	AI Legislative Guide
	India
	(Asia Pacific) Firm Shardul Amarchand Mangaldas & Co Contributors Shahana Chatterji Updated 01 Jun 2026
Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?	Yes, although there is no umbrella legislation.
Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.	The Indian Government is aiming to strike a balance between innovation and regulation in the AI sector by undertaking measures such as: Amending existing frameworks to account for AI-related development: Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IL Rules 2021”): The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026 (“2026 IL Amendment Rules”) introduces several incremental changes to the IL Rules 2021, specifically in relation to ‘Synthetically Generated Information’ (“SGI”) (i.e., any information that is artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that: (i) the information appears to be authentic or true; and (ii) depicts or portrays any individual or event in a manner that is, or is likely to be perceived as indistinguishable from a natural person or real-world event). Specifically, intermediaries that offer a computer resource which enables the creation, generation, modification, etc. of SGI by users (“SGI Enabling Intermediaries”) are required to inform such users that: (i) they may be held liable for generating or creating or publishing SGI that violates any law in force; (ii) in the event they violate any such law in force, it may result in – (a) the immediate disabling of access to or removal of such information; (b) suspension or termination of the user account; (c) identification of such user and disclosure of the identity of the violating user to the complainant, where such complainant is a victim; or (d) the mandatory reporting of any offenses committed under prevailing applicable law to the relevant authorities that require the reporting of such violations. In addition, SGI Enabling Intermediaries are required to adopt reasonable technical measures to identify and prevent users from generating, modifying or transmitting SGI that is unlawful on their platforms, and implement any other appropriate technical provenance mechanisms (which, if technically feasible, should include a unique identifier identifying the computer resource used to create or modify or publish the SGI). The SGI Enabling Intermediary is also required to ensure that such label or mechanism is not modified, suppressed or removed. Further, significant social media intermediaries (“SSMIs”) (which may also be a SGI Enabling Intermediary) are required to – (i) obtain a user declaration on whether the information that the user is uploading on the platform is SGI; (ii) deploy appropriate technical measures, including automated tools, to verify the accuracy of such user declarations; and (iii) where confirmed that such information is SGI – to clearly and prominently label the content as SGI. SSMIs are also required to mandatorily deploy appropriate technical measures, including automated tools, to detect child sexual abuse or conduct material or rape material. If an SSMI knowingly permits, promotes, or fails to act upon SGI in contravention of the 2026 IL Amendment Rules, it would be deemed to have failed to exercise due diligence obligations under the IL Rules 2021. Accounting for AI within new frameworks: The Digital Personal Data Protection Rules, 2025 (“DPDP Rules”): The DPDP Rules, notified under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) require significant data fiduciaries (a class of data fiduciaries to be notified by the Central Government upon the enforcement of the DPDP Act, and the DPDP Rules) to observe due diligence to verify that technical measures including algorithmic software (i.e., AI) adopted by it for hosting, display, uploading, modification, publishing, transmission, storage, updating or sharing of personal data processed by it are not likely to pose a risk to the rights of data principals. Principle-based policies: Principle-based policies have been developed to avoid over-regulation of AI and ensure that only principle-based requirements are laid down, such as: The National Strategy for AI developed by Niti Aayog (the apex policy think tank under the Government of India) has encouraged the growth of a Responsible AI model for use in various sectors, wherein principles such as transparency, explainability, auditability, etc. are recommended to be adopted. The Reserve Bank of India's ("RBI") Report on Digital Lending Including Lending Through Online Platforms And Mobile Apps, 2021 recommends the usage of an ethical AI design by RBI-regulated entities wherein algorithms of the AI software: (a) be auditable, (b) be explainable in nature (c) have necessary transparency features and privacy protection, and (d) ensure that lenders use the AI tools in a non-discriminatory manner by eliminating biases in training datasets. Disclosure-based regulation: As mentioned above, Securities Exchange Board of India (“SEBI”) has adopted a disclosure-based regime for the use of AI solutions instead of laying down limitations towards their usage in the securities sector. Such a regime promotes innovation while also ensuring that necessary safeguards for end-users are in place (e.g., refer to the SEBI AI/ML Circulars). CERT-In also issued the ‘Technical Guidelines on \| SBOM \| QBOM & CBOM \| AIBOM \| HBOM \|’ which requires government, public sector, and essential services organisations to obtain an ‘Artificial Intelligence Bill of Materials’ (“AIBOM”) from suppliers while procuring AI-related solutions to