Content Liability and Self-Regulation: Netflix and Emerging Jurisdictions
- Jun 13
- 10 min read
Introduction
Over-The-Top (OTT) streaming services have revolutionized the media world by making media content available to consumers from 190+ countries through their platforms. One such streaming service is Netflix, which now has over 300 million subscribers all over the world. However, the very fact that subscribers watch Netflix in Amsterdam also means that some of the programs available on it may not be acceptable legally, religiously, and politically in cities like New Delhi, Riyadh, and Jakarta.
The aspect of content liability (which is the legal responsibility of the operator for making certain content available to its customers) is no longer something that OTT platform operators can overlook. Rather, it is a serious issue involving business and legal concerns. The fundamental conflict is between being content creators (liable as content owners) and conduits for distributing those contents (possibly immune as intermediaries) to jurisdictions where the rules governing the permissible content could not be more disparate.
The Publisher–Intermediary Distinction and Content Liability
The basic issue that arises in the case of OTT content liability concerns whether the platform is a mere passive intermediary transmitting the content or whether the platform acts as a publisher, curating and producing the content. This issue has significant legal import as intermediaries across the world enjoy partial immunity from liability for third-party content similar to Section 79 of the Information Technology Act, 2000 in India or Section 230 of the Communications Decency Act in the US. On the other hand, publishers incur direct liability.
However, Netflix finds itself in a tricky intermediate position. In cases where third-party licensed content is involved, Netflix is comparable to an intermediary. But when it comes to Netflix Originals content, which is commissioned, financed, and controlled by Netflix itself, then Netflix becomes a full-fledged publisher. This issue was clarified by India's IT Rules, 2021, wherein all OTT platforms were categorized as 'Publishers of Online Curated Content', thus eliminating the shield of safe harbour irrespective of whether the content was original or licensed.
Another problem relates to territorial jurisdiction. As OTT content is transmitted through the global internet network, the platform is present, hence its liable in each nation where it has paid subscribers.
India: The IT Rules, 2021 — Architecture and Implications
From Regulatory Vacuum to Co-Regulation
Before 2021, Indian OTT platforms did not face any kind of regulations at all. Cinematograph Act, 1952, and CBFC certificates pertained to theatrical releases, while the Cable Television Networks (Regulation) Act, 1995 related to linear television broadcasts. This helped generate OTT content which was successful commercially as well as creatively.
However, the vacuum ended after the Indian Prime series Tandav (2021), whose alleged derogatory references to Hindu beliefs resulted in criminal cases lodged throughout the country against the creators. Following the incident, the Indian Government decided to frame rules for regulating OTT platforms. Consequently, in February 2021, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were framed under the IT Act, 2000.
The Three-Tier Grievance Framework
Self-regulation by the platform: Each OTT must appoint a resident Grievance Officer in India, whose details must be prominently displayed. Complaints must be acknowledged within 24 hours and disposed of within 15 days.
Industry self-regulatory body: Platforms join or constitute a body headed by a retired High Court or Supreme Court judge. Two competing bodies have emerged — the IAMAI's DPCGC (aligned with Netflix and Amazon) and the IBDF's DMCRC (broadcaster-led).
Government oversight: An Inter-Departmental Committee (IDC) chaired by the Ministry of Information and Broadcasting exercises supervisory review, can examine content suo motu, and may recommend blocking, modification, or a public apology.
Code of Ethics and Classification Obligations
Rule 9 requires conformity to a Code of Ethics. All content has to be categorized into one of five age rating categories (U, U/A 7+, U/A 13+, U/A 16+, A/18+), provide for parental controls and restrictions for the higher ratings, and provide content descriptions (violence, sexual content, language) before streaming. The prohibited content consists of those that threaten the nation’s sovereignty, offend religious sensibilities, propagate hatred, or are in any way involved with child pornography.
The safe harbor consequence here is serious, not complying with the government directive within stipulated periods results in criminal charges against the platform as well as the individual Grievance Officers.
Constitutional Challenges and the Chilling Effect
The IT Rules have remained subject to persistent constitutional challenges. The Bombay High Court issued an interim stay against Rules 9(1) and 9(3) – the code of ethics and three-tier structure on the grounds that they may be in violation of Article 19(1)(a) (freedom of speech). The grounds on which the Rules are challenged are fourfold –
excess of legislative delegation
overly broad and vague terms such as 'public order,' 'decency,' 'morality' that act as chillers to protected speech,
unconstitutional prior restraint via government monitoring at the Level III tier, and
excessive delegation of powers to the executive.
In reality, the 15-day time limit and overly broad and vague standards have led to a phenomenon known as structural over-compliance, where platforms remove or modify content to avoid having to go through the entire three-tier mechanism. The trend towards commissioning content less likely to get flagged has been observed since 2021 by industry experts. The Bombay High Court's landmark judgment in Kunal Kamra v. Union of India of 2024 invalidating the proposed government-run Fact Check Unit sets the precedent for future free speech cases.
