Legal liability of an open-source P2P messaging network developer and bootstrap server operator in India
Jun 14, 2026
2 views
0 answers
Cyber Law
► I am developing an open-source P2P messaging network called Lattice, released under GPLv3, and would like guidance regarding my potential liability under Indian law.
Users communicate directly with each other over peer-to-peer connections using end-to-end encryption. I operate an official bootstrap/discovery server solely for peer discovery. The server stores only a user's public key, SHA-256-based user ID, IP address, port, and last-seen timestamp. It does not store, relay, inspect, monitor, index, or otherwise access messages, files, images, videos, or any user-generated content. After discovery, communication occurs directly between users.
Both the client and bootstrap server are open source. The documentation states that the software is intended for lawful use and that users are solely responsible for their actions.
I would like advice on the following:
1. Under Indian law, could I face civil or criminal liability if a third party uses the software for illegal activities without my knowledge or involvement?
2. Does operating a bootstrap/discovery server create additional legal obligations compared to merely publishing open-source software?
3. Could laws such as the IT Act, DPDP Act, intermediary rules, or other regulations apply to this type of architecture?
4. Would maintaining a privacy policy, disclaimer, terms of use, and abuse-contact process help demonstrate that I do not control or participate in user communications?
5. Are there any legal, compliance, or documentation steps you would recommend before public launch?
I am seeking preventive legal advice regarding risks and best practices before making the project publicly available.
2 views
0 answers
0 Answers
No answers yet. Be the first to answer this question!
Log in as a legal professional to answer this question.