The Union government on Friday signalled that the country’s reliance on existing information technology laws may soon give way to a dedicated legal framework for AI as concerns over deepfakes, synthetic content and cybercrime continue to mount.
“We have used the IT rules and other provisions of existing law to address various concerns that AI raises, but now, probably the time has come to look at separate legislation,” IT secretary S. Krishnan said on the sidelines of a CII Cybersecurity Summit.
He said both he and IT minister Ashwini Vaishnaw had earlier indicated that the government would consider AI regulation when the timing was appropriate. “It appears that the time is getting right, and we will start looking at it,” he said.
While declining to provide a timeline, Krishnan said the Ministry of Electronics and Information Technology would begin preparing a draft legislation, adding that the final legislative process would depend on the government and Parliament.
The move comes as governments worldwide grapple with the risks posed by generative AI, including misinformation, deepfakes, identity fraud and online harm.
India has already tightened its regulatory oversight through amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Earlier this year, the government mandated that online platforms such as X and Instagram remove AI-generated or synthetic content flagged by a competent authority or court within three hours. The amended rules also introduced formal definitions for AI-generated and synthetically created content while excluding routine editing, accessibility enhancements and bona fide educational or design work.
The Centre has also proposed fresh amendments requiring AI-generated content to carry clear and continuous labels throughout the duration of its display.
Data breach
Krishnan also said that the government is investigating the alleged data breach at Tata Electronics that reportedly exposed sensitive information related to Apple’s unreleased iPhone model, with the incident having been reported to the Indian Computer Emergency Response Team (CERT-In).