Case Summary: M Moser Design Associates v. Proton AG (Proton Mail Ban)

• Case Title: M Moser Design Associates India Pvt Ltd v. Union of India & Others
• Court: Karnataka High Court
• Judge: Justice M. Nagaprasanna
• Order Date: Order dated April 29, 2025
• Parties Involved:

1. Petitioner: M Moser Design Associates India Pvt Ltd, a Bengaluru-based firm.
2. Respondent: Proton AG (Swiss-based company operating Proton Mail), along with Union Government authorities like MeitY, Ministry of Home Affairs, etc.

Facts of the case

• What happened: Beginning around November 2024, the firm alleged that female employees were receiving vulgar, abusive, erotic, or sexually explicit emails, including AI-generated/deepfake images, via Proton Mail accounts. Some emails were also forwarded to clients.
• The petitioner claimed Proton Mail allows account creation without strong identification (no ID verification), that users can select “India” as server location even though servers are outside India, creating a presumption of operation within India.
• Petitioner also alleged that despite filing a First Information Report (FIR) on November 9, 2024, law enforcement investigation was slow or ineffective; that Proton was not cooperating beyond “abuse desk” removal of offending accounts, but not providing sender identity under Swiss legal constraints.
• The central legal conflict revolved around whether Indian courts could order a foreign email service provider, without a physical presence in India, to disclose data to aid investigation.
• The Karnataka High Court delivered this order on April 29, 2025; however, the matter is currently under appeal before a higher court.

Legal Provisions Invoked

• Section 69A, Information Technology Act, 2000 — power to block or disable access to public information in certain circumstances.
• Rule 10, Information Technology (Procedure & Safeguards for Blocking Access of Information by Public) Rules, 2009 — procedural safeguards required when issue blocking orders.

Issues Before the Court

1. Whether Proton Mail can be directed to be blocked in India under Section 69A IT Act, read with Rule 10, given its servers are outside India and Proton AG claims that Swiss law prevents it from disclosing user identity to Indian authorities.
2. Whether all or part of Proton Mail (or specific URLs/ offending email IDs) should be blocked immediately vs waiting for full government action.
3. Procedural question: whether law enforcement has tried mutual legal assistance treaties (MLAT) or letters rogatory with Swiss authorities and whether these were adequate or timely.
4. Whether blocking an entire secure encrypted service is proportionate, given its privacy implications vs state’s interest in public order, safety, protection from abuse, etc.

Arguments of the Parties

Petitioner (M Moser Design Associates India Pvt. Ltd.)

• Alleged that employees were repeatedly harassed through pornographic and abusive emails from Proton Mail accounts, causing reputational and mental harm.
• Argued that Proton Mail’s anonymity and refusal to share user details under Swiss law obstructed investigation and without disclosure, prosecution of the accused would fail, defeating justice.
• National security and public safety concerns outweighed the privacy interests of an individual user.
• Contended that immediate blocking of the service (or at least the offending accounts) under Section 69A was necessary to safeguard victims.

Respondent – Proton Mail

• Argued that it had no physical office, servers, or employees in India. Indian courts could not compel compliance without violating principles of sovereignty.
• Submitted that it is governed by Swiss law and cannot share user data beyond legal limits; its end-to-end encryption restricts access.
• Claimed it already suspends abusive accounts but a blanket ban would be disproportionate, harming journalists, businesses, and ordinary users in India.

Respondent – Union of India

• Stated blocking must follow due process under Section 69A and Rule 10, not at “the drop of a hat.”
• Emphasised preference for targeted blocking of specific URLs/accounts over a complete ban.

Civil Liberties Concerns

• Warned of a chilling effect on privacy and freedom of expression.
• Urged that any blocking should be narrowly tailored with safeguards.

Judgment

The court acknowledged the difficult balance between effective law enforcement and respect for international comity and privacy rights. The court held that Indian law applies extraterritorially under section 75 of the IT Act. However, enforcing jurisdiction against entities without presence in India is practically limited.

• On April 29, 2025, Justice M. Nagaprasanna directed the Central Government to initiate blocking proceedings under Section 69A read with Rule 10 of the Blocking Rules to block Proton Mail in India.
• In the interim, until the full blocking is completed, the court ordered immediate blocking of “offending URLs” mentioned in the petition.
• The court also noted serious misuse of Proton Mail in sending deepfake images, harassment, and even bomb threat mails to schools.
• The court accepted that law enforcement has constraints in obtaining user identity due to Proton Mail’s encryption policies and international jurisdiction & cooperation barriers. But it held that these do not absolve the state from taking lawful steps under domestic statute.
• Noted the urgent need for India to negotiate stronger bilateral treaties and participate in frameworks like the Budapest Convention on Cybercrime (which India has not signed yet).

