Child Online Safety Guide for Parents India (2026)

A parent in Pune once discovered her 12-year-old daughter being groomed on Instagram by a much older man who had sent small amounts of money to “build trust”. She quietly collected the chats and payment records as evidence, then filed a police complaint under the POCSO Act and the IT Act, and the cyber cell acted on the digital trail she had preserved. The lesson is simple: calmly preserve evidence first, then report. This guide explains exactly how.

Citizen Crisis Response Network can help parents file FIRs, approach the National Commission for Protection of Child Rights (NCPCR), preserve digital evidence, and seek urgent intervention when children face online threats — see https://righttoinformation.wiki/citizen-crisis-response-network

Indian parents in 2026 should: 1) Enable parental controls on all devices and apps their child uses; 2) Talk to children about online grooming and child sexual exploitation, which are punishable under the POCSO Act and the IT Act; 3) Monitor screen time and app permissions; 4) Report suspicious accounts to the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call 1930; 5) Preserve screenshots and chats as digital evidence; 6) File an FIR immediately if grooming or exploitation occurs; 7) Approach NCPCR or the State Commission for urgent intervention. The main legal protections are the POCSO Act 2012, the IT Act 2000 (sections 67B and 67C), and the general criminal law (now the Bharatiya Nyaya Sanhita, 2023).

• Understanding online threats children face in 2026
• Legal framework: POCSO, BNS, IT Act protection
• Parental controls and technical safeguards
• Recognizing warning signs of online exploitation
• How to collect and preserve digital evidence
• Filing FIR and police complaint procedure
• NCPCR and state commission remedies
• School responsibilities
• Social media platform accountability
• Recovery and counseling resources
• Myth vs reality: Child online safety
• Frequently asked questions

Children today spend a large and growing share of their day on smartphones, and that digital immersion creates several threat vectors every parent should understand.

Online grooming remains the most dangerous. Predators pose as peers on Instagram, Snapchat, Discord, or gaming platforms. They build emotional connection over time, then request intimate photos or videos. Once obtained, they blackmail children (“sextortion”) demanding more content or money. This conduct is squarely covered by the POCSO Act (use of a child for pornographic purposes and related offences) and by Section 67B of the IT Act, which deals with child sexually abusive material (CSAM).

Cyber bullying is widespread among adolescents. Classmates create fake profiles, spread morphed images, or organise online “roasting” campaigns that can lead to depression and self-harm. The Shreya Singhal v. Union of India (2015) 5 SCC 1 judgment struck down Section 66A of the IT Act, but online harassment can still be addressed under the criminal law — for example criminal intimidation (Section 351 of the Bharatiya Nyaya Sanhita, 2023) and defamation (Section 356 BNS) — and, where intimate or morphed images are involved, under the IT Act and POCSO.

Gaming and in-app financial exploitation can trap children through in-app purchases, where a child runs up large charges on a parent's linked UPI account or card within a short time. The Consumer Protection Act 2019 (the definition of “unfair trade practice” in Section 2(47)) can support a complaint against a company that exploits a child's vulnerability.

Exposure to inappropriate content — pornography, violence, self-harm material — occurs when parental controls fail. Section 67B of the IT Act 2000 specifically addresses child sexually abusive material, with imprisonment of up to five years and fine up to ₹10 lakh on first conviction, and up to seven years on a subsequent conviction.

Data privacy violations occur when apps harvest a child's location, contacts and photos without proper consent. The Digital Personal Data Protection Act 2023 (Section 9) requires verifiable parental consent before processing the personal data of a child (anyone under 18) and bars tracking, behavioural monitoring and targeted advertising directed at children. Note that the Act has been enacted and its Rules notified, but its obligations are being brought into force in phases — so treat it as an emerging framework rather than one that is fully operational today.

Warning — Children rarely disclose online abuse to parents; many fear having their device taken away more than the exploitation itself. Reassure your child that they will not be punished for telling you about a problem.

