Artificial Intelligence (AI) Law in India
- Home
- Blog Details
A comprehensive deep-dive into India's evolving legal landscape for AI — policies, regulations, frameworks, and what lies ahead for the world's most populous democracy.
India stands at a pivotal crossroads between being an AI superpower and establishing a robust legal framework to govern it responsibly.
India is rapidly emerging as one of the world's leading AI ecosystems, with over 1,500 AI startups, a massive pool of AI talent, and government initiatives like IndiaAI Mission pushing billions in public investment. Yet its legal infrastructure for AI governance remains largely nascent — built on a patchwork of existing laws adapted to new realities, rather than a comprehensive AI-specific statute.
Unlike the European Union — which passed the landmark EU AI Act in 2024 — India has deliberately chosen a light-touch, innovation-first regulatory philosophy. The government's stance, articulated through multiple policy documents and ministry advisories, leans toward principles-based governance, industry self-regulation, and sector-specific rules rather than a single overarching AI law.
This article maps India's current AI legal landscape across key pillars: data protection, algorithmic accountability, sector-specific regulation, intellectual property, liability, and the emerging National AI Policy.
The Government of India's approach is encapsulated in the phrase "AI for All" — emphasizing inclusive, responsible, and human-centric AI that drives economic growth while protecting citizens. MeitY has repeatedly stated its preference for a non-prohibitive, pro-innovation regulatory environment.
India currently lacks a dedicated AI statute. Governance occurs through existing legislation — IT Act, DPDP Act, sector rules — adapted for AI contexts.
MeitY's advisories explicitly discourage premature heavy regulation that could stifle India's AI startup ecosystem and global competitiveness.
Multiple ministries — MeitY, NITI Aayog, RBI, SEBI, MoHFW — independently regulate AI in their domains, creating a multi-stakeholder framework.
India participates in the Global Partnership on AI (GPAI) and G20 AI Principles, aligning its approach with international responsible-AI norms.
India's AI governance is built on five intersecting legal and policy pillars, each contributing to a comprehensive (if informal) regulatory architecture.
DPDP Act 2023 governs personal data used to train and deploy AI systems
IT Act 2000 & IT (Intermediary Guidelines) Rules 2021 address algorithmic content and platforms
Copyright Act & Patents Act govern AI-generated works and AI-invented innovations
Common law, Consumer Protection Act 2019 address harms caused by AI systems
RBI, SEBI, IRDAI, NMC and others have domain-specific AI rules for fintech, health, etc.
The DPDP Act is India's foundational data law and the most significant legal development for AI governance. It establishes rights for Data Principals (individuals) and obligations for Data Fiduciaries (entities processing data — including AI companies).
The IT Act forms the backbone of India's cyberlaw framework. While not AI-specific, several provisions apply directly to AI systems and platforms.
India's IP laws — largely inherited from colonial era statutes — were not designed with generative AI in mind. Several unresolved tensions exist.
AI liability in India is currently governed by general tort law, consumer protection statutes, and contract law — not a dedicated AI liability regime.
NITI Aayog published India's first official AI ethics and governance framework through a series of papers on "Responsible AI for All."
From the first national AI strategy to the DPDP Act and IndiaAI Mission — tracing the key milestones in India's AI governance journey.
Key metrics illustrating the scale, pace, and priorities of India's AI regulatory landscape.
India's sector regulators have moved faster than Parliament in issuing AI-specific guidance for their domains.
RBI's guidelines on model risk management, algorithmic trading rules by SEBI, and KYC AI framework govern fintech and banking AI. AI-driven credit scoring faces Fair Lending scrutiny.
AI medical devices regulated as SaMD (Software as Medical Device) under CDSCO's digital health guidelines. NMC advisories govern AI-assisted diagnosis and telehealth AI.
TRAI's recommendations on AI in telecom (2024) address network AI, spectrum management AI, and call-center bot disclosures. DoT handles AI in cybersecurity and national infrastructure.
Ministry of Road Transport's 2022 framework allows autonomous vehicle testing on Indian roads. Safety certification, liability for accidents, and mandatory incident reporting are being developed.
Information & Broadcasting Ministry mandates disclosure of AI-generated deepfakes in news and political content. ASCI's guidelines require clear labeling of AI-generated advertisements.
UGC issued guidelines on AI use in higher education, including anti-plagiarism policies for AI-generated academic work. NEP 2020 envisions AI literacy as a core curriculum component.
