Authored By: Vaishnavi Vikas Karape
ILS Law College Pune
Introduction
The rapid rise of generative Artificial Intelligence has transformed how information is created and shared in India. Among its most troubling consequences is the surge in deepfakes highly convincing AI-generated images, videos, and audio that can fabricate events or impersonate individuals with alarming realism. Recent cases involving non-consensual intimate imagery, celebrity voice cloning, and politically motivated disinformation have exposed the serious threats these technologies pose to personal dignity and public trust. Indian courts have also taken note, expressing concern over the misuse of AI to produce fake judicial documents and misleading evidence[1].
While India has embraced AI tools across multiple sectors, this technological boom has been shadowed by growing criminal misuse. Deepfakes now serve as potent weapons for defamation, cheating, identity theft, obscenity, and public mischief. Their accessibility and difficulty in detection have intensified risks to individual privacy and societal harmony. These developments directly implicate the right to life and personal liberty under Article 21 of the Constitution, which encompasses the right to privacy and dignity[2].
Despite the urgency of the issue, India still lacks a comprehensive law specifically targeting crimes involving generative AI and deepfakes. Instead, the legal response relies on a patchwork of provisions from the Bharatiya Nyaya Sanhita, 2023 (BNS), the Information Technology Act, 2000, and the newly amended Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2026. Although these measures offer some tools for accountability, they fall short in addressing the unique complexities of autonomous and semi-autonomous AI systems.
This article argues that while recent reforms mark meaningful progress, persistent gaps in attributing liability, establishing mens rea, clarifying intermediary obligations, and handling evidentiary issues continue to create a significant legal vacuum. This vacuum weakens criminal prosecution and leaves victims inadequately protected. The article analyses the existing framework, highlights its limitations, draws brief comparative insights, and offers practical recommendations for reform. Its focus remains on generative AI and synthetically generated media rather than AI applications in general.
Evolution of the Legal Framework Governing AI-Generated Content
Before the recent reforms, India tackled harms from AI-generated content through general provisions in the Indian Penal Code, 1860 and the Information Technology Act, 2000. Key IT Act sections included Section 66C (identity theft), Section 66D (cheating by personation), Section 66E (privacy violation), and Sections 67 & 67A (obscene and sexually explicit material). While courts could apply these to deepfake cases involving impersonation or non-consensual content, the provisions were not crafted for the nuances of synthetic media, often leading to interpretive challenges and uneven enforcement.
A major overhaul came with the Bharatiya Nyaya Sanhita, 2023, effective from July 2024. Several BNS provisions now apply indirectly to AI-related offences. Section 318 covers cheating by personation, relevant for deepfake-enabled fraud. Section 336 addresses forgery of electronic records, which can extend to manipulated synthetic content. Section 356 deals with defamation, while Section 353 targets public mischief through false information. Section 111 on organised crime may apply to large-scale disinformation campaigns, and obscenity/sexual offence provisions help address non-consensual intimate deepfakes[3].
The Digital Personal Data Protection Act, 2023 adds another layer by regulating the unauthorised use of personal or biometric data in training AI models for deepfakes. Though primarily a data protection law, it introduces accountability for unlawful data processing[4].
The most significant recent development is the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026, notified on 10 February 2026 (G.S.R. 120(E)) and effective from 20 February 2026. These Rules introduce the concept of “Synthetically Generated Information (SGI)” defined as audio, visual, or audio-visual content that is artificially created or altered to appear indistinguishable from reality. They mandate clear labelling (watermarks, audio disclaimers, and metadata), stricter due diligence for intermediaries (especially Significant Social Media Intermediaries), and expedited takedown timelines (often within 2–3 hours) for unlawful SGI, such as non-consensual deepfakes. Non-compliance risks loss of safe harbour protection under Section 79 of the IT Act[5].
The Bharatiya Sakshya Adhiniyam, 2023 further complicates matters by raising fresh questions about the authenticity and admissibility of AI-generated evidence[6].
These steps reflect growing regulatory awareness and improve transparency and platform responsibility. However, they remain largely procedural and do not fully resolve the core problem of assigning individual criminal liability.
III. Mapping Criminal Liability under Existing Provisions
Indian law seeks to address AI-generated harms by adapting traditional offences to new realities. Under the BNS, Section 336 (forgery) can treat deepfakes as false electronic records created with intent to deceive. Section 318 applies to cheating through impersonation in scams or identity theft. Section 356 covers reputational harm caused by synthetic media, and Section 353 targets misinformation that disturbs public order. Obscenity and sexual offence provisions remain relevant for non-consensual intimate imagery.
