AI2 min read

India Proposes New AI Regulation Framework Under DPDP Act: Mandatory AI Audits and Algorithmic Transparency

The Indian government proposes new AI regulations requiring mandatory algorithmic impact assessments, AI audits, and transparency reports for high-risk AI systems under the DPDP Act framework.

AR

Aditya Raj

July 17, 2026

Fact CheckedUpdated
India Proposes New AI Regulation Framework Under DPDP Act: Mandatory AI Audits and Algorithmic Transparency
AI Summary

India proposes AI regulation framework under DPDP Act with 3-tier risk classification. High-risk AI (healthcare, credit, employment) requires mandatory audits, algorithmic transparency, and impact assessments. Prohibited AI: social scoring and real-time biometric surveillance. Startup exemption for 3 years. Open for public comment until Sept 2026.

The Indian government has released a draft AI regulation framework that extends the Digital Personal Data Protection (DPDP) Act to explicitly cover artificial intelligence systems, proposing mandatory algorithmic transparency, AI audits, and accountability mechanisms.
AI neural network visualization with regulatory framework symbols
India's AI regulation framework mandates audits and transparency for high-risk AI systems
The proposed AI Governance Rules classify AI systems into three risk tiers: Minimal (no regulation), High (mandatory registration, impact assessment, human oversight), and Unacceptable (prohibited — including social scoring, real-time biometric surveillance for general law enforcement). All high-risk AI systems must provide algorithmic transparency reports detailing training data provenance, bias testing results, accuracy metrics across demographic groups, and human oversight mechanisms. Companies must also provide 'meaningful explanations' for AI-driven decisions affecting individuals.

"AI regulation is not about stifling innovation — it's about ensuring innovation serves citizens safely and fairly. India's approach balances protecting fundamental rights with enabling the AI ecosystem to thrive."

— Rajeev Chandrasekhar
The framework requires companies developing or deploying AI in India to register with the Data Protection Board of India (DPBI) if they meet certain thresholds. AI companies must also conduct annual algorithmic audits by DPBI-certified third-party auditors. The regulations will apply to both domestic and foreign AI companies operating in India. Major tech companies including OpenAI, Google, Meta, and Anthropic will need to comply if their AI systems process data of Indian users or are deployed in the Indian market. India's AI regulation approach borrows from the EU AI Act but takes a lighter-touch approach for startups. Companies with under ₹100 crore in annual revenue or fewer than 50 employees are exempt from most compliance requirements during their first 3 years. The draft is open for public consultation until September 2026, with final regulations expected by January 2027. India aims to position itself as a global leader in responsible AI governance.

Advertisement

Key Takeaways

  1. 13-tier AI risk classification: Minimal (no regulation), High (mandatory audits), Unacceptable (prohibited)
  2. 2High-risk AI: healthcare, credit scoring, employment, insurance, criminal justice, content moderation
  3. 3Mandatory algorithmic impact assessments, transparency reports, and annual third-party AI audits
  4. 4Startup exemption: companies under ₹100 crore revenue or 50 employees exempt for first 3 years
  5. 5Public consultation until September 2026; final regulations expected January 2027

Frequently Asked Questions

What AI systems are prohibited under India's framework?

Social scoring systems and real-time biometric surveillance for general law enforcement would be prohibited as Unacceptable risk.

What is considered a high-risk AI system?

AI used in healthcare diagnosis, credit scoring, employment decisions, insurance underwriting, criminal justice, and content moderation.

Are startups exempt from AI regulations?

Startups with under ₹100 crore annual revenue or fewer than 50 employees are exempt from most requirements for the first 3 years.

Topics

Loading comments...