Shaping Responsible AI: India’s Evolving Regulatory Framework

This editorial is based on “​Model conduct: On India, AI use” which was published in The Hindu on 30/12/2025. The article examines India’s evolving approach to governing artificial intelligence, highlighting key regulatory gaps, ethical challenges, and institutional constraints.

As artificial intelligence reshapes economies and governance, India stands at a critical policy juncture. While it has taken meaningful steps through IT rules, data protection norms, and sectoral regulations, a comprehensive framework addressing AI’s societal and psychological impacts is still evolving. Unlike China’s intrusive model, India has chosen a rights-respecting and innovation-friendly path, though gaps in consumer protection and capacity remain. This article examines the key challenges in India’s AI governance, existing regulatory frameworks, global best practices, to build a responsible, competitive, and inclusive AI ecosystem.

What are the Existing Regulations Related to AI in  India ?

• Information Technology (IT) Act, 2000:  The IT Act forms the foundational legal framework governing digital activity in India and indirectly regulates Artificial Intelligence. Provisions such as Sections 66C and 66D address identity theft and online impersonation, which are increasingly relevant in cases involving deepfakes and AI-driven frauds. 
  • Section 79 provides “safe harbour” protection to intermediaries  if they observe due diligence and comply with government directions.  
• IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT rules 2021): These Rules operationalise platform accountability by mandating intermediaries to remove unlawful and misleading content, including AI-generated and manipulated media. Platforms are required to label synthetic content, establish grievance redressal mechanisms, and act swiftly on government directions. 
  • Through recent advisories, the government has clarified that generative AI platforms fall within the regulatory scope of these Rules, thereby indirectly governing AI deployment.
• Digital Personal Data Protection (DPDP) Act, 2023: The DPDP Act provides India’s first comprehensive framework for personal data protection, directly impacting AI systems that rely on large datasets. It mandates lawful and purpose-limited data processing, informed consent, data minimisation, and safeguards against misuse.
  • AI developers must ensure fairness, transparency, and security while handling personal data, making the Act central to responsible AI deployment in India.
• Sector-Specific AI Regulation (RBI, SEBI and Others): India has adopted a sectoral approach to AI governance. The RBI has issued model risk management guidelines and the FREE-AI framework to ensure explainability, auditability, and fairness in AI-driven financial decisions. 
  • SEBI mandates transparency and accountability in algorithmic trading systems. 
  • Similar oversight exists in healthcare (CDSCO oversight for AI-based medical devices), telecom (DoT licensing norms governing AI-driven network management), and cybersecurity (CERT-In directions mandating incident reporting), ensuring AI use aligns with public interest and sectoral safety norms.
• IndiaAI Mission: Under the IndiaAI Mission, the government is promoting responsible AI through capacity building, public computer infrastructure, and indigenous model development. 
  • The framework emphasises ethical and human-centred AI, prioritising risk-based governance over blanket restrictions, thereby enabling innovation while ensuring accountability. 
• Global Norms Influencing India’s AI Governance: India’s approach aligns with evolving global standards.
  • The OECD AI Principles advocate human-centric, transparent and accountable AI systems. 
  • The EU’s AI Act introduces a risk-based regulatory model, while UNESCO’s AI Ethics Recommendation stresses inclusion, human rights and sustainability. 
  • India actively engages in platforms like G20 and GPAI, shaping global norms while adapting them to domestic realities.

What are the Issues Hindering AI Governance?

