Platform Governance and Algorithmic Accountability: The Missing Legal Framework for Recommendation System Regulation in India

Introduction

Every time a user opens YouTube, Instagram, Facebook, or any major social media platform in India, an algorithmic recommendation system determines what content they will see. These systems, trained on engagement metrics and designed to maximise time-on-platform, have been identified by researchers, regulators, and parliamentary committees across the world as significant contributors to radicalisation, misinformation amplification, filter bubble formation, and mental health deterioration among younger users. Yet India, home to one of the world’s largest and most rapidly growing user bases for these platforms, possesses no legal framework that directly addresses recommendation algorithms, their design, their effects, or the accountability of those who deploy them.

This is not a peripheral regulatory gap. Recommendation algorithms are, in functional terms, the editorial policy of the twenty-first century social media platform. They determine which voices are amplified and which are suppressed, which narratives gain momentum and which wither, and which communities are formed or fractured. To regulate platforms without regulating their algorithms is analogous to regulating newspapers while ignoring the decisions of their editors. The IT Rules 2021, which represent India’s most comprehensive attempt at platform governance to date, are almost entirely silent on algorithmic accountability, focusing instead on content moderation processes, grievance redressal, and the appointment of compliance officers.

This article examines the current regulatory gap in India’s platform governance framework, the social harms attributable to recommendation systems, comparative regulatory approaches in the European Union and the United Kingdom, and the case for a dedicated platform governance statute in India that addresses algorithmic accountability as a central concern.

Legal Framework

The IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 established the principal regulatory framework for social media intermediaries in India. Rule 3 imposes due diligence obligations, including requirements to inform users about prohibited content categories, to establish grievance redressal mechanisms, and to publish transparency reports. Rule 4 creates the enhanced obligations applicable to SSMIs, including the appointment of senior compliance officers, the publication of compliance reports, and the voluntary deployment of proactive monitoring technologies.

Critically, neither Rule 3 nor Rule 4 contains any requirement relating to the design, transparency, or accountability of recommendation algorithms. The Rules treat platforms as content hosts whose primary obligation is reactive content moderation, not as active algorithmic curators whose systems shape what content users encounter. This framing reflects the intermediary liability model of the IT Act 2000, which was designed for a world of passive hosting rather than active algorithmic curation. Section 79’s safe harbour contemplates platforms that host content without actively participating in its selection or promotion; in reality, recommendation algorithms represent a form of active participation in content promotion that the safe harbour framework was not designed to address.

The Consumer Protection Act, 2019 and its e-commerce rules impose some transparency obligations on digital platforms as platforms, but these are focused on commercial transactions rather than content recommendation. The Broadcasting Services (Regulation) Act, 2024, which replaced the older Cable Television Networks Act, introduces some content governance provisions for broadcasting platforms but its application to social media recommendation systems is contested and uncertain.

Section 69A of the IT Act permits the government to block access to content on grounds of national security, public order, and related concerns. This provision has been used extensively to block URLs, accounts, and entire platforms, but it operates as a blunt content removal instrument rather than as a tool for shaping recommendation system design. The government may block a piece of content once it has caused harm, but it has no authority under Section 69A to require that the algorithm not have recommended the content in the first place.

Judicial Developments

Indian courts have occasionally grappled with the consequences of algorithmic amplification without directly addressing the algorithmic dimension. The Supreme Court’s observations in various social media contempt and defamation cases have acknowledged that platform amplification of content intensifies its harmful effects, but the legal framework applied has remained traditional, focused on the liability of the poster and the platform’s knowledge of the content rather than on the systemic role of recommendation systems in determining the reach of harmful content.

The Supreme Court’s 2015 judgment in Shreya Singhal v. Union of India, while a landmark for online free speech, addressed notice-and-takedown obligations rather than algorithmic amplification. The Court’s formulation of the knowledge standard for intermediary liability, requiring actual knowledge through a court order or government notification rather than constructive knowledge from general awareness of platform misuse, actually reduces incentives for platforms to self-regulate their recommendation systems.

The Kerala High Court, in various cases involving cyberbullying and online harassment, has made observations about platform responsibility for the virality of harmful content, but these have not crystallised into legally enforceable algorithmic obligations. MeitY has conducted consultations on online safety and children’s digital rights that have touched on recommendation system concerns, but these have not yet produced legislative or regulatory outputs.

Contemporary Issues and Analysis

The social harms associated with unregulated recommendation algorithms in the Indian context are documented and specific. Research by independent investigators and journalists has linked WhatsApp and Facebook recommendation features to the amplification of communally charged content in the period preceding episodes of communal violence. The recommendation algorithm’s optimisation for engagement tends to favour content that is emotionally charged, which in the Indian context frequently means content that plays on religious, caste, or regional identities.

