India Proposes New AI Regulation Framework Under DPDP Act: Mandatory AI Audits and Algorithmic Transparency
The Indian government proposes new AI regulations requiring mandatory algorithmic impact assessments, AI audits, and transparency reports for high-risk AI systems under the DPDP Act framework.
Aditya Raj
July 17, 2026
India proposes AI regulation framework under DPDP Act with 3-tier risk classification. High-risk AI (healthcare, credit, employment) requires mandatory audits, algorithmic transparency, and impact assessments. Prohibited AI: social scoring and real-time biometric surveillance. Startup exemption for 3 years. Open for public comment until Sept 2026.
The framework requires companies developing or deploying AI in India to register with the Data Protection Board of India (DPBI) if they meet certain thresholds. AI companies must also conduct annual algorithmic audits by DPBI-certified third-party auditors. The regulations will apply to both domestic and foreign AI companies operating in India. Major tech companies including OpenAI, Google, Meta, and Anthropic will need to comply if their AI systems process data of Indian users or are deployed in the Indian market. India's AI regulation approach borrows from the EU AI Act but takes a lighter-touch approach for startups. Companies with under ₹100 crore in annual revenue or fewer than 50 employees are exempt from most compliance requirements during their first 3 years. The draft is open for public consultation until September 2026, with final regulations expected by January 2027. India aims to position itself as a global leader in responsible AI governance."AI regulation is not about stifling innovation — it's about ensuring innovation serves citizens safely and fairly. India's approach balances protecting fundamental rights with enabling the AI ecosystem to thrive."
— Rajeev Chandrasekhar
Advertisement
Key Takeaways
- 13-tier AI risk classification: Minimal (no regulation), High (mandatory audits), Unacceptable (prohibited)
- 2High-risk AI: healthcare, credit scoring, employment, insurance, criminal justice, content moderation
- 3Mandatory algorithmic impact assessments, transparency reports, and annual third-party AI audits
- 4Startup exemption: companies under ₹100 crore revenue or 50 employees exempt for first 3 years
- 5Public consultation until September 2026; final regulations expected January 2027
Frequently Asked Questions
What AI systems are prohibited under India's framework?
Social scoring systems and real-time biometric surveillance for general law enforcement would be prohibited as Unacceptable risk.
What is considered a high-risk AI system?
AI used in healthcare diagnosis, credit scoring, employment decisions, insurance underwriting, criminal justice, and content moderation.
Are startups exempt from AI regulations?
Startups with under ₹100 crore annual revenue or fewer than 50 employees are exempt from most requirements for the first 3 years.
Loading comments...