Explained: All you need to know about the IT ministry’s draft rules to regulate online gaming

Soon after it was given the remit of online gaming, the ministry of electronics and IT has taken the first step towards regulating the sector. 

Yesterday, the ministry released draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 for public consultation. Proposed changes include regulating online gaming platforms as online gaming intermediaries, and setting up industry-led self-regulatory bodies to check whether or not platforms engage in online betting or gambling.

Other amendments will allow the ministry to include any game – irrespective of whether or not they involve real money – within its regulatory ambit if children can potentially get addicted to them. As Rajeev Chandrasekhar, minister of state for IT, said, “Any game that allows or permits wagering on its outcome is effectively a no-go area online.” 

Additionally, all intermediaries are required to ensure that when they offer their services to online gaming platforms, all their games are vetted by the gaming platforms’ respective self-regulatory bodies.

The proposed amendments also allow the central government to nominate one person to the self-regulatory body’s board of directors or governing body. 

The draft amendments are open to consultation for two weeks until January 17. Chandrasekhar said the ministry hopes to notify the amended rules by the end of the month after consultation with three key stakeholders: online gamers, gaming start-ups, and bigger gaming companies and investors. Online gaming intermediaries will have three months to comply after the amendments are notified. 

No amendments have been proposed to part III of the IT rules which deals with the media ethics code and age classification for content on streaming platforms. So, advertising of online betting/gambling platforms is also under the remit of the IT ministry. Earlier, the information and broadcasting ministry had released advisories instructing social media platforms to not allow surrogate advertising of such platforms. 

What kind of games are covered?

Only real money games are covered within the proposed amendments. This includes any online game where a user makes a deposit (a cash or in-kind payment to participate in an online game) “with the expectation of earning winnings” (any prize, cash or in kind that is distributed or intended to be distributed to a user based on their performance). Casual games such as Candy Crush are not included within this definition. 

Any intermediary which offers at least one online game is considered an “online gaming intermediary” and will thus be governed by the IT ministry. 

What are the proposed obligations of an online gaming intermediary?

In addition to due diligence obligations imposed on intermediaries like publishing a privacy policy, terms and conditions, and rules and regulations, an online gaming intermediary is required to ensure that no game that allows “gambling or betting” is allowed on the platform. This is in addition to the extant rules that prohibit any content that relates to or encourages gambling or money laundering. 

An online gaming intermediary also has to ensure that children under the age of 18 cannot enter any contracts online. The online gaming intermediary has to do the following:

1. Display on its website and mobile app that it has been registered with a self-regulatory body. 

2. Inform users – in its rules and regulations, privacy policy, terms of service and user agreements – of all the games it offers, details on how to withdraw or seek refunds of deposits, how winnings are determined and distributed, and any other fees and charges that the user might have to pay; the risk of financial loss and addiction associated with the online game; the KYC procedure to be followed at registration; steps taken to protect the deposit of a user; and how its overarching self-regulatory body works. 

3. Display on its website and app the random generation certificate and a no-bot certificate from a “reputed certifying body” for each online game it offers. 

4. Follow the RBI KYC norms for verifying the identity of the user at the time of registration. 

5. For all users who register from India or use the OGI’s services in India, the OGI has to set up a mechanism so that the users can “voluntarily” verify their accounts and be given a public mark of such verification (think blue ticks). This verification can be done even using an active Indian mobile number. Such data cannot be used for any other purpose until and unless the user has expressly consented to such use.

6. Hire three specific employees: a resident grievance officer, a chief compliance officer, and a nodal contact person. Their functions are the same as their respective counterparts with social media intermediaries. Interestingly, all the functions of a nodal contact person (coordinating 24x7 with law enforcement agencies to comply with their orders or requisitions) are also functions of the chief compliance officer and thus potentially redundant. 

7. Have a physical contact address in India which is published on its website and app. 

8. Set up a grievance redressal mechanism so the user can track the status of their grievance. To the extent possible, the online gaming intermediary has to give reasons for specific actions taken or not taken as a result of the grievance. 

9. Provide information to a lawfully authorised government agency within 24 hours for law enforcement purposes. All other intermediaries have 72 hours to comply with such orders. 

Self-regulatory body vets all OGIs and online games

All online gaming intermediaries will have to register with a self-regulatory body which will be registered with the IT ministry. This body must either be a section 8 company under the Companies Act, 2013 or a society under the Societies Registration Act, 1860.

While considering the application of the self-regulatory body, the IT ministry will take into account the number of members it has, its “track record” in promoting “responsible online gaming”, the body’s bylaws to ensure its independence from the influence of intermediaries, its technological capacity, and the “relevance”, “suitability” and “absence of conflict of interest” of its board of directors. 

Each board will have at least one person, nominated by the central government, who specialises in public policy, public administration, law enforcement or public finance.  

Additionally, while considering the application of the self-regulatory body, the IT ministry will consider whether the following people are on the board: an independent, eminent person from the fields of online gaming, sports or entertainment; an individual from the fields of psychology, medicine or consumer education; an individual representing online gamers; and a person from information communication technology.

However, the composition of the governing body cannot be the sole reason to declare any decision by the self-regulatory body to be invalid. Before registering any self-regulatory body, the IT ministry can also consult with any ministry or government agency. 

Each online game offered by the intermediary will have to be vetted and registered with the self-regulatory body. Only online games offered by registered online gaming intermediaries will be considered and vice versa – an intermediary will be registered only if all its online games can be registered with the body. 

To register with a self-regulatory body, the online game must not offer online gambling or betting, and must not contain anything that is not in the interest of India’s sovereignty and integrity, defence, security, friendly relations with foreign states, public order, or that incites the commission of any cognisable offence. Each registered online game will visibly display the mark of its registration with the self-regulatory body. 

