— Info Edge Q4 investor presentation

Shiksha’s website traffic was already collapsing due to AI-powered Search. Now, it is directly impacting billings on the platform, said Hitesh Oberoi, managing director and CEO of internet classifieds company Info Edge.

“AI-driven changes in search behaviour have been affecting Shiksha’s traffic for several quarters. In Q4, this translated into a more direct billing impact as reduced referral search traffic from Google affected client deliveries,” Oberoi said during the company’s latest earnings call.

Shiksha is the education arm of Info Edge. It reported a 13% decline in billings to Rs 45.1 crore for the quarter ended March 31, 2026 (Q4 FY26), down from Rs 51.8 crore in the year-ago quarter.

This marks the first year-on-year decline in billings on the platform in the last six quarters.

The ‘Google Zero’ effect: Shiksha is not the only company that has expressed concerns over declining search traffic recently. Earlier this month, Roger Lynch, CEO of Condé Nast, the company that publishes Vogue and Vanity Fair, reportedly told his teams to operate on the assumption that Google would not send them any traffic at all—the so-called “Google Zero” effect.

The commentary comes at a time when Google Search is becoming an AI-driven answer engine, responding to queries directly instead of directing users to other websites. While publishers and education websites like Shiksha previously relied on search-driven traffic for visitors and sales, Google’s rollout of AI Overviews and AI Mode within Search has dramatically reduced the number of clicks. A recent study by marketing firm Ahrefs suggests that Google’s AI Overviews have led to a 58% drop in click-through rates for top-ranking search results.

How Shiksha plans to survive AI headwinds: Oberoi told analysts on the call that the company expects AI Search headwinds to persist “over the near term.” To stay competitive in the education business and sustain growth, Shiksha is scaling up its domestic counselling offerings and investing in AI-driven voice bots.

The education classifieds platform is betting that stronger adoption and monetisation of these services will, over time, compensate for the damage that AI has done to its traffic and billings.

Earlier this year, in February, MediaNama reported that Shiksha was pivoting to domestic counselling and marketing services amid declining search traffic. In India, it competes with Collegedunia, Careers360 and College Dekho.

Demand slowdown in the study abroad segment: Within the education vertical, demand softened in certain markets, particularly the US and Canada, due to shifting student preferences and macroeconomic conditions.

To navigate this, Shiksha is expanding its offerings to cover other destinations, with an increased focus on the UK, UAE, and continental Europe, to better align with shifting student demand, Oberoi told analysts during the earnings call.

While billings on the platform declined year-on-year, revenue from operations grew 11% to Rs 44.2 crore in Q4 FY26 from Rs 39.8 crore in Q4 FY25. The business also turned profitable at the operating level. It reported an operating profit of Rs 13 crore during the quarter under review, reversing from a loss of Rs 1 crore a year earlier.

Key operating metrics — FY26

• 68,000+ colleges
• 570,000+ course listings
• 1600+ unique clients
• 702 million+ annual page views
• 322 million+ annual visits
• 8.3 million+ annual registrations
• 2.8 million+ questions asked
• 685,000+ student/alumni reviews

Also Read:

• Info Edge Q3 FY26 Earnings: AI Disruption Pushes ‘Shiksha’ to Pivot Business Model
• Key Takeaways from InfoEdge’s Q3FY25 Earnings Call: AI Integration, Growth Amid Slowdown, & GCC Expansion
• Info Edge Arm Jeevansathi to Invest Rs 10 Cr to Acquire 100% Stake in Dating Apps Network, Aisle

The post After choking traffic, AI dents billings for Shiksha: Info Edge Q4 FY26 earnings appeared first on MEDIANAMA.

Update (May 27, 2026): It was just a testing site, no security breaches occurred in the real portal says CBSE: “The Portal used for evaluation of answer-books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post. The URL: http://cbse.onmark.co.in is the testing site only with sample data for internal testing and review purposes. There are no actual evaluation data, marks or other data held on that portal. The Board emphasises that no security breaches have come to light on the Portal deployed for the actual evaluation work,” wrote CBSE on X after Nisarga Adhikary’s tweets and blog post went viral.

Video demonstration of vulnerabilities: CBSE didn’t directly denied Adhikary’s claims. Responding to CBSE’s statement, he posted a video of screenrecording remonstrating the security vulnerabilities on the marking portal. You can watch the video here. 

Addressing the domain-related controversy, Pranesh Prakash, Principal Consultant at Anekaanta, said, ” The claim by @ni5arga is about http://cbse.onmark.co.in (domain first registered in 2019). CBSE’s denial mentions http://cbse.onmarks.co.in (which was registered around 10 minutes ago, at 2026-05-26T14:55:21.253Z). They cannot even get the domain name correct in their denial.”