Protection of Children from Sexual Offences Act (POCSO), 2012 is the primary shield. Section 11 covers sexual harassment through words, gestures, or digital acts. Section 13 covers “use of a child for pornographic purposes”. Section 14 (as amended in 2019) punishes that offence with imprisonment of not less than five years and fine on a first conviction, and not less than seven years and fine on a subsequent conviction. Section 15 deals with storage and possession of child pornographic material.

The POCSO Act defines a “child” as anyone below 18 years, and consent is irrelevant. If a 16-year-old says she “willingly” sent intimate photos to an older boyfriend, the law still treats the conduct as an offence against the child.

The general criminal law is now the Bharatiya Nyaya Sanhita, 2023 (BNS), which replaced the Indian Penal Code with effect from 1 July 2024. The BNS does not contain a dedicated child-pornography offence — CSAM offences are dealt with under POCSO and Section 67B of the IT Act. The BNS provisions most relevant to online harassment of children are:

• Section 351: Criminal intimidation, including threats made online (general punishment up to 2 years, or fine, or both; enhanced punishment for threats of death or grievous hurt).
• Section 356: Defamation, including online defamation (up to 2 years, or fine, or community service, or both).
• Section 296: Obscene acts and songs in a public place (up to 3 months, or fine, or both).
• Section 294: Sale, etc., of obscene material.
• Section 72: Disclosure of the identity of a victim of certain sexual offences (punishable with imprisonment up to 2 years and fine).

Information Technology Act 2000 (as amended):

• Section 66E: Violation of privacy — capturing or transmitting images of a private area without consent (up to 3 years, or fine up to ₹2 lakh, or both).
• Section 67: Publishing or transmitting obscene material in electronic form (up to 3 years and fine up to ₹5 lakh on first conviction; up to 5 years and ₹10 lakh on subsequent conviction).
• Section 67A: Publishing or transmitting material containing a sexually explicit act (up to 5 years and ₹10 lakh on first conviction).
• Section 67B: Child sexually abusive material (CSAM) — up to 5 years and ₹10 lakh on first conviction, up to 7 years on a subsequent conviction.
• Section 67C: Preservation and retention of information by intermediaries — platforms must preserve and retain information as prescribed.

Bharatiya Nagarik Suraksha Sanhita, 2023 (BNSS) governs criminal procedure (it replaced the CrPC from 1 July 2024). Section 173 deals with information in cognizable cases and gives statutory recognition to the “Zero FIR” — you can report at any police station regardless of where the offence took place. Anticipatory bail, if a child is falsely implicated, is governed by Section 482 BNSS. You can also file a private complaint before a Magistrate under the BNSS if the police do not act.

Most citizens miss this — Under POCSO Section 19, any person (including teachers, doctors, neighbours) who has knowledge of a sexual offence against a child must report it; failure to report is punishable under Section 21 with imprisonment up to six months, or fine, or both (up to one year for a person in charge of a company or institution).

Technical measures form your first line of defence. Implement these systematically:

Device-level controls:

Android: Settings > Digital Wellbeing & Parental Controls. Create a child account through Google Family Link — this lets you approve or block app installations, set screen time limits, schedule bedtime device lock, and see your child's location. It also blocks app uninstallation without a parent PIN.

iOS: Settings > Screen Time > Turn On Screen Time > This is My Child's iPhone. Set Downtime, App Limits, and Content & Privacy Restrictions (block adult websites, prevent in-app purchases, disable location sharing).

Windows: Microsoft Family Safety — set up a child account at account.microsoft.com/family. It controls web browsing, app and game usage (age-rating enforcement), screen time, and requires parent approval for purchases.

Router-level protection:

Configure DNS filtering using a family-filter DNS service (for example Cloudflare's 1.1.1.3 family resolver). This blocks adult content, gambling and malware sites at the network level before they reach any device. Log into your router admin panel, find DNS settings, and replace the ISP DNS with a family-safe DNS server.

