fbpx

From Techno-Regulation to AI Safety Research: India’s AI Governance Landscape in 2024

India stands at a pivotal moment in its technological evolution, particularly in artificial intelligence. The nation’s unique position stems from its dual identity: a technological powerhouse with over 5 million IT professionals, yet a developing economy working to establish comprehensive digital governance frameworks. The regulatory landscape for emerging technologies in India presents an intricate puzzle. While traditional sectors operate under established frameworks, the digital realm—especially AI—exists in a regulatory space that’s still taking shape. This creates both opportunities and challenges for innovation, as developers and businesses navigate uncertain legal territories while pushing technological boundaries. The complexity is further amplified by India’s federal structure, where both central and state governments must coordinate their approaches to technology governance. This multi-layered system requires careful balancing of national interests with regional needs, particularly in areas like data localization, privacy protection, and AI deployment in public services.

Techno-Regulation and AI as an Artificial Juristic Person

One of the most significant developments in India’s regulatory landscape is the introduction of techno-regulation, a concept that emphasizes embedding legal compliance within technological systems themselves. This approach has gained traction with the enactment of the Digital Personal Data Protection Act (DPDPA) 2023, which focuses on ensuring that personal data is processed in a manner that upholds privacy rights while also facilitating innovation. The DPDPA mandates that data processors and controllers integrate privacy by design into their systems, aligning with the broader global trend toward techno-regulatory frameworks.

Now, the Act 2023 explicitly recognizes an “artificial juristic person” within its definition of persons covered under the Act. This inclusion is significant as it creates a foundation for addressing AI systems’ legal status within India’s data protection framework.

The DPDPA also introduces a sophisticated ‘techno-regulatory’ approach through several key mechanisms:

  • Automated Decision-Making and Processing: The Act addresses automated processing by requiring data fiduciaries to implement technical and organizational measures that ensure privacy by design.
  • Risk-Based Classification: The Act establishes a risk-based framework by introducing “Significant Data Fiduciaries” (SDFs), which are entities designated based on:
    • The volume and sensitivity of personal data processed
    • Risk posed to data principals’ rights
    • Potential impact on India’s sovereignty and integrity
    • Risk to electoral democracy
    • Security considerations
    • Public order implications
  • Technical Compliance Requirements: SDFs must fulfill additional technical obligations including:
    • Appointing an Indian data protection officer
    • Conducting independent data audits
    • Performing data protection impact assessments

Legal Developments in India’s AI Landscape

On the legal front, India has shifted towards a more industry-conscious approach to regulating artificial intelligence. On March 1, 2024, the Ministry of Electronics and Information Technology (MeitY) issued an advisory requiring entities developing AI technologies to register their models with the government. The advisory included several key provisions:

  1. Registration requirement: All entities developing AI technologies were required to register their models with the government.
  2. Explicit permission: The use of under-testing or unreliable AI models required explicit government approval.
  3. Labelling: Unreliable or under-testing models had to be clearly labelled for users.
  4. Action reports: Intermediaries were required to submit action-taken reports.

However, this advisory faced significant criticism from stakeholders in the tech industry. The advisory lacked clarity on how entities should obtain government permission. Many feared that these requirements could stifle innovation within India’s emerging AI & analytics sector. In addition, the  sudden introduction of the non-binding advisory created uncertainty within the industry.

In response to these concerns, MeitY revised its advisory in mid-March 2024 with key changes:

  1. Removal of registration requirement: Entities no longer needed to register their models with the government.
  2. Elimination of explicit permission: The need for government approval for unreliable or under-testing models was dropped.
  3. Labelling focus: Instead of requiring permission, developers were mandated to label under-testing or unreliable models clearly.
  4. Election integrity emphasis: The revised advisory stressed that AI models should not compromise electoral integrity.
  5. Synthetic content labelling: In line with existing IT rules from 2021, synthetic content such as deepfakes must be labelled appropriately.
  6. User consent: Developers were advised to use consent mechanisms (e.g., popups) informing users about potential unreliability in AI-generated outputs.
  7. Action report removal: The requirement for intermediaries to submit action-taken reports was removed.

While India’s legal framework around artificial intelligence is still nascent, there have been some developments in case law concerning generative AI tools used for creating novel outputs from original content. For instance, courts in Bombay and Delhi have dealt with intellectual property issues related to artists like Arijit Singh and Anil Kapoor rather than substantive legal questions surrounding AI itself. Even before India’s 2024 General Elections, a Minister of State for Commerce and Industry remarked that there was no proposal within his ministry to create separate intellectual property rights (IPRs) specific to artificial intelligence technologies.

