Written by Aayush Kumar,
Lex Lumen Research Journal Summer Intern,
June 2026
I. Introduction
When a fabricated video of a political leader went viral during India’s 2024 election season, it exposed something the law had long ignored: the country had no clear legal vocabulary for synthetic media. Generative artificial intelligence had outpaced the statute book. Deepfakes, voice clones, and AI-manipulated footage were being weaponised for electoral disinformation, financial fraud, and gender-based harassment yet no provision squarely addressed them. It was against this backdrop that the Ministry of Electronics and Information Technology (MeitY) issued the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026[1] on 10 February 2026, operative from 20 February 2026. Building upon the existing IT Rules, 2021,[2] the amendments introduce India’s first dedicated legal architecture for what they term Synthetically Generated Information (“SGI”). This piece examines what the rules actually do, where they hold up legally, and where they risk causing harm of their own.
II. Giving AI Content a Legal Name: The SGI Definition
Perhaps the most consequential contribution of the Amendment Rules is definitional. Rule 2(1) (wa)[3] coins the term “Synthetically Generated Information” to describe audio, visual, or audio-visual material that has been created or substantially altered through AI or similar computational means, such that it passes as an authentic depiction of real persons or real-world events. The definition deliberately excludes content that is overtly fictional or plainly labelled as computer-generated filtering out artistic and satirical expression from the regulatory dragnet.
This is a meaningful advance over the pre-amendment position, where courts and intermediaries had to stretch general provisions on obscenity, defamation, or impersonation to reach AI-generated harms. That said, anchoring the definition to content that appears “indistinguishable” from reality imports a technical variable into a legal standard. As detection capabilities evolve, the boundary of what qualifies as SGI will shift and without prescribed technical benchmarks, enforcement consistency is impossible to guarantee. The rules leave this standard entirely to executive discretion, which is a gap worth watching.
III. The Compliance Framework: Labels, Gates, and Clocks
The amendment imposes a layered set of obligations that vary depending on the size and nature of the intermediary. At the base level, Rule 3(1)(b)[4] requires all intermediaries to update their terms of service to prohibit users from hosting or distributing SGI that contravenes applicable law including offences under the Bhartiya Nyaya Sanhita, 2023[5] such as fraud, criminal impersonation, and transmission of obscene material.
The more novel obligation lies in Rule 3(3),[6] which mandates that SGI uploaded to any platform must carry a visible label or embedded metadata identifying it as AI-generated content. Crucially, intermediaries are barred from providing any feature that permits users to remove or obscure this labelling creating what might be called a duty of metadata permanence. The rule operates at the point of upload rather than post-publication, making prevention rather than remediation the operative logic.
For platforms classified as Significant Social Media Intermediaries (SSMIs) those exceeding five million Indian users Rule 4(1A)[7] goes further still. SSMIs can no longer wait for a complaint to act. They must require every uploader to affirmatively declare at the time of submission whether the content constitutes SGI, and must independently verify that declaration before publication. Where the declaration is absent or false, the upload must be rejected outright. This gatekeeping model represents a fundamental departure from the “notice and takedown” approach that has defined platform liability since the IT Act’s early years.
The amendment also introduces sharply compressed removal windows. Under Rule 3(2)(b),[8] where a government authority or court issues a takedown order for SGI that threatens public order, national security, or decency, SSMIs must act within three hours a dramatic reduction from the 36-hour window under the 2021 Rules. For non-consensual AI-generated intimate imagery, the deadline tightens further to two hours.[9] Non-compliance strips the platform of its safe harbour immunity under Section 79 of the IT Act,[10] converting it from a passive host to a liable publisher in the eyes of the law.
IV. Safe Harbour Under Strain
The safe harbour doctrine in India has a well-established constitutional pedigree. In Shreya Singhal v. Union of India,[11] the Supreme Court read Section 79 as protecting intermediaries from liability for third-party content so long as they acted expeditiously upon receiving actual knowledge of illegality, specifically through a court order or a government directive under a structured process. The Amendment Rules do not formally dislodge this framework but they substantially alter its practical operation.
By conditioning immunity on proactive SGI verification and near-instantaneous takedowns, the rules shift the burden from reactive compliance to anticipatory gatekeeping. For well-resourced global platforms, this is manageable through automated detection tools. For smaller domestic intermediaries regional news aggregators, vernacular social platforms, or community-based hosting services the infrastructure cost may be prohibitive. The likely outcome is what economists call over-compliance: platforms removing any ambiguous content rather than risking liability, quietly suppressing satire, criticism, and legitimate generative AI use in the process.
Amnesty International has flagged exactly this concern, warning that the compressed timelines “pose a serious risk to the right to freedom of expression” by pushing platforms toward precautionary censorship.[12] The absence of any pre-removal hearing for affected users, and the reliance on executive officers rather than judicial authority to trigger the three-hour clock, compounds this concern. Content may be erased before its creator even knows a complaint was filed.
