet pipeline for an Indian social media offence is reasonably standardised across states. The investigating officer's job is to capture the evidence quickly (platform retention is short on metadata for some categories) and to qualify it under BSA Section 63 before trial.
Which Indian provision was struck down by the Supreme Court in Shreya Singhal v Union of India (2015), making it dead law for cyberbullying prosecutions?
| YouTube (Google) | Long-form video, comments are the abuse surface | Google LERS, Content ID metadata | Defamation in shorts, deepfake hosting, child-safety violations |
| Snapchat | Disappearing media, Snap Map | Server retention is short; speed of preservation matters | Grooming, sextortion, location exposure |
| Professional, recruiter pretext | Static profile, public posts, InMail | Pretexting, fake-recruiter scams, corporate phishing |
| ShareChat / Moj / Koo | Regional language, tier-2 and tier-3 | Indian-incorporated, faster subpoena response | Communal hate speech, misinformation in regional languages |
| Threads (Meta) | Newer text platform, linked to Instagram | Meta LERS, content interoperable with Instagram | Defamation, harassment spillover from Instagram |
| TikTok | Banned in India since June 2020 (MEITY order under Section 69A) | Historical content may still arise in older cases | Pre-ban grooming and NCII cases still in trial |
The security surface across these platforms reduces to four recurring threat classes. Account takeover via credential stuffing exploits password reuse from leak databases (HaveIBeenPwned style breach corpora). OAuth abuse uses 'log in with Google' or 'log in with Facebook' to harvest scope-granted data through a malicious third-party app. Fake login pages clone the legitimate auth flow at a typo-squat domain and capture the credential plus the SMS OTP. Session hijacking lifts the platform cookie from a seized device or via a phishing kit such as Evilginx2 that proxies the legitimate site.
The regulator-side anchor for the entire stack is the Intermediary Guidelines 2021. Significant social media intermediaries (more than 50 lakh users) must appoint a Chief Compliance Officer, a Nodal Contact Person available 24x7 and a Resident Grievance Officer, all resident in India. The Grievance Appellate Committee, notified in 2022, hears appeals against grievance-officer decisions and binds the intermediary. The I4C portal at cybercrime.gov.in is the citizen-side complaint channel that often originates the FIR.
| IT Act Section 69A blocking order; Section 79 takedown |
| Amish Devgan v Union of India (2020) |
| Mob lynching trigger via misinformation | BNS Section 197 (acts prejudicial to national integration) | BNSS Section 173 zero-FIR registration | Tehseen Poonawalla v Union of India (2018) |
A note that recurs in every NFSU and Indian forensic-science curriculum stem on this topic. IT Act Section 66A, which previously criminalised 'grossly offensive' or 'menacing' messages sent through a communication device, was struck down as unconstitutional by the Supreme Court in Shreya Singhal v Union of India in March 2015. The provision is dead law. Any FIR that lists Section 66A as a head of charge is defective. The conduct that 66A used to cover has shifted to BNS 351 (criminal intimidation), BNS 75 (sexual harassment) and BNS 78 (stalking).
Defamation on social media now sits under BNS Section 354 (the successor to IPC 499 and 500). The constitutional validity of criminal defamation was upheld in Subramanian Swamy v Union of India (2016), so prosecution under BNS 354 remains available alongside the civil suit. The platform-side angle is takedown: the aggrieved person can serve a Rule 3(1)(d) notice on the intermediary's Resident Grievance Officer; non-compliance lets the complainant approach the Grievance Appellate Committee and, if still unresolved, the courts.
Hate speech and communal incitement have a layered prosecution path. The substantive offence sits in BNS Section 196 (promoting enmity between groups), Section 299 (deliberate insult to religion) and Section 302 (statements conducing to public mischief). The IT Act side adds Section 69A blocking orders (the central government can direct an intermediary to block specific URLs in the interest of sovereignty, public order or decency) and Section 79 takedown on actual knowledge.
| Up to 3 years and Rs 2 lakh (66E); aggravated forms higher |
| NCII / revenge porn | IT Act Section 67A + BNS Section 75 / 78 / 354 | Up to 5 years (67A); BNS heads compound the sentence |
Online grooming is the predator behaviour pattern of building trust with a minor through staged contact, sexualised conversation, request for images and eventual coercion or meeting. The 2019 amendment to the POCSO Act explicitly recognised online sexual offences, plugging the gap that earlier required physical proximity. IT Act Section 67B criminalises the production, transmission and possession of material depicting children in a sexually explicit act, plus the cultivation of online relationships with a child for sexual purposes. The two statutes are charged in tandem.
NCII (non-consensual intimate images) is the umbrella for revenge porn, morphed sexual imagery and leaked private content. The leading case is State of West Bengal v Animesh Boxi (2018), in which the Calcutta sessions court convicted the accused under IT Act 67 and 67A read with IPC 354A/C/D for uploading his former partner's intimate images and personal details to multiple sites. The court treated the digital evidence under the then-Section 65B IEA (now BSA Section 63) and accepted screenshots, hashes and the certificate.