Recent MeitY Meeting on AI Safety Institute for India

On October 7, 2024, MeiTY held a consultation meeting to discuss the establishment of an Artificial Intelligence Safety Institute (AISI) in India. The AISI is envisioned as a central body to set standards, frameworks, and guidelines for AI safety, without acting as a regulatory body that could stifle innovation. The meeting included various stakeholders such as representatives from major tech companies (Meta, Google, Microsoft, IBM), industry bodies (NASSCOM, Broadband India Forum), academic institutions (IITs), and civil society organizations.

The meeting focused on several critical questions, on the core objectives of an artificial intelligence safety institute, and the organisational structure of the institute, ensuring its scalability and independence. The Government had emphasized that the AISI should not function as a regulatory body but rather as a platform for setting voluntary compliance standards. The discussions also touched on how the AISI could collaborate with global AI safety institutes to share best practices and contribute to international AI safety standards. The AISI aims to:

  • Develop AI safety standards contextualized to India’s unique challenges.
  • Foster collaborations between government bodies, industry, academia, and civil society.
  • Serve as a hub for identifying AI-related risks and harms, which could inform future regulatory frameworks.
  • Ensure interoperability in AI systems to avoid silos across sectors.

While the AISI will not enforce binding regulations initially, its research and recommendations could shape future AI policies in India. The institute is expected to play a key role in ensuring that AI development in India remains safe, ethical, and aligned with global standards.

AIACT.IN V4: A Feedback Tool for AI Safety Institute Insights

The AIACT.IN Version 4, released in November 2024, serves as India’s first privately proposed draft for regulating AI technologies. It offers a comprehensive framework that can provide valuable insights for the Artificial Intelligence Safety Institute (AISI), which is currently under discussion by the Ministry of Electronics and Information Technology (MeitY). The draft bill outlines various provisions that align with the goals of AI safety and governance, making it a useful reference for shaping the AISI’s objectives.

  1. Risk-Centric Classification: AIACT.IN emphasizes a risk-based approach to AI regulation by categorizing AI systems into narrow, medium, high, and unintended risk categories. The bill’s focus on outcome and impact-based risks aligns with the AISI’s goal of ensuring safe deployment of AI technologies across sectors.
  2. Post-Deployment Monitoring: The draft bill advocates for continuous monitoring of AI systems post-deployment, especially high-risk systems. This aligns with the AISI’s potential role in overseeing the lifecycle of AI technologies to ensure they remain safe and compliant with evolving standards after their release.
  3. Ethics and Accountability: AIACT.IN introduces an “Ethics Code” for AI systems, which could serve as a foundational element for the AISI to develop ethical guidelines tailored to India’s unique socio-economic landscape. The bill also emphasizes transparency and accountability in AI-related government initiatives, which could be crucial for the AISI when setting up frameworks for public-private partnerships.
  4. National Registry of AI Use Cases: The draft proposes a National Registry of Artificial Intelligence Use Cases to standardize and certify AI applications across sectors. This registry could serve as a model for the AISI to track and assess AI implementations in real-time, ensuring compliance with safety standards.
  5. Content Provenance and IP Protections: The bill highlights content provenance mechanisms to trace the origins of AI-generated content, which could help mitigate risks related to misinformation or deepfakes—an area that may fall under the purview of the AISI’s safety protocols.

Way Forward

The discussions around the Artificial Intelligence Safety Institute (AISI) and the AIACT.IN V4 draft, may help us reflect upon India’s growing focus on responsible AI development. Moving forward, India must prioritize:

  • Strengthening AI infrastructure to support large-scale AI operations.
  • Enhancing data quality and privacy protections, aligning with the Digital Personal Data Protection Act (DPDPA) 2023.
  • Upskilling the workforce to meet AI demands.
  • Fostering public-private partnerships for ethical AI innovation.
  • Implementing risk-based AI classification systems, as proposed in AIACT.IN, to ensure safe deployment across sectors.
author avatar
Abhivardhan Contributor
Managing Partner, Indic Pacific Legal Research, Chairperson & Managing Trustee, Indian Society of Artificial Intelligence and Law

This content is labeled as created by a human - more information