INDIA Law and Practice Contributed by: Shilpa Mankar Ahluwalia, Himanshu Malhotra and Purva Anand, Shardul Amarchand Mangaldas & Co
The Next 12 Months Regulation of personal data
The GOI issued an advisory dated 15 March 2024, setting out due diligence norms regarding AI and other generative software to all interme - diaries and platforms under the 2000 Information Technology Act (IT Act). The advisory imposes several due diligence obligations on intermediar - ies to ensure responsible use of such technolo - gies. These include: (i) ensuring that AI or other generative software does not facilitate the trans - mission of unlawful content; (ii) clearly labelling content produced by AI tools if it is unreliable or still undergoing testing; and (iii) adding a perma - nent unique metadata tag to outputs that could potentially spread misinformation or generate deepfakes, enabling identification of the con - tent’s originator. The Report on AI Governance Guidelines Devel - opment dated 6 January 2025, released for pub - lic consultation by a sub-committee of the GOI, provides an insight on the future regulations/ legislation governing AI in India. It suggests an activity-based regulations approach and that effective enforcement of existing legislations can assist in mitigation of most AI-associated risks (though specific legislations may be required in areas such as copyright laws). In December 2024, the RBI also announced the formation of an eight-member committee to develop a Framework for Responsible and Ethi - cal Enablement of AI to recommend a robust, comprehensive, and adaptable AI framework for the financial sector. Stringent regulatory actions Another key issue for the Indian fintech sector is the unprecedented increase in enforcement actions by the RBI against REs over the last year, primarily by way of monetary fines, penalties, and business restrictions. In exceptional cases,
In August 2023, the Government of India (GOI) passed the Digital Personal Data Protection Act (DPDP Act). The DPDP Act is a technology- agnostic, sector-agnostic umbrella framework which governs the processing of all digital per - sonal data. While the DPDP Act has been enact - ed, it is not currently in force. On 3 January 2025, the GOI released the draft Digital Personal Data Protection Rules, 2025 (Draft Rules), together with an explanatory note for comments from the public. After completion of the consultation process, the Draft Rules may be revised and finalised by the GOI. The DPDP Act will come into force when the GOI publishes notification(s) regarding commencement of the DPDP Act and the DPDP Rules in the official gazette. The GOI will likely adopt a staggered approach to enforcement of the DPDP Act and the DPDP Rules. Upon effectiveness, the DPDP Act will replace the currently applicable statutory frame - work on data privacy and data protection in India (see 2.2 Regulatory Regime ). Development of regulations for AI The Indian fintech sector (particularly payments and wealthtech) has rapidly adopted evolving technologies such as blockchain and artificial intelligence (AI). Both bank and non-bank enti - ties in India rely on AI-based tools to improve customer experience, especially, in the areas of product identification and matching, background and credit verification checks and CGRM. While there are currently no comprehensive regulations specifically addressing AI in India, the financial sector regulators and the GOI have initiated steps to address the adoption of AI.
300 CHAMBERS.COM
Powered by FlippingBook