Enable router-level scheduling: many routers (for example TP-Link) offer “Parental Controls” where you select a child's device and set allowed internet hours. Disable Wi-Fi during late-night school-night hours.

App-specific controls:

YouTube: Sign the child in with a supervised account (Family Link managed). Enable Restricted Mode, disable search where possible, and allow only pre-approved channels.

Instagram: Set the account to Private. Use a “Teen account”, which defaults to private, restricts DMs from non-followers, and limits sensitive content, and link it to Family Center so you receive activity updates.

WhatsApp: Settings > Privacy. Set Profile Photo, Last Seen, Status and Groups to “My Contacts” (this prevents strangers adding the child to groups). Enable two-step verification with a PIN only the parent knows.

Gaming platforms: On PlayStation, Xbox and Nintendo Switch, set up a child account with spending limits, communication restrictions (voice/text chat off or friends-only) and content/age filtering.

Mobile network controls:

Most telecom operators offer a “child safe” or content-filtering pack that blocks adult websites at the carrier level even on mobile data, for a small monthly charge. This helps when the child is outside the home Wi-Fi and its DNS filter.

Do this immediately — Create a written “Family Device Agreement” listing allowed apps, usage hours, where devices are permitted (not bedrooms), and consequences for violations. Both parent and child sign it, and review it as the child matures.

Behavioural indicators require ongoing attention:

Emotional changes: Sudden withdrawal, anxiety when a notification arrives, reluctance to discuss online activity, or unexplained crying. Grooming victims often appear secretive, evasive about new “friends”, or defensive when asked about screen time.

Device behaviour: Obsessively clearing browser history, always using incognito mode, quickly switching screens when a parent approaches, receiving gifts or money from unknown sources, or running multiple social media accounts (one “clean” account shown to parents and hidden ones for real activity). Check for hidden folders or vault apps that look innocent.

Sleep disruption: Texting late at night, exhaustion the next morning, and declining grades from sleep deprivation. Predators often communicate during hours when parents are asleep.

Social isolation: Abandoning real-world friendships, refusing family activities, and preferring online interaction exclusively. Gaming addiction often presents as irritability when asked to stop, and neglect of hygiene or meals.

Physical signs: In severe cases — self-harm marks, eating disorders triggered by body-shaming, and psychosomatic complaints such as headaches or stomach aches.

Financial anomalies: UPI transactions to unknown accounts, gaming charges, and app-store purchases of in-game currency. Check bank and UPI statements regularly, as in-app purchases can add up before a parent notices.

Citizen tip — Install Google Family Link or Microsoft Family Safety on YOUR phone — they show which apps the child used, for how long, and which websites were visited. Review it on a fixed day each week as a non-negotiable routine.

If you observe three or more indicators together, start a non-confrontational conversation. Avoid accusations such as “What are you hiding?” that trigger defensiveness. Ask open questions like “You've seemed worried lately — is anything troubling you online?” and assure the child there will be no punishment for telling you, because fear of punishment keeps children silent even during active exploitation.

Digital evidence is fragile and easily deleted. Follow this protocol the moment you suspect online exploitation:

Step 1: Do not confront the child or perpetrator yet — confrontation triggers evidence destruction. The predator may delete the account and the child may clear chat history.

Step 2: Take screenshots — use the phone's native screenshot (Power + Volume Down) rather than third-party apps, so the date and time are preserved in the file metadata. Capture:

• The perpetrator's profile (username, display name, profile picture, bio)
• The full conversation thread, scrolled from the beginning
• Any photos or videos sent or requested
• Transaction history if money was transferred (UPI screenshots, bank statement showing date, time, amount, UPI ID)
• Group chats, if the exploitation occurred in a group

Step 3: Screen recording — for content that auto-deletes (Instagram Stories, Snapchat) or live video calls, use screen recording. Android: swipe down and tap Screen Record. iOS: add Screen Recording to Control Centre, then record.

