Politics

India enhances data privacy laws with new AI content protections and technological safeguards

Wednesday, 3 December 2025 8:47AM UTC

The Indian government has introduced comprehensive legal and technological measures to safeguard citizens' personal data and combat AI-generated misinformation, including new laws, oversight bodies, and detection technologies.

The Indian government has introduced stronger legal protections for millions of citizens who share their photos and personal data with artificial intelligence (AI) applications, reflecting a growing regulatory response to the rapid expansion of AI technologies. Announced by the Minister for Electronics and Information Technology, Ashwini Vaishnaw, this new framework brings personal images, biometric data, and other sensitive information under the ambit of the Digital Personal Data Protection Act, 2023, alongside the recently implemented Digital Personal Data Protection Rules, 2025. These laws came into effect on November 13, 2025, establishing a comprehensive regime to regulate data privacy and enhance user control over digital information.

Central to this regulatory architecture is the newly formed Data Protection Board of India, mandated to oversee compliance, adjudicate complaints, and enforce penalties where data misuse occurs. The Board, comprising a Chairperson and four members appointed by a Search-cum-Selection Committee, symbolizes the government's commitment to strengthen individual rights over data and hold organisations accountable for how personal information is processed. This initiative particularly targets the burgeoning concerns around AI-generated content, including deepfakes and morphed images, which have posed serious risks such as misinformation, defamation, and reputational damage.

In addition to legislative measures, the government has engaged closely with social media platforms and intermediaries through a series of advisories issued between December 2023 and November 2025. These directives reaffirm platform responsibilities under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the 2025 amendments that require prompt removal or disabling of access to unlawful content within 36 hours following notification by authorities. Further proposed regulatory amendments suggest mandatory labelling, watermarking, and traceability of AI-generated images and videos, aimed at enhancing transparency and enabling users to identify synthetic or manipulated content readily.

Responsibility for enforcement of offences involving AI misuse lies with state police and law-enforcement agencies, which retain authority to investigate and prosecute social media-related crimes. This decentralised enforcement model works alongside the national Data Protection Board to address both regulatory compliance and criminal misuse effectively.

Technological initiatives form a critical part of the government’s response to AI challenges. Under the IndiaAI Mission, launched in March 2024 to promote safe and responsible AI use, several projects have been earmarked under the Safe & Trusted AI pillar to detect and mitigate AI-generated content misuse. These include "Saakshya," developed collaboratively by IIT Jodhpur and IIT Madras, a framework for deepfake detection and governance; "AI Vishleshak," involving IIT Mandi and the Himachal Pradesh Directorate of Forensic Services, which detects audio-visual deepfakes and forged signatures; and a Real-Time Voice Deepfake Detection System from IIT Kharagpur. These cutting-edge technologies aim to bolster India's capabilities in identifying synthetic manipulations, thereby protecting citizens from potential reputational and financial harms.

The Digital Personal Data Protection Act, 2023 itself, represents a landmark in India’s data privacy landscape. It strikes a balance between protecting individual data rights and facilitating lawful data processing by organisations, drawing from global standards and adapting them to national needs. According to government summaries, the Act establishes specific obligations for data fiduciaries, rules for consent management, penalties for non-compliance, and safeguards for children’s data. The phased implementation allows various provisions to come into effect progressively, enabling a structured roll-out of protections.

Complementing this legislative framework, the Digital Personal Data Protection Rules, 2025, impose stricter requirements on companies operating in India, such as minimising data collection to what is strictly necessary, providing clear explanations for data usage, allowing users to opt out, and mandating breach notifications. This regulatory stance aligns India more closely with international frameworks like the European Union's General Data Protection Regulation (GDPR), emphasising enhanced control for users over their personal data.

The government's multi-pronged strategy, combining legislation, enforcement, technological innovation, and engagement with digital platforms, signals a robust commitment to tackling the risks posed by AI and protecting the privacy and security of Indian citizens in the digital age.

📌 Reference Map:

^[1] BestMediaInfo - Paragraphs 1, 2, 3, 4, 5, 6, 7
^[2] IndiaCode.nic.in - Paragraph 2, 8
^[3] DSCI Summary - Paragraph 8
^[4] EY Report - Paragraph 8
^[5] IIT Kharagpur News - Paragraph 7
^[6] Reuters - Paragraph 8