ensure transparency and accountability in the acquisition and deployment of AI systems. ‘AIBOM’ is a detailed inventory of all components used in building, training, and deploying AI models, including hardware, software, data sources, and dependencies. The Office of the Principal Scientific Adviser to the Government of India has published a white paper advocating for a "techno-legal" approach to AI governance, i.e., the integration of legal instruments, rule-based conditioning, and technical enforcement mechanisms within the AI architecture of India. The report proposes a lifecycle-based framework for addressing AI-related risks across five stages (which are – data collection, data-in-use protection, model training and assessment, safe AI inference, and trusted agents), supported by institutional mechanisms including an AI Governance Group, a Technology and Policy Expert Committee, and an AI Safety Institute. Regulatory Sandboxes: Sectoral regulators such as the RBI and the Pension Fund Regulatory and Development Authority have implemented regulatory sandboxes to foster the development of technology-based initiatives, which also include, among other things, AI/ML solutions within their respective sectors. For instance, the Ministry of Electronics and Information Technology (“MEITY”) in its report on ‘AI Governance Guidelines Development’ recommended the constitution of an ‘Inter-Ministerial AI Coordination Committee’ to coordinate AI governance across government bodies to ensure a unified approach to policy and regulatory challenges. The MEITY believes that this will encourage voluntary industry commitments on transparency and responsible AI practices, ensuring effective AI governance in India. Similarly, the RBI has constituted a dedicated ‘Committee on the Framework for Responsible and Ethical Enablement of Artificial Intelligence’ to develop a comprehensive framework, including governance structures, for the responsible and ethical adoption of AI models and applications in the Indian financial sector. The Central Drugs Standard Control Organisation has published a Draft Guidance Document on the conduct of Medical Device Software under the Medical Devices Rules, 2017 (“MDR”), proposing to classify medical devices that use AI/ML based software as medical devices under the MDR. This proposal aims to bring AI-medical software within the scope of the MDR – subjecting it to the medical devices regime under the Drugs and Cosmetics Act, 1940. However, this proposal is only at the consultation stage, and its enforcement is subject to amendments by the Central Government, followed by a notification in the Official Gazette. The ‘Strategy for Artificial Intelligence in Healthcare for India’ is a national guidance framework published by the Ministry of Health and Family Welfare, recommending that AI solutions in healthcare should be regulated based on their likelihood to cause harm, with clear accountability across the AI healthcare ecosystem. The strategy further stresses that training and validation data should be fair and representative and that safety should be embedded across all stages of the AI lifecycle, with metrics for safety, bias, interoperability, and real-world use. Usage of AI to aid regulation: Sectoral regulators such as the Insurance Regulatory and Development Authority of India ("IRDAI") have taken initiatives to promote the usage of AI, for instance, to aid in risk and fraud detection by insurers for underwriting purposes. The InsurTech Working Group on Innovations in Insurance involving Wearable/Portable Devices has recommended that such usage of AI should be subject to (a) human supervision to ensure transparency regarding the factors considered in making such risk/fraud detection, and (b) minimum product specifications to keep up with the growing technical advancement of AI solutions. The SEBI also introduced the SEBI (Intermediaries) Amendment Regulations, 2025, the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Amendment Regulations, 2025, and the SEBI* (Depositories and Participants) Amendment Regulations, 2025, which holds SEBI* regulated entities responsible for: (a) ensuring the privacy, security and integrity of investors’ and stakeholders’ data; (b) the output arising from the usage of AI/ML solutions; and (c) the compliance with applicable laws while deploying/using the AI/ML solutions. AI/ML solutions are defined to include any application or software program or executable system that is used by the regulated entities to: (a) facilitate investing and trading; (b) carry out its activities including compliance requirements; or (c) offered by regulated entities to investors/stakeholders and is portrayed as part of the products offered to the public. The Election Commission of India issued an advisory directing all political parties to clearly label any AI-generated or synthetic content used in election campaigns across all media, including images, videos, and audio, to ensure transparency and informed voter choice.
Which agency regulates the use of AI in your jurisdiction?	MEITY is the technology regulator in India that regulates the usage of technology solutions and has held industry consultations for the development of consolidated legislation for the regulation of AI and other emerging technologies. In addition, sectoral regulators can regulate the use of AI in their respective sectors. As noted above, SEBI has introduced rules to enforce disclosure and transparency in the use of AI. Other regulators, such as the RBI and IRDAI, are looking at ways in which AI can aid in regulation.