Cybersecurity researcher Karan Saini verified Adhikary’s claims: “I have been able to independently verify @ni5arga ‘s claim about the “master password.” Yes, it existed (as far back as January 2026) and is 100% real. Here is the archive link for those interested,” he wrote linking to the archived link of app’s java script bundle. You can access the archived code here.

Read Internet Freedom Foundation’s (IFF) statement on this issue here: [ Blog Post | Email to Ministry of Education ]

Original Story (May 26, 2026): Nisarga Adhikary, a Bengaluru-based cybersecurity researcher who recently completed 12th grade, reported the Central Board of Secondary Education (CBSE) On-Screen Marking (OSM) system’s security vulnerabilities to India’s cybersecurity agency, CERT-In, and said he “never heard back” after the agency acknowledged his complaint with a templated response, despite several follow-ups. He reported vulnerabilities he discovered to CERT-In shortly after February 25, 2026, when he discovered the following vulnerabilities. 

What is CBSE’s On-Screen Marking system? On-Screen Marking (OSM) is a digital evaluation system in which scanned answer sheets are displayed on screen for grading, according to the FAQ-like document published by CBSE on May 18, 2026. Read the entire document here.

At the time of writing this report, the URL of the On-Screen Marking system reads a “502 Bad Gateway” error. Here is the URL.

What are the vulnerabilities he found: 

1. A master password was hidden in the website’s code: “Sitting in plain text inside the frontend bundle was a hardcoded master password. Not a hash, not a token reference, but the literal password string, baked directly into the client-side JavaScript that gets shipped to every visitor’s browser,” he wrote. 
   
   What it means: When a user visits the CBSE On-Screen Marking portal, their browsers automatically download a JavaScript file containing the application’s entire frontend code. The file is publicly accessible, and if the user gets access to the master password, the app will skip the OTP-based authentication, allowing anyone to view and edit students’ marks. 

2. The OTP for user verification was publicly visible in the browser:
   
   What it means: When an examiner logs into the CBSE portal, the server is supposed to send a one-time password for the user’s (i.e., examiner’s) verification. Instead of verifying the OTP at the server level, it was sending the OTP back to the user’s browser inside the login response and “verifying” the user based on whether the user typed it correctly or not. It means that the OTP is generated and “verified” at the browser level and never sent to the servers at all.

“A security control that runs on the attacker’s machine isn’t a control at all.” – Nisarga Adhikary . 

3. Any internal page of the portal could be accessed without logging in: “Paste that [a few lines of code] into the browser console, and you’re dropped onto the dashboard, having never authenticated against anything. The token is fake, the user is invented, and the app doesn’t care,” he wrote.
   
   What it means: Every internal page of the portal (like dashboard, profile, evaluator details, verification dashboard, evalscriptsview, and heallscripts) was directly accessible by typing the URL. The ideal behaviour would be to redirect the user to the login page (which was also broken, as the researcher claims). He said that the app checks for login status by looking at a few values (like jwtToken, role_id, etc.); if anyone could alter these and paste them in a browser console, then the users can access the internal pages– which they ideally shouldn’t have access to.  

4. Any examiner’s password could be reset without knowing their current password: “The ‘oldpassword’ variable exists in the component; it’s just never included in the request that goes to the server. The current password is never verified. Whatever ValuatorID you put in the body gets its password reset to whatever you choose,” he wrote.
   
   What it means: Generally, when someone wants to change their passwords, the apps might ask them to enter the previous or current password to ensure that the actual person is requesting to change their password. However, in this case, the CBSE portal had the input field for the old password on screen, giving the appearance of that protection. But when the user enters the “current password” or anything, the app collects it and quietly discards it and never checks with the database on their servers. That means anyone could reset any examiner’s password to anything they liked, as long as they knew the examiner’s ID

5. Anyone could impersonate any examiner across the entire system just by changing one value in their browser: “Almost every API call in the app identifies the acting user by reading ValuatorID / user_id straight out of sessionStorage[“eval”], the same browser-storage object I showed editing above. The server trusts whatever ID the client sends instead of deriving it from the authenticated session,” he wrote.
   
   
   What it means: Ideally, when a user logs in to the CBSC portal, they should identify the user based on their database. However, in this case, the app accepts any identity that the user enters through “editing one value in your browser.” If you combine all these flaws, any capable user can change their browser’s examiner ID to that of any examiner and trigger a password reset, replacing the examiner’s original password with any password that they want and log in. This can enable them to “edit marks, change examiner details, and tamper with the evaluation process.”

One more: “This is really, really bad. I found another severe vulnerability in CBSE’s OSM portal. Just sent another report to CERT-In,” he wrote on X, posting a redacted screenshot of another newly discovered vulnerability.

