Most conversations about AI in India focus on tools, income, and productivity. Very few talk about the rules that are quietly being written in the background β rules that will determine how AI is used, who is accountable when it goes wrong, and what rights ordinary Indians have in an increasingly AI-driven economy.
That conversation matters. And 2026 is the year it’s becoming unavoidable.
India is in the middle of finalising its AI governance framework. Unlike Europe, which went heavy with binding regulation (the EU AI Act), India has chosen a different path β one that’s worth understanding if you use AI tools, work in tech, run a business that touches AI, or are simply trying to understand where the country’s digital economy is headed.
Where India Stands Right Now
India does not have a dedicated AI law yet. What it has is a patchwork of existing legislation being stretched to cover AI-related situations, plus a set of emerging policy frameworks that are moving toward something more formal.
The key pieces in play right now:
The Digital Personal Data Protection Act (DPDP), 2023 β This is the closest thing India has to a governing data law, and it matters enormously for AI because AI systems run on data. The DPDP sets rules for how personal data can be collected, used, and stored. Any AI system that processes Indian citizens’ personal data β which is essentially every AI system of significance β has to work within this framework. The rules are still being finalised through subordinate legislation, but the main law is in force.
The IndiaAI Mission β This is the government’s active initiative to build India’s AI infrastructure from within: domestic compute capacity, Indian-language AI models, AI research investment, and skilling programmes. Roughly βΉ10,000 crore has been committed to this mission. The government sees AI as a strategic national asset, not just a technology trend, and the Mission reflects that.
The proposed AI Ethics and Accountability Bill, 2025 β A Private Member’s Bill introduced in the Lok Sabha in December 2025. It hasn’t been enacted, but it signals where parliamentary thinking is heading. The Bill proposes a statutory Ethics Committee for AI, mandatory bias audits for high-risk systems, restrictions on using AI in certain law enforcement and employment contexts, and penalties up to βΉ5 crore for violations.
The forthcoming Digital India Act (DIA) β India’s 25-year-old IT Act is widely acknowledged to be inadequate for the current digital environment. The DIA is expected to replace it and will include specific provisions on AI, deepfakes, and algorithmic transparency. Public consultations are ongoing.
India’s Approach: Innovation First, Regulation Second
The clearest way to understand India’s stance is to contrast it with Europe’s.
The EU AI Act, which came into force in 2024, classifies AI systems by risk level and imposes strict, legally binding requirements on high-risk applications β with significant penalties for non-compliance. It’s precautionary by nature.
India has explicitly chosen not to follow that model. The approach being pursued is what policymakers call “pro-innovation” β meaning the government wants to encourage AI development and adoption, particularly by domestic companies, and sees heavy-handed early regulation as a risk to that goal.
This doesn’t mean no regulation. It means regulation that follows evidence of harm rather than anticipating it. India’s framework is likely to focus on:
- Transparency requirements (knowing when you’re interacting with AI)
- Data sovereignty (keeping Indian data within Indian regulatory reach)
- Accountability for high-risk applications (healthcare, law enforcement, financial decisions)
- Consumer rights around automated decisions that affect individuals
What it is less likely to do, at least in the near term, is impose the kind of broad pre-market requirements that the EU imposes.
Why This Matters for Ordinary Indians
If you’re reading this and thinking “okay, government policy β not really my concern,” here’s why it should be:
Deepfakes and your face. India has one of the highest rates of deepfake content targeting women β and that’s not a distant statistic, it’s a growing problem in WhatsApp groups, social media, and even professional contexts. The AI Ethics Bill specifically addresses this. The Digital India Act is expected to include provisions on non-consensual synthetic imagery. Whether these provisions actually get enacted and enforced will determine whether the law offers real protection or just sentiment.
AI in hiring. Many large Indian companies β especially in IT and BFSI β are already using AI tools for resume screening, candidate shortlisting, and in some cases, automated interview scoring. If you’ve ever applied for a job online in India and never heard back, there’s a reasonable chance an algorithm made that decision. The proposed Ethics Bill wants mandatory disclosure when AI is used in employment decisions. That would mean candidates have a right to know.
AI in loan and financial decisions. Fintech companies use AI credit scoring extensively in India. If your loan application was rejected, it may have been an AI decision β made on the basis of data points you weren’t aware were being used. Current Indian law offers limited recourse for this. Future regulation is expected to address algorithmic accountability in financial services.
Data your apps are using. The DPDP Act gives Indian citizens rights around their personal data β consent, access, correction, and erasure. These rights apply to AI systems that use your data. Understanding these rights is increasingly important as more apps incorporate AI features that rely on personal data.
The IndiaAI Mission β What It’s Actually Trying to Do
Beyond regulation, the IndiaAI Mission deserves attention because it represents a deliberate government bet on where AI goes in India.
The Mission has several components worth knowing:
Compute infrastructure β India is building domestic data centres and GPU compute capacity so that Indian AI development doesn’t remain entirely dependent on American cloud providers. This is partly economic, partly about data sovereignty.
Indian language models β Companies like Sarvam AI, supported by government funding, are building large language models trained specifically on Indian languages. The goal is AI that actually understands Tamil, Kannada, Punjabi, and Odia at a native level β not as translations from English.
Skilling β The Mission includes significant investment in training Indians to work in AI β not just using tools, but building, maintaining, and auditing AI systems. NASSCOM estimates 2β3 million new AI-related jobs in India by 2030. The skilling component of IndiaAI is meant to ensure Indians fill those jobs.
AI for governance β The government is deploying AI in public services: agricultural advisory systems, healthcare triage, educational support. Some of these applications work well; others have raised concerns about bias and accountability in high-stakes decisions.
What Indian AI Companies Need to Watch
If you’re building something with AI β a startup, a product feature, a service β the regulatory landscape in 2026 requires attention even though formal law is still developing.
The DPDP Act is in force. If your product processes personal data of Indian users, you need to understand your obligations: consent mechanisms, data retention limits, and the rights of data principals. DPDP non-compliance carries penalties up to βΉ250 crore for data breaches.
The Securities and Exchange Board of India (SEBI) has issued guidelines for AI use in financial services. If you operate in this space, those guidelines apply now, not after a future AI law.
The Insurance Regulatory and Development Authority (IRDAI) and the Reserve Bank of India are both developing specific guidance on AI use within their sectors. For fintech and insurtech founders, these sector-specific frameworks are more immediately relevant than any general AI law.
And globally, Indian companies operating in Europe are already subject to the EU AI Act for their European operations. Understanding where your product falls in the EU’s risk classification is not optional if you have European users.
The Tension Worth Watching
India’s AI governance challenge in 2026 is captured in one sentence from a Storyboard18 analysis published earlier this year: the question is whether India can convert its expanding patchwork of policies into a coherent ecosystem that serves both economic growth and citizen protection.
That tension β between moving fast enough to capture the AI opportunity and moving carefully enough to protect citizens from AI’s real harms β is the central story of Indian tech policy right now.
The companies and individuals who understand both sides of that tension β who know the regulatory direction of travel, not just the current rules β will be better positioned to operate responsibly, avoid compliance surprises, and frankly, make better decisions about what to build and what not to.
The AI rules being written in Delhi right now will shape the digital economy for the next decade. That’s worth paying attention to, even if you’re not a lawyer or a policymaker.
Is there a specific aspect of India’s AI regulation you’re most curious or concerned about? Share in the comments β there’s a lot more nuance to dig into in each area.