Protection of Children from Online Harm: Assessing Legal Measures under the IT Act and POCSO Act

Written By: Apoorv Agarwal, Aastha Arora, Suvangana Agarwal, Deepika Sethia

Introduction: The Promise and Peril of the Digital World

The digital age has redefined what it means to grow up. For India’s 164 million internet users under the age of eighteen, the screen is both playground and classroom, a space for learning and self-expression[1]. Yet behind this empowerment lies an unsettling paradox: the same tools that connect children to the world also expose them to exploitation, manipulation, and harm.From the silent menace of online grooming and cyberbullying to the disturbing proliferation ofchild sexual abuse material (CSAM)[2], technology has amplified the vulnerabilities of childhood in ways that the law is still learning to confront. The very architecture of the internet decentralised, anonymous, and global complicates detection and accountability.

In this shifting landscape, India’s legal response has evolved from reactive policing to systemic protection. The Information Technology Act, 2000 (IT Act)[3]provides the technological and procedural framework to regulate online behaviour, while the Protection of Children from Sexual Offences Act, 2012 (POCSO Act)[4] establishes the substantive law safeguarding minors from sexual exploitation. Together with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021,[5]these enactments attempt to create a constitutional balance between digital freedom and digital safety.

At its core, this framework is not merely punitive; it represents the State’s constitutional obligation under Articles 14,[6]19 [7], and 21 [8]to preserve the dignity and autonomy of children in cyberspace. The following analysis examines how these statutes intersect, the challenges of enforcement, and the evolving jurisprudence around protecting children from online harm in an age where the boundary between the virtual and the real has all but disappeared.

The IT Act: From Digital Signatures to Digital Safety

Initially enacted to promote electronic commerce, the Information Technology Act, 2000, has evolved into an all-encompassing framework for regulating cyber conduct. The transition from a focus on commerce to protection was deliberate; it demonstrated an increasing acknowledgement that technology influences not only transactions but also relationships, vulnerabilities, and power dynamics.

1. The Statutory Core

Sections 67, 67A, and 67B of the Act form the backbone of India’s online obscenity regime:

Section 67B, in particular, is pioneering. It not only penalises the producers of exploitative material but also individuals who knowingly access or distribute such content, acknowledging that demand sustains supply. Additionally, it encompasses acts of “inducing children to engage in online sexual conduct,” thereby anticipating the issue of online grooming, which has emerged as a significant international concern

2. Constitutional Context and Judicial Reasoning

The constitutional foundation of these provisions resides in the State’s obligation,outlined in Articles 14, 19, and 21, to sustain an equilibrium between the right to free expression and the safeguarding of human dignity. In the case of Ajay Goswami v. Union of India ([9]2007 1 SCC 143), the Supreme Court affirmed restrictions on obscene publications, noting that shielding children from exposure to sexual material constitutes a legitimate objective of the state. Although this decision predates the advent of social media, its rationale now underpins judicial endorsement of more stringent online regulation.

Concurrently, in Shreya Singhal v. Union of India [10] (2015 5 SCC 1), the Court invalidated Section 66A [11] of the Information Technology Act on the ground that it violated the right to freedom of expression. However, it clarified that offences under Sections 67 and 67B are distinctly different. Unlike vague classifications such as “offensive” or “annoying” content, material that involves child sexual exploitation falls within a precise criminal delineation, warranting immediate removal without the necessity of prior judicial approval

3. Intermediary Accountability

The Information Technology Act acknowledges that intermediariessuch as social media platforms, Internet Service Providers, and hosting servicesserve as the modern equivalents of public squares for communication. Under Section 79,[12], these intermediaries benefit from conditional immunity, often referred to as a “safe harbour, ” provided they exercise due diligence and respond upon acquiring actual knowledge of illegal activities.

The Intermediary Guidelines and Digital Media Ethics Code Rules, 2021,[13] operationalise this obligation. Rule 3 specifies that intermediaries are required to remove or disable access to Child Sexual Abuse Material (CSAM) within twenty-four hours following receipt of a complaint or a court order. Additionally, they are mandated to establish grievance redressal mechanisms and implement proactive technological measures to prevent the re-uploading of the same content.

Nevertheless, jurisprudence after the Shreya Singhal (Supra) case imposes constitutional limitations on this authority. Intermediaries are prohibited from functioning as moral arbiters and are restricted to acting solely in response to lawful directives. However, CSAM constitutes a significant exception and requires immediate removal. This dual framework aims to safeguard both digital rights and digital responsibilities and dignity.