Cert-In’s templated response read: “Dear Sir, Thank you for reporting this incident to CERT-In. We have registered your complaint/incident under Ref: CERTIn-XXXXX. We are in the process of taking appropriate action with the concerned authority,” he wrote along with the screenshot of the email response.  

Reacting to this on his blog, he said: 

Authorities failed to act, despite flagging vulnerabilities that could’ve been fixed in hours: “It’s honestly funny that most of the vulnerabilities I reported went unpatched for a long time, when I’d have fixed them in an hour or two if they were mine to fix. The sheer incompetency of our authorities baffles me.”

Several students complained about answer sheet mix-ups: “After receiving unexpectedly low marks in Physics, we applied for photocopies of my answer sheets through the CBSE reevaluation process. Today we received the copies. And I am shattered because the Physics answer sheet uploaded by CBSE is not mine,” wrote Vedant Shrivastava, a class 12 student. Read more here: [ His Twitter thread | Instagram Reel ]. 

After his thread went viral, CBSE officials reached out to him with the correct answer sheet. Several students also reported a large number of unexpectedly low marks across subjects.

Some more issues with the system: According to the Indian Express, some of the issues are:

• Payment gateway failures preventing students from requesting scanned copies of their evaluated answer sheets.
• Blurred and illegible scanned copies of answer sheets,
• Arithmetic errors in grading system
• Answers left unmarked
• Server downtime
• Login issues 

IIT-Madras sends two people to Delhi to fix: “We just go and do a complete health check-up of the website, and also find the root cause analysis, what went wrong,” said IIT Madras Director V. Kamakoti. He also said, “Maybe it’s a cyberattack also,” where someone “could have launched a lot of packets, like what you call denial of service.” They need to access the logs to ascertain that.

MediaNama sent an email to Cert-In asking whether the researcher’s claims are accurate and what action, if any, has been taken against the vulnerabilities. We will update this story if we receive a response.

Note: The article was updated on May 27, 2026, at 11 am to update the copy with statements of CBSE, Pranesh Prakash, IFF and Karan Saini’s confirmation of vulnerabilities.

Also Read: 

• Summary: CERT-In’s cybersecurity guidelines for government entities
• RTI: No details on how many entities have complied with CERT-In’s cybersecurity directions
• India’s cybersecurity agency warns about threats posed by AI models

The post CERT-In failed to act on vulnerabilities flagged in the CBSE online marking portal appeared first on MEDIANAMA.

Until now, users needed a phone number to contact someone on the platform. With this feature, people can choose a public identity similar to platforms like Telegram and Instagram, while keeping their phone numbers hidden from those who contact them via usernames.

The feature has been in development since at least 2023, with references appearing in beta versions of the app before wider testing began earlier this year. WhatsApp is now gradually enabling it for select users on Android, iOS, web, and desktop platforms.

How the feature works: Users who gain access will see a new “Username” option inside profile settings. Once set up, users can share their username instead of their mobile number while chatting with new contacts. However, phone numbers will still remain linked to accounts for login, verification and recovery purposes.

WhatsApp says usernames are optional, meaning users can continue using the app exactly as before without creating one.

Rules for creating usernames: The rollout also comes with several restrictions. Usernames must be between 3 and 35 characters long, contain at least one letter, and cannot begin with “www.” or end with domains such as “.com” or “.net”. Only lowercase letters, numbers, periods and underscores are allowed.

Meta account integration and privacy concerns: Earlier reports from beta trackers suggested that WhatsApp may also integrate usernames with Meta’s broader account system. In some cases, users could claim usernames already linked to their Instagram or Facebook accounts through Meta’s Accounts Center verification process.

That integration could also create new privacy concerns. Using the same username across WhatsApp, Instagram, and Facebook may make it easier for strangers to connect identities across platforms.

Extra privacy controls may come later: Previous beta reports had also pointed to an optional ‘username key’ system — a four-digit code that users could share alongside their username to limit who can contact them for the first time. However, WhatsApp has not publicly confirmed a wider rollout timeline for that feature.

Gradual rollout after years of testing: The company introduced the feature gradually to avoid disrupting WhatsApp’s existing phone number-based infrastructure. The feature is currently available to a small group of users, with a broader rollout expected over the coming months.

Read more:

• WhatsApp Announces Parental Controls for Pre-Teen Accounts, But DPDP Consent Questions Remain
• Texas sues Meta and WhatsApp over encrypted chat claims
• Meta offers free WhatsApp access to rival AI chatbots amid EU probe

The post WhatsApp rolls out usernames: What changes, what stays the same appeared first on MEDIANAMA.

Pope Leo XIV has issued a sweeping warning about the social, political, and human consequences of artificial intelligence, arguing that societies must urgently decide whether AI will serve humanity or deepen inequality, manipulation, and dehumanisation. In a new encyclical, the Pope said rapid advances in artificial intelligence, robotics and data systems are reshaping daily life, institutions, and global power structures while concentrating control in the hands of a small number of tech companies and economic actors.

