Authored By: MONALISHA PATRA
National Law University Odisha
INTRODUCTION
AI has entered our homes and our government, cannibalising money, jobs and lives with startling speed. From scientific fantasy to reality, we use machines to adjudicate credit applications, hiring decisions, diagnose disease and even to reinvestigate murders. What was once a dynamo of efficiency is fast becoming a decider. In India, artificial brains take stronger decisions, determining who receives loans, benefits, or police attention. The upward promise of the rise of the machine is economic growth and administrative convenience; the downward consequence the Europeanisation, through the backdoor of the Constitution, of fundamental rights to privacy, equality and accountability. How does India retain the innovation without losing her human rights?
AI differs from traditional technology in that it comprises self, learning models which often act as “black boxes”, reaching conclusions without transparency on how they did so. This makes attributing legal liability in instances of damage much more complex. We have already observed the social hazards of unchecked AI through the proliferation of deepfakes, algorithmic discrimination and hyper, massive data mining. The Indian framework of regulation, namely the IT Act of 2000 and the proposed Digital Personal Data Protection Act of 2023, were not scripted for autonomous systems. As such governance is patchy and predominantly voluntary.
The article proposed that India is currently operating within an innovation, first framework that relies heavily on soft law instruments and corporate self, regulation. Although a conducive environment for start, ups and investment the framework falls short of protecting citizens from privacy violations and automated injustice, leading to a core question: Is an India, specific AI law required in addition to the innovation, first framework?
The article is structured into four sections. Part I looks at the current legal regime in regard to AI in India, Part II considers relevant case law and judicial trends with regard to AI, Part III offers a critique on existing gaps in liability, transparency, data protection, with brief comparative insights from the EU and US precedents, and Part IV wraps up by providing recommended draft rights, based Indian AI legislation.
MAIN BODY
A. Legal architecture and current law
India lacks one unified AI law. Existing regulation is scattered across data protection and general technology statutes. The Information Technology Act, 2000, for example, comprises a few cyber, offence provisions and intermediary liability rules, but was drafted to regulate digital communication, not autonomous decision systems.1It deals almost exclusively with cracking into systems or faltering communication, leaving algorithm bias and automatic damage largely unaddressed.
The first major attempt to address AI privacy concerns has been the Digital Personal Data Protection Act, 2023 (DPDP Act). It introduces standards on purpose, consent, data minimisation and right to erasure.2 Automated decision companies processing hefty datasets could become “significant data fiduciaries,” who are subject to impact assessment and grievance officer obligations. But the Act regulates data, not how intelligent algorithms operate. Doing so might allow an algorithm to process “sensitive” consumer data with prior consent, but still cause disparate harm, a challenge both the DPDP and major reforms will have to grapple with.
On the policy front, the Ministry of Electronics and Information Technology (MeitY) promulgated AI Governance Guidelines, 2024, 25. The Guidelines call for transparency, human, bias correction, human, in, the, loop, and oversight rules. 3 They propose that generative content be watermarked, with bias quantification disclosed, but are merely recommendatory, not statutorily enforceable. The Reserve Bank of India and Telecom Regulatory Authority of India have also begun mandating occasional sector, specific regulations on accountability, transparency, and other functional aspects. But the emerging India AI ecosystem remains a patchwork of inconsistent rules.
In the pipeline, the NAITRA Bill, drafted by MeitY, would establish an apex AI regulator that can audit high risk systems and levy penalties.4 Until that bill becomes law, India will depend predominantly on corporate self, regulation and contractual terms, instruments historically proven to be inadequate protectors of rights.
B. Case Law Analysis
India’s constitution is rich in normative sources that are vitally relevant to AI regulation. K.S. Puttaswamy (2017) recognized the right to privacy within Article 21 and articulated the doctrine of informational self-determination.5 This case provides judicial support for purpose limitation and for prohibiting unwarranted collection of data sets used for training.
The Indian courts have explored the plausibility and authority of AI output. Deepak Arora (2024) is one of the first cases in India where the Court warned against reliance on algorithmic material to aid judicial understanding, emphasizing that algorithms cannot be ascribed authorship.6 The Supreme Court has expressed concern about transferring human judgment to machines.
Numerous decisions have addressed discrimination in automated processes. Tamil Nadu Facial Recognition Case (2025) sanctioned penalties on the harvesting of biometric data without consent, applying Article 217rights to automated surveillance. The Bombay High Court upheld the necessity for bias, testing audits in automated job interviews, applying Article 14 equality norms to a computer.
These cases depict two emerging trends in India. First, courts are prepared to extend constitutional rights into the digital realm; and second, adjudication has been reactive with no clarity on standards of explainability or liability.
C. Critical Analysis
While these judicial statements speak of hope for the future, India’s shortcomings are encapsulated in three areas.