While the High Court has passed its order, the case is under appeal, and the final enforceability or legal precedent may depend on the appellate decision.

Critical Observations

The Proton Mail case underscores the pressing gap between law and technology. While Indian authorities argued necessity and public interest, the lack of clear statutory mechanism constrained judicial power. 

• Encryption & Privacy vs Cooperation: The case raises a tension between Proton’s privacy/encryption policies (including Swiss law constraints on data sharing) and Indian law enforcement’s need to identify perpetrators. The court’s order suggests that encryption cannot be a shield in all cases of abuse.
• Proportionality & Overbreadth Concern: Critics argue blocking an entire platform with global users is a heavy measure when misuse is via specific accounts or URLs. The order to block specific URLs immediately is more measured; full platform block is more draconian.
• Procedural Safeguards: Whether the blocking procedure under Section 69A + Rule 10 was properly followed — notice, ability to respond, evidence. This case likely sets or confirms precedents.
• International Legal Aid Issues: Use of MLAT/letter rogatory is highlighted. It shows that cross-border cases face delay or non-cooperation, but courts expect investigating agencies to use those channels. The Court’s recognition of this gap is significant. 
• Societal and Free Speech Implications: Because encrypted services are used by many lawful users (journalists, activists), there is fear that this order might create chilling effects. The judgment may lead to more blocking orders for platforms offering anonymity/encrypted services.
• Comparative Jurisdiction: In the U.S. , the CLOUD Act (2018) empowers domestic authorities to compel disclosure of data held overseas by service providers with business presence in the U. S. India lacks a parallel framework, leaving enforcement weak.
• Future path: India should expedite adoption of the Digital Personal Data Protection Act, 2023, in synergy with cyber enforcement. Joining international conventions like the Budapest Convention would streamline cross border cooperation.

Impact & Significance

• Sets an important precedent: Indian courts recognize that encrypted communications services may be blockable under law when abused, even if provider is outside India.
• Signals tighter enforcement expectations under Section 69A + Rules 2009, especially in relation to content containing deepfakes, sexual abuses, harassment.
• May influence how online platforms design their verification / responsibility policies (e.g. how quickly they respond to abuse, how accountable they are to foreign jurisdiction requests).
• Might encourage legislative or regulatory reforms to define thresholds for blocking services, require transparency, ensure safeguarding of privacy.

Conclusion

The Proton Mail Ban Order by the Karnataka High Court marks a significant inflection point in India’s jurisprudence on encrypted services, privacy, and law enforcement. While encryption and privacy rights are essential in a democratic society, the court demonstrates that they are not absolute shields. The decision underlines that lawful remedy under Indian statutory law (IT Act, Section 69A, and Rule 10) must be available and enforceable when platforms are misused for unlawful purposes.

While the court pragmatically relied on Mutual Legal Assistance Treaties (MLATs) to resolve the immediate dispute, the larger message is clear: India urgently requires comprehensive legal reforms, stronger international cooperation, and modernized enforcement strategies to effectively combat cybercrime. This case has potential to shape ongoing debates around digital privacy, encryption laws, intermediary liability, and cross-border cooperation, offering valuable insights for legal scholars, policymakers, and technology experts alike. It demands a careful balancing act-protecting citizens from online harm without undermining privacy, due process, or freedom of expression.

References

1. M Moser Design Assocs. India Pvt. Ltd. v. Union of India & Ors., Order, Karnataka High Court (Apr. 29, 2025) (per M. Nagaprasanna, J.).
2. Information Technology Act, No. 21 of 2000, § 69A, India Code (2000).
3. Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, Gazette of India, Dec. 27, 2009.
4. “Karnataka High Court Orders Blocking of Proton Mail over Harassment Complaints,” Bar & Bench (Apr. 30, 2025), https://www.barandbench.com.
5. “Proton Mail Ban: Karnataka HC’s Order on Abuse Emails & Deepfakes,” LiveLaw (Apr. 30, 2025), https://www.livelaw.in.
6. “HC Orders Govt to Block Proton Mail in India,” The Hindu (Apr. 30, 2025), https://www.thehindu.com.
7. Rituparna Chatterjee, “Encryption, Privacy and Indian Law Enforcement: Emerging Challenges,” Indian Journal of Law & Technology (2024).
8. Shruti Jha, “Cybercrime, Encryption and the IT Act: The Case for International Cooperation,” Journal of Indian Law and Society (2023).