Non-consensual intimate imagery: a working response protocol.

This is the most painful category of work we do. We are publishing the protocol because the worst time to figure out the steps is in the middle of an incident.

Step 1: Capture, do not share.

Capture the URL. Capture a screenshot showing the URL bar and the page content. Do not share the screenshot with anyone but us, with law enforcement, and with the platform's takedown function. Do not post about it publicly. Do not share via WhatsApp groups. Each share creates new copies; the goal is reduction, not propagation.

If the image is on a platform you can report directly (Facebook, Instagram, X, etc.), use the in-app report function first. Most major platforms have a dedicated NCII removal flow that operates in under twenty-four hours.

Step 2: Two parallel filings.

File a complaint at cybercrime.gov.in. Under the POCSO Act (for minors) and the IT Rules (for adults), NCII is a criminal matter. The cybercrime portal can issue takedown orders to platforms under Rule 3 of the IT Rules, 2021. These orders move faster than civil takedowns.

In parallel, file a Section 12 notice to the platform's Grievance Officer under the DPDP Act. Section 12 invokes erasure; the criminal complaint invokes takedown. Both are useful; they target different pressure points.

Step 3: For adult-site or scam-site hosts.

For sites that exist primarily to host NCII (the platform is not a general-purpose service), the takedown route is the Indian intermediary obligation under the IT Rules. CERT-In can issue 69A or 79(3)(b) blocking orders; these are issued by the Ministry under specific procedures and tend to require an established pattern of harm.

In practice, the most effective lever is the hosting provider rather than the website operator. We identify the hosting provider via WHOIS and direct queries, and send DMCA-style takedown requests citing the underlying NCII. Hosting providers in jurisdictions with strong NCII laws (US, EU, Canada) typically comply within forty-eight hours; providers in low-compliance jurisdictions require CERT-In escalation.

Step 4: Search engine de-indexing.

Even after a takedown, search engines may continue to surface cached snippets. Google and Bing both operate dedicated forms for NCII de-indexing requests; the response time on these forms is typically under seventy-two hours. We file these requests as a routine part of our response.

Step 5: Continuous monitoring.

NCII content has a reappearance pattern: even after takedown, copies surface on adjacent sites within weeks. Our Concierge tier runs continuous monitoring (daily on adult sites, weekly on general image hosts) for ninety days after a takedown, and re-files takedown requests automatically on any reappearance.

What we will not do.

We will not pay any site or any third party to remove content. We will not negotiate with operators of NCII sites; engagement creates leverage for them. We will not share your image with anyone other than law enforcement (where required) and the platform's takedown function (where required for proof of identity).

What we ask of our users.

If this happens to you, contact us at [email protected] (separate from grievance@) for severity-1 routing. We have a paralegal team trained on this category. Initial response within thirty minutes; first action within two hours.

The shame of an NCII exposure is a feeling. The legal posture is not shame; it is action. Action works. Slowly, partially, but it works.