The court ruling stems from a Bengaluru-based firm’s plea after its employees were targeted with deepfake-laced, obscene emails sent via Proton Mail. The court invoked Section 69A of the IT Act to demand immediate action.
A Legal First: India Moves Toward Blocking a Global Encrypted Email Provider
In a significant development with international legal ramifications, the Karnataka High Court has directed the Union Government to initiate proceedings to block access to Proton Mail in India under the Information Technology (IT) Act, 2000. The encrypted email service, developed by Proton AG, a Switzerland-based company, has come under judicial scrutiny for allegedly being misused to circulate explicit, AI-generated deepfake content targeting employees of an Indian firm.
The ruling was delivered by Justice M. Nagaprasanna, in response to a petition filed by M. Moser Design Associates India Pvt. Ltd., Bengaluru, which alleged a disturbing cyber abuse campaign that leveraged Proton Mail’s encryption and anonymity features.
The court also ordered the immediate blocking of specific offending URLs mentioned in the petition until a formal decision is reached under Section 69A of the IT Act, read with Rule 10 of the Blocking Rules, 2009.
The Case: Obscene Emails, Deepfakes, and Untraceable Senders
The petitioner company approached the court after several female employees received highly offensive emails, including obscene, abusive content and AI-generated deepfake images, via Proton Mail accounts.
The firm alleged that despite filing a First Information Report (FIR) in November 2024, little progress had been made in tracing the culprits or gathering digital evidence.
The emails, cloaked in end-to-end encryption, made it nearly impossible for local enforcement agencies to identify the perpetrators without assistance from Proton AG. However, the company allegedly refused to cooperate, citing that its servers are based outside India and it is therefore not subject to Indian law.
The petitioner emphasized that Proton Mail gives users the option to select India as a server location, potentially misleading users into believing that the company operates within Indian jurisdiction—an issue the court took note of while delivering its directive.
Section 69A Invoked: National Law Meets Global Encryption
By invoking Section 69A of the IT Act, the High Court has set in motion a rarely exercised power that allows the government to block access to online platforms in the interest of sovereignty, security, or public order. The section mandates procedural safeguards but gives the Centre authority to act against platforms that fail to comply with Indian legal processes.
The court noted that despite international legal cooperation frameworks between India and Switzerland, law enforcement agencies had not effectively pursued action via Mutual Legal Assistance Treaties (MLATs) or other diplomatic channels. This judicial observation underscores long-standing tensions in cyberspace regulation: global services offering encryption often fall into legal grey zones in jurisdictions where they operate without physical presence.
India has increasingly taken a stricter stance on encrypted platforms amid growing reports of cyber abuse, child exploitation, and financial frauds conducted anonymously. Blocking Proton Mail would mark one of the strongest steps yet by Indian courts against global privacy-centric tech platforms.
The Road Ahead: A Legal Test for Encrypted Communications
Legal experts say this case could become a landmark precedent for how Indian authorities deal with privacy-focused tech platforms operating outside the country’s legal framework. It may also fuel debates over the right to encryption versus the need for accountability, especially in criminal investigations involving vulnerable individuals.
Proton Mail, globally known for its strong stance on user privacy and refusal to cooperate with governments unless compelled by Swiss law, has not yet responded publicly to the ruling.
The Union Government now faces a tight timeline to initiate formal blocking procedures against Proton Mail and navigate the diplomatic complexity of engaging with a Swiss entity protected by Europe’s strict data laws. The Ministry of Electronics and IT (MeitY) is expected to weigh the court’s order alongside international treaty obligations and public interest considerations.
For now, the offending URLs will remain blocked, and legal proceedings against Proton AG are to be initiated in earnest.