The mental health dimension is equally pressing. India has one of the world’s youngest and most rapidly growing social media user populations. The correlation between heavy social media use and mental health outcomes, particularly for adolescent girls, is well-documented in research from multiple countries. Instagram’s internal research, revealed through the Facebook Papers in 2021, showed that the platform’s leadership was aware that its recommendation system worsened body image issues for teenage girls. There is no reason to believe that the Indian user experience is materially different, yet India has no regulatory framework specifically addressing the recommendation system-driven harms to minors.

The filter bubble problem also has specific democratic implications in India. As political parties and their aligned social media cells become increasingly sophisticated in their use of micro-targeted content, algorithmic recommendation systems can serve to radicalise political sentiment by presenting users with increasingly extreme versions of content they have already engaged with, a phenomenon sometimes called the “rabbit hole” effect. The documented pattern of recommendation algorithms steering users from moderate political content toward more extreme content poses a particular risk in a country with India’s diversity and its history of politically motivated communal violence.

The advertising revenue model that drives major platforms creates a structural misalignment of incentives: engagement maximisation is commercially optimal for platforms but socially suboptimal for societies, and this misalignment will not be corrected by market forces alone. Regulatory intervention is necessary, but it must be technically informed and constitutionally sound.

Comparative and International Perspective

The European Union’s Digital Services Act (DSA), which came into full effect in February 2024, represents the most developed legal framework for recommendation algorithm regulation currently in force. Articles 27 and 38 of the DSA impose significant obligations on very large online platforms (VLOPs, those with more than 45 million monthly active users in the EU) with respect to recommender systems. VLOPs must clearly explain their recommendation parameters to users, offer users at least one recommender system option not based on profiling, and undergo annual risk assessments identifying systemic risks arising from their recommendation systems. These risk assessments are reviewed by the European Commission, which may require risk mitigation measures.

Article 40 of the DSA further provides for data access for researchers to analyse systemic risks associated with VLOPs, including recommendation system effects. This research access obligation creates an ecosystem of independent scrutiny that supplements regulatory oversight, addressing the information asymmetry between platforms and regulators.

The UK Online Safety Act 2023 takes a different but complementary approach. It requires platforms to conduct Children’s Risk Assessments that specifically address the risks from algorithmic content curation to minors, and it imposes safety by design obligations that include consideration of recommendation system design. The Act gives Ofcom powers to require platforms to take specified steps to address identified risks, which may include modifications to recommendation system parameters.

These frameworks share a common insight: content moderation at the output level (removing harmful content after it has been produced and circulated) is insufficient when the platform’s recommendation system is itself a harm multiplier. Regulating the recommendation system at the design and governance level is necessary to address systemic harms, not just individual incidents.

Practical and Policy Implications

For Indian users, the absence of algorithmic accountability regulation has concrete consequences. There is no legal right to request an explanation of why specific content was recommended to you. There is no right to opt out of profiling-based recommendations and receive a chronological or topic-based feed instead. There is no independent regulatory body conducting risk assessments of recommendation system effects in the Indian context. And there is no publicly accessible research dataset that would allow Indian researchers to study the effects of these systems on Indian users.

For platforms operating in India, the absence of regulation creates a comfortable but ultimately unstable environment. The Indian government has demonstrated its willingness to impose rapid, sweeping regulatory requirements through subordinate legislation, as the IT Rules 2021 and their subsequent amendments demonstrate. The absence of an algorithmic regulation framework today does not mean the absence of one tomorrow, and platforms that fail to voluntarily develop responsible recommendation practices may face abrupt regulatory mandates with short compliance timelines.

Suggestions and Reforms

India needs a Platform Governance Act that goes beyond the content moderation focus of the IT Rules 2021 to address algorithmic accountability directly. Such legislation should, at a minimum, impose the following obligations on platforms above a defined size threshold: annual algorithmic risk assessments, conducted by qualified independent auditors and reviewed by a designated regulator; mandatory transparency reports on recommendation system parameters, including the variables used and the weight assigned to each; user rights including the right to access an explanation of why content was recommended, the right to opt out of profiling-based recommendations, and the right to request content-based rather than engagement-optimised feeds; enhanced obligations for children’s protection, including age-appropriate design codes that constrain recommendation system parameters for users below a defined age; and researcher data access provisions enabling independent study of recommendation system effects on Indian users.

The regulatory body to oversee these obligations could be a dedicated Digital Markets and Platforms Regulator or the proposed Data Protection Board under the DPDP Act with extended jurisdiction. The choice of institutional home matters less than the existence of a technically competent, independent, and adequately resourced regulatory body.

Conclusion

Recommendation algorithms are the defining infrastructure of digital public discourse in the twenty-first century, and India’s failure to develop a legal framework for their governance is a serious and growing policy gap. The harms they generate, including radicalisation, misinformation amplification, communal violence enablement, and mental health damage, are not hypothetical risks but documented realities in the Indian context. The EU and UK have demonstrated that algorithmic accountability regulation is technically feasible and legally sustainable. India, with its scale and its democratic stakes, has every reason to develop its own framework, one that reflects Indian constitutional values, addresses India-specific social harms, and maintains India’s credibility as a serious and principled actor in global digital governance.

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these