AI, Power and Big Tech: The Pope warned that control over “platforms, infrastructure, data, and computing power” is increasingly shifting from governments to “major economic and technological actors.” He cautioned that such concentration of digital power could create “new dependencies, exclusions, manipulations, and inequalities.”

Pope Leo also warned that a small number of powerful groups could use AI to “shape information and consumption patterns, influence democratic processes and steer economic dynamics to their own advantage.” He argued that data “should not be treated as something to be sold off or entrusted to a select few” and called for thinking about data as “a common or shared good.”

On military and geopolitical competition, he called to disarm AI, warning against a global race for “ever more powerful algorithms and larger datasets” driven by commercial and geopolitical dominance. “To disarm does not mean rejecting technology, but preventing it from dominating humanity,” he said.

AI and Human Relationships: The Pope said people should not confuse machine intelligence with human intelligence. AI systems, he said, “do not undergo experiences, do not possess a body, do not feel joy or pain,” and “do not have a moral conscience.”

He said AI systems may imitate empathy and understanding, “but they do not understand what they produce.” Pope Leo warned that AI tools can encourage people to seek “ready-made answers” while weakening “personal creativity and judgment.”

The Pope further warned that AI-generated conversations and emotional simulations could create “the illusion of a relationship with a real personal subject.” He said AI is no longer just a tool but “already an environment in which we are immersed.”

Bias, Exclusion, and Accountability: AI should not be treated as morally neutral, as “every technical tool embodies choices and priorities through what it measures, ignores, and optimises,” said Pope Leo. He warned that automated systems used in areas like employment, credit, and public services could create “new forms of exclusion.”

He further underlined how AI systems risk reinforcing “stereotypes or ideological bias” embedded by developers and designers by allowing algorithms to decide “who is worthy or not” without accountability, removing political responsibility, and hiding injustice “under a veneer of neutrality and objectivity.”

The Pope also raised concerns about hidden labour behind AI systems, saying solidarity requires recognising “the hidden, often exploited workers who sustain algorithmic systems.”

Call for Regulation and Oversight: Calling for stronger regulation, the Pope said, “It is not enough to invoke ethics in the abstract; robust legal frameworks, independent oversight, informed users, and a political system that does not abdicate its responsibility are required.”

“Calling for prudence, rigorous evaluation, and even, at times, a slower pace in adopting AI does not mean opposing progress; instead, it is an exercise of responsible care for the human family,” Pope Leo further added. He underlined that societies must decide, “What are we building?” as AI rapidly reshapes institutions, relationships, and power structures.

He criticised the growing “technocratic paradigm” where “the logic of efficiency, control, and profit alone” increasingly shapes social and economic decisions. The Pope said technologies like AI, robotics, biotechnology, and cognitive science can help society but can also accelerate systems that “reduce creation to an object of exploitation and human beings to mere cogs in a system driven toward ever greater efficiency.”

Environmental and Social Costs: On environmental costs, the Pope said advanced AI systems consume “enormous amounts of energy and water,” increase carbon emissions, and require vast infrastructure, including “machines, cables, data centres and energy-intensive infrastructure.” He warned that the broader technological culture surrounding AI risks normalising “an anti-human vision” where human worth is tied to efficiency and optimisation.

Furthermore, he criticized ideas linked to transhumanism and posthumanism that promote the “enhanced human being” or “human-machine hybrid,” saying such thinking could make it easier to view some lives as “less useful, less desirable, or less worthy.” The Pope argued that human limitations, suffering, and vulnerability should not be treated simply as defects to eliminate, saying humanity often matures “through” limitations rather than despite them.

He underlined that technological progress should only be embraced if it does not destroy “the capacity for relationship and love.” Quoting Saint John Paul II, the Pope asked whether AI “make[s] human life on earth ‘more human’ in every aspect of that life? Does it make it more worthy of man?”

He concluded by warning that societies face two paths: technology that serves people or systems that become “a new form of Babel, a construction that is grandiose, yet fundamentally dehumanising.”

Read more:

• A theory of the Impact of AI: What would a world without apps and the web look like?
• Edward Snowden on the impact of AI on our freedom
• The Future of Humanoid Robots – SuperAI 2025

The post Here is what Pope Leo XIV said about artificial intelligence appeared first on MEDIANAMA.

Google has announced a broad redesign of Search in over 25 years, featuring an AI-powered interface, autonomous task execution, deeper integration with Google apps, and tools for building customised “mini apps” within Search. These updates were unveiled at the company’s annual developer conference, Google I/O 2026.

These changes further shift Search from a list of links to a conversational, AI-driven assistant powered by Gemini models. Google is adding what it calls “agentic” capabilities, allowing users to request multi-step tasks instead of just retrieving information.

