SDG 16: Peace, Justice, and Strong Institutions | SDG 5: Gender Equality

Institutions: Ministry of Electronics & Information Technology (MeitY) | Ministry of Home Affairs (MHA) | Ministry of Women and Child Development (MWCD)

The Ministry of Electronics & Information Technology (MeitY) has released a Standard Operating Procedure (SOP NCII vers.1) to ensure the consistent and effective implementation of the 24-hour content takedown mandate under Clause (b) of sub-rule (2) of Rule 3 of the IT Rules, 2021. The SOP was developed in response to a directive from the Madras High Court. It provides a step-by-step guide for victims and a procedural framework for law enforcement and intermediaries.

The SOP establishes a multi-agency, multi-channel reporting system to curb the dissemination of Non-Consensual Intimate Imagery (NCII), which includes images showing full/partial nudity, sexual acts, or artificially morphed images (deepfakes) of the individual.

I. Core Takedown Mandate and Accountability:

• 24-Hour Rule: Intermediaries shall remove or disable access to the flagged content within 24 hours of receiving a complaint from the affected individual or an authorized person.

• Anti-Resurfacing & Hash Bank: Significant Social Media Intermediaries (SSMIs) shall deploy crawler technology to identify and takedown similar content in other URLs/sources. The collated hashes are communicated to I4C, MHA, which acts as the central aggregation point for the secure NCII hash bank to prevent content resurfacing.

• Domain Responsibility: Content Delivery Networks (CDNs) and Domain Name Registrars (DNRs) must also render the flagged content inaccessible within 24 hours.

II. Integrated Reporting Channels for Individuals:

An affected individual can use any of four primary channels:

• Intermediaries: Direct complaint to the Grievance Officer, with the right to appeal non-resolution to the Grievance Appellate Committee (GAC).

• National Cybercrime Reporting Portal (NCRP): Reporting online at www.cybercrime.gov.in or by dialling 1930.

• One Stop Centres (OSCs): OSCs (under MWCD) provide support with NCRP filing, legal assistance (DLSA), and psychological counseling.

• Law Enforcement Agencies (LEAs)/Police: LEAs must immediately report the content on NCRP and can register a complaint for legal action.

This SOP institutionalizes a “whole-of-government” response to NCII and deepfakes, linking the Ministry of Electronics and IT (regulation) with the Ministry of Home Affairs (I4C/NCRP enforcement) and the Ministry of Women and Child Development (victim support/OSCs). By making hash bank collaboration mandatory for SSMIs, the policy introduces a technical measure to achieve proactive, systemic content neutralization, ensuring that the digital space is safe, secure, and accountable.

The Anti-Resurfacing and Hash Bank mechanism is a critical technical safeguard mandated by the IT Rules, 2021, designed to stop the endless re-uploading of illegal content after a victim reports it. When a victim successfully reports Non-Consensual Intimate Imagery (NCII), Significant Social Media Intermediaries (SSMIs) are required to generate a unique digital fingerprint, or “hash,” of that content. These hashes are then aggregated and maintained in a secure NCII hash bank by the I4C (Indian Cybercrime Coordination Centre) under the Ministry of Home Affairs, utilizing the Sahyog Portal. SSMIs must deploy crawler technology to cross-reference all new uploads against this secure hash bank, enabling them to automatically identify and takedown similar content across all their platforms, often before it even becomes widely disseminated³. This process ensures systemic neutralization, preventing the content from resurfacing and mitigating harm to the victim.

Follow the full update here: Standard Operating Procedure to curtail dissemination of Non-Consensual Intimate Imagery (NCII) content - MeitY