Step 4: Save to the cloud immediately — upload screenshots and videos to Google Drive or iCloud in a dated folder, and email the link to yourself and a trusted family member. This creates a timestamp showing the evidence existed on a specific date.

Step 5: Note URLs and account details — write down the perpetrator's username, profile URL, phone number if visible, and email address, along with the date and time of first contact and each later interaction.

Step 6: Preserve the device — do NOT delete conversations or apps. The Cyber Cell may need to forensically extract data. Put the device in airplane mode to prevent remote deletion by the perpetrator if they realise you are aware.

Step 7: Get witness statements — if the child's friends witnessed bullying or know about the exploitation, ask their parents to write a brief dated statement. Collect two or three such statements.

Trust signal — The Cyber Crime Police Station in your district has forensic facilities and can often recover deleted chats and messages from a phone's memory — never assume deleted means gone forever, and never wipe the device yourself.

Legal admissibility: Electronic evidence requires a certificate authenticating it. With the Indian Evidence Act 1872 replaced by the Bharatiya Sakshya Adhiniyam, 2023 (from 1 July 2024), the relevant provision is now Section 63 of that Act (the successor to the old Section 65B). The police and forensic lab will provide this certification; your screenshots are essential to start the investigation, but the formal certificate accompanies the forensically extracted evidence used in court.

Under Section 173 of the BNSS, you can report a cognizable offence at ANY police station regardless of jurisdiction (a “Zero FIR”) — the station receiving the complaint must register it and transfer it to the jurisdictional station (usually the Cyber Crime Cell or the Women & Child Protection Cell).

Step-by-step FIR filing:

1. Prepare a written complaint. Include: date, time and place of the offence; the child's details (name, age with proof such as Aadhaar or school ID); the accused's details (username, profile URL, phone number if known); a factual description of the exploitation; the applicable law (POCSO and IT Act sections); and a list of the evidence you hold.

2. Visit the Cyber Crime Police Station with: the printed complaint (three copies), the evidence (screenshots on the phone or printouts), the child's birth certificate or Aadhaar, and your ID proof. Many cities have dedicated stations — find the nearest at https://cybercrime.gov.in

3. Insist on FIR registration. The police cannot refuse to register an FIR for a cognizable offence (POCSO offences are cognizable and non-bailable). If the Station House Officer refuses or pressures you to “compromise”, call 112 (emergency) or file online at the cybercrime portal, and note the officer's name and designation.

4. Get the FIR copy. The police must give you a free copy of the FIR with its number — demand it before leaving the station. The FIR number is your reference for all follow-up.

5. Recording of the child's statement. Under the POCSO Act, the child's statement is recorded (ordinarily by the police under Section 24 and, where required, by a Magistrate under Section 25) with the safeguards in Section 26 — at the child's residence or a place of the child's choice, in the presence of a parent or trusted person, and preferably by a woman officer.

6. Medical examination if required. For a contact offence, Section 27 of the POCSO Act provides for medical examination of the child by a woman doctor, with a parent or trusted person present. For purely online offences (grooming, sexting without physical contact), a medical exam is usually not necessary.

7. Investigation timeline. The BNSS sets a special time limit for completing the investigation of POCSO offences. Under the proviso to Section 193 BNSS, the investigation in such cases is to be completed within two months from the date the information was recorded. The police will send the device to the State Forensic Lab, examine the accused, and file a charge sheet in the Special POCSO Court.

If the police refuse an FIR:

File a complaint at the National Cyber Crime Reporting Portal, https://cybercrime.gov.in (use “Report Anonymously” or “Report and Track”). You can also call the cybercrime helpline 1930. The portal forwards the complaint to the jurisdictional police. Alternatively, file a private complaint before the Judicial Magistrate, who can direct the police to register an FIR and investigate.