AI Mode becomes central to Google Search: “AI Mode,” a conversational search feature Google introduced in 2025, is moving from an experimental option to a core part of the product. It runs on Google’s Gemini 3.5 Flash model and handles longer, more complex queries. Users can feed it documents, images, and browser tabs alongside their search prompts. The search box itself has been redesigned to accommodate back-and-forth conversations rather than short keyword queries.

AI Mode is now live in nearly 200 countries and supports 98 languages.

Search gains autonomous task execution features: Users will be able to ask Search to track projects, monitor updates, organize information, and interact with websites and services autonomously. Google demonstrated use cases such as wedding planning and moving house. These features are built on a system called “Antigravity,” which creates persistent dashboards and lightweight task interfaces inside Search. The feature will launch first for subscribers.

Integration with Gmail, Photos, and Calendar: Users can connect their Gmail and Google Photos accounts to Search, allowing it to pull in emails, receipts, travel bookings, photos, and other personal data to personalize responses. Calendar integration is planned but not yet available. Users can choose whether to enable these connections.

The broader use of personal data in Search will likely draw increased scrutiny over privacy practices and how the system stores and uses what it learns about users.

Search Live introduces real-time multimodal interactions: Google also expanded Search’s multimodal capabilities with “Search Live,” a feature powered by Project Astra.

The system lets users interact with Search in real time through their phone cameras, enabling Search to interpret live video and respond conversationally. This feature builds on Google DeepMind’s previous work on multimodal AI assistants that integrate understanding of text, images, audio, and video.

What does this mean for the web? Google is shifting Search from providing lists of links to generating direct AI answers. This change is already decreasing website and publisher traffic from Search. As zero-click experiences increase, advertisers and publishers that rely on search referrals face growing uncertainty.

Accuracy problems remain unresolved: AI-generated search results continue to be unreliable. Research published in 2026 found that generative search engines sometimes cite AI-generated or low-quality sources. Google’s AI Overviews have previously produced inaccurate summaries and buried original source material. Google says its systems are improving, but independent concerns about accuracy, citation quality, and transparency remain unresolved.

Read more:

• Here are all the major products Google announced at I/O 2026
• Google announces AI advisory council, faces backlash within days
• Google pulls the plug on its AI ethics council just nine days after launch

The post Google I/O 2026 adds Search Live and AI Mode to Google Search appeared first on MEDIANAMA.

Source: MediaNama

Detailed timeline:

1. May 15, 2026: Chief Justice of India Surya Kant compares some unemployed youth to “cockroaches” and “parasites of society” during a Supreme Court hearing on fake professional credentials, according to The Wire. He later said his remarks targeted people using fake degrees, not India’s youth broadly.
2. May 16, 2026: Abhijeet Dipke launches cockroachjantaparty.org and X account @CJP_2029.
3. May 16-21, 2026: The CJP’s Instagram account surpasses the BJP’s 8.7 million Instagram followers within four days of launch, reaching 10.9 million followers by May 21, over 14 million by May 22, and 22.8 million as of May 26. The website records 10 lakh membership signups and 6 lakh signatures on a petition demanding Education Minister Dharmendra Pradhan’s resignation, per Dipke’s post.
4. May 21, 2026: MeitY directs X to withhold @CJP_2029 under Section 69A of the Information Technology Act, 2000, citing Intelligence Bureau (IB) inputs on national security. No public order is issued. The blocking order remains confidential under Rule 16 of the Information Technology (IT) Blocking Rules. A senior government official, speaking anonymously, told The Wire: “MeitY received an input from the IB to block the X account of Cockroach Janta Party, citing that it posed a threat to the sovereignty of India. In particular, the concern stemmed from the fact that the account’s content was gaining traction among young people.” Dipke posts on X: “Within 4 days the account got banned because it got more than 200K following.” He launches a backup account @Cockroachisback, which gains nearly 200,000 followers before MeitY took it down on May 23.
5. May 22, 2026: Ludhiana Police and Punjab Police issue public advisories warning citizens against scammers circulating phishing links on WhatsApp under the CJP name. Clicking the links compromises the victim’s phone and transfers banking details to scammers.
6. May 23, 2026:
   • Website blocked: MeitY blocks cockroachjantaparty.org. Dipke posts on X: “The government has taken down our iconic website. Why is the government so scared of cockroaches?” As of May 26, the website is back up.
   • Instagram hacked: Dipke posts that hackers had compromised the CJP’s official Instagram page and his personal Instagram. Backup X account @Cockroachisback is also taken down. “Please note that we currently do not have access to any of our platforms. Any post made after this should not be considered an official statement from the Cockroach Janta Party.”
   • Fake impersonation account: Dipke alleges that @Cockroach4India impersonates the CJP and, without providing evidence, claims that the BJP IT Cell created the account. Trademark squatting: Three parties filed trademark applications for “Cockroach Janta Party,” The Week reported. None of the filings is by Dipke.
   • Dipke’s response (X): “You can hack and withhold the accounts but you cannot hack this movement. We are not going to stop and we will keep raising our voice against this autocracy. Every attack makes cockroaches stronger.”
7. May 25, 2026: A petitioner files a Supreme Court PIL seeking a CBI investigation into the commercial exploitation of CJP-linked courtroom proceedings, alleging someone monetised and circulated clipped audio without context. Dipke filed a petition in the Delhi HC challenging the Section 69A blocking order. The Delhi HC is expected to hear the petition this week.

