The Evolving Landscape
India's approach to AI regulation is taking shape through multiple policy initiatives. MeitY's AI guidelines, sector-specific regulations from SEBI and RBI, and the proposed Digital India Act are creating a multi-layered governance framework that businesses must navigate.
Unlike the European Union's comprehensive AI Act, India appears to be pursuing a more modular approach. Different regulators are addressing AI within their respective domains. This creates both opportunities and challenges. Organisations must monitor multiple regulatory streams rather than a single comprehensive law.
Key Regulatory Principles
The emerging framework emphasises several core principles that appear consistently across regulatory pronouncements. Algorithmic transparency and explainability require organisations to understand and explain how their AI systems make decisions. Black box algorithms may face increasing scrutiny.
Fairness and non-discrimination in AI decisions is a recurring theme. Regulators are concerned about AI systems that perpetuate or amplify biases. Organisations must demonstrate that their AI does not discriminate based on protected characteristics.
Human oversight for high-risk applications is increasingly expected. Fully autonomous decision-making in areas affecting fundamental rights, safety, or legal status may require human review mechanisms. The degree of automation permissible will depend on the stakes involved.
Sectoral Requirements
Financial services firms face specific requirements under RBI and SEBI guidelines for AI in credit decisions, trading algorithms, and customer service. These regulations are more mature than general AI governance frameworks and provide useful guidance for compliance approaches.
Healthcare AI applications must comply with evolving CDSCO guidelines for software as medical devices. The intersection of AI and medical device regulation creates particular complexity. Early engagement with regulators is advisable for novel applications.
Risk-Based Approach
Following global trends, Indian regulations are likely to adopt a risk-based classification system. High-risk AI applications affecting fundamental rights, safety, or legal status will face stricter compliance requirements than lower-risk deployments.
This approach makes sense from a regulatory efficiency perspective. Not all AI applications require the same level of oversight. A recommendation engine for entertainment content poses different risks than an AI system making lending decisions. Calibrating compliance to risk is sound policy.
Contractual Considerations
Organisations procuring AI solutions must address several contractual issues. Allocation of liability for AI failures is often contentious. Who is responsible when the AI makes an error that causes harm? The contract must be explicit.
Intellectual property rights in training data and model outputs require careful attention. If you provide data to train a vendor's AI, who owns the resulting model improvements? If the AI generates content, who owns the copyright? These questions have no default answers in Indian law.
Preparation Roadmap
Businesses should begin with an inventory of current AI deployments. Know what AI you are using, where, and for what purposes. Assess risk levels based on the decisions the AI influences. Implement governance structures appropriate to those risks.
Documentation practices are crucial. Record the data used to train models, the testing performed, the limitations identified, and the monitoring implemented. When regulators ask questions, comprehensive documentation is your best defence.
Our technology law team at AMLEGALS actively monitors regulatory developments and advises clients on building AI governance frameworks that anticipate compliance requirements while enabling innovation. The organisations that prepare now will be ready when regulations arrive.