AI Accountability: Evolving India's Legal Framework

An executive of an IT firm dealing with finances, receives a call from the CEO, regarding an immediate fund transfer for delivery of a long pending software. The executive hearing the voice of his CEO complies with the direction.

Prefer on Google
AI Accountability: Evolving India's Legal Framework
About the authors+
Reading context+

Jurisdictions

Topics

“Artificial intelligence is either the best, or the worst thing ever to happen to humanity.” - Stephen Hawking

An executive of an IT firm dealing with finances, receives a call from the CEO, regarding an immediate fund transfer for delivery of a long pending software. The executive hearing the voice of his CEO complies with the direction. But unfortunately the call was made by a scammer using deepfakes to replicate the voice of the CEO. This is a very small example of how the growth of Artificial Intelligence is increasing the chances of cybercrime. 

With the increase in internet user base in the world, the number of cybercrime cases is also increasing. Artificial Intelligence is the best or the worst gift to the mankind is yet to be decided. Though AI is easing our lives in many ways, for instance, you are urgently required to read a topic or write a note on any issue, AI will help you summarise or it can also write one for you. Here the issue will be to find out the authenticity of the work done by AI. It is probable that AI will take the available data from different sources, merge and write it for the user, which may end up causing a copyright violation or using wrong data. Also AI can hallucinate data, that is, come up with something for instance case laws which do not exist. 

The world is moving towards Artificial Intelligence, with the Governments and private sectors investing in crores for its advancement. AI is entering in all the fields, starting from education to courts, compliances, e-commerce and so on. With this advancement, the menace of cyber-crime is also increasing. With what started as a helping hand, is now becoming a tool in the hands of criminals. Deepfakes, AI generated videos, pictures are increasing the number of crimes, also the excessive use of AI in research is challenging the integrity in research. Here a tough question which needs to be addressed is, are we actually ready to deal with the boom in Artificial Intelligence? 

India has a set of laws dealing with cybercrime. The Information Technology Act, 2000 remains the core framework, supported by rules on intermediaries and newer laws like the Digital Personal Data Protection Act, 2023. Sector regulators such as the Reserve Bank of India and SEBI have also issued directions to deal with digital frauds and algorithm-based risks in their respective spaces. On paper, the system appears layered and evolving.

But Artificial Intelligence does not fit neatly into these existing categories. Most of these laws were drafted at a time when online harm was still largely human-driven, not machine-generated or machine-assisted. Even the updated intermediary rules focus heavily on takedown obligations and due diligence by platforms, but they still operate in a reactive mode. The law steps in after harm is done.

With AI, content can be created, modified and circulated within seconds, often without a clear trace of origin. In such situations, even basic questions of liability become unclear whether responsibility lies with the user who generated it, the platform that hosted it, or the system that enabled it. That uncertainty is where the present legal framework starts to show strain.

Artificial Intelligence becomes most difficult to regulate when something goes wrong and the question of accountability arises. In cases involving deepfakes, cloned voices, or AI-generated videos, identifying the actual source of the content is no longer straightforward. What was once a relatively clear chain of investigation is now fragmented across several layers involving users, software tools, and digital platforms that may only be hosting the material without creating it.

The problem becomes even more complicated when the technology operates across jurisdictions. Much of the development, storage, and deployment of AI systems happens through global networks that are not confined to one country. As a result, enforcement often becomes inconsistent. Even where Indian laws technically apply, tracing the origin of harmful content or preventing its rapid circulation remains a serious practical challenge.

This concern is already visible in financial fraud cases. Despite stronger safeguards in digital banking and repeated regulatory interventions by the Reserve Bank of India, fraudsters are increasingly using AI-based tools such as voice cloning and automated impersonation to deceive individuals. The securities market regulator, SEBI, has also raised concerns around algorithmic manipulation and digital misinformation. AI-driven fraud creates a distinct challenge because the deception is quicker, more sophisticated, and often difficult to detect before damage is caused.

What makes Artificial Intelligence particularly difficult from a legal perspective is that harm can now be created on a massive scale without a single identifiable point of control. Existing cyber laws were largely designed around direct human conduct, but AI systems complicate that assumption. The issue is no longer limited to misuse of technology; it is about the changing nature of risk itself. Regulation therefore cannot continue to treat AI as merely another form of digital activity.

Transparency is another growing concern. In many situations, individuals consuming online content have little ability to determine whether a video, audio clip, or image is genuine or synthetically generated. As the distinction between authentic and manipulated content becomes increasingly blurred, the impact extends beyond misinformation. In areas such as financial communication, political messaging, and public discourse, this erosion of trust can have serious consequences.

At the same time, the role of intermediaries is likely to undergo significant change. The existing “notice and takedown” model is increasingly proving inadequate in dealing with AI-generated harm. Platforms may be expected to adopt more proactive measures, particularly in cases involving impersonation, financial fraud, or misleading synthetic content capable of influencing large sections of the public. Regulatory thinking is already beginning to move in that direction.

However, legislation alone will not solve the problem unless institutions are equipped to deal with the technology they seek to regulate. Cyber forensic infrastructure, coordination between enforcement agencies, and technical expertise within regulatory bodies will become equally important. Without stronger institutional capacity, enforcement mechanisms will continue to struggle against technologies that evolve far more rapidly than legal systems. The larger challenge is not to restrict Artificial Intelligence, but to ensure that technological advancement does not come at the cost of accountability.