Institutional Enforcement: From Reactive Policing to Digital Vigilance

The effectiveness of any statute depends on its enforcement mechanisms. Acknowledging the complex nature of cyber offences, Parliament has authorised the Indian Computer Emergency Response Team (CERT-In) under Section 70B to oversee responses to cyber incidents, including those involving child exploitation.

The Ministry of Home Affairs has additionally established the Indian Cyber Crime Coordination Centre (I4C), which manages the National Cyber Crime Reporting Portal dedicated to complaints regarding child sexual abuse and exploitation. This publicly accessible system decentralises access to justice by enabling victims, parents, or concerned citizens to report offences anonymously.

Furthermore, preserving digital evidence remains a significant challenge. The Bureau of Police Research and Development (BPRD) and the National Crime Records Bureau (NCRB) have implemented training modules to ensure that law enforcement agencies complywithSection 65B of the Indian Evidence Act, 1872, regarding the admissibility of electronic records.

However, enforcement remains inconsistent. Disparate coordination among police units, jurisdictional overlaps, and delays in mutual legal assistance treaties (MLATs) with foreign intermediaries impede timely prosecution. The lack of a dedicated “cyber prosecutor cadre” further undermines institutional follow-through.

The POCSO Act: From Physical to Virtual Exploitation

The Protection of Children from Sexual Offences Act, 2012 (POCSO) marked a significant milestone in Indian criminal jurisprudence. It established gender- neutral definitions, child-friendly procedures, and a specialised judicial mechanism dedicated to addressing sexual offences against minors. Although initially designed to address physical crimes, its language is sufficiently expansive to include offences within the digital sphere.

1. Statutory Coverage

Section 13 [14] criminalises the utilisation of a child for pornographic purposes, while Sections 14 [15] and 15 prescribe penalties for the storage, possession, or distribution of such material. Notably, these offences are applicable regardless of whether the material was generated online or offline. The Act, therefore, bridges the conceptual divide between the physical and digital realms.

The POCSO Rules, 2020,[16] further mandate that investigators retain electronic evidence, coordinate with cyber units, and provide psychosocial support to victims. For example, Rule 9 requires police officers to uphold confidentiality and to safeguard the identity of child victims throughout investigations and trials,an essential measure to prevent secondary victimisation.

2. Judicial and Policy Evolution

In Re: Exploitation of Children in Orphanages in the State of Tamil Nadu v. Union of India & Others [(2017) 7 SCC 578], the Supreme Court recognised that child protection in the digital era cannot stop at the physical world. The Court directed both the Central and State Governments to use technological tools to identify and block websites that host or circulate child pornographic content.

Emphasising that the right to dignity under Article 21 is not confined to offline life, the Bench observed that freedom from online abuse is a vital part of the right to live with dignity. The judgment made it clear that safeguarding children from digital exploitation is not only a moral duty but also a constitutional obligation one that requires proactive action, technological vigilance, and sustained institutional commitment.

This ruling redefined the constitutional perspective on child protection: digital harm is nolonger viewed merely as moral corruption but as a breach of fundamental rights. Consequently, law enforcement agencies were directed to collaborate with global platforms to ensure the rapid takedown of illicit content, an obligation that continues to underpin India’s digital safety strategies.

Interplay and Harmonisation of the Two Statutes

The IT Act and POCSO Act are not overlapping but interdependent. The IT Act regulates the medium,the technological conduit,while POCSO governs the substantive offence and the victim’s rights. Section 77 of the IT Act explicitly allows concurrent application of other penal laws, ensuring that offenders can be prosecuted under both regimes when their conduct violates multiple legal duties.

For instance, in cases of online grooming, the initial communication may attract Section 67B of the IT Act. Atthe same time, the act of soliciting explicit images or engaging in video calls with minors can invoke Sections 11 (sexual harassment) and 13–15 (pornographic offences) of POCSO. Courts have increasingly recognised this interplay, ensuring that procedural gaps in one statute are covered by the other.

Global Standards and Comparative Lessons

India’s regulatory framework substantially aligns with international standards established under the UN Convention on the Rights of the Child (UNCRC) and its Optional Protocols. Nonetheless, nations such as the United Kingdom, through its Online Safety Act of 2023, and the United States, under the Children’s Online Privacy Protection Act (COPPA), have adopted a proactive regulatory stancemandating that platforms develop algorithms and verification mechanisms to prevent children’s exposure to harmful content.

