Status of the AI Regulations 

There are currently no specific laws or regulations in India that directly regulate AI. The proposed Digital India Act is still in draft status since 2023.⁴ Once in force, it is set to replace the Information Technology Act, 2000 (the 'IT Act') and regulate internet and digital technology broadly, including AI.

Other laws affecting AI

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the 'IT Rules') were issued pursuant to the IT Act. The latest amendment of February 2026 regulates "synthetically generated information" (SGI), a term which is defined as follows:⁵

"synthetically generated information means audio, visual or audio-visual information which is artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that such information appears to be real, authentic or true and depicts or portrays any individual or event in a manner that is, or is likely to be perceived as indistinguishable from a natural person or real-world event"

Although the IT Rules do not define or deal with AI directly, the definition of SGI, particularly the inclusion of audio-visual information created or modified with a computer resource to look deceptively authentic or real, can cover AI and AI-generated audio-visual products within its ambit.

The Digital Personal Data Protection Rules, 2025 (the 'DPDP Rules'),⁶ issued pursuant to the Digital Personal Data Protection Act, 2023, as well as other applicable intellectual property laws may also affect several aspects of AI development and use, such as the use of personal data for the training of AI models.

The India AI Governance Guidelines also point to some of India's current laws that interact with AI and its effects. For example, discrimination in hiring decisions using AI recruitment tools can be subject to current anti-discrimination and labor laws, advertisement of reliability and performance of AI services can be covered by consumer protection law, and copyright laws would also apply to the use of copyright protected content used with AI.⁷

Definition of “AI”

As noted above, there are currently no specific laws or policies in India that directly regulate AI. As such, there is no single legally recognized definition of "AI" in India. However, the Principles for Responsible AI include within the scope and definition of AI:

"[A] constellation of technologies that enable machines to act with higher levels of intelligence and emulate the human capabilities of sense, comprehend and act. Computer vision and audio processing can actively perceive the world around them by acquiring and processing images, sound and speech. The natural language processing and inference engines can enable AI systems to analyse and understand the information collected. An AI system can also take decisions through inference engines or undertake actions in the physical world. These capabilities are augmented by the ability to learn from experience and keep adapting over time."⁸

It remains to be seen to what extent this description will be adopted more widely.

Territorial scope 

Since there are currently no specific laws or regulations in India that directly regulate AI, there is no specific territorial scope to discuss at this stage.

Sectoral scope

As noted above, there are currently no specific laws or regulations in India that directly regulate AI, and therefore no specific sectoral scope at this stage. Nevertheless, there are certain sector-specific frameworks that have been implemented in India to regulate the use of AI. A non-exhaustive list of key examples includes:

• In the finance sector, the Securities and Exchange Board of India ('SEBI') issued a circular in January 2019 on reporting requirements for AI and machine learning applications and systems offered and used by market intermediaries.⁹ In 2025, SEBI released a consultation paper on guidelines for responsible usage of AI and machine learning in the Indian securities markets. SEBI also sought comments from the public and various stakeholders. In August 2025, the Reserve Bank of India ('RBI') released a report proposing adoption of a framework for the responsible and ethical use of AI in the financial sector.¹⁰
• In February 2026, the Ministry of Health and Family Welfare launched the "Strategy for Artificial Intelligence in Healthcare for India" (SAHI) and "Benchmarking Open Data Platform for Health AI" (BODH) as guidance frameworks to enable the safe, ethical, evidence-based, and inclusive adoption of AI across India's healthcare system. Both initiatives are aligned with the Indian National Health Policy 2017 and the Ayushman Bharat Digital Mission of 2020, which envisage a robust digital public architecture for national health ecosystem.¹¹

Compliance roles

As noted above, there are currently no specific laws or regulations in India that directly regulate AI, so the law does not establish any general AI compliance role. However, the IT Rules impose certain compliance obligations upon intermediaries, which are likely to apply to AI players. An intermediary is defined under the IT Act as "any person who on behalf of another person receives, stores or transmits [electronic] record or provides any service with respect to that record".¹² A social media intermediary is defined under the IT Rules as one who "primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services". Entities covered within these definitions are required to appoint a Chief Compliance Officer for assuring compliance with the IT Rules, establish a grievance redressal mechanism and appoint a grievance officer for dealing with user complaints.¹³

Core issues that the AI Regulations seek to address

As noted above, there are currently no specific laws or regulations in India that directly regulate AI. The AI Governance Guidelines capture India's balanced objective regarding future AI regulation. India seeks "to harness the transformative potential of AI for inclusive development and global competitiveness" while also "addressing the risks it may pose to individuals and society".¹⁴ The IT Rules, particularly the February 2026 amendment, focus on this balancing objective, as they address risks associated with the use of AI-generated audio-visual information.