An intermediary can be given a membership if it adheres to the due diligence and additional due diligence obligations and has a track record of securing interests referred to in section 69A of the IT Act while offering online games. 

The self-regulatory body must inform the IT ministry of all recognised online games along with the reasons for registering them. If the ministry believes the body hasn’t complied with the IT Rules, it can suspend or revoke its registration. However, the ministry must first notify the self-regulatory body of non-compliance and give it an opportunity to be heard. To protect users who might be affected by this revocation, the ministry can give interim directions, though the draft amendments do not specify the nature of such directions. 

Obligations of a self-regulatory body

In addition to registering all online gaming intermediaries and online games, the self-regulatory body must also evolve a framework to protect interests, test and verify whether the online games conform to such a framework, and update and evolve this framework. 

This framework must include parameters to adjudge the content of online games and include safeguards against harm, including self-harm; include measures to safeguard children; include measures to safeguard users against the risk of gaming addiction and financial loss; and safeguards against risk of financial frauds. 

Measures could include warning messages displayed at “higher frequency beyond a reasonable duration for a gaming session” and allowing users to impose limits as per money and time spent. 

Can testing and verifying games pose a threat to the intellectual property of gaming companies?

Chandrasekhar said, “I don’t know if the SRO [self-regulatory organisation] is going to go through the code as much as the SRO is going to seek some sort of certification, indemnity or broad-level information about how the specific game functions. If the SRO was going to be allowed access to the code, there are serious IP issues. Why would any OGI or startup allow its code to be examined by an SRO? I don’t think that’s the idea.” 

The rest will be determined by consultation. 

Grievance redressal

If a user is unhappy with the resolution of a grievance by an intermediary’s grievance officer, they may escalate it to the self-regulatory body. Chandrasekhar clarified that this can be further escalated to the government-appointed grievance appellate committee.

Discretionary powers of the IT ministry 

Any game on the internet, irrespective of whether or not it involves real money, can be brought within the ambit of the proposed amendments if the ministry deems it so. Reasons include causing harm to children, risk of harm to India’s sovereignty or integrity or public order, or risk to India’s friendly relations with foreign states.

Here, the ministry will be required to include such games via a notification in a gazette, where it must record the reasons in writing. It can choose which provisions of the proposed amendments will apply to such games. 

Additional obligations imposed on other intermediaries

The proposed amendments require all other intermediaries to “ascertain” from the online gaming intermediary and to subsequently “verify” from the concerned self-regulatory body whether or not the online gaming intermediary is registered with the self-regulatory body. This has to be done “before hosting or publishing or advertising an online game for a consideration”. 

Will this obligation extend to all intermediaries including internet service providers (Airtel, Jio), web hosts (GoDaddy), app stores, and social media platforms? 

Chandrasekhar said, “Our intent is to ensure that no intermediary advertises anything other than a permitted online game. The intent is to not allow certain foreign websites that advertise online betting to advertise on Indian intermediaries.”

But these activities do not include payment services. Chandrasekhar said, “This is a bit outside our domain. It is certainly outside the domain of the IT Act to be regulating fintech platforms, where they take payments from, and the KYC guidelines they implement. That is why the RBI and NPCI regulate them.”

The Google Play Store, for instance, does not allow real money games on its app stores. Chandrasekhar said that if a certain kind of game is permitted by the self-regulatory body, it would have to be permitted by the app store in India. 

What happens if intermediaries do not comply?

Currently, no financial penalties have been proposed under the amendments. On non-compliance, intermediaries stand to lose their safe harbour granted by section 79(2) of the IT Act. However, it must be remembered that loss of safe harbour is not determined by the IT ministry but by the courts after a case is filed. 

Lack of clarity 

The biggest issue is who determines whether a game involves wagering on the outcome or not. That is the question that numerous high courts and the Supreme Court are grappling with as they try to determine whether a game is a game of skill and thus allowed, or a game of chance and not allowed. 

When asked, Chandrasekhar said, “Nobody is going into the underlying question of whether it is a game of skill or game of chance. Nothing that permits you to wager on the outcome of a game shall be permitted. And it is the SRO that will determine whether it involves wagering or not.”

However, such an assessment arguably has to answer as to whether or not it is a game of skill or a game of chance. If industry-led self-regulatory bodies make that assessment driven by financial motives, they are likely to take an expansive view on the issue and permit as many games as possible as non-wager based games. 

In their submissions in different courts across the country, industry bodies like the All India Gaming Federation have sought to evolve a certain framework to judge what is a game of skill and what is a game of chance. But there’s no consensus between different gaming bodies.

Chandrasekhar said that as long as the basic principle – to not permit wagering – isn’t violated, it isn’t an issue. “The SRO will decide what is in the right,” he said.

For instance, fantasy sports is a fraught area. When asked how fantasy sports would be classified, Chandrasekhar said it remains to be seen. 

The other big question is whether states can make laws related to online gaming and gambling. While gambling is a state subject, everything related to the internet is a central subject. Sikkim, Goa and Daman allow physical gambling within their territories. Can states then allow online gambling within their territories?

No, said Chandrasekhar, until and unless the states can geofence that particular website or app to that particular territory. In India, geofencing on state lines is impossible and an issue repeatedly raised by gaming companies in response to multiple state ordinances banning online gambling.

“The states can do whatever they want vis-à-vis gambling. Our duty is to regulate the internet,” said Chandrasekhar. “We are not stepping into regulating physical gaming, gambling or betting. We are interested in growing the online gaming ecosystem.”

A question that was raised by the inter-ministerial task force too is whether gaming companies are publishers or intermediaries. Since they are responsible for the content they put out, why are they not treated as publishers? 

Chandrasekhar said publishers aren’t regulated by the IT ministry but intermediaries are. Hence, this call was taken.