AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← DirectoryCompare with another →
VoluntaryGuidelineAPAC/India

India AI Governance Framework

Issued by

Ministry of Electronics and Information Technology (MeitY), Government of India

liveEffective 2024-03-01India AIGFVerified April 2026
Official document →

MeitY's advisory framework establishes responsible AI principles and interim compliance expectations for platforms deploying AI systems in India, with particular focus on preventing harm, ensuring traceability, and requiring government approval before deploying undertested AI models.

Applies To

Intermediariesplatformsand enterprises offering AI-enabled products or services to users in Indiaincluding multinational corporations deploying generative AIsocial media platformsfintech operatorsand SaaS providers with Indian user bases. Domestic Indian enterprises developing or deploying AI models are equally in scope.

Overview

The India AI Governance Framework emerged from a series of MeitY advisories issued in early 2024, following rapid proliferation of generative AI tools accessible to Indian users. The framework does not carry the force of statute but represents the Indian government's current regulatory posture toward AI deployment. It applies primarily to intermediaries and AI platforms operating under the Information Technology Act, 2000, and associated rules. MeitY's advisories require that significant AI platforms-particularly those offering large language models or generative AI-obtain government permission before deploying models deemed 'unreliable' or 'under-tested.' The framework mandates labeling of AI-generated content, including deepfakes, and places obligations on platforms to ensure their AI systems do not facilitate the generation of unlawful content, electoral misinformation, or content that threatens public order. Traceability mechanisms are required so that the originator of AI-generated content can be identified when lawfully demanded. The framework intersects with the Digital Personal Data Protection Act, 2023 (DPDPA), and enterprises must ensure that AI systems processing personal data of Indian residents comply with both sets of obligations. MeitY has signaled that a more comprehensive AI regulatory statute is under consideration, making the current advisory framework an interim instrument. Enterprises operating in India or serving Indian users should treat the framework as a forward-looking compliance baseline.

Key Requirements

  • Obtain MeitY approval before deploying AI models characterized as undertested or unreliable for Indian users
  • Label AI-generated content, including synthetic media and deepfakes, to ensure consumer transparency
  • Implement content moderation mechanisms to prevent generation of unlawful, harmful, or electorally manipulative content
  • Maintain traceability systems that allow identification of originators of AI-generated content upon lawful government request
  • Ensure AI systems comply with obligations under the Digital Personal Data Protection Act, 2023
  • Report and mitigate algorithmic bias that could cause harm to Indian users
  • Establish grievance redressal mechanisms accessible to Indian users affected by AI-driven decisions

What Your Organization Must Do

  • Submit a formal pre-deployment approval request to MeitY for any large language model or generative AI system classified as undertested or unreliable before making it accessible to Indian users, assigning the Chief Compliance Officer as the accountable owner for each submission.
  • Implement technical labeling controls on all AI-generated outputs, including synthetic media and deepfakes, by embedding visible disclosures and metadata watermarks so that Indian users can identify machine-generated content at the point of consumption.
  • Deploy or audit content moderation pipelines to block generation of unlawful content, electoral misinformation, and material that threatens public order, and conduct quarterly reviews to verify filter effectiveness against evolving content categories identified by MeitY.
  • Build and document traceability infrastructure that logs the originator of AI-generated content with sufficient retention to respond to lawful government requests, ensuring logs are accessible within a defined response window and stored in compliance with DPDPA data localization expectations.
  • Conduct a gap analysis mapping existing AI data processing activities against Digital Personal Data Protection Act 2023 obligations, including lawful basis, consent management, and data principal rights, and remediate gaps before processing personal data of Indian residents through any AI pipeline.
  • Establish a grievance redressal mechanism specific to AI-driven decisions that is accessible to Indian users in local languages, designates a nodal officer for escalations, and targets resolution within a defined turnaround period aligned with IT Act intermediary guidelines.

Playbook Guidance

Step-by-step implementation guidance for compliance teams.

05How do we detect and mitigate algorithmic bias?07How do we handle AI-generated content and hallucinations?09How do we maintain data privacy compliance when using AI?10How do we document AI decision-making for auditability?24What does audit-ready AI documentation look like in practice?

Frequently Asked Questions

Does the India AI Governance Framework have the force of law?
No. The framework is advisory in nature and does not carry statutory force. It represents MeitY's current regulatory posture and operates through advisories issued under the Information Technology Act, 2000. However, non-compliance can still attract scrutiny under existing IT Act provisions, and a formal AI statute is under consideration.
Which companies need MeitY approval before deploying AI models in India?
Any intermediary or platform deploying large language models or generative AI systems that MeitY characterizes as undertested or unreliable for Indian users must obtain prior government approval. This applies to both multinational corporations and domestic Indian enterprises, regardless of where the model is hosted.
How does the India AIGF interact with the Digital Personal Data Protection Act 2023?
The frameworks overlap wherever AI systems process personal data of Indian residents. Enterprises must satisfy DPDPA obligations, including lawful basis, consent management, and data principal rights, alongside AIGF requirements. A gap analysis mapping AI data pipelines against DPDPA is a practical first compliance step.
What are the traceability obligations under the India AI Governance Framework?
Platforms must maintain systems that can identify the originator of AI-generated content when lawfully requested by the government. Logs must be retained with sufficient depth to respond within a defined window and stored in a manner consistent with DPDPA data localization expectations.
Does the India AIGF impose content labeling requirements for deepfakes?
Yes. Platforms must label all AI-generated content, including synthetic media and deepfakes, using visible disclosures and metadata watermarks at the point of consumption. The obligation is designed to ensure Indian users can distinguish machine-generated content from authentic material.
What penalties apply if a company ignores MeitY advisories under the India AIGF?
The advisories themselves do not specify standalone penalties, but non-compliance can trigger enforcement under the Information Technology Act, 2000, including potential blocking orders, takedown notices, or loss of intermediary safe harbor protections. Regulatory risk will likely increase once a formal AI statute is enacted.