• Absence of a Dedicated AI Law: India lacks a dedicated law governing AI, as existing frameworks like the IT Act and DPDP Act were not designed for autonomous, self-learning systems. This creates ambiguity around liability, accountability, and enforcement in AI-related harms.
  • In contrast, the US’s clearer oversight like proposed Algorithmic Accountability Act and mandatory safety disclosures under the Defense Production Act.
  • In India, AI regulation remains fragmented across bodies like MeitY, RBI, and SEBI, leading to coordination gaps, while the absence of a clear legal definition of AI further complicates consistent regulation and compliance. 
• Data Availability and Quality Constraints: AI systems require large, diverse, and high-quality datasets, but India faces challenges related to fragmented data, poor digitisation (like urban-rural divide, low digital literacy) and privacy concerns.
  • While the DPDP Act rightly safeguards personal data, gaps in frameworks for accessing high-quality, anonymised, and non-personal datasets can constrain AI innovation, particularly in public-interest sectors such as healthcare and agriculture.
  • Excessive compliance burdens could discourage startups and delay domestic model development, making India dependent on foreign technologies. At the same time, under-regulation risks misuse, discrimination, and ethical violations.
• Algorithmic Bias and Social Concerns: Many AI models operate as “black boxes,” making their decision-making processes opaque. This raises serious concerns about bias, discrimination, and unfair outcomes, especially in areas like credit scoring, recruitment, and welfare delivery. 
  • AI systems can amplify social biases, enable surveillance, and threaten individual autonomy if not carefully governed.
  • Ensuring explainability and fairness remains difficult due to technical complexity and lack of enforceable standards.
• Limited Institutional Expertise: Effective AI governance requires skilled regulators, auditors, and technologists within government institutions.
  • Currently, Capacity constraints exist across regulatory bodies, making enforcement and oversight of complex AI systems challenging, which limits India’s ability to conduct algorithmic audits and risk assessments.'
• Global Dependence on Key Technologies: India remains dependent on foreign AI models, cloud infrastructure, and semiconductor supply chains.
  • This technological dependence raises concerns around data sovereignty, strategic autonomy, and national security, especially in critical sectors like defence, finance, and public services.

What Measures are Needed to Strengthen AI Governance in India?

•  Enacting a Comprehensive AI Law: India needs a standalone, principle-based AI legislation that clearly defines artificial intelligence, assigns responsibilities, and establishes legal accountability and liability across the AI lifecycle. 
  • Defining responsibility among developers, deployers, and users by clear legal standards and redress mechanisms for enhanced victim protection.
  • India can draw from the EU AI Liability Directive, which links liability to control and risk exposure, ensuring effective remedies for affected individuals.
• Adopting a Risk-Based Regulation: To balance innovation and safety, India should avoid blanket regulation and instead adopt a tiered risk-based approach, as followed by the EU and OECD. 
  • Low-risk applications should face light compliance, while high-risk uses (such as biometric surveillance or automated credit scoring) should undergo stricter scrutiny.
  • Regulatory sandboxes, already used by RBI and SEBI, can be expanded to allow safe experimentation without stifling innovation.
• Strengthening Data Ecosystems : Strengthening data ecosystems requires secure data-sharing frameworks, robust anonymisation standards, and trusted intermediaries to enable responsible AI innovation. 
  • Scaling initiatives like the India Data Management Office and IndiaAI Datasets Platform, while adopting data trusts and altruism models inspired by the EU’s Data Governance Act, can improve access to high-quality public datasets.
•  Ensuring Algorithmic Accountability: To address black-box decision-making, India should mandate explainability and auditability for AI systems used in high-impact domains such as finance, policing, healthcare, and welfare delivery. 
  • Algorithmic impact assessments (like Canada and EU) can help identify risks before deployment. Independent third-party audits should be encouraged to ensure fairness and non-discrimination.
• Strengthening Institutional Capacity and Centralised AI Governance:India must build technical expertise within regulators and the judiciary through targeted AI training and institutional support from bodies like the National e-Governance Division, IITs, and IIITs.
  • Simultaneously, establishing a central nodal AI authority, on the lines of the EU’s AI Office or the UK’s AI Safety Institute, can ensure coordinated oversight, standard-setting, and effective risk management across sectors.
• Embedding Ethics, and Social Impact Safeguards : AI governance must integrate ethical principles such as fairness, non-discrimination, transparency, and human oversight. 
  • Drawing from UNESCO’s Recommendation on AI Ethics, India should mandate ethical impact assessments, safeguards against surveillance misuse, and protections for vulnerable communities, especially in biometric and predictive technologies.
• Reducing Strategic Dependence: To reduce reliance on foreign AI models and infrastructure, India must invest in domestic computing capacity, semiconductor manufacturing, and foundational AI research.
  • Initiatives like the IndiaAI Mission and National Semiconductor Mission should be aligned with long-term strategic autonomy goals of “digital sovereignty”.

Conclusion

India stands at a pivotal moment in shaping its AI governance framework. While important steps have been taken through sectoral regulations, data protection laws, and global engagement, gaps remain in ensuring coherent, future-ready oversight. Addressing challenges such as regulatory fragmentation, limited institutional capacity, and ethical risks is essential to building public trust. By strengthening domestic capabilities, adopting global best practices, and promoting a human-centric approach, India can move beyond being a technology adopter to becoming a global leader in responsible and inclusive AI governance.

Drishtiias Mains Question Q.Evaluate India’s approach to AI governance in the context of global best practices. What reforms are necessary for India to emerge as a responsible leader in the global AI ecosystem?