India doesn’t have a single AI law. But a patchwork of rules is quietly taking shape — and if you build, deploy, or use AI products in India, you need to pay attention.
What exists right now
The big move: IT Rules Amendment 2026. On 10 February 2026, MeitY notified new amendments to the IT (Intermediary Guidelines) Rules under the IT Act, 2000. They took effect on 20 February 2026 — just 10 days after notification.
The key provisions:
- Mandatory AI content labeling. Any “synthetically generated information” (SGI) — AI-created audio, video, or images that appear real — must carry a prominent label or embedded metadata.
- Deepfake takedowns in 2 hours. Platforms must remove AI-generated intimate imagery within 2 hours of a complaint. Other unlawful AI content gets a 3-hour deadline.
- Platform liability. Intermediaries that fail to comply lose their safe harbour protections under Section 79 of the IT Act.
DPDP Act goes live. The Digital Personal Data Protection Act, 2023 — India’s first comprehensive data privacy law — is now in force. The Data Protection Board is operational. Penalties can reach Rs 250 crore per violation. Full compliance is mandatory by May 2027.
IndiaAI Governance Guidelines. In November 2025, MeitY released voluntary governance guidelines built on seven principles — trust, fairness, accountability, safety, and more. These aren’t legally binding, but they signal where enforcement is heading.
What’s not happening
No standalone AI law. The government has explicitly said it won’t create a separate AI statute. Instead, it’s regulating AI through existing laws — IT Act, DPDP Act, IP laws — on a sector-by-sector basis.
The Digital India Act is stalled. The long-promised replacement for the IT Act, 2000 hasn’t seen a public draft since 2023. It appears effectively shelved.
Who’s affected
Big tech platforms face the tightest squeeze — the 2-hour and 3-hour takedown windows require significant automated moderation infrastructure. Startups building AI tools must bake in labeling from day one. Global firms operating in India face compliance risk if they ignore the new rules.
Why it matters
India is taking the “regulate the application, not the technology” path — closer to the UK model than the EU’s AI Act. That means fewer upfront compliance burdens for builders, but fast-moving, sometimes unpredictable enforcement through existing law.
With the India Semiconductor Mission pushing hardware and these rules shaping software, India’s tech policy picture is getting clearer — and more consequential.
The bottom line
No single AI law is coming. But between the IT Rules amendment, the DPDP Act, and sectoral guidelines, AI in India is already being regulated. Companies that wait for a “comprehensive framework” before acting are already behind.