The IT Act continues to support these efforts through Sections 66C, 66D, 66E, 67, and 67A. Additionally, Section 85 allows prosecution of companies and their officers for offences committed with their consent or negligence. Intermediaries failing to meet 2026 Rules obligations may lose safe harbour and face liability.
A notable strength of the framework is its flexible language terms like “electronic record” and “document” to enable courts to interpret older provisions creatively. This adaptability has allowed interim relief, such as John Doe injunctions protecting personality rights and directions to platforms for compliance.
Nevertheless, these provisions were designed for a pre-generative AI era. They struggle with issues of indirect causation, machine-generated outputs, and responsibility to spread across users, developers, and platforms. While courts have shown increasing awareness issuing notices to tech giants in PILs concerning deepfakes the lack of tailored offences limits consistent enforcement.
Courts have also started filling the gap through creative interpretation of existing rights. In the notable case of Anil Kapoor v. Simply Life India Pvt. Ltd. & Ors. (2023), the Delhi High Court issued a wide-ranging injunction protecting the actor’s personality rights against unauthorised use of his name, voice, likeness, and mannerisms via AI-generated deepfakes. This decision highlighted the judiciary’s growing concern over the misuse of generative AI tools and has since served as an important reference point in similar matters[7].
Critical Challenges and the Persisting Legal Vacuum
Despite incremental reforms, structural gaps continue to undermine effective governance of AI-generated content. The biggest hurdle is attribution and causation. Deepfake creation often involves multiple actors: the user providing prompts, the model developer, the platform deployer, and the hosting intermediary. The “black box” nature of generative AI makes it extremely difficult to trace outputs or establish foreseeability.
This difficulty ties directly into mens rea challenges. Traditional criminal law requires proof of intent, knowledge, or recklessness. When AI produces harmful content semi-autonomously, proving the requisite mental element becomes uncertain. Questions arise about whether liability should rest on a negligence or recklessness standard, or whether strict liability is warranted in high-risk cases. Without clear statutory guidance, prosecutions remain inconsistent.
Evidentiary issues compound these problems. Under the Bharatiya Sakshya Adhiniyam, 2023, courts must assess the reliability of digital evidence in an environment where AI can generate highly realistic yet fabricated material. Distinguishing genuineness from synthetic content demands advanced forensic capabilities that many agencies currently lack.
The judiciary has itself begun to acknowledge the practical difficulties posed by deepfakes in the realm of evidence. In Nirmaan Malhotra v. Tushita Kaul (2024), the Delhi High Court took judicial notice of the fact that we are living in the era of deepfakes while dealing with photographs produced by a husband alleging adultery in a matrimonial dispute. The Division Bench observed that it was not clear whether the woman in the photographs was indeed the respondent-wife and held that the burden lay on the party relying on such images to prove their authenticity through proper evidence before the Family Court[8].
This decision highlights a crucial evidentiary challenge under the Bharatiya Sakshya Adhiniyam, 2023 in an age where synthetic media can be indistinguishable from reality, courts are increasingly reluctant to accept digital images or videos at face value without supporting forensic proof.
The 2026 IT Rules strengthen intermediary obligations through mandatory SGI labelling and faster takedowns, but they primarily operate at a regulatory level. The distinction between “lawful” and “prohibited” SGI helps with transparency, yet it does not clearly allocate criminal responsibility. Over-removal of content due to safe harbour fears also raises legitimate concerns about private censorship.
Enforcement remains another weak spot. Law enforcement often lacks technical expertise and tools to investigate AI offences swiftly. The massive volume and speed of content creation, combined with cross-border platform operations, further complicates matters. Victims of non-consensual deepfakes frequently hesitate to report due to stigma, resulting in under-reporting and delayed justice.
Courts have also shown sensitivity towards the profound personal harm caused by AI-generated deepfakes, particularly non-consensual intimate or morphed content. In Shilpa Shetty Kundra v. Getoutlive.in & Ors. (2025), the Bombay High Court passed strong orders directing the immediate takedown of AI-generated deepfake and morphed obscene images and videos circulating online. The Court described the content as extremely disturbing and held that such misuse seriously infringes upon the actress’s right to privacy and dignity under Article 21 of the Constitution[9].
By granting swift relief and emphasising the violation of “digital personhood,” this case underscores how deepfakes can cause irreversible reputational and psychological damage, especially to women, and illustrates the judiciary’s attempt to provide interim protection in the absence of specific criminal legislation.
