How govt’s new SOP aims to curb spread of non-consensual intimate imagery online

New Delhi: In a digital world where a single click can destroy someone’s privacy, the government has taken a crucial step to protect victims of leaked private content.

The Ministry of Electronics and Information Technology (MeitY) has released a Standard Operating Procedure (SOP) to tackle non-consensual intimate imagery (NCII), content that includes leaked nudes, morphed photos, or any private visuals shared without consent.

Developed under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the SOP serves as a detailed manual for victims, intermediaries, and enforcement agencies. It aims to simplify what was previously a slow, unclear process, ensuring victims’ privacy and dignity are protected swiftly and consistently across digital platforms.

The move follows directions from the Madras High Court, which in July 2025 asked MeitY to prepare a clear framework guiding victims on what to do when intimate content is circulated online. In response, the ministry has now outlined a step-by-step process for reporting, redressal, and removal of such content.

At its core, the SOP makes it mandatory for intermediaries, including social media platforms, websites, search engines, content delivery networks, and domain name registrars, to act quickly. 

Once a valid complaint is received, they must remove or disable access to the flagged content within 24 hours. The goal is to close the gap between how fast such material spreads and how long victims typically take to get it taken down.

The SOP also clarifies what qualifies as intimate imagery. It covers any content that exposes private areas, depicts nudity or sexual acts, or features artificially morphed intimate images. By doing so, the government recognises that harassment has evolved with technology, and so must the mechanisms to combat it.

For victims, there are now multiple ways to seek help. One of the key routes is through One Stop Centres (OSCs) under the Ministry of Women and Child Development. These centres, which already assist women facing physical or domestic abuse, will now extend their support to those whose private content has been shared online. 

Victims can approach their nearest OSC, where officials will help them file a complaint on the National Cybercrime Reporting Portal, connect them with counsellors or legal advisors, and, if required, coordinate with the local police.

Victims who prefer to take direct action can also reach out to the platform where the content was posted. Every intermediary is required under the IT Rules to appoint a grievance officer and maintain an accessible reporting system. If a platform fails to respond within the stipulated time or provides an unsatisfactory resolution, the complainant can appeal to the Grievance Appellate Committee (GAC).

The SOP doesn’t stop at content removal. Recognising that once uploaded, material can reappear through re-uploads or forwards, the guidelines require large intermediaries to deploy crawler or hash-matching technologies that automatically detect and block identical or similar content. 

These platforms must then share the corresponding digital hashes with the Indian Cybercrime Coordination Centre (I4C) through the Sahyog Portal, helping build a secure national database that prevents the same imagery from resurfacing anywhere online.

The I4C, under the Ministry of Home Affairs, will serve as the central coordination point for NCII-related cases. It will collect complaints received through different channels, including law enforcement agencies, One Stop Centres, and the national cyber helpline 1930, and ensure swift coordination among all stakeholders.

Search engines, too, fall within the SOP’s ambit. They are required to de-index links containing intimate imagery from search results, while content delivery networks and domain registrars must render websites or URLs hosting such content inaccessible within 24 hours. The Department of Telecommunications (DoT) will work with internet service providers to block flagged URLs when directed by authorised agencies.

Law enforcement agencies also have defined responsibilities under the SOP. Police must promptly register NCII-related complaints, upload them on the National Cybercrime Reporting Portal, and take necessary legal action. They may also connect victims with OSCs for psychological and legal assistance where needed.

Importantly, MeitY has clarified that the SOP does not replace or amend the existing IT Rules. Instead, it acts as a supporting document to ensure consistent and effective implementation. The ministry described it as an “evolving document” that will be updated as digital threats and technologies change.

For many individuals, particularly women, who have endured the trauma of having their private images shared without consent, this SOP could mark a turning point. It may not undo the emotional damage caused, but it finally offers a clear, structured path for redressal and holds platforms accountable to a firm deadline.