Exporters have raised concerns regarding India’s application of customs valuation criteria to import transactions. Reports indicate that Indian customs officials occasionally reject the declared transaction value of imports, particularly for products with established benchmark prices in India. This practice can potentially increase export costs beyond the expected levels based on India's applied tariff rates. Companies have also reported extensive searches and seizures of imports, which do not seem to be risk-based. Additionally, India's customs authority typically demands extensive clearance documentation, resulting in prolonged processing delays.

According to the Import Export Classification, Indian Trade Classification – Harmonized System (ITC-HS) Code, and Import Policy 2012, certain goods require special permission or licensing in order to be imported. Selected consumer goods, including radio and TV broadcast transmitters and communication jamming equipment, are qualified as licensed/restricted items that can only be imported after obtaining an import license from India’s Directorate General of Foreign Trade (DGFT). However, it has been reported that India is increasingly using import licenses at the discretion of the authorities to limit imports of sensitive products. In addition, it is reported that the licensing system is not automatic as it involves delays, and authorised quantities can be lower than requested. Licenses are granted to actual users.

Under Section 69 of the Information Technology Act, both central and state governments are empowered to instruct any government agency to intercept, monitor, or decrypt electronic information. This authority can be exercised on the following grounds: in the interest of India's sovereignty or integrity; for the security of the State; to maintain friendly relations with foreign states; for public order; or to prevent or investigate the commission of an offence. Additionally, under Section 69B, the government is authorised to permit any agency to monitor and collect traffic data or information exchanged through a computer resource.
The Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules of 2009 and the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules of 2009, both promulgated under the Information Technology Act, provide procedural guidelines for carrying out such interception and monitoring. For example, Rule 3 of the latter Rules permits the collection and/or monitoring of traffic data or information via a computer resource for several purposes, including: forecasting imminent cyber incidents; monitoring network applications; identifying and determining viruses or computer contaminants; tracking cybersecurity breaches or incidents; identifying individuals who have breached or are suspected of breaching cybersecurity measures; conducting forensic analyses as part of investigations or internal audits of information security practices; accessing stored data for the enforcement of cybersecurity law; or addressing any other cybersecurity-related issues.

Pursuant to Section 5 of the Telegraph Act and the Telegraph Rules, the Government has the power to temporarily possess licensed telegraphs and order the interception or disclosure of messages sent through such devices. The definition of a telegraph is fairly wide: it means any appliance, instrument, material, or apparatus used (or that is capable of being used) for transmission or reception of signs, signals, writing, images, and sounds or intelligence of any nature by wire, visual, or other electromagnetic emissions, radio waves or Hertzian waves, or galvanic, electric, or magnetic means. It is not clear whether a court order is required to access the data.

The Information Technology Act establishes a safe harbour regime for intermediaries for copyright infringements. Section 79 of the Act provides intermediaries with qualified immunity for unlawful content as long as they follow the prescribed due diligence requirements and do not conspire, abet or aid an unlawful act. However, the protection lapses if an intermediary with "actual knowledge" of any content used to commit an unlawful act or, on being notified of such content, fails to remove or restrict access to it.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules of 2021 establish a safe harbour regime beyond intermediaries for copyright infringement. According to Rule 3.1(d), an intermediary, after receiving 'actual knowledge' through a court order or by being notified by a government agency, must remove information that is prohibited by law in relation to the interest and sovereignty of India, the security of the state, friendly relations with foreign states, public order, decency or morality, contempt of court, defamation, incitement to an offence or information which violates any law which is in force. Such information has to be removed within thirty-six hours from receipt of actual knowledge by the intermediary.
In addition, "significant social media intermediaries", defined as having more than five million registered Indian users, need to observe additional due diligence requirements to claim the immunity/safe harbour available. Rule 6 of the Information Technology Rules provides that even if a social media intermediary does not meet this user threshold, the Central Government may still require an intermediary to meet these additional obligations if it believes that their operations create a material risk of harm to the sovereignty and integrity of India or to the security of the State. This discretion to the Central government may lead to the arbitrary imposition of additional obligations on certain intermediaries. The additional due diligence requirements include appointing certain personnel for compliance, enabling identification of the first originator of the information on its platform under certain conditions, and deploying technology-based measures on a best-effort basis to identify certain types of content.

According to the Regulation on the Use of Aadhaar e-KYC Service of the Unique Identity Authority of India (UIDAI) for Issuing New Mobile Connections and Re-Verification of Existing Subscribers via OTP-Based Authentication, Indian citizens are required to register their SIM card with their Aadhaar Card (a type of national identity card). Foreigners have to provide their passport, a photocopy of their Indian visa/ travel permit, a passport-sized photo and contact details.