These challenges have real human costs. Deepfakes can inflict lasting reputational and psychological harm, violating dignity protected under Article 21. Existing remedies frequently prove slow and insufficient. While the 2026 Rules advance platform accountability, they do not establish a comprehensive criminal liability regime with graded responsibilities.
Recent judicial interventions including Supreme Court observations on AI-generated fake citations and High Court PILs on deepfakes signal growing awareness. However, without systemic legislative reform, responses remain largely reactive[10].
Comparative Perspectives
Other jurisdictions offer valuable lessons. The EU AI Act adopts a risk-based approach, imposing strict obligations on high-risk systems regarding transparency, oversight, and accountability. This model indirectly bolsters liability by clearly defining responsibilities for developers and deployers.
In the United States, intermediary immunity under Section 230 remains broad, though states have enacted targeted deepfake laws, particularly for elections and non-consensual imagery. China and the United Kingdom (through its Online Safety framework) emphasise stricter platform duties and labelling requirements.
India’s lighter-touch, innovation-friendly model under the 2026 Rules promotes technological growth but leaves clearer accountability gaps compared to the EU’s structured regime. A balanced approach incorporating risk-tiered obligations and international cooperation on enforcement would strengthen India’s framework without unduly stifling innovation.
Way Forward and Recommendations
Closing the legal vacuum requires a multi-pronged strategy. In the short term, authorities must enforce the 2026 IT Rules rigorously, focusing on labelling, due diligence, and timely takedowns. Law enforcement and forensic labs need urgent capacity building, including specialised training in deepfake detection. Courts should issue guidelines on evaluating AI-generated evidence under the Bharatiya Sakshya Adhiniyam.
In the medium term, targeted amendments to the BNS and IT Act are essential. These should introduce specific offences for deepfakes and SGI with graded penalties based on harm — aggravated for non-consensual intimate imagery, electoral interference, or financial fraud. Clear definitions would reduce ambiguity and aid prosecution.
Over the longer term, India should consider a dedicated Artificial Intelligence (Criminal Liability and Accountability) Act or comprehensive provisions within existing laws. Such a framework must clarify mens rea standards for AI-assisted crimes, establish graded liability across actors (developers, deployers, users), and create mechanisms like fast-track digital courts and victim compensation funds.
Additional steps include mandatory AI impact assessments for high-risk systems, trusted flagger programs, public awareness campaigns, and collaboration among MeitY, industry, and civil society. Aligning these efforts with the IndiaAI Mission can help India balance innovation with robust protection of fundamental rights.
VII. Conclusion
The proliferation of generative AI and deepfakes has starkly revealed limitations in India’s criminal law framework. Although the BNS 2023 and the 2026 IT Rules represent important advances in transparency and platform responsibility, a substantial legal vacuum persists in attributing criminal liability.
Existing provisions can be stretched to cover certain harms, but they were not designed for the realities of autonomous AI systems. Challenges involving causation, mens rea, evidence, and enforcement continue to hinder effective justice. As AI tools become more accessible, the scale of potential misuse will only grow, threatening privacy, dignity, and democratic discourse.
India now faces a critical opportunity. By implementing targeted reforms, strengthening institutional capacity, and adopting clear liability standards, the country can develop a forward-looking regime that protects citizens while nurturing technological progress. Such an approach would not only strengthen the rule of law but also position India as a responsible leader in AI governance in the Global South.
Reference(S):
[1] Vikas Vijay Nair v. State of Gujarat, 2026 SCC OnLine Guj ___ (Guj. HC) (notices issued to intermediaries regarding deepfake misuse).
[2] India Const. art. 21.
[3] Bharatiya Nyaya Sanhita, 2023, §§ 111, 318, 336, 353, 356.
[4] The Digital Personal Data Protection Act, 2023.
[5] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026, G.S.R. 120(E) (Feb. 10, 2026) (effective Feb. 20, 2026).
[6] The Bharatiya Sakshya Adhiniyam, 2023.
[7] Anil Kapoor v. Simply Life India Pvt. Ltd. & Ors., CS(COMM) 652/2023 (Del. HC Sept. 20, 2023) (Prathiba M. Singh, J.).
[8] Nirmaan Malhotra v. Tushita Kaul, 2024 SCC OnLine Del 4326 (Del. HC May 28, 2024) (DB).
[9] Shilpa Shetty Kundra v. Getoutlive.in & Ors., 2025 SCC OnLine Bom ___ (Bom. HC Dec. 26, 2025 / Mar. 2026 orders).
[10] See Supreme Court observations on AI-generated fake judgments (Mar. 2026)