Why this matters:

• Section 69A opacity: MeitY issued no public justification. “National security” is the same ground the government cites for blocking journalists and satirists. MediaNama has tracked multiple accounts that have been withheld on similar grounds since February 2026.
• Enforcement beyond social media: MeitY’s blocking of the website, separate from the X account withholding, shows Section 69A enforcement extending to web infrastructure alongside social media accounts.
• Regulatory gap on phishing: Ludhiana Police issued its phishing advisory within one day of the X account being withheld, but only reactively, not preventively. No platform or regulator flagged the coordinated phishing before scammers targeted citizens.

Also read:

• X withholds Cockroach Janta Party account in India days after launch
• Section 69A crackdown: Multiple X accounts withheld in India in response to legal demands
• X Users Report Posts Withheld In India Under Section 69A, No Reasons Given

The post Timeline: Cockroach Janta Party’s account withholds, website blocking, and the Delhi HC petition appeared first on MEDIANAMA.

Why are we compiling these? “The submissions will be held in fiduciary capacity in MeitY and shall not be disclosed to anyone at any stage,” read MeitY’s draft amendments notice. This means that the stakeholder submissions will not be disclosed under the RTI act. So, we compiled these submissions from public disclosures and submissions shared directly with us through email.

If you have made your submissions to MeitY, please share a copy or a public link with us. We will include it to the compilation below. Email us at: azdhan@medianama.com

Read MediaNama’s coverage of the discussion on “IT Rules and the Future of Online Speech in India (April 2026)” here.

Also read: 

• Your take: How the public is reacting to MeitY’s latest draft amendments to IT rules?
• Draft IT Rules explained: What MeitY’s draft amendments mean for platform liability, content creators, content takedowns and data retention
• MeitY Draft IT Rules meeting leaves key questions from platforms, civil society unresolved

The post Stakeholder submissions on MeitY’s March 2026 draft IT Rules amendments appeared first on MEDIANAMA.

What are the allegations? As per the police, MobiKwik and Lendbox assured investors of fixed deposit (FD)-like returns and easy withdrawals, but later diverted funds to new borrowers and blocked withdrawals without investors’ consent. 

• The FIRs list multiple offences under the Information Technology (IT) Act, 2000 and the Bharatiya Nyaya Sanhita (BNS), 2023, including cheating and dishonestly inducing the delivery of property.

• In one FIR filed at the Varthur police station in Bengaluru on May 14, investor Arjeet Singh Benchhor alleged he invested Rs 4 lakh in the MobiKwik Xtra scheme, but the funds remain stuck and withdrawals, restricted.

• He cited a Borrower Mapping report dated May 5 and lender verification findings, according to which several borrower accounts linked to the scheme had become inactive or defaulted.

• According to the complainant, more than 630 investors across the country have collectively pumped in about Rs 6 crore in the scheme. He has sought freezing of the companies’ bank accounts and legal action against those responsible.

• In another complaint, investor Mayank Dey alleges that he invested Rs 3 lakh through MobiKwik and Lendbox, out of which Rs 91,341 remains blocked. He further claimed that the companies endorsed the scheme as an FD-like investment product but later blocked withdrawals without the investors’ consent.

The contents of the FIR were translated from Kannada to English using Google Translate.

Why this matters: The Reserve Bank of India’s (RBI) guidelines for non-banking finance company (NBFC)-P2P lending platforms prohibit intermediaries from promoting P2P lending as investment products with features such as tenure-linked assured minimum returns, liquidity options, and, at times, acting as a deposit taker and lender rather than a platform. 

However, MobiKwik and Lendbox appear to be doing just that. The official website shows that the companies have been luring investors with a 10-14% return per year, offering up to Rs 14,000 for every Rs 1 lakh invested in MobiKwik Xtra. 

Why has the RBI not taken any action against the companies so far?