Risk categorization

As noted above, there are currently no specific laws or regulations in India that directly regulate AI. However, the IT Rules set out special due diligence obligations for intermediaries offering AI audio-visual products such as image generation, modification and dissemination tools.¹⁵ In addition, the AI Governance Guidelines also encourage adoption of regulation to address risks of AI classified in the following six main categories:¹⁶

• "Malicious uses", which include "misinformation involving the distribution of harmful AI-generated content (deep fakes), trojan attacks using AI tools, model or data poisoning, adversarial inputs in critical infrastructure etc."
• "Bias and discrimination" in the context of making decisions "about future employment, which may result in loss of opportunity or livelihood."
• "Transparency failures from the lack of adequate disclosures" such as "the use of personal data to develop an AI system without the individual's consent."
• "Systemic risks", which include "disruptions in the AI value chain due to market concentration, geopolitical instability, and regulatory changes."
• "Loss of control over AI systems", which could "disrupt public order and safety."
• "National security", which includes "AI-facilitated disinformation campaigns, cyberattacks on critical infrastructure and the use of lethal autonomous weapons".

The proposed Digital India Act, once enacted, is expected to regulate high-risk AI systems and delineate specific "no-go" areas for companies and internet intermediaries employing AI and machine learning in consumer-facing applications.

Key compliance requirements 

As noted above, there are currently no specific laws or regulations in India that directly regulate AI. However, the compliance requirements in relation to SGI under the IT Rules require intermediaries to:¹⁷

• Deploy reasonable measures to prevent the use of SGI that contains child abuse materials, results in document or record falsification, informs on accessing or preparing explosives or firearms, or portrays deceitful misrepresentations of real-world events or persons.
• Label all SGI content and embed it with permanent metadata allowing its identification.

Further, significant social media intermediaries (those who have active users above a certain threshold determined and notified by the government) are obliged to:¹⁸

• Require users to provide a declaration if their content is SGI.
• Deploy reasonable measures to verify such declarations.
• In case the content is SGI, provide a clear label indicating so.

The IT Rules also carve out exceptions for "routine or good faith" use of AI not resulting in the generation of false documents or the misrepresentation of the underlying audio or image.¹⁹

Regulators

Currently, there is no AI-specific regulator in India. As such, the Ministry of Electronics & Information Technology is the executive agency for AI-related strategies and has been establishing the above-mentioned framework including publishing the AI Governance Guidelines and amending the IT Rules. Pursuant to the IT Rules, the government of India has also created a digital Grievance Appellate Committee to deal with appeals of users against decisions of social media intermediaries concerning complaints against violations of the IT Rules.²⁰

Other public agencies like the Ministry of Commerce and Industry, the Ministry of Health and Family Welfare, SEBI and RBI have also issued guidelines and policy papers aimed at eventually establishing some form of AI regulatory authority.

Enforcement powers and penalties 

As noted above, there are currently no specific laws or regulations in India that directly regulate AI. As such, enforcement and penalties relating to creation, dissemination and/or use of AI are governed by related violations in non-AI specific legislation and regulations. The IT Rules also clarify that in case of violation of any obligations thereunder, the defaulting intermediary will be liable for punishment under "any law for the time being in force including the" IT Act.²¹

_{1 See Approach Document for India: Part 1 – Principles for Responsible AI, 2021 available here.
2 See Approach Document for India: Part 2 – Operationalizing Principles for Responsible AI, 2021 available here.
3 See India AI Governance Guidelines, 2025 available here.
4 See Proposed Digital India Act, 2023 available here.
5 See IT Rules as amended in 2026 available here, p. 4, Section 2(wa).
6 See Digital Personal Data Protection Rules, 2025 available here.
7 See India AI Governance Guidelines, 2025 available here, pp. 18, 54.
8 See Approach Document for India: Part 1 – Principles for Responsible AI, 2021 available here, p. 7, Box 1.
9 See SEBI Circular, Reporting for Artificial Intelligence (AI) and Machine Learning (ML) Applications and Systems offered and used by Market Intermediaries, 4 January 2019 available here.
10 See Reserve Bank of India, FREE-AI Committee Report, 2025 available here.
11 See Press Release, Union Health Minister Shri JP Nadda to Launch two Landmark Initiatives: SAHI and BODH at the India AI Summit at Bharat Mandapam, 16 February 2026 available here; Wayan Vota, SAHI: Radical Artificial Intelligence for Health Framework from India, ICT Works, 24 February 2026 available here.
12 See IT Act, 2000 available here, p. 7, Section 2(w).
13 See IT Rules as amended in 2026 available here, pp. 4, 11-14, Sections 2(v), 2(w), 2(wa), 3, 4.
14 See India AI Governance Guidelines, 2025 available here, p. 5.
15 See IT Rules as amended in 2026 available here, p. 12, Section 3(3).
16 See India AI Governance Guidelines, 2025 available here, p. 25.
17 See IT Rules as amended in 2026 available here, p. 12, Section 3(3).
18 See IT Rules as amended in 2026 available here, p. 14, Section 4.
19 See IT Rules as amended in 2026 available here, p. 4, Section 2(wa).
20 See Digital India - Grievance Appellate Committee available here and here.
21 See IT Rules as amended in 2026 available here, p. 22, Section 7.}

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2026 White & Case LLP}