TechTicker 79: A ban to protect exams

One of the things we keep a close track of at Ikigai Law, is how governments respond to complex problems — it tells us a lot about what risks they’re weighing, and which tools they reach for first.

In June, the paper leak crisis plaguing the National Eligibility cum Entrance Test (NEET), India’s national medical entrance exam, brought out an unexpected policy response from the government. Telegram, a messaging app used by 100 million+ users, was temporarily banned, to prevent misinformation, cheating, fraud and further leaks. This month’s Deep-dive analyzes that policy response, and the precedent it may create going forward.

You will see a common thread through many of this Ticker’s stories. Our IT Ministry, the Ministry of Electronics and Information Technology (MeitY) is scrutinising WhatsApp’s new username feature, Meta has been asked to explain how child sexual abuse material (CSAM) advertisements bypassed its review systems, and governments around the world continue to debate restrictions on children’s access to social media.

When digital products create newer risks, where should the responsibility lie? The regulators are increasingly exploring emerging risks at the level of product design and platform architecture.

Deep-dive

India pulls the plug on Telegram  

India blocked Telegram last month. Not a channel or a group, but the entire application. It was temporary, for six days. And, while Telegram challenged the ban – the Delhi High Court upheld it.

What was the whole uproar about? 

In the weeks before 21 June, Telegram was at the centre of a coordinated fraud operation. Channels were openly selling purported question papers and demanding lakhs of rupees from candidates and their families. MeitY flagged them and Telegram took some down. The content resurfaced, faster than the takedowns could follow. The loop had been running since May.

To understand why this escalated so fast: NEET is the single gateway to every undergraduate medical seat in the country. The 21 June date was already a re-examination, ordered after the original exam was cancelled amid a paper-leak controversy. On June 16, five days before the exam, MeitY and the National Testing Agency (NTA) wanted to take swift action.

MeitY directed the entire platform to remain blocked until 22 June. And it went beyond the block, it directed Telegram to disable its message-editing feature entirely until 30 June. Telegram’s editing feature retains the original timestamp when a message is changed. Content can be made to appear as though it predated an event when it did not, exactly the kind of manufactured evidence useful for fake paper leaks.

The judgement that upheld the ban

Telegram challenged the block in the Delhi High Court, but the Court upheld the ban.

The judgment works through three questions: (i) whether Section 69A allows blocking an entire app at all (and not just specific content), (ii) whether exam fraud can threaten public order enough to trigger it, and (iii) whether Telegram’s specific product architecture made a platform-level block proportionate. The court answered in the affirmative to all three.

a)   a) Telegram, you are the “information” 

How did the court justify blocking an entire app? 

Section 69A of the Information Technology Act (IT Act) only applies on specific grounds - sovereignty, national security, public order, among others. Here, the government invoked public order. But that still left the question on the table, that is, does the power extend to blocking an entire app, or just the specific  content on it? 

The court’s answer lay in the definition of “information” itself.  Section 69A  of the IT Act empowers the government to block “information” generated, transmitted, received, stored or hosted in any “computer resource.”  Section 2(1)(v) of the IT Act defines “information” to include, among others computer programmes and software. As per the court, an application is a computer programme designed to perform functions for an end user. Telegram is an application. Which means Telegram itself is “information” within the meaning of the IT Act, not just the content that flows through it. 

Telegram contested this. It argued that Section 69A only lets the government block specific content, like posts and channels, not an entire platform. The court disagreed and stated that interpreting the law in such a narrow manner would defeat its purpose. The intent was always broader, broad enough to cover an application itself, and not merely the content which is hosted on it.

b)   b) Can exam fraud threaten public order?

The court said yes. The interests of approximately 2.2 million candidates taking the exam was paramount, and any potential disruption had to be averted. The court agreed with the IT Ministry’s blocking order which noted that any non-action would have affected examination integrity and potentially led to a serious public order situation. The court said that the blocking order clearly articulated the reasons grounded in law and did not suffer from any non-application of mind (as Telegram had argued).

c) You are not like other platforms

While adjudicating whether a temporary ban was a proportionate response, the court looked at Telegram’s product design.

