Regulating Generative AI in India: The Legal Position in 2026

India's approach to regulating generative artificial intelligence is one of the most consequential legal developments for technology companies operating in the country today. As generative AI tools become embedded in business operations, content creation, healthcare, and financial services, the question of legal compliance has moved from theoretical debate to practical urgency. India has chosen a pro-innovation path, relying on existing laws rather than enacting a standalone AI statute, but the regulatory landscape is rapidly evolving through government guidelines, proposed legislation, and targeted IT Rule amendments that every business and developer must understand.

The current legal framework governing generative AI in India draws from multiple statutes. The Information Technology Act, 2000 and its intermediary guidelines under the IT Rules, 2021 impose obligations on platforms hosting AI-generated content. The Digital Personal Data Protection Act, 2023 (DPDPA) and its Rules notified in November 2025 regulate any AI system that processes personal data, requiring explicit consent and purpose limitation under Sections 4 through 8. In November 2025, the Ministry of Electronics and Information Technology (MeitY) released the India AI Governance Guidelines under the India AI Mission, addressing data management, algorithmic transparency, risk classification, safety testing, and grievance redressal. Additionally, the Artificial Intelligence (Ethics and Accountability) Bill, 2025 was introduced as a Private Member's Bill in December 2025, proposing periodic bias audits and fines of up to five crore rupees for violations, though it remains a legislative proposal as of March 2026.

For businesses and developers, the most immediately actionable development is the IT Amendment Rules that took effect on 20 February 2026, which mandate that AI-generated content must be prominently labelled with metadata or provenance information to trace its origin. Platforms that fail to comply risk losing their safe harbour protections under Section 79 of the IT Act and face potential criminal and civil consequences. Companies deploying generative AI must also ensure compliance with the DPDPA when training models on personal data, as publicly available data cannot be assumed to be freely usable. Startups building AI products should implement internal governance frameworks aligned with the India AI Governance Guidelines, including risk classification of their AI systems and grievance redressal mechanisms for users affected by AI outputs.

The regulatory trajectory is clear: India is moving toward binding AI legislation. The India AI Governance Guidelines, while currently non-enforceable, are expected to be codified into law through a comprehensive AI Bill anticipated in 2026. The February 2026 IT Rules amendment signals that content transparency is no longer voluntary. Businesses should begin compliance audits now, particularly around AI content labelling, data processing consent, and algorithmic transparency. Sansa Kanoon Pranali Partners advises technology companies and startups on building compliant AI governance frameworks, navigating the evolving regulatory landscape, and preparing for the anticipated AI legislation.