Sextortion is the composite offence that stacks grooming, NCII threat and cheating. The pattern: an attacker posing as an attractive contact on Instagram or Facebook initiates contact, persuades the victim into a recorded video call (or supplies one via deepfake), screen-records, then threatens publication unless paid. Prosecution stacks IT Act 67A (sexual material), IT Act 66D (cheating by personation), BNS Section 308 (extortion, was IPC 383) and BNS Section 351 (criminal intimidation). The I4C portal categorises sextortion as its single largest complaint volume in the cyber-financial subcategory for 2024 and 2025.
The Rashmika Mandanna case in November 2023 is the reference deepfake prosecution in India. A deepfake video of the actor was posted on X and Instagram. The Delhi Police Special Cell registered an FIR under IT Act Sections 66E (privacy violation) and 66D (cheating by personation) read with BNS Section 354 (defamation). The Intermediary Guidelines 2021 obligations were invoked to require takedown by the platforms within the statutory window. The case prompted the MEITY advisory of November 7, 2023 directing intermediaries to identify and remove deepfake content within 24 hours of a complaint.
Sock puppet operations and coordinated inauthentic behaviour are the platform-side terms for fake-account networks running misinformation. The reference history is the 2016 Macedonian fake-news farms that targeted the US election; the Indian application sits in regional-language misinformation farms that target elections, communal events and corporate reputations. The forensic pivot is the cluster signature: shared registration emails, shared connecting IPs, common timestamps of posting bursts, repeated wording across accounts. Maltego, Hunchly and OSINT Framework are the workhorses for cluster mapping (the evidence collection topic covers the toolset).
| SSMI only |
| Rule 4(1)(b) |
| 24x7 coordination with law enforcement |
| Resident Grievance Officer (RGO) | SSMI only | Rule 4(1)(c) | Resident in India, handles user grievances |
| Traceability of first originator | SSMI providing messaging | Rule 4(2) | On competent-authority order, identify originator; WhatsApp v Union of India pending in Delhi HC |
| Voluntary user verification | SSMI | Rule 4(7) | Optional verification badge, user-side opt-in |
| Monthly compliance report | SSMI | Rule 4(1)(d) | Publish content removed and complaints handled |
The traceability rule, Rule 4(2), is the most litigated. It requires significant social media intermediaries that provide messaging services to enable identification of the first originator of information on a competent-authority order under Section 69 of the IT Act or for offences carrying punishment of five years or more. WhatsApp filed WhatsApp LLC v Union of India in the Delhi High Court arguing the rule breaks end-to-end encryption and violates Article 19(1)(a) and Article 21 (privacy after Puttaswamy). The case sits pending; the rule remains in force.
The DPDP Act 2023 (Digital Personal Data Protection Act) overlays the entire stack. Social media intermediaries are 'data fiduciaries' processing personal data of 'data principals'; they must take verifiable parental consent for processing data of users under 18 (Section 9), grant the right to correction and erasure (Section 12), notify breaches to the Data Protection Board (Section 8(6)), and face penalties under the schedule (up to Rs 250 crore for significant violations). The DPDP intersects with social media offence prosecution where a fake account or NCII upload also involves unlawful processing of personal data.
The Section 79 safe harbour interacts with all of the above. The intermediary retains protection from liability for third-party content only if it observes the Intermediary Guidelines due diligence (Rule 3) and removes content on actual knowledge (a court order, a government notification, or after a Rule 3(1)(d) complaint that the intermediary has accepted). The Shreya Singhal judgement read down Section 79(3)(b) to require a court order or notification, narrowing the takedown standard. The 2021 rules expanded the categories of actionable content (Rule 3(1)(d)) while preserving the Shreya Singhal reading-down. The combined result: ordinary takedown notices from a private complainant do not strip the safe harbour; a court order or government notification does.
The cross-link for the substantive evidentiary frame sits with Bharatiya Sakshya Adhiniyam 2023 Section 63, which governs how the social-media record gets admitted at trial once acquired.
A practical detail that recurs in trial: the FIR's section selection must avoid 66A (struck down) and must distinguish 66C (identity theft) from 66D (cheating by personation). Section 66C punishes the dishonest or fraudulent use of another person's electronic signature, password or unique identification feature. Section 66D punishes cheating by personation by using a computer resource or communication device. The two are often charged together (a fake account that also defrauds), but the distinct elements have to be pleaded separately.
The Rashmika Mandanna FIR template is a useful reference for deepfake charge sheets. The Delhi Police Special Cell registered under IT Act 66E and 66D plus BNS 354. The preservation request to Meta and X was made within 48 hours of the FIR. The platforms' Resident Grievance Officers actioned takedown within the MEITY-advisory 24-hour window. The Section 63 certificate was signed over the preserved video file with SHA-256 hash. The trial is pending but the procedural template held.
The Bharatiya Sakshya Adhiniyam Section 63 cross-link covers the certificate format; the cyber crime taxonomy and IT Act 2000 topic covers the substantive offence catalogue.