On 20 March 2025, the French National Assembly voted down Article 8 of the proposed Drug Trafficking Bill (“Proposition de loi visant à sortir la France du piège du narcotrafic”), marking a significant victory for digital privacy advocates. The amendment introduced by the French Senate would have forced messaging platforms like Signal and WhatsApp to weaken their encryption by creating backdoors allowing law enforcement agencies access to people’s private conversations in real-time. Although presented as an aid to law enforcement in tackling drug trafficking, the proposal sparked widespread concerns for its potential to erode digital privacy, weaken encryption, and undermine fundamental rights. It sets a pivotal precedent in the global debate over lawful access to encrypted communication.

India stands at a similar constitutional crossroads. Rule 4(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, mandates that “significant social media intermediaries” enable the identification of the first originator of a message upon government request. Underlying this apparently procedural mandate is a sinister threat to the integrity of encryption and the privacy right. Effectively, the regulation compels digital platforms to construct traceability features that either disable or bypass encryption—a step that subjects all users’ communications to possible surveillance.

The constitutionality of Rule 4(2) is challenged in the Delhi (WhatsApp LLC v Union of India), Bombay, and Madras High Courts. Petitioners contend that it infringes on the right to privacy as declared by the Supreme Court in Justice K.S. Puttaswamy v Union of India. In this case, the SC upheld that the right to privacy is a constitutional right under Article 21 of the Constitution. This milestone judgment put a strict three-pronged test for any State action: the measure should have a basis in law, aim at a legitimate goal, and be proportionate. Rule 4(2) fails on all three counts. It lacks a clear statutory foundation, relying instead on delegated legislation; it cites a broad and undefined objective of curbing misinformation; and it creates an architecture of mass surveillance without judicial safeguards. Encryption, once weakened, cannot discriminate between lawful and unlawful users—its compromise endangers all.

The implications of such a rule extend well beyond the boundaries of constitutional doctrine. Encryption is not merely a technical feature but a foundational element of trust in the digital public sphere. It enables individuals to communicate freely, securely, and without fear of intrusion. Undermining encryption threatens more than just privacy; it has a chilling effect on freedom of expression, association, and the press. It poses an existential threat to whistleblowers, dissenters, journalists, and vulnerable communities whose digital lives depend on confidentiality. In Anuradha Bhasin v Union of India (2020), the Supreme Court reaffirmed that restrictions on fundamental rights in the digital domain must be reasonable, necessary, and based on transparent procedures. The traceability mandate under Rule 4(2) fails to meet this standard.

The gaps in India’s data protection framework further highlight the urgent need to safeguard encryption. The Digital Personal Data Protection Act of 2023 fails to provide substantive protection against state surveillance. It allows broad exemptions for government agencies and does not explicitly address or protect encrypted communication. Hence, it creates a legislative vacuum in which traceability mandates can be implemented with little oversight, eroding digital privacy in the digital sphere.

France’s rejection of Article 8 places constitutional rights at the forefront. The Indian judiciary now has to step up to a comparable moment. The current constitutional challenges to Rule 4(2) constitute a pivotal moment for privacy. India must resist the growing global shift toward undermining encryption. What is at stake is far more than technical infrastructure but the integrity of constitutional democracy itself. France has shown that protecting public safety without compromising fundamental rights is possible. India must chart a similar course. As the judiciary considers the legality of traceability mandates, it must recognize its role as an interpreter of constitutional text and as a guardian of human dignity, individual freedom, and the future of digital rights. End-to-end encryption is not a barrier to justice. It is a safeguard of liberty—a moral and legal cornerstone of any democracy that claims to respect the rights of its people.