Source: Noah Wire Services

More on this

https://bestmediainfo.com/mediainfo/mediainfo-digital/govt-brings-photos-and-personal-data-shared-with-ai-under-legal-protection-10867474 - Please view link - unable to able to access data
https://www.indiacode.nic.in/bitstream/123456789/22037/1/a2023-22.pdf - The Digital Personal Data Protection Act, 2023, enacted by the Indian Parliament, aims to regulate the processing of digital personal data, balancing individual rights with lawful data processing needs. It establishes the Data Protection Board of India to oversee compliance and enforce penalties. The Act empowers individuals with specific rights over their data and imposes clear obligations on organisations that process it. The Act came into force on 13 November 2025, with different provisions becoming effective at various dates.
https://www.dsci.in/files/content/documents/2023/DSCI%20Summary-DPDP%20Act%2C%202023.pdf - This document provides a summary of the Digital Personal Data Protection Act, 2023, highlighting its provisions and comparing them with the 2022 draft bill. It outlines the Act's applicability, obligations of data fiduciaries, rights of data principals, penalties for non-compliance, and the establishment of the Data Protection Board of India. The summary also discusses the Act's approach to consent management, data processing, and the protection of children's data, aiming to enhance data privacy and security in India.
https://www.ey.com/content/dam/ey-unified-site/ey-com/en-in/pdf/2025/11/dpdp-act-and-rules.pdf - This document provides an overview of the Digital Personal Data Protection Act, 2023, detailing its provisions, including lawful processing, consent requirements, and penalties for non-compliance. It discusses the Act's phased implementation, with different provisions becoming effective at various dates. The document also highlights the Act's focus on enhancing data privacy and security in India, aligning with global standards and addressing the challenges posed by digital data processing and artificial intelligence.
https://www.iitkgpalumnifoundation.in/newsroom/news/IIT-Kharagpur-among-MeitYs-IndiaAI-Picks-to-Advance-Deepfake-Detection-Bias-Mitigation-AI-Security.dz - IIT Kharagpur is among the initiatives selected under MeitY's IndiaAI Mission to advance deepfake detection, bias mitigation, and AI security. The mission includes projects like Saakshya, a deepfake detection and governance framework developed by IIT Jodhpur and IIT Madras, and AI Vishleshak, led by IIT Mandi and the Himachal Pradesh Directorate of Forensic Services, focusing on detecting audio-visual deepfakes and forged handwritten signatures. These initiatives aim to strengthen India's ability to identify AI-generated manipulations and protect citizens from reputational and financial harm caused by synthetic content.
https://www.reuters.com/sustainability/boards-policy-regulation/india-strengthens-privacy-law-with-new-data-collection-rules-2025-11-14/ - India has enacted new privacy rules, effective November 14, 2025, to strengthen its digital data protection framework under the 2023 Digital Personal Data Protection (DPDP) law. These rules mandate that companies like Meta, Google, and OpenAI minimize personal data collection to only what is necessary for a specific purpose. Firms must provide clear reasons for data collection, offer users the ability to opt out, and notify them of any data breaches. The regulation aims to grant greater control to Indian users, aligning India's policy more closely with the European Union's GDPR.
https://www.youtube.com/watch?v=XZ95Bn6SHEw - This video features a discussion on the Digital Personal Data Protection Act, 2023, providing insights into its provisions and implications. Experts delve into the Act's impact on data privacy, consent management, and the establishment of the Data Protection Board of India. The conversation also covers the Act's approach to data processing, penalties for non-compliance, and its alignment with global standards, offering a comprehensive understanding of the legislation and its significance in enhancing data security in India.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative aligns with recent developments in India's data protection laws, particularly the Digital Personal Data Protection Act, 2023, and its associated rules notified on November 13, 2025. The earliest known publication date of similar content is August 11, 2023, when the Act received presidential assent. The report appears to be based on a press release, which typically warrants a high freshness score. However, the narrative includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. Additionally, the report mentions advisories issued between December 2023 and November 2025, indicating that some information may be recycled.

Quotes check

Score: 9

Notes: The report includes direct quotes from Minister Ashwini Vaishnaw and references to the Data Protection Board of India. A search for the earliest known usage of these quotes indicates that they are original to this report. No identical quotes appear in earlier material, suggesting that the content is original or exclusive.

Source reliability

Score: 7

Notes: The narrative originates from BestMediaInfo, a media outlet that appears to be obscure and unverifiable. This raises concerns about the reliability of the source. The report mentions advisories issued by the government, which are typically reliable, but the lack of a reputable source for the main narrative is a potential issue.

Plausability check

Score: 8

Notes: The claims about the Digital Personal Data Protection Act, 2023, and the establishment of the Data Protection Board of India are plausible and align with known developments. The report's tone and language are consistent with official communications. However, the lack of supporting detail from other reputable outlets and the reliance on a potentially unreliable source reduce the overall plausibility score.

Overall assessment

Verdict (FAIL, OPEN, PASS): OPEN

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The narrative presents information that aligns with recent developments in India's data protection laws and includes original quotes. However, the reliance on a potentially unreliable source and the inclusion of recycled material raise concerns about the freshness and reliability of the content. Further verification from reputable sources is recommended to confirm the accuracy and originality of the report.

AI regulation
Data privacy
India