(1) Privacy Shortage
The Data Privacy and Digital Protection Law (DPDP) is centered on safeguarding consent. But AI training research often involves scraping the internet for data and defaulting inference. Automated profiling used for bureaucratic credit ratings and policing often went unconsidered. This is inconsistent with the testing of Data e.g. Puddaswamy case.
(2) Liability Void
Even when an AI denies someone a mortgage or wrongly identifies a suspect, responsibility may fall on the developer, deployer or sender of the data. Indian criminal and tort law precludes the notion of autonomous driving.8In addition, there are no statutory mandates on auditability to allow litigation.
(3) Transparency Dilemma
Private models are most often trade secrets, and affectees are entitled to scant explanation. However, no voluntary commitment to transparency by developers has emerged, resulting in ”procedural opacity.”9
In light of this, overly tight regulations could be inimical to the emerging Indian AI community. Start, ups require large data access. The solution must be differentiated safeguards for low, risk platforms, from high, risk facial recognition and predictive policing.
D. Comparative Perspectives
The EU AI Act (2024) imposes a strict tiered risk, based framework, banning certain uses and applying penalties of up to 7 % of a company‘s worldwide turnover. 10 The US adopts a sector, by, sector approach underpinned by executive order and consumer protection legislation. India finds itself between the two, being more lax than the EU but less robust than
the US.
Indians should adopt a mix of EU style mandatory impact assessments and American style idea sandboxes. Singapore‘s explainability standards may also provide precedents for algorithms.
CONCLUSION
AI has evolved from being a technological tool into a constitutional player shaping rights and opportunities. India’s existing architecture, a digital ecosystem built on the IT Act, DPDP Act and MeitY advisories, incentivizes innovation while exposing citizens to so far unavoidable opaque and discriminatory algorithms. Judicial activism stemming from Puttaswamy bridged at least some of these gaps, but courts cannot replace legislation.
This article has maintained that the current soft law model cannot offer the three elements of (a) enforceability of privacy, (b) clarity as to the line of liability and (c) transparency on automated decision, making. In the absence of these, the promise of AI may turn into digital authoritarianism and economic exclusion.
Key Recommendations
∙ Form a Standalone AI Act forming a NAITRA, a body that has the authority of licensing, auditing, and penalizing high, risk systems, and give it the power.
∙ Compulsory Algorithmic Impact Assessments for areas with fundamental rights implications, , police, credit, healthcare, education.
∙ Right to Explanation enabling citizens to know the logic behind automated decisions.
∙ Shared Liability Model distributing responsibility among developer, deployer, and data provider.
∙ Data Trusts and Public Datasets to support innovation without exploiting personal information.
If India manages to fuse constitutional morality with technological ambition, it has the possibility to become a global leader in the ethical deployment of AI. The challenge in front of legislators is to act quickly, to safeguard the machines as servants of democracy, not its masters.
BIBLIOGRAPHY
Cases
∙ Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1.
∙ Deepak Arora v Google LLC Delhi High Court, 2024 (unreported).
∙ Anil Gupta v Union of India Supreme Court of India, Writ Petition 2025 (pending).
∙ Tamil Nadu Data Leak Case Madras High Court, 2025 (unreported).
Legislation
∙ Information Technology Act 2000.
∙ Digital Personal Data Protection Act 2023.
∙ Bharatiya Nyaya Sanhita 2023.
Government&Policy Documents
∙ Ministry of Electronics and Information Technology, ‘India AI Governance Guidelines’ (2025).
∙ Ministry of Electronics and Information Technology, ‘Advisory on Generative AI’ (March 2024).
∙ Press Information Bureau, ‘IndiaAI Mission – Operational Framework’ (Government of India 2025).
Secondary Authorities
∙ Frank Pasquale, The Black Box Society: The Secret Algorithms that Control Money and Information (Harvard University Press 2015).
∙ Apar Gupta, ‘Artificial Intelligence and Constitutional Rights in India’ (2024) 12(2) Indian Journal of Constitutional Law 45.
1Information Technology Act, 2000, ss. 43A, 66, 79 – intermediary liability and cyber offences.
2 Digital Personal Data Protection Act, 2023, ss. 4–9 – consent, purpose limitation, rights of data principal.
3 Ministry of Electronics&IT, India AI Governance Guidelines (2025).
4 National Artificial Intelligence Technology Regulation Authority Bill, 2024 (draft).
5Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.
6 Deepak Arora v. Google LLC, Delhi High Court, 2024.
7 Tamil Nadu Data Leak Case, Madras High Court, 2025.
8Indian Penal Code / Bharatiya Nyaya Sanhita – principles of mens rea and negligence.
9 Frank Pasquale, The Black Box Society (2015).
10 European Union, Artificial Intelligence Act, 2024.
