Governing a Transformative Technology in the Absence of a Dedicated AI Law 

Artificial intelligence has rapidly transitioned from a peripheral technological tool to a core infrastructure shaping governance, markets, and social interaction. In India, AI systems are now deployed in areas as varied as credit scoring, welfare delivery, law enforcement, healthcare diagnostics, recruitment, content moderation, and public administration. This expansion has intensified a foundational legal and policy dilemma: how can AI be governed effectively without either throttling innovation or permitting unchecked harm? 

This challenge is not merely technological but deeply constitutional and institutional. AI systems are probabilistic, opaque, and increasingly autonomous. Their outputs can affect life, liberty, and livelihood without transparent reasoning or meaningful human oversight. Harms such as algorithmic bias, discriminatory outcomes, deepfakes, misuse of surveillance, and data exploitation are no longer speculative concerns; they are observable and accumulating realities. 

India’s position is further shaped by its development priorities. Unlike jurisdictions that can afford stringent ex ante regulatory regimes, India views AI as a strategic growth multiplier critical for economic competitiveness, public service delivery, and digital inclusion. The central tension, therefore, lies in reconciling innovation with accountability, and regulatory restraint with constitutional safeguards. The India AI Governance Guidelines emerge as the state’s response to this dilemma. 

Why India’s AI Governance Framework Has Entered the Spotlight 

The debate around AI governance in India intensified following the formal release of the India AI Governance Guidelines by the Ministry of Electronics and Information Technology (MeitY) on 5 November 2025 under the IndiaAI Mission. The Guidelines clearly reject the immediate enactment of a standalone AI law, instead advocating a “light-touch” governance approach grounded in existing legal frameworks, sectoral regulation, and voluntary compliance mechanisms. 

Almost simultaneously, the introduction of the Artificial Intelligence (Ethics and Accountability) Bill, 2025  as a Private Member’s Bill in the Lok Sabha added a contrasting regulatory signal. The Bill proposes a prescriptive statutory model, including an Ethics Committee for AI, mandatory ethical reviews for surveillance and high-risk decision-making systems, defined obligations for developers, and substantial financial penalties for non-compliance. 

The coexistence of these two instruments has triggered a fundamental question: is India consciously deferring hard regulation in favour of adaptive governance, or is it testing a transitional model that may eventually crystallise into binding law? This debate has gained further prominence as India prepares to host the India AI Impact Summit 2026, positioning itself as a global voice on responsible and inclusive AI governance, particularly for the Global South. 

From Digital Public Infrastructure to AI Governance: The Background of India’s Approach 

India’s approach to AI governance cannot be understood in isolation from its experience with Digital Public Infrastructure (DPI). Systems such as Aadhaar, UPI, DigiLocker, and the Data Empowerment and Protection Architecture (DEPA) demonstrated that legal safeguards can be embedded directly into technological design, allowing scale without sacrificing trust or accountability. 

The January 2025 draft of the AI governance framework initially reflected a more risk-averse posture, drawing heavily on OECD principles and earlier NITI Aayog work. However, extensive public consultations and multi-stakeholder deliberations guided by the Principal Scientific Adviser led to a recalibration in the final Guidelines. The emphasis shifted from precaution to enablement. 

Rather than treating AI primarily as a regulatory risk, the final framework recognises it as a national capability that must be governed through adaptation of existing institutions rather than through the creation of an entirely new regulatory superstructure. The Guidelines are structured around seven guiding principles, six governance pillars, a phased action plan, and practical guidance for industry and regulators. At their core lies a central claim; most AI-related harms can already be addressed under existing Indian law, provided definitions are updated and enforcement mechanisms are coordinated. 

The Legal Architecture Underpinning India’s AI Governance Model 

A defining feature of the India AI Governance Guidelines is their reliance on existing legal frameworks. The Guidelines emphasise that laws governing information technology, data protection, consumer protection, intellectual property, criminal offences, and sectoral regulation already apply to AI systems. 

Deepfakes and impersonation can attract liability under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023. The use of personal data for AI training is governed by the Digital Personal Data Protection Act, 2023. Misleading AI-enabled practices fall squarely within the Consumer Protection Act, 2019. This approach rejects the notion that AI operates in a legal vacuum. 

At the same time, the Guidelines acknowledge significant gaps. Existing laws were drafted for an earlier technological era. The definition of “intermediary” under the IT Act assumes passive content transmission, not generative or self-learning systems. This creates uncertainty around safe harbour protections under Section 79 when AI systems actively shape outputs. The Guidelines therefore recommend targeted amendments to clarify classification and liability across the AI value chain, including developers, deployers, and users. 

Data protection presents another unresolved challenge. Large-scale AI training relies heavily on vast datasets, often involving publicly available personal data. This creates tension with consent, purpose limitation, and data minimisation principles under the DPDP Act. Similarly, copyright law remains unsettled, as India has yet to adopt a clear position on text and data mining exceptions for AI training. 

The Ethics and Accountability Bill as a Regulatory Counterpoint 

In contrast to the adaptive philosophy of the Guidelines, the Artificial Intelligence (Ethics and Accountability) Bill, 2025 adopts a more interventionist posture. It proposes mandatory ethical oversight, restrictions on AI-enabled surveillance, enforceable duties on developers to prevent algorithmic bias, and penalties extending up to ₹5 crore. 

Although the Bill is not law, its introduction is revealing. It signals institutional unease with relying exclusively on voluntary governance and sectoral adaptation, particularly in high-risk domains such as surveillance, law enforcement, employment, and credit decision-making. The Bill thus functions as a counterweight, highlighting the limits of soft law in contexts involving fundamental rights. 

Gaps and Limitations in India’s Current AI Governance Framework 

Accountability remains diffused While the Guidelines propose a graded liability framework, they stop short of creating enforceable legal obligations. Assigning responsibility for AI-induced harm particularly in complex value chains remains legally uncertain. 

The institutional architecture is dense. The Technology & Policy Expert Committee, AI Safety Institute, and sectoral regulators together form a multi-layered ecosystem. Without clear coordination mechanisms, the risk of overlap, delay, and fragmentation persists.

Towards a More Coherent and Future-Ready AI Governance Framework 

India’s AI governance reflects a deliberate attempt to avoid premature overregulation while retaining control. By prioritising adaptability, sectoral expertise, and techno-legal solutions, the Guidelines preserve space for innovation and experimentation. However, adaptability must eventually mature into legal clarity. Over time, voluntary norms must harden into binding standards in high-risk applications. Targeted legislative amendments rather than a sweeping AI Act offer a pragmatic middle path, allowing India to respond to emerging harms without freezing technological progress. 

For any queries, Connect with us.