Indonesia: Pre-Censorship, the PSE Framework, and the Regulatory Gap
Indonesia's Media Regulatory Architecture
Media regulation in Indonesia is inherently characterized by an underlying dichotomy between the historical tradition of pre-censorship that exists with regards to conventional media and the lack of similar control measures in digital streaming. The Lembaga Sensor Film (LSF) or Film Censorship Board ensures that all movies shown in Indonesian theaters go through a process of censorship, wherein any part of the movie deemed offensive will be removed before showing. Television stations operate under the jurisdiction of the Komisi Penyiaran Indonesia (KPI) that exercises stringent censorship in line with the P3SPS broadcast standards (such as censoring a bikini-clad SpongeBob SquarePants character).
Netflix's Classification as a PSE and the Regulatory Gap
Under Indonesian law, Netflix is categorized as a Private Electronic System Operator (PSE), which requires licensing, restricted content, and data retention policies. However, more importantly, being in the category of PSE exempts Netflix from the pre-censorship requirement that is imposed on cinema or television. The exemption results in Netflix operating outside the regulatory powers of the KPI in the country and not being subject to any content quota, advertising regulation, or LSF screening.
The establishment of Netflix in Indonesia did not happen without problems: in January 2016, the government-owned Telkom blocked Netflix on grounds that it had not obtained a business license, did not have an office within the country, and that its content was not pre-approved by the LSF. Netflix sorted out the first two points of concern in 2020 through PSE compliance. However, the problem with the pre-censorship still remains structurally unanswered.
Netflix's Strategic Responses Across Jurisdictions
Government Takedowns: The Transparency Record
Netflix has publicly reported nine government-mandated content takedown incidents from 2015 to 2020 in New Zealand, Singapore, Germany, Vietnam, and Saudi Arabia. Policy-wise, Netflix complies with government removal requests only where these requests are considered valid legal requests according to local laws, but the geo-blocking is restricted geographically to specific countries.
In the case of the most high-profile takedown – that of the episode of the show Patriot Act with Hasan Minhaj criticising Crown Prince Mohammed bin Salman – Netflix chief executive officer Reed Hastings cited compliance with a valid legal request according to Saudi Arabian laws. Freedom House criticised Netflix for failing to exhaust all legal options prior to compliance.
In Singapore, the five shows that were taken down due to violating IMDA's absolute ban against positive depiction of drug use include The Last Hangover, The Last Temptation of Christ, Cooking on High, The Legend of 420, and Disjointed. In Germany, the one show that was taken down in accordance with German law included Night of the Living Dead.
Turkey: A Principled Line
The Netflix decision to cancel its Turkish original series If Only in 2020 in opposition to the RTÜK's demand to remove a particular character because he was gay and thus prevent the expiry of Netflix's license represents an unambiguous instance of Netflix taking a principled stand. Hastings had clearly stated the difference: Netflix will comply with specific legal requests to remove specific content, but not with requests to restructure content around protected characteristics like sexuality. The Turkey incident meant losing Netflix's original Turkish content production capability, but it ensured Netflix maintained its global content policy.
The GCC: Commercial Pragmatism and Anticipatory Self-Censorship
In 2022, Saudi Arabia and the GCC as a bloc have requested Netflix to remove any content which contradicts Islam and society's values, and threatened with taking legal action. The Netflix response in this case has been to geo-block LGBTQ+ themed content in GCC territories on grounds of legal compliance but without making public the legal basis of the demand to justify the same. According to advocates for human rights, Netflix has competition from state-owned Shahid (Saudi Arabia) in the GCC markets and needs to retain market presence.
India: Embracing Self-Regulation
The approach that Netflix has followed in India has not been one of protest but of proactive self-regulation. Netflix became one of the first platforms to adhere to the IAMAI Code for Self-Regulation, for the first time in its history, Netflix had a regulatory code in any country and later, the DPCGC after the enactment of the IT Rules. In 2024, Netflix found itself addressing growing grievance numbers: 170 complaints of breaches of Code of Ethics in June 2024 and 545 in July 2024.
Comparative Legal Analysis
EU: Digital Services Act (Full Force, February 2024)
The DSA creates the most comprehensive regime of content liability rules for platform services. Netflix, classified as a Very Large Online Platform with a user base of over 45 million each month in the EU, must comply with the toughest compliance category, which includes algorithmic assessments of risk, systemic damage mitigation, open advertising archives, and internal appeal mechanisms.
Singapore: IMDA and Film Classification
In Singapore, the classification system is governed by the Films Act and managed by the Infocomm Media Development Authority (IMDA), where Netflix is a licensed operator within the scope of its operations. The standards applied by the authority are clear-cut and narrowly defined, focusing primarily on films containing favorable references to drugs, films jeopardizing racial or religious cohesion, and films inappropriate for certain age categories.
