‘Disturbing public order’ tops takedown list as MHA flags over 1,100 X posts

More than half the content takedown notices issued by the Ministry of Home Affairs (MHA) to X Corp since March 2024 have cited the sweeping ground of “disturbing public order”, according to records reviewed and filed before the Delhi High Court.

The data reveals an aggressive and expanding use of Section 79(3)(b) of the Information Technology Act, even as X continues to legally challenge the legitimacy of the process.

In a nearly 20-month span beginning March 2024, the MHA, through its Indian Cyber Crime Coordination Centre (I4C), issued 91 takedown notices to X, flagging over 1,100 URLs for alleged legal violations. Of these, 566 URLs — nearly 50% — were categorised as disturbing public order, followed by 124 URLs accused of targeting political leaders and public figures.

The remaining notices span allegations ranging from electoral influence and defamation to national security threats, impersonation and child sexual abuse material. Yet, only 14 of the 91 notices across this period alleged what the government described as direct criminal activity.

Election season spike

The most striking surge came during the Lok Sabha elections of April–May 2024, when 761 URLs were flagged. Nine notices alone, all issued in May 2024, targeted 198 poll-related posts, explicitly invoking provisions of the Representation of the People’s Act.

The single largest takedown order was issued on May 13, 2024, flagging 115 URLs linked to an allegedly doctored video accused of spreading misinformation “with the intention to influence ongoing electoral processes”. Several of the flagged links, records show, were associated with Opposition party handles.

X Corp pushed back on multiple occasions, asking the I4C to re-evaluate specific URLs — including a post from the Aam Aadmi Party’s Uttar Pradesh handle — arguing that they did not violate the laws cited by the government.

Targeting leaders and public figures

The notices also show repeated interventions involving content linked to top political leaders:

• Nine notices flagged 21 URLs allegedly involving manipulated content related to Prime Minister Narendra Modi, including digitally altered images featuring industrialist Gautam Adani.
• Six notices sought takedown of 91 URLs over alleged fake or manipulated content featuring Union Home Minister Amit Shah. In one December 2024 notice involving 28 URLs — including posts by Congress leaders Jairam Ramesh and Supriya Shrinate — X objected, stating that most links did not meet the legal threshold cited.
• Other notices cited “fake and AI-generated content” targeting ICC chairman Jay Shah, defamation of Union ministers, and a CBC documentary on the killing of Hardeep Singh Nijjar, which the MHA claimed tarnished India’s global image.

Criminal activity a minority

Despite the volume of notices, direct criminal allegations were relatively limited. These included:

• 37 URLs linked to betting apps such as Mahadev,
• 16 accounts flagged for child sexual abuse material,
• 40 URLs involving impersonation and potential financial fraud — including fake government handles and accounts allegedly linked to banned extremist groups.

Operation Sindoor and national security

Another sharp rise followed Operation Sindoor in 2025, with notices increasingly invoking threats to India’s sovereignty, integrity and security. Five notices covering 56 URLs cited national security concerns, while others — for the first time — invoked provisions of the Unlawful Activities (Prevention) Act (UAPA) and cyber terrorism clauses under the IT Act.

In one April 2025 notice, days after the Pahalgam attack, the MHA warned that content could incite unrest and pose “a serious risk to national security”. Subsequent notices accused posts of spreading false information about the India-Pakistan conflict and being critical of the Indian Army.

Legal battle over takedown powers

At the heart of the dispute is Section 79(3)(b) of the IT Act, under which the I4C issued all 91 notices. X Corp has argued that takedown and blocking orders must instead be routed through Section 69A, which mandates procedural safeguards and is traditionally limited to national security and public order cases.

The company has also resisted onboarding onto the MHA’s Sahyog portal, which issues takedown requests under the same provision — a challenge currently pending before the Karnataka High Court.

In its affidavit to the Delhi High Court, the MHA accused X of “objecting to the authority” of the government to notify unlawful content for removal, signalling a legal confrontation that goes beyond individual posts — and into the core question of how far the state’s digital censorship powers can extend.