V. Constitutional Fault Lines
The Amendment Rules engage two distinct constitutional concerns. The first concerns Article 19(1)(a). While the grounds on which SGI removal is authorised public order, sovereignty, decency are recognised restrictions under Article 19(2), constitutionality is not just about the ends but also the means. A three-hour window effectively forecloses the possibility of judicial intervention before removal occurs. Once content is taken down, the chilling effect on the uploader persists even if a subsequent challenge succeeds. The rules currently offer no counter-notification mechanism or interim relief pathway, an omission that may not survive constitutional scrutiny.
The second concerns privacy. The Amendment Rules allow law enforcement to compel platforms to disclose the identity of an SGI creator upon a lawful request. While the rules link disclosure to criminal proceedings, they set out no evidentiary threshold, no proportionality requirement, and no independent check on the request. This sits uneasily with the nine-judge bench decision in K.S. Puttaswamy v. Union of India,[13] which established that any state interference with personal data must satisfy the tripartite test of legality, necessity, and proportionality. A blanket disclosure obligation without a proportionality filter fails that standard.
These gaps are not trivial. They are precisely the kind of procedural deficits that the Rabat Plan of Action on hate speech regulation[14] warns against systems that strip context and speed past safeguards in the name of efficiency.
VI. A Global Yardstick and What India Can Learn
India is not legislating in a vacuum. The European Union’s Artificial Intelligence Act[15] treats AI-generated content used deceptively as a high-risk application, mandating transparency labels and human oversight but within a framework that includes independent regulatory bodies, standardised technical assessments, and meaningful appeals. The contrast with India’s approach is instructive: both jurisdictions recognise the harm, but the EU builds in procedural architecture that India’s rules presently lack.
What would a more calibrated Indian framework look like? At minimum, four additions would strengthen the rules without blunting their purpose: first, MeitY should specify measurable technical standards for SGI detection, possibly through the Standardisation Testing and Quality Certification Directorate, to ensure uniform compliance; second, a 24-hour counter-notification window should be introduced so that affected users can challenge wrongful removals before the deletion becomes permanent; third, identity disclosure requests should require prior judicial authorisation rather than relying solely on executive direction; and fourth, SSMIs should be required to publish quarterly transparency reports disaggregating the volume, category, and outcome of SGI-related removals. These are not radical demands they are the baseline of accountable AI governance.
VII. Conclusion
India’s IT Amendment Rules 2026 arrive at the right moment and address a real problem. The statutory recognition of synthetically generated information, the proactive labelling mandate, and the conditional recalibration of safe harbour together mark a genuine policy maturation. The rules signal that the era of unregulated synthetic media is over and that is not a small thing.
But good intentions do not automatically produce good law. Definitional vagueness, the structural incentive for over-removal, the absence of user-facing remedies, and the concentration of enforcement authority in the executive are not minor implementation details they are design choices with constitutional consequences. A regulatory framework that silences synthetic disinformation while also silencing legitimate dissent is not a solution; it is a different version of the same problem. India has the legal architecture and the judicial tradition to do better. The Amendment Rules are a beginning they should not be the final word.
VIII. References
[1]1. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026, Ministry of Electronics and Information Technology, Notif. No. G.S.R. 97(E) (Feb. 10, 2026) (India) [hereinafter Amendment Rules 2026].
[2]2. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, S.O. 942(E) (India) [hereinafter IT Rules 2021].
[3]5. Amendment Rules 2026, Rule 2(1)(wa).
[4]6. Amendment Rules 2026, Rule 3(1)(b).
[5]15. Bharatiya Nyaya Sanhita, 2023, No. 45, Acts of Parliament, 2023 (India).
[6]7. Amendment Rules 2026, Rule 3(3).
[7]8. Amendment Rules 2026, Rule 4(1A).
[8]9. Amendment Rules 2026, Rule 3(2)(b).
[9]10. Amendment Rules 2026, Rule 3(2)(a) (prescribing a two-hour removal window for non-consensual AI-generated intimate imagery).
[10]3. Information Technology Act, 2000, No. 21, Acts of Parliament, 2000, § 79 (India).
[11]4. Shreya Singhal v. Union of India, (2015) 5 SCC 1 (India).
[12]11. Amnesty International, Urgent Appeal: India Must Withdraw IT Amendment Rules 2026 (Apr. 17, 2026).
[13]13. K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1 (India).
[14]12. Rabat Plan of Action on the Prohibition of Advocacy of National, Racial or Religious Hatred that Constitutes Incitement to Discrimination, Hostility or Violence, U.N. Doc. A/HRC/22/17/Add.4 (2013).
[15]14. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 on Artificial Intelligence (Artificial Intelligence Act), 2024 O.J. (L 1689) 1.