Saudi Arabia and the GCC: Religious-Political Censorship
The content regulations in the GCC are formulated in intentionally vague prohibitions against content that 'impinges upon public order, religious values, public morals, and privacy.' Differently from judicial oversight-based systems, the enforcement mechanism of the GCC censorship scheme involves administrative imposition without many means of appeal available.
Voluntary Codes of Conduct: Effective Risk Mitigation?
India's Self-Regulatory Journey: A Cautionary Case Study
In the period between 2019 and 2020, the IAMAI formulated three consecutive drafts of self-regulation codes, acting on behalf of 15 OTTs, one of which was Netflix. None of the codes met with approval from the MIB, and their third rejection became a catalyst for the formulation of mandatory regulations, which led to the creation of the IT Rules, 2021. The grounds for criticism raised by the Government were justified. There was an absence of third-party monitoring, content prohibitions other than CSAM and terrorism were not explicitly defined, there were no enforcement provisions, nor were there measures for government intervention should self-regulation fail. Self-regulatory codes created by the IAMAI were more aspirational than enforceable.
Post-IT Rules: The DPCGC and DMCRC
Post-IT Rules, two self-regulating organizations have surfaced – IAMAI's Digital Publishers Content Grievances Council (DPCGC) on the side of Netflix and Amazon, and IBDF's Digital Media Content Regulation Council (DMCRC). At the time of writing, neither of the two has exhibited any tangible efficacy. For instance, according to the disclosure made by the DPCGC in the year 2024 to the MIB, the organization received only a single grievance in May, yet Netflix was processing hundreds of Level I complaints during that time period.
Critical Assessment: When Do Voluntary Codes Work?
Only when four prerequisites are satisfied can voluntary codes be considered as truly effective primary means of risk mitigation: (i) independent implementation with significant penalties; (ii) clear and narrow content criteria; (iii) participation of the majority of companies in the industry, thereby excluding any competitive distortions from those who do not abide by the code; and (iv) willingness of the government to view self-regulation as an alternative rather than just a supplement to mandatory regulation. This is evident from the Indian example, as Amazon did not accept the IAMAI code, while the Indian government was unwilling to consider self-regulation as enough.
Emerging Challenges
Generative AI and Synthetic Content: Liability questions around generative AI and deepfakes/synthetic media complicate liability frameworks that assume human editorial oversight and decision-making. Both the new Digital India Act and the EU's AI Act raise interesting questions about liability for AI-related harms but do not sufficiently address the question of OTT liability.
Data Protection Compliance Matrix: India's DPDPA, which includes stringent consent conditions, cross-border data transfer limitations, and heightened children's data protection rules, further complicates the compliance matrix.
Convergence of ASEAN Regulations: OTT services regulation is being drafted in three ASEAN member states: Malaysia, Thailand, and Vietnam. Although convergence would make for a more streamlined regulatory compliance process, it is happening at a slow pace, and harmonization between member states appears unlikely in the near term.
Brisbane Effect: Applying EU-compliant content moderation standards on a global scale could lead to an exportation of EU governance principles into jurisdictions with very different democratic values.
Conclusion and Legal Recommendations
In terms of structure, the global landscape concerning OTT content liability is highly fragmented. No international agreement exists regarding the acceptable types of content, its regulating body, and how it should be regulated. Netflix operates within an environment characterized by mandated co-regulatory regimes (such as the IT rules in India, EU DSA regulations), pre-screening requirements (such as Indonesia’s LSF), the use of broadcast licenses for compliance (RTÜK in Turkey), and politically motivated censorship (Saudi Arabia/GCC).
Regulation in emerging markets indicates clearly that self-regulation is becoming increasingly difficult due to increased politicization of OTT services. In essence, platforms, such as Netflix, used to enjoy the benefit of regulatory autonomy as a competitive advantage. This is no longer the case. Compliance has become a central part of business strategy.
Author: Vaidehi Singh , in case of any queries please contact/write back to us via email to chhavi@khuranaandkhurana.com or at Khurana & Khurana, Advocates and IP Attorney.
Recommendations
Invest in Infrastructure for Local Legal Systems
Be Proactive in Developing Regulation
Create Legally Defensible Protocols for Geo-blocking
Promote Protective Self-regulation through Voluntary Groups
Issue Comprehensive Transparency Reports
Draw and Announce Principles-based Red Lines
Key References
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, Government of India
Information Technology Act, 2000 (as amended), Government of India
Broadcasting Services (Regulation) Bill, 2023/2024 (Draft), Ministry of Information and Broadcasting
Digital Personal Data Protection Act, 2023, Government of India
Regulation (EU) 2022/2065 — Digital Services Act, European Parliament and Council
ITE Law No. 11/2008 and Government Regulation No. 71/2019 (PSE Regulation), Republic of Indonesia
Kunal Kamra v. Union of India, Bombay High Court (September 2024)
Bombay High Court — Stay of IT Rules 9(1) & 9(3), Agij Promotion of Nineteen (P.) Ltd. v. Union of India (2021)




Comments