Licentium

AI Regulation Hub

India

India has no horizontal AI Act. Its framework combines AI Governance Guidelines under the IndiaAI Mission with the Information Technology Rules (notably the 2026 amendments on synthetic content), the Digital Personal Data Protection Act, intermediary obligations and sectoral regulation.

Key provisions

AI Governance Guidelines (IndiaAI Mission)

In force

Balanced approach: supports innovation and AI adoption while addressing risk, safety, human rights and responsible deployment. Guiding principles, governance pillars, action plan and practical recommendations.

IT Rules — synthetic content (2026 amendments)

In force

Cover synthetically generated information including AI-generated or altered audio, visual or audio-visual content that appears real (deepfakes, AI-generated images/videos, voice cloning). Text-only AI output treated differently.

Intermediary due-diligence duties

In force

User awareness measures, warnings when synthetic-content creation is enabled, technical measures against unlawful synthetic content, labelling and provenance, and stricter duties for significant social media intermediaries.

Significant social media intermediary controls

In force

May require user declarations and technical verification before publication of certain synthetic content. Prominent labelling and shorter removal timelines apply. On actual knowledge via court order or authorised notice, certain unlawful content must be removed within three hours.

DPDP Act compliance

In force

AI systems processing personal data may be subject to India's Digital Personal Data Protection Act: lawful processing, notice/consent, data fiduciary obligations, security safeguards and individual rights.

Detailed overview

India does not currently have a single horizontal AI Act equivalent to the EU AI Act. Its AI framework is based on official AI governance guidelines, existing digital and data laws, intermediary rules, personal-data protection, sectoral regulation and developing standards.

AI Governance Guidelines

India's Ministry of Electronics and Information Technology has published AI Governance Guidelines under the IndiaAI Mission. The guidelines follow a balanced approach: they support innovation and AI adoption while addressing risk, safety, human rights and responsible deployment. The framework includes guiding principles, governance pillars, an action plan and practical recommendations for industry, developers and regulators.

India's official AI governance framework states that many AI risks can be addressed through existing law. This includes information technology law, data protection, intellectual property, competition, media, employment, consumer protection, criminal law and sectoral regulation. The framework also recommends legal review, targeted amendments, technical standards, regulatory sandboxes and ongoing risk monitoring.

IT Rules — synthetic content

A key binding area is synthetic and AI-generated content under the Information Technology Rules. India's 2026 amendments address synthetically generated information, including AI-generated or AI-altered audio, visual or audio-visual content that appears real, authentic or true. This includes deepfakes, AI-generated images or videos and voice cloning. Text-only AI output is treated differently, although it may still be unlawful content under other rules.

Intermediaries must take due-diligence measures in relation to synthetically generated information. This includes user awareness measures, warnings where a platform enables creation of synthetic content, reasonable and appropriate technical measures to prevent unlawful synthetic information, labelling and provenance requirements for permissible synthetic content, and stricter obligations for significant social media intermediaries.

Upon actual knowledge through a court order or authorised government notice, certain unlawful content must be removed or disabled within three hours.

Significant social media intermediaries may be required to obtain user declarations and use technical verification before publication or display of certain synthetic content. The amendments also provide for prominent labelling and shorter removal timelines.

Data protection

AI systems that process personal data may be subject to India's Digital Personal Data Protection Act and related rules. This may involve lawful processing, notice, consent or another legal basis, data fiduciary obligations, security safeguards and rights of individuals.

Penalties

India does not currently have one AI-specific penalty table for all AI systems. Penalties arise under the breached legal regime, such as information technology rules, personal-data protection law, intermediary obligations, consumer law, criminal law, intellectual-property law or sector-specific regulation.

Practical requirements & details

Sourced from MeitY AI Governance Guidelines (under the IndiaAI Mission), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 as amended in 2026 for synthetic content, the Digital Personal Data Protection Act 2023 and sectoral rules (RBI, IRDAI, SEBI, CDSCO).

Synthetic content under IT Rules (2026 amendments)

  • Cover AI-generated/altered audio, visual or audio-visual content that appears real, including deepfakes and voice clones.
  • Intermediaries must take due-diligence measures: user awareness, warnings when creating synthetic content, technical measures against unlawful synthetic content, labelling and provenance requirements.
  • Significant Social Media Intermediaries (SSMIs) face stricter obligations: user declarations, technical verification before publication of certain synthetic content, prominent labelling, shorter takedown timelines.
  • On actual knowledge via court order or authorised government notice: unlawful content must be removed within 3 hours.

DPDP Act 2023 (in phased rollout)

  • Notice and consent for personal-data processing by Data Fiduciaries.
  • Legitimate uses cover specific situations including employment, performance-of-public-functions.
  • Significant Data Fiduciary status triggers additional obligations: DPIA, audits, DPO appointment.
  • Cross-border transfers permitted unless to negative-listed jurisdictions.
  • Penalties up to INR 250 crore per default by the Data Protection Board.

Sectoral overlays

  • RBI on AI in lending and banking — model governance, fair lending, customer redress.
  • IRDAI on AI in insurance underwriting.
  • SEBI on AI in algo trading and robo-advice.
  • CDSCO on AI as a medical device.

Telecom Regulatory Authority of India

  • TRAI recommendations on AI for telecom — governance, transparency, risk assessment for AI in network and customer-facing services.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started