Concerns around consent: The complaints allege that MobiKwik and Lendbox diverted investor funds to new borrowers without consent, many of whom defaulted. Under India’s Digital Personal Data Protection (DPDP) Act, 2023, consent is required to be specific, informed, and purpose-bound. Were the investors explicitly told to whom and under what risk profile their money would be lent, or were they asked for a blanket, vague consent at the time of onboarding? Were the investors told exactly how their personal data, including credit history and transaction behaviour, was being used?

Rerouting investor funds to new borrowers is a regulatory breach, not a data protection violation. However, if MobiKwik processed, shared or analysed that data for facilitating unauthorised lending arrangements, then it violated the purpose limitation principle, as data was used for a different purpose than originally consented to.

What is MobiKwik saying? Responding to MediaNama queries on the development, MobiKwik said in a statement that the P2P lending product Xtra was offered by Lendbox, with the former solely acting as a distribution partner.

“As a P2P lending product, customers were aware of the product structure, associated risks, and Terms & Conditions prior to their participation in the product. Modifications in the product, subsequent to regulatory changes introduced in August 2024, led to revised repayment schedules—all of which were communicated promptly to users through proper support channels,” the company said.

Citing data available with Lendbox, the fintech firm stated that more than 90% in aggregate has been repaid by borrowers to respective lenders. The balance is currently with borrowers, with the recovery and repayment process underway.

MobiKwik further added that it is actively working with Lendbox to resolve customer disputes and fully cooperates with authorities wherever required.

NBFC licence while under scrutiny: The customer complaints filed in Bengaluru come on the heels of MobiKwik receiving an NBFC licence from the RBI, which will allow the company to give loans directly to customers rather than depending on banks and other NBFCs. Did the RBI’s decision to grant the NBFC licence take into account the pending complaints about unauthorised fund diversion?

This is not the first time MobiKwik has come under fire from users. In September last year, the fintech firm froze over 2,000 merchant accounts after a technical glitch, apparently introduced in a software update, led to fraudulent transactions exceeding Rs 40 crore. At the time, merchants complained that they had to face the brunt of MobiKwik’s fault.

Also Read:

• MobiKwik plans to scale merchant payments and lending with NBFC to drive growth: Q4 FY26 earnings
• Why the NBFC licence matters for MobiKwik
• Paytm rules out NBFC plans, stays silent on Wallet licence after RBI crackdown on payments bank arm

The post NBFC licence, pending FIRs: Did the RBI look the other way on MobiKwik? appeared first on MEDIANAMA.

The Department of Posts and Flipkart have signed an agreement using India Post’s rural network to deliver parcel orders faster and more reliably across the country. Under the agreement, Flipkart will access India Post’s network of over 1.6 lakh post offices.

The agreement covers prepaid and cash-on-delivery parcel delivery options with OTP-based authentication and real-time tracking for faster and coordinated deliveries across rural and remote areas.

India Post’s wider E-commerce and digital logistics push: In October 2024, Amazon India signed a memorandum of understanding (MoU) with India Post to expand nationwide delivery operations by leveraging the postal network’s coverage of all serviceable pin codes, including remote and rural areas.

According to the agreement, Amazon and India Post planned closer integration of logistics operations, including capacity sharing, coordination of parcel movement, and knowledge-sharing between the two networks. The partnership also included quarterly review mechanisms to assess operational efficiency and expansion opportunities.

The Amazon partnership builds on a relationship established in 2013, when Amazon began using India Post for parcel transmission and deliveries. Since then, India Post’s role in Amazon’s logistics network has grown, with pickup points rising from six to 13 in recent years. According to Amazon, parcel volumes delivered through India Post nearly tripled over 18 months because of this partnership and other overall improvements

The Department of Posts’ partnership with Flipkart aligns with India Post’s broader initiative to modernise its logistics and parcel infrastructure through the IT 2.0 programme and Advanced Postal Technology (APT) platform. India Post has rolled out the APT platform across more than 1.7 lakh post offices, mail offices, and administrative units nationwide. The system is built on a microservices-based architecture and supports end-to-end digital parcel operations, including booking, tracking, and delivery. According to the Department of Posts, the upgraded system processed over 32 lakh parcel bookings and 37 lakh deliveries in a single day.

Earlier in December last year, the Department of Posts (DoP) under the Ministry of Communications announced “Address-as-a-Service” (AaaS) system titled DHRUVA, an acronym for Digital Hub for Reference and Unique Virtual Address, which allows “users to depict and share their addresses in a standardised and geo-coded format.”

Read more:

• India Post launches independent e-commerce centre; launches tracking app
• How MapMyIndia’s MapplsPin Enhances The Precision Of India Post’s DIGIPIN
• After DIGIPIN, India Post Launches DHRUVA to Revamp India’s Addressing System

The post After Amazon, India Post partners with Flipkart for parcel delivery in remote areas appeared first on MEDIANAMA.