AI Legislative Guide

Back XLS

Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?

Yes, although there is no umbrella legislation.

Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.

The Indian Government is aiming to strike a balance between innovation and regulation in the AI sector by undertaking measures such as:

Amending existing frameworks to account for AI-related development:
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IL Rules 2021”): The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026 (“2026 IL Amendment Rules”) introduces several incremental changes to the IL Rules 2021, specifically in relation to ‘Synthetically Generated Information’ (“SGI”) (i.e., any information that is artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that: (i) the information appears to be authentic or true; and (ii) depicts or portrays any individual or event in a manner that is, or is likely to be perceived as indistinguishable from a natural person or real-world event).
  
  Specifically, intermediaries that offer a computer resource which enables the creation, generation, modification, etc. of SGI by users (“SGI Enabling Intermediaries”) are required to inform such users that: (i) they may be held liable for generating or creating or publishing SGI that violates any law in force; (ii) in the event they violate any such law in force, it may result in – (a) the immediate disabling of access to or removal of such information; (b) suspension or termination of the user account; (c) identification of such user and disclosure of the identity of the violating user to the complainant, where such complainant is a victim; or (d) the mandatory reporting of any offenses committed under prevailing applicable law to the relevant authorities that require the reporting of such violations.
  
  In addition, SGI Enabling Intermediaries are required to adopt reasonable technical measures to identify and prevent users from generating, modifying or transmitting SGI that is unlawful on their platforms, and implement any other appropriate technical provenance mechanisms (which, if technically feasible, should include a unique identifier identifying the computer resource used to create or modify or publish the SGI). The SGI Enabling Intermediary is also required to ensure that such label or mechanism is not modified, suppressed or removed.
  