How does India's AI governance approach stack up against major jurisdictions? A comparative analysis.
| Jurisdiction | Primary Approach | Key Law / Framework | Risk Classification | Penalty Regime | Status |
|---|---|---|---|---|---|
| 🇪🇺 European Union | Prescriptive & Risk-Based | EU AI Act 2024 | 4 tiers (Unacceptable→Minimal) | Up to 7% global turnover | In Force |
| 🇺🇸 United States | Sector-specific + EO | Biden EO on AI (2023); State laws | No federal classification | Varies by sector | Fragmented |
| 🇨🇳 China | State-directed control | Generative AI Regs 2023; Deep Synthesis Rules | Mandatory labeling + security review | Criminal + civil penalties | In Force |
| 🇬🇧 United Kingdom | Principles-based, pro-innovation | AI Safety Institute; Sectoral rules | Regulator-led, contextual | Sector-dependent | Evolving |
| 🇮🇳 India | Light-touch, innovation-first | DPDP Act; IT Rules; NITI Aayog Principles | Risk framework proposed only | Up to ₹250 Cr (DPDP) | Developing |
| 🇸🇬 Singapore | Voluntary + Model AI Governance | Model AI Governance Framework v2.0 | Voluntary best-practice tiers | Primarily reputational | Voluntary |
| 🇧🇷 Brazil | Rights-based | AI Framework Bill (2024) | Risk-based classification | Up to 2% national revenue | Enacted 2024 |
India's light-touch approach is deliberately strategic — avoiding regulatory overreach that could push AI investment to more permissive jurisdictions. However, critics argue that the absence of enforceable AI-specific rules leaves citizens vulnerable to algorithmic discrimination, deepfakes, and surveillance AI — particularly in government-deployed systems where judicial oversight is limited.
Several pressing AI law questions remain unanswered in the Indian context — creating uncertainty for developers, deployers, and affected communities.
India has no dedicated deepfake law. Electoral deepfakes in 2024 general elections highlighted the urgent need for regulation. Existing IT Act provisions offer limited, after-the-fact remedies.
India's police and immigration systems deploy large-scale facial recognition with minimal legal oversight. No biometric data protection law exists. Courts have yet to rule definitively on surveillance AI constitutionality.
Some High Courts use AI case-management tools. SUVAS and SUPACE AI tools are deployed in courts. There are no clear rules on AI-assisted judicial decision-making, creating due process concerns.
Automation-driven displacement lacks legal protection. Gig workers managed by algorithmic platforms have minimal legal recourse. India's Labour Codes (2020) do not address AI-driven management or hiring discrimination.
MNCs operating AI globally from Indian data centers face complex compliance across DPDP Act, localisation mandates, and foreign AI regulations like the EU AI Act — requiring simultaneous multi-jurisdiction compliance.
AI-driven credit scoring by NBFCs and fintechs operates largely without transparency mandates. Consumers denied credit by AI have no right to explanation under current law — a significant fairness gap.
India is expected to significantly evolve its AI governance landscape over the next 2–3 years. Here are the likely developments to watch.
India is consulting on a comprehensive National AI Policy that may eventually lead to a dedicated AI statute — though timelines remain unclear. Expect a principles-based, risk-tiered framework inspired by the UK model.
India's planned AISI (following UK and US models) will focus on frontier model evaluation, red-teaming, and incident reporting — particularly for AI systems used in critical infrastructure and governance.
The DPDP Rules (under consultation) will operationalize the Act's AI-related provisions — particularly around Significant Data Fiduciaries, consent managers, and children's data, directly impacting AI companies.
Bureau of Indian Standards and STQC are developing national AI standards for testing, certification, and conformity assessment — potentially becoming mandatory for government AI procurement.
Given the 2024 election season experiences, a specific legal framework for non-consensual synthetic media and political deepfakes is widely expected in the next legislative session.
India is likely to sign bilateral AI governance frameworks with the US (iCET initiative), EU, and Japan — creating co-regulatory arrangements that influence domestic AI law.
India's AI law journey is at once ambitious and cautious — reflecting the unique challenge of governing transformative technology in a country of 1.4 billion people, with extreme socioeconomic diversity, a vibrant democracy, and legitimate aspirations to become a global AI leader.
The core tension is fundamental: move too fast and risk regulatory capture, citizen harm, and entrenched algorithmic bias; move too slow and cede ground to jurisdictions with looser rules or outright authoritarian AI models. India's approach — federated, principles-based, sector-led, and internationally collaborative — represents a thoughtful middle path, even if imperfect.
What is clear is that the next 3–5 years will be decisive. The DPDP Rules, the National AI Policy consultation, the IndiaAI Mission's output on safety and ethics, and landmark court rulings on surveillance AI and algorithmic discrimination will collectively define whether India becomes a model of responsible AI governance for the Global South — or an object lesson in regulatory lag.
India does not yet have an AI law. What it has is an AI governance ecosystem — imperfect, evolving, and increasingly urgent. The question is not if India will formalize AI regulation, but how soon, how comprehensive, and how rights-protective it will be. For lawyers, technologists, businesses, and citizens alike, the time to engage with this question is now.