“The Environmental Reporting Collective (ERC) expressed serious concern over the lack of transparency surrounding Meta’s decision to block access in India to an Instagram reel linked to its cross-border investigation into the environmental and social impacts of data center expansion,” an ERC blog post said, condemning Meta for taking down a two-minute journalistic documentary featuring farmers discussing Google’s AI data center, whose construction had already begun.

“The lack of clarity surrounding this restriction raises broader concerns about the mechanisms through which journalistic content can be limited from public view, especially when such reporting addresses issues of significant public interest,” said the collective, a global network of journalists and newsrooms from at least nine countries dedicated to environmental reporting.

What is the reel about? You can watch the reel Meta deleted here: [Video]. 

• The two-minute short documentary features villagers and farmers from Tarluvada village in Andhra Pradesh (AP), who allege that land originally given to landless peasants during the Indira Gandhi regime is now being forcibly acquired by the authorities through threats and coercion to build a Google data center near Visakhapatnam.
• “We were not told anything about a data center,” said a villager in the video. She claimed that authorities were threatening them over their land.

ERC’s statements: 

• ERC has not received any detailed explanation regarding the legal basis, policy rationale, or specific complaint that led to the restriction of the content in India. It further stated that on May 22, at approximately 2 pm, ERC received a notification that the reel, which had garnered 2.6 million views, was no longer available in India.
• “ERC stands firmly behind the reporting and editorial processes underpinning this investigation and accompanying video. The work was produced through a rigorous journalistic process involving extensive field reporting, documentation, interviews with affected communities and relevant stakeholders, editorial review, fact-checking, and cross-border collaboration among experienced journalists and partner newsrooms,” it said in a blog post condemning what it described as arbitrary censorship. 

Read Indian professional content creators’ experience on arbitrary takedowns and blocking orders from MediaNama’s discussion on IT Rules and online free speech: [Link]

What is Google’s data center deal in AP: Google aims to build a 1-GW hyperscale Google AI Data Centre on 601.4 acres of land in three locations. Some key details: 

• What Google plans to do with this data center in AP: The AI infrastructure is intended to support businesses, developers, and researchers, and to establish a subsea gateway that complements existing landings in Mumbai and Chennai.
• Investment: $15 billion USD over 5 years (2026-2030), as per its press release. 
• Partners: AdaniConneX Data Center and Airtel. 
• Employment claims: Over the next five years, the deal is supposed to create 5,000–6,000 direct jobs and 20,000–30,000 total jobs in AP.

Explore the various data centers in India and their current status on ERC’s Dirty Data website: [Link]

The recent censorship on Meta and X: 

• Cockroach Janta Party (CJP):  “In response to a legal demand,” X has withheld the account of the satirical political collective Cockroach Janta Party (CJP) in India on May 21. Read more about it here. 
• Norwegian journalist who tried to question PM Narendra Modi: Meta briefly suspended Norwegian journalist Helle Lyng’s Instagram account without stating any reasons. This happened after the video of her trying to question PM Modi during a press briefing on his visit to Norway. Read more about the incident here. 

Madras HC on online free speech and arbitrary takedowns: Recently, amid ongoing censorship at scale, the Madras High Court made important statements upholding free speech. Some of them are: 

• Three-hour take-down compliance period is disproportionate and can bypass legal procedures: “Such a short timeline, in the absence of disclosed emergency or imminent threat, prima facie appears disproportionate. Where the State invokes urgency, the urgency must be apparent either from the record or from the reasons. Otherwise, urgency becomes a cloak for bypassing procedural fairness.”
• On misusing broad and vague expressions as reasons to block free speech: “Political sensitivity cannot be the measure of constitutional permissibility. A democracy cannot treat criticism as disorder, satire as sedition, dissent as danger or opinion as offence.”
  The court noted the following terms as broad expressions:
  • “provocative political remarks”, 
  • “disturbing public tranquillity”,
  • “maintenance of law and order” and
  • “politically sensitive remarks”.
• On the importance of documenting the reasons for blocking orders: “The power to block or remove online content is a serious power. It may affect not only the author of the content but also the public’s right to receive information. In the digital age, blocking a URL may silence a speaker, erase a viewpoint and impoverish public debate. Therefore, such power must be exercised with precision, restraint and reasons.” – Madras HC. 

Read more about the Madras HC’s statements here: [MediaNama’s coverage | Court Order]

Also read: 

• ‘Lack of application of mind & recorded reasons’: Madras HC stays Tamil Nadu police blocking order
• Influencer ‘The Skin Doctor’ arrested over ‘objectionable’ posts, gets bail hours later 
• Telangana Police invokes UAPA to demand TeluguScribe’s user data from X

The post Meta blocks Environmental Reporting Collective’s Instagram reel on Google’s AI data center in Andhra Pradesh appeared first on MEDIANAMA.