As per the court, unlike other conventional platforms, Telegram is entirely cloud-based, its architecture conducive to amplification and mass dissemination of content. It hosts an extensive bot ecosystem that facilitates automated dissemination without human intervention. It runs on usernames instead of phone numbers, enabling concealment of user identifiers. And when a channel comes down, the subscriber base does not cease to exist. The court notes that Telegram’s architecture allows for fast-paced creation of mirror channels to which existing subscribers are redirected.

These were not treated as incidental quirks but as the reason government’s conventional takedowns were failing. Interventions like the reporting and removal of channels, groups, bots, and accounts were ineffective and inadequate. This, as per the court, justified the block as well as restricting the message editing feature temporarily. It was the least restrictive means available for achieving the legitimate objective.

So what does this mean for the future of tech regulation

Until now, the government has predominantly relied on content level restrictions. URLs, channels, specific videos, accounts or posts were taken down or blocked. This judgement sets the precedent by which government may expand its regulatory toolkit. Given the right circumstances, the government can direct the blocking of an entire platform—provided the statutory grounds are met, the measure is proportionate, and less restrictive alternatives have proved ineffective.

The court’s willingness to examine Telegram’s product design while assessing proportionality may have set the tone for future cases, where a platform’s design and architecture can be a target of regulation.

That approach is already beginning to surface. The government’s recent intervention on WhatsApp’s proposed username feature, for instance, focuses not on any unlawful content but on whether a product feature could facilitate fraud and impersonation. Telegram is facing another regulatory intervention, with the Ministry of Information & Broadcasting (MIB) issuing it a notice, asking the platform to take stronger action against the easy availability of pirated content. This will be a regulatory trend to watch out for in the future.

II. Connecting the dots

WhatsApp’s username feature runs into MeitY, days after launch announcement

On June 29, WhatsApp announced a feature letting users reserve a unique username and use it instead of their phone number to be found and contacted on the app — there’s no public directory, and a contact still needs the exact username to reach someone for the first time. Shortly after the announcement, MeitY issued a notice to WhatsApp’s chief compliance officer, directing it to hold off the launch in India pending consultation. Meta was initially given three days to respond but the IT Ministry has now extended the deadline to 9 July.

MeitY’s concern? Replacing phone-number verification with usernames could make it easier for bad actors carry out fraudulent activities, phishing, digital-arrest scams, and impersonation, without ever surfacing a traceable number. Following WhatsApp’s announcement, the government also sent notices to Telegram and Signal to explain the username feature, and their platform’s existing safeguards to prevent misuse.

Meta has not publicly responded to the notice yet. It has published an FAQ explaining its features. The FAQ clarifies that the feature has not yet been rolled out, and that there are protections in place to avoid fraudulent activities. Critics  argue  that this is a disproportionate response, and claim that this is a new kind of “license raj”, emerging in the context of software. Some argue that this is necessary for a feature that impacts 600 million+ Indians, and that Meta should not be allowed to consolidate or lock a user's “identity”.

Credits: Utkarsh Gupta

Meta’s ad review approved ads selling child abuse videos, the government wants answers.

Meta’s Instagram automated ad review system, now almost entirely AI-run after Meta cut its human reviewers earlier this year, has reportedly approved paid advertisements in India promoting CSAM content. The ads linked users to Telegram channels selling videos for as little as INR 99. Meta took the ads down and suspended the accounts after BBC came back for an official comment.

MeitY sent a notice ordering Meta to disable all CSAM content immediately and gave it seven days to explain how the ads cleared their review process. It is the second government action against Meta in a week, following the WhatsApp username notice.