According to Art. 3.3 of the Information Technology Intermediaries Guidelines Rules, intermediaries are required to deploy technology-based automated tools or appropriate mechanisms with appropriate controls for proactively identifying and removing or disabling public access to unlawful information or content.

Section 69 of the Indian Information Technology Act (IITA) requires intermediaries to extend all facilities and technical assistance to intercept, monitor or decrypt information as well as to provide information stored in a computer or provide access to a computer resource when called upon to do so by certain agencies. This extends to online intermediaries, which are required to designate an officer to facilitate the execution of such orders. Intermediaries that fail to meet these obligations may be punished with imprisonment of up to seven years.

According to Art. 4.2 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules of 2021, a significant social media intermediary (defined as a social media intermediary having a number of registered users in India above five million) providing messaging services must enable identification of the first originator of the information on its computer resource as may be required by a judicial order or an order passed by a competent authority. In complying with an order for the identification of the first originator, a significant social media intermediary will not be required to disclose the contents of the electronic message related to the first originator or other users. No order must be passed in cases where there are less intrusive means of identifying the originator of the information.

According to Art. 8 of the The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules of 2009, an officer so designated by the Central Government under the Rules (known as 'Designated Officer') can on the receipt of a request from any nodal officer of a government organisation or a competent court or by an order of any agency of the government can block access by the public to any information transmitted, received, stored or hosted in any computer resource. The request will be examined by a committee consisting of the designated officer, its chairperson, and representatives, who shall determine if the information must be blocked.

According to the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017, national or state-level officials are allowed to issue temporary suspension orders to shut down telecom services in times of public emergency or threats to public safety. However, each order should contain reasons for shutdowns of telecom services and should be forwarded to a review committee for assessment.

It is reported that in April 2022, the Indian Ministry of Information and Broadcasting (MIB) issued several orders to social media and news companies to block access to twenty-two YouTube channels, three Twitter accounts, one Facebook account, and a news webpage. The MIB noted that those twenty-two YouTube channels were spreading “anti-Indian” content and false information regarding the “situation in Ukraine”, which could endanger India’s foreign relations. The MIB decision follows the adoption of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules of 2021, giving the ministry the power to restrict access to content during emergencies where “no delay is acceptable". In addition, it has been reported that the government has routinely blocked specific websites or successfully pressured social media platforms to block content in India. According to reports, nearly 7,000 social media posts and accounts were blocked in 2022.

It is reported that authorities in India use the Telegraph Act of 1885 and the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules of 2017 to impose internet shutdowns. Under Section 5.2 of the Telegraph Act, government authorities are authorised to halt the transmission of messages or classes of messages in cases of public emergency or for public safety. Additionally, the 2017 Temporary Suspension of Telecom Services Rules, established under Section 7 of the Telegraph Act, permit only national- or state-level officials of a certain rank to order temporary suspensions during public emergencies or threats to public safety. These rules mandate that each shutdown order must be justified and submitted to a review committee for assessment. In November 2020, the government amended the rules to specify that a shutdown order cannot remain in effect for more than 15 days, although such orders may be renewed.
It is reported that internet shutdowns are a common practice since 2010. These shutdowns are often justified by officials as necessary to maintain law and order, prevent violence or communal tensions, limit protests, combat disinformation, or deter cheating during exams. In 2023, India recorded 116 internet shutdowns, the highest globally. For instance, in April 2023, internet services were suspended in Jamshedpur, Jharkhand, following communal violence involving stone-pelting and arson. In Manipur, an internet shutdown lasted an unprecedented 212 days, during which the state government issued 44 consecutive orders to disconnect broadband and mobile networks. Although some fixed broadband services began to be restored under specific conditions in July 2023, full restoration occurred in September 2023. Additionally, in Haryana, mobile internet services were suspended for two weeks in August 2023 and again for two days in September due to violence sparked by a procession organised by the Hindu nationalist group Vishva Hindu Parishad (VHP) in a Muslim-majority area.
In addition, the indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 2 in India for the year 2023. This corresponds to "The government shut down domestic access to the Internet several times this year."

According to the License Agreement for Provision of Internet Services, the Internet Service Provider licensee shall maintain all commercial records, call detail records, exchange detail records, and IP detail records with regard to the communications exchanged on the network. Such records shall be archived for at least two years for scrutiny by the Licensor for security reasons and may be destroyed thereafter unless directed otherwise by the Licensor.