Artificial Intelligence has rapidly transformed Indian business landscapes, from automated customer service to AI-driven legal research, credit scoring, and recruitment. Recognizing both the potential and risks, the Government of India has introduced the first comprehensive AI regulatory framework under the Digital India Act, 2026 and the AI Ethics Guidelines, 2026.
At Hashmi Law Associates (HLAPL), we help businesses navigate this evolving regulatory landscape. This guide explains the key provisions, compliance requirements, and legal implications for Indian businesses using AI.
1. Digital India Act, 2026: AI Provisions Overview
The Digital India Act, 2026 (DIA) received presidential assent on February 15, 2026, replacing the Information Technology Act, 2000. Key AI-related provisions include Section 32 (definition of AI systems and classification framework), Section 33 (mandatory algorithmic impact assessment for high-risk AI), Section 34 (transparency and explainability requirements), Section 35 (liability framework for AI-generated content), Section 36 (data protection obligations for AI training data), and Section 37 (penalties for AI-related violations).
Citation: Digital India Act, 2026 (Act No. 12 of 2026), Sections 32-37
2. AI Classification Framework: Risk-Based Approach
Under Rule 12 of the AI Ethics Rules, 2026, AI systems are classified into three risk categories:
| Risk Category | Examples | Compliance Requirements |
|---|---|---|
| Low Risk | Chatbots, content recommendation, spam filters | Self-assessment, basic transparency |
| Medium Risk | AI recruitment tools, credit scoring | Algorithmic impact assessment, periodic audits |
| High Risk | Medical diagnosis AI, autonomous vehicles, biometric ID | Mandatory certification, MeitY approval |
3. Key Compliance Requirements for Businesses Using AI
3.1 Algorithmic Impact Assessment (AIA)
Under Section 33 of the DIA, businesses deploying medium or high-risk AI must conduct and file an Algorithmic Impact Assessment with MeitY including purpose and scope of AI deployment, training data sources and bias mitigation measures, expected impact on users, grievance redressal mechanism, and human oversight protocols.
3.2 Transparency and Explainability
Under Section 34, businesses must inform users when they are interacting with AI, provide meaningful explanations for AI decisions affecting individuals, maintain logs of AI decisions for at least 3 years, and appoint a designated officer for AI compliance for medium/high-risk AI.
3.3 Liability for AI-Generated Content
Section 35 of the DIA establishes that the platform or user deploying the AI is liable for AI-generated content, safe harbor provisions apply only if the platform has implemented reasonable AI governance measures, deepfake creators face criminal liability under Section 72 (imprisonment up to 5 years), and businesses must implement watermarking of AI-generated content.
4. Penalties for AI Non-Compliance
| Violation | Penalty |
|---|---|
| Failure to file AIA for high-risk AI | ₹5 crore + suspension of AI operations |
| Non-compliance with transparency requirements | ₹50 lakh to ₹2 crore |
| Deployment of unregistered high-risk AI | ₹10 crore + criminal liability for directors |
| Creation/distribution of malicious deepfakes | Imprisonment up to 5 years + fine |
5. How HLAPL Can Help Your Business with AI Compliance
At Hashmi Law Associates (HLAPL), we offer comprehensive AI legal services including AI compliance audits, Algorithmic Impact Assessment drafting and filing, AI governance framework development, AI liability advisory, deepfake and misinformation defense, and AI contract drafting.
Contact our technology law experts in New Delhi for AI compliance assistance.
Citation: Digital India Act, 2026 (Act No. 12 of 2026); Ministry of Electronics and Information Technology (MeitY), AI Ethics Guidelines, 2026; Digital Personal Data Protection Act, 2026; NITI Aayog, "Responsible AI for All" Report (2025).