III. From the courtroom to your inbox

·   Your name, your search result, your choice: In a landmark ruling covering 31 petitions, the Delhi High Court has directed Google and other search engines to de-index name-based results linking individuals to acquittals, settled disputes, or purely private matters. Indian Kanoon — the widely-used legal database — has been directed to restrict name-based search for the same records, while keeping cases accessible by citation or case number. The court was careful to note that de-indexing is not erasure - judicial records remain intact and retrievable by those with a “legitimate purpose”. What changes is that a casual name search can no longer surface damaging records indiscriminately. India lacks a statutory right to be forgotten, but the judgment grounds it firmly in the constitutional right to privacy under Article 21. MEITY has been asked to ensure compliance and file an affidavit. The Supreme Court is separately examining whether entire judgments can be removed from Indian Kanoon — a tougher question the Delhi ruling sidestepped. 

·    A satirical party, a blocked account, and what Section 69A can do: The Cockroach Janta Party (CJP), a recent satirical online political movement that exploded in popularity after the Chief Justice of India compared unemployed youth to “cockroaches” — had its X account withheld in India on 21 May, weeks after accumulating 20 million+ Instagram followers. MeitY acted under Section 69A of the IT Act, citing national security concerns. The Delhi High Court declined to restore the account immediately and instead directed the government's Review Committee to take up the matter. On 7 July, the Delhi High Court to restored the account after the government stated it had no objections to its restoration.

IV. Global Tech Stories

From ban to blueprint: how countries are approaching children safety online

The momentum on child online safety is gaining traction world over. On 29 May, G7 digital and technology ministers reached their first-ever agreement on common principles for protecting minors online, covering age assurance, safety-by-design, recommender systems, AI-generated CSAM, and digital literacy. The principles are non-binding — they are a political commitment, not enforceable law — but the convergence is worth noting. It signals that the largest economies are moving toward shared vocabulary, if not yet shared rules.

On ground, execution varies from country to country. Malaysia began enforcing a ban on under-16 children registering on social media on 1 June, backed by its Online Safety Act 2025 and a Child Protection Code that imposes legal obligations on platforms to verify age. Japan is moving more cautiously: a government expert panel has proposed stricter age verification and default content filters for minors, without proposing a blanket ban. The draft goes to public consultation before being finalized in summer 2026 — reflecting both low public support for an outright ban (only 38% of Japanese parents back one) and lessons from Australia, where research suggests around 60% of children under 16 still access social media post-ban.

UK gives tech companies an ultimatum on child nudity

The UK government has given Apple, Google, and other tech companies three months to deploy features that block children from taking, sharing, or receiving nude images on their devices. If they don’t act voluntarily, the Home Office has said it will legislate — and any future law would include fines and possibly criminal liability for tech executives.

Speaking at London Tech Week, former Prime Minister Keir Starmer framed it as a moral responsibility, not just a regulatory one. The government cited Internet Watch Foundation data showing that 91% of child sexual abuse reports in 2024 involved self-generated content.

The proposal has provoked pushback from encrypted messaging platform Signal, which warned that mandatory age verification and on-device content scanning would build a surveillance infrastructure that could far outlast its stated purpose. The tension between protecting children and preserving private communications isn't new — but the UK’s explicit ultimatum, backed by a legislative intervention, makes it one of the sharper confrontations between government and platforms so far.

V. Reading reccos

  •      The Guardian has a thoughtful piece on whether ethicists being hired in AI companies can help, and what their role is.
  •       Rest of World looks at how India is approaching building AI tools differently from the West.
  •      Owen Bennett in the TechPolicy Press writes about the idea of a presumptive social media ban, an alternative to the hard ban imposed in countries like Australia.

VI. Shoutouts

A crisis to remember: What would you do if your AI vendor quietly switched models overnight, your customer data suddenly started flowing overseas, and the regulator came calling? On 1 July, we brought together General Counsels and legal leaders in Bengaluru for our Crisis Management Workshop. A hand-on tabletop exercise where every twist forced participants to make difficult and legal strategic calls in real time. The room quickly proved that there is rarely one “right” answer. From regulator engagement and public relations to board reporting and stakeholder management, the discussion highlighted just how differently experienced legal teams navigate the same crisis—and why preparing for these moments before they happen matters. Interested in workshops like these? We’d love to hear from you – do reach out to us. 

Signing off,

Ticker team for this edition: Ayush Nehaa Nirmal Vanshika

Challenge
the status quo

Dividing by zero...