AI governance in India.
India's DPDP Act 2023 is now in force — the first comprehensive data protection law for 1.4 billion people. RBI, SEBI, and MeitY are developing AI-specific guidance. India is also subject to the EU AI Act's extraterritorial reach.
DPDP Act guideIndia's AI regulatory landscape
A fast-evolving multi-regulator environment built on the DPDP Act foundation.
India's comprehensive data protection law. Consent-based framework with purpose limitation, data minimisation, and accuracy requirements. Special protection for children's data. Financial penalties up to Rs 250 crore.
RBI has issued circulars and guidelines on model risk management, algorithmic credit assessment, and AI in payment systems. Applies to banks, NBFCs, and payment service providers.
SEBI has regulated algorithmic trading since 2012 and is developing AI-specific guidance for robo-advisory services and AI-assisted investment management.
MeitY has issued advisories on responsible AI development that apply to AI companies operating in India. Not legally binding but signals government expectations.
India AI governance articles
EU AI Act: the additional obligation for India-based organisations
Indian technology companies building AI products for European markets, Indian financial institutions with European operations, and Indian IT services companies deploying AI solutions for European clients all face EU AI Act obligations in addition to DPDP Act requirements. The two frameworks are compatible — an AI governance program built to satisfy the EU AI Act's most stringent requirements will also satisfy most DPDP Act obligations. The practical priority for India-based organisations with European exposure is to start with EU AI Act scoping and work backward to ensure DPDP compliance is embedded throughout.
Stay ahead of AI governance
Regulatory updates, practical frameworks, and analysis. No spam, unsubscribe anytime.
No spam. Unsubscribe anytime. We'll never share your email.