  Further, significant social media intermediaries (“SSMIs”) (which may also be a SGI Enabling Intermediary) are required to – (i) obtain a user declaration on whether the information that the user is uploading on the platform is SGI; (ii) deploy appropriate technical measures, including automated tools, to verify the accuracy of such user declarations; and (iii) where confirmed that such information is SGI – to clearly and prominently label the content as SGI. SSMIs are also required to mandatorily deploy appropriate technical measures, including automated tools, to detect child sexual abuse or conduct material or rape material. If an SSMI knowingly permits, promotes, or fails to act upon SGI in contravention of the 2026 IL Amendment Rules, it would be deemed to have failed to exercise due diligence obligations under the IL Rules 2021.
Accounting for AI within new frameworks:
- The Digital Personal Data Protection Rules, 2025 (“DPDP Rules”): The DPDP Rules, notified under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) require significant data fiduciaries (a class of data fiduciaries to be notified by the Central Government upon the enforcement of the DPDP Act, and the DPDP Rules) to observe due diligence to verify that technical measures including algorithmic software (i.e., AI) adopted by it for hosting, display, uploading, modification, publishing, transmission, storage, updating or sharing of personal data processed by it are not likely to pose a risk to the rights of data principals.
Principle-based policies: Principle-based policies have been developed to avoid over-regulation of AI and ensure that only principle-based requirements are laid down, such as:
- The National Strategy for AI developed by Niti Aayog (the apex policy think tank under the Government of India) has encouraged the growth of a Responsible AI model for use in various sectors, wherein principles such as transparency, explainability, auditability, etc. are recommended to be adopted.
- The Reserve Bank of India's ("RBI") Report on Digital Lending Including Lending Through Online Platforms And Mobile Apps, 2021 recommends the usage of an ethical AI design by RBI-regulated entities wherein algorithms of the AI software: (a) be auditable, (b) be explainable in nature (c) have necessary transparency features and privacy protection, and (d) ensure that lenders use the AI tools in a non-discriminatory manner by eliminating biases in training datasets.
Disclosure-based regulation:
- As mentioned above, Securities Exchange Board of India (“SEBI”) has adopted a disclosure-based regime for the use of AI solutions instead of laying down limitations towards their usage in the securities sector. Such a regime promotes innovation while also ensuring that necessary safeguards for end-users are in place (e.g., refer to the SEBI AI/ML Circulars).
- CERT-In also issued the ‘Technical Guidelines on | SBOM | QBOM & CBOM | AIBOM | HBOM |’ which requires government, public sector, and essential services organisations to obtain an ‘Artificial Intelligence Bill of Materials’ (“AIBOM”) from suppliers while procuring AI-related solutions to ensure transparency and accountability in the acquisition and deployment of AI systems. ‘AIBOM’ is a detailed inventory of all components used in building, training, and deploying AI models, including hardware, software, data sources, and dependencies.
- The Office of the Principal Scientific Adviser to the Government of India has published a white paper advocating for a "techno-legal" approach to AI governance, i.e., the integration of legal instruments, rule-based conditioning, and technical enforcement mechanisms within the AI architecture of India. The report proposes a lifecycle-based framework for addressing AI-related risks across five stages (which are – data collection, data-in-use protection, model training and assessment, safe AI inference, and trusted agents), supported by institutional mechanisms including an AI Governance Group, a Technology and Policy Expert Committee, and an AI Safety Institute.
Regulatory Sandboxes:
- Sectoral regulators such as the RBI and the Pension Fund Regulatory and Development Authority have implemented regulatory sandboxes to foster the development of technology-based initiatives, which also include, among other things, AI/ML solutions within their respective sectors.
- For instance, the Ministry of Electronics and Information Technology (“MEITY”) in its report on ‘AI Governance Guidelines Development’ recommended the constitution of an ‘Inter-Ministerial AI Coordination Committee’ to coordinate AI governance across government bodies to ensure a unified approach to policy and regulatory challenges. The MEITY believes that this will encourage voluntary industry commitments on transparency and responsible AI practices, ensuring effective AI governance in India.
- Similarly, the RBI has constituted a dedicated ‘Committee on the Framework for Responsible and Ethical Enablement of Artificial Intelligence’ to develop a comprehensive framework, including governance structures, for the responsible and ethical adoption of AI models and applications in the Indian financial sector.
- The Central Drugs Standard Control Organisation has published a Draft Guidance Document on the conduct of Medical Device Software under the Medical Devices Rules, 2017 (“MDR”), proposing to classify medical devices that use AI/ML based software as medical devices under the MDR. This proposal aims to bring AI-medical software within the scope of the MDR – subjecting it to the medical devices regime under the Drugs and Cosmetics Act, 1940. However, this proposal is only at the consultation stage, and its enforcement is subject to amendments by the Central Government, followed by a notification in the Official Gazette.
- The ‘Strategy for Artificial Intelligence in Healthcare for India’ is a national guidance framework published by the Ministry of Health and Family Welfare, recommending that AI solutions in healthcare should be regulated based on their likelihood to cause harm, with clear accountability across the AI healthcare ecosystem. The strategy further stresses that training and validation data should be fair and representative and that safety should be embedded across all stages of the AI lifecycle, with metrics for safety, bias, interoperability, and real-world use.
Usage of AI to aid regulation:
- Sectoral regulators such as the Insurance Regulatory and Development Authority of India ("IRDAI") have taken initiatives to promote the usage of AI, for instance, to aid in risk and fraud detection by insurers for underwriting purposes. The InsurTech Working Group on Innovations in Insurance involving Wearable/Portable Devices has recommended that such usage of AI should be subject to (a) human supervision to ensure transparency regarding the factors considered in making such risk/fraud detection, and (b) minimum product specifications to keep up with the growing technical advancement of AI solutions.
- The SEBI also introduced the SEBI (Intermediaries) Amendment Regulations, 2025, the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Amendment Regulations, 2025, and the SEBI (Depositories and Participants) Amendment Regulations, 2025, which holds SEBI regulated entities responsible for: (a) ensuring the privacy, security and integrity of investors’ and stakeholders’ data; (b) the output arising from the usage of AI/ML solutions; and (c) the compliance with applicable laws while deploying/using the AI/ML solutions. AI/ML solutions are defined to include any application or software program or executable system that is used by the regulated entities to: (a) facilitate investing and trading; (b) carry out its activities including compliance requirements; or (c) offered by regulated entities to investors/stakeholders and is portrayed as part of the products offered to the public.
- The Election Commission of India issued an advisory directing all political parties to clearly label any AI-generated or synthetic content used in election campaigns across all media, including images, videos, and audio, to ensure transparency and informed voter choice.

Which agency regulates the use of AI in your jurisdiction?

MEITY is the technology regulator in India that regulates the usage of technology solutions and has held industry consultations for the development of consolidated legislation for the regulation of AI and other emerging technologies. In addition, sectoral regulators can regulate the use of AI in their respective sectors. As noted above, SEBI has introduced rules to enforce disclosure and transparency in the use of AI. Other regulators, such as the RBI and IRDAI, are looking at ways in which AI can aid in regulation.