While India maintains a predominantly reactive approach, there is a gradual shift toward preventive compliance. The National Commission for Protection of Child Rights (NCPCR) engages with major intermediaries such as Google and Meta to expedite takedown requests. Initiatives, including the POCSO e-Box and awareness campaigns under the Cyber Surakshit Bharat programme, serve to promote reporting, raise awareness, and provide educational resources as preventive measures.

Challenges and the Way Forward

Despite these advances, several challenges persist.

First, the definition of “obscenity” under Section 67 remains subjective and rooted in pre-digital morality, leading to inconsistent enforcement. Second, takedown timelines under the Intermediary Rules lack enforceable penalties, creating compliance uncertainty. Third, India lacks a comprehensive authority for online child safety, leaving responsibility dispersed among ministries and agencies.

Reform could take several forms:

– Incorporating explicit provisions on online grooming and cyber enticement within POCSO;

– Establishing a National Child Online Protection Commission with investigatory powers;

– Mandating periodic transparency reports from intermediaries on CSAM detection;

– Integrating privacy-by-design principles for child users into platform architecture, akin to GDPR’s “right to be forgotten.”

Conclusion: Building a Culture of Digital Dignity

The safeguarding of children from online harm must extend beyond merely statutory enforcement. Legislation alone cannot foster safety unless society internalises the importance of digital dignity. What India requires is not solely deterrence through punitive measures but also preventative strategies through awareness, empathy, and education. The transition should be from reactive measures to proactive anticipation, from regulation to accountability, and from mere formal compliance to a pervasive culture of protection.

The Information Technology Act, with its procedural safeguards, provides the framework for enforcement, while the POCSO Act functions as the moral and constitutional cornerstone safeguarding the sanctity of childhood.

Collectively, these laws embody India’s constitutional visionthat every child’s dignity, whether exercised in the physical or digital realm, remains inviolable.As technological advancements continue, legislation must serve as an ethical guide rather than an adversary. Genuine progress is not solely measured by the increase in prosecutions but by ensuring every child can navigate the digital environment free from fear of exploitation or abuse. A society’s digital maturity will be reflected not in how swiftly it punishes offenders, but in how resolutely it protects the innocent.

Therefore, the challenge before us is to cultivate an internet space that truly reflects the values enshrined in the Constitution of India a domain where freedom and safety coexist in harmony, and where technology becomes a safeguard, not a threat, to the dignity of every child.

[1]https://www.sentinelassam.com/topheadlines/one-in-every-4-children-in-india-is-an-internet-user

[2]https://www.justice.gov/d9/2023-06/child_sexual_abuse_material_2.pdf

[3]https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf

[4]https://www.indiacode.nic.in/bitstream/123456789/2079/1/AA2012-32.pdf

[5]https://www.meity.gov.in/static/uploads/2024/02/Information-Technology-Intermediary-Guidelines-and-Digital-Media-Ethics-Code-Rules-2021-updated-06.04.2023-.pdf

[6]https://www.constitutionofindia.net/articles/article-14-equality-before-law/

[7]https://www.constitutionofindia.net/articles/article-19-protection-of-certain-rights-regarding-freedom-of-speech-etc/

[8]https://www.constitutionofindia.net/articles/article-21-protection-of-life-and-personal-liberty/

[9]https://globalfreedomofexpression.columbia.edu/cases/goswami-v-india/

[10]https://globalfreedomofexpression.columbia.edu/cases/shreya-singhal-v-union-of-india/

[11]https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=77

[12]https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=105

[13]https://www.meity.gov.in/static/uploads/2024/02/Information-Technology-Intermediary-Guidelines-and-Digital-Media-Ethics-Code-Rules-2021-updated-06.04.2023-.pdf

[14]https://www.indiacode.nic.in/showdata?actid=AC_CEN_13_14_00005_201232_1517807323686&sectionId=12858&sectionno=9&orderno=13

[15]https://www.indiacode.nic.in/showdata?abv=null&statehandle=null&actid=AC_CEN_13_14_00005_201232_1517807323686&orderno=14&orgactid=AC_CEN_13_14_00005_201232_1517807323686

[16]https://thc.nic.in/Central%20Governmental%20Rules/Protection%20of%20Children%20from%20Sexual%20Offences%20Rules,%202020.pdf