Detailed overview
India does not currently have a single horizontal AI Act equivalent to the EU AI Act. Its AI framework is based on official AI governance guidelines, existing digital and data laws, intermediary rules, personal-data protection, sectoral regulation and developing standards.
AI Governance Guidelines
India's Ministry of Electronics and Information Technology has published AI Governance Guidelines under the IndiaAI Mission. The guidelines follow a balanced approach: they support innovation and AI adoption while addressing risk, safety, human rights and responsible deployment. The framework includes guiding principles, governance pillars, an action plan and practical recommendations for industry, developers and regulators.
India's official AI governance framework states that many AI risks can be addressed through existing law. This includes information technology law, data protection, intellectual property, competition, media, employment, consumer protection, criminal law and sectoral regulation. The framework also recommends legal review, targeted amendments, technical standards, regulatory sandboxes and ongoing risk monitoring.
IT Rules — synthetic content
A key binding area is synthetic and AI-generated content under the Information Technology Rules. India's 2026 amendments address synthetically generated information, including AI-generated or AI-altered audio, visual or audio-visual content that appears real, authentic or true. This includes deepfakes, AI-generated images or videos and voice cloning. Text-only AI output is treated differently, although it may still be unlawful content under other rules.
Intermediaries must take due-diligence measures in relation to synthetically generated information. This includes user awareness measures, warnings where a platform enables creation of synthetic content, reasonable and appropriate technical measures to prevent unlawful synthetic information, labelling and provenance requirements for permissible synthetic content, and stricter obligations for significant social media intermediaries.
Upon actual knowledge through a court order or authorised government notice, certain unlawful content must be removed or disabled within three hours.
Significant social media intermediaries may be required to obtain user declarations and use technical verification before publication or display of certain synthetic content. The amendments also provide for prominent labelling and shorter removal timelines.
Data protection
AI systems that process personal data may be subject to India's Digital Personal Data Protection Act and related rules. This may involve lawful processing, notice, consent or another legal basis, data fiduciary obligations, security safeguards and rights of individuals.
Penalties
India does not currently have one AI-specific penalty table for all AI systems. Penalties arise under the breached legal regime, such as information technology rules, personal-data protection law, intermediary obligations, consumer law, criminal law, intellectual-property law or sector-specific regulation.