Most citizens miss this — Under Section 33(8) of the POCSO Act, the Special Court can direct payment of compensation to the child victim for physical or mental trauma or for immediate rehabilitation — in addition to any conviction of the accused. Ask for compensation in your complaint. (Section 33(7) separately requires the Special Court to protect the child's identity during the proceedings.)

National Commission for Protection of Child Rights (NCPCR) functions under the Commissions for Protection of Child Rights Act, 2005. It monitors POCSO implementation, inquires into violations, and helps protect a child's rights during legal proceedings.

NCPCR website: https://ncpcr.gov.in

When to approach NCPCR:

• The police refuse to register an FIR despite online-exploitation evidence
• The investigation is delayed without progress
• The child's identity is not protected (media published a name or photo)
• The school refuses to cooperate or blames the victim
• The state government delays compensation
• The child needs interim support (counselling, or shelter if the home environment is unsafe)

How to file a complaint with NCPCR:

Use the complaint facility on https://ncpcr.gov.in. Provide the child's age, the nature of the violation, the FIR number if any, and the relief sought. Attach the FIR copy, an evidence summary, and any correspondence with the police or school. NCPCR can issue notices to the State Commission (SCPCR), the police, and the school, summon officials, and recommend action against negligent officials.

State Commissions: Every state has an SCPCR. You can file with the state commission as well as NCPCR — the state commission often acts more quickly at the local level. Find your state commission via the NCPCR website.

District Child Protection Units (DCPU): Every district has a DCPU under the child protection scheme, which can provide emergency shelter (if the child is unsafe at home), counselling, legal aid (a free lawyer for the POCSO trial), and educational support. Contact the District Magistrate's office or the Women & Child Development Department in your district. The 24×7 child helpline 1098 (Childline) connects you to the nearest support.

Do this immediately — Consider filing an NCPCR or SCPCR complaint soon after the FIR, even if the police are cooperating — it brings independent monitoring and helps the child access support services without delay.

If exploitation occurred via school networks, classmates, or school-related platforms (Google Classroom, homework WhatsApp groups), the school has obligations too.

Mandatory reporting. Under Section 19 of the POCSO Act, anyone — including a school head or teacher — who knows of a sexual offence against a child must report it, and failure to report is punishable under Section 21 (up to six months, or up to one year for a person in charge of an institution).

School safety guidelines. The “Guidelines on School Safety and Security, 2021”, issued by the Department of School Education & Literacy, Ministry of Education, set out the school's responsibilities for child safety (including online safety), counselling, and reporting, and fix accountability on the school management. NCPCR has separately issued a manual on the safety and security of children in schools. Ask your school for its safety policy; if it has none, raise it with the District Education Officer and the State Commission.

If the school fails to act:

Send a written notice to the Principal and the School Management Committee citing the POCSO reporting duty and the school-safety guidelines, with a copy to the District Education Officer and the SCPCR. Ask for: action against the students responsible, cyber-safety training for all classes, and a written safety policy. If the school retaliates (threats of rustication or denial of a transfer certificate), you can approach the High Court — courts take child-rights violations seriously.

Citizen tip — Attend School Management Committee meetings and ask pointed questions about the cyber-safety curriculum, incident handling and policy updates. Active parent involvement keeps online safety on the agenda.

Social media companies have legal obligations under the IT Act 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

Grievance redressal: Every significant platform (Instagram, WhatsApp, Snapchat, YouTube, X, Facebook) must have a Grievance Officer (and, for large platforms, a Resident Grievance Officer) in India. Under Rule 3(2) of the IT Rules 2021, the Grievance Officer must acknowledge a complaint within 24 hours and dispose of it within 15 days. Find the officer's contact details on the platform's transparency or help page.

How to file a platform complaint:

Instagram: Report the post or account, select the reason involving a child, and submit. For urgent matters, contact the platform's grievance officer.

WhatsApp: Settings > Help > Contact Us, and report abuse, attaching screenshots, your FIR number, and the perpetrator's phone number.

YouTube: Report the video for child safety / harmful content, and contact the grievance officer for escalation.

Timeframes: Under Rule 3(2)(b) of the IT Rules 2021, content that exposes a private area, shows nudity or a sexual act, or is impersonation/morphed imagery must be removed within 24 hours of a complaint. Under Rule 3(1)(d), an intermediary must act within 36 hours of a court order or a government notification to remove or disable unlawful content. If a platform delays, complain to the Ministry of Electronics & IT (meity.gov.in).

Safe harbour: Platforms ordinarily enjoy “safe harbour” under Section 79 of the IT Act and are not liable for user content. But Section 79(3)(b) withdraws that protection if the platform fails to expeditiously remove unlawful content after receiving actual knowledge — which, following Shreya Singhal v. Union of India (2015) 5 SCC 1, means a court order or a notification by the appropriate government.

Obtaining user data for investigation: The police can require a platform to provide an accused's account details (registration email/phone, login records). Note that WhatsApp's end-to-end encryption limits what is available — generally metadata rather than message content, unless an unencrypted backup exists.

Trust signal — Major platforms run automated tools that detect and remove known CSAM, but human reporting remains essential for grooming and bullying, which automated tools cannot reliably detect. Always report, in addition to blocking.

Support after the event is crucial for a child's psychological recovery.

Free government counselling:

1098 Childline: A 24×7 helpline that connects a child to the nearest support centre, where a counsellor can assess trauma and refer onward to:

• District Mental Health Programme (DMHP): Free psychiatric and psychological consultation at the district hospital, including trauma-focused therapy. Contact the District Health Officer for access.
• Tele MANAS: The national tele-mental-health helpline on 14416, offering free telephonic counselling and referral to state mental health centres.

NGO counselling services — several established organisations offer support for child sexual abuse survivors and their families, including Tulir (Chennai), Arpan (Mumbai), RAHI Foundation (Delhi/NCR), and Enfold (Bengaluru). Look up their current contact details on their official websites before reaching out.

Private counselling: If affordable, look for a clinical psychologist certified in trauma-focused CBT or EMDR. Several sessions are usually needed.

Parental support: Parents often experience secondary trauma. Consider a parent support group or counselling for yourself as well.

Educational continuity: If the child missed school during the trauma, ask the DCPU about bridge-education support to prevent an academic setback.

Compensation: Any compensation awarded by the court under POCSO should be kept in the child's name (for example in a fixed deposit), with the corpus preserved and the interest used for counselling and education.

Warning — Trauma symptoms — nightmares, flashbacks, anxiety, school refusal — are common after such incidents, and untreated trauma can have long-term effects. Professional counselling is a necessity, not a luxury.

As a parent, you may monitor a minor child's communications to ensure their safety. It works best openly: tell the child you will check messages from time to time, not to invade their privacy but to ensure no one is harassing them. Transparent monitoring is more effective and less damaging to trust than secret spying that is later discovered.

The focus of the law is on those who circulate and possess such material, not on the child depicted, who is a victim. A classmate who circulates the photo can be acting under the POCSO Act (which deals with use of a child for pornographic purposes and storage of such material) and Section 67B of the IT Act. File an FIR immediately, naming everyone who shared the photo, and let the police seize the devices and pursue forensic deletion and prosecution. Do not delete the evidence yourself before the police preserve it.

Possibly. The Consumer Protection Act 2019 (the definition of “unfair trade practice” in Section 2(47)) can support a complaint. File in the District Consumer Commission, and argue: (1) no adequate age verification before payment; (2) manipulative (“dark pattern”) design pressuring purchases; and (3) the absence of spending caps for a minor's account. First also use the platform's own refund process and your card/UPI dispute process, keeping all records.