With the amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 under the Information Technology Act, 2000 framework, widely referred to as the IT Amendment Rules 2026, India has formally stepped into the age of AI accountability.
This is not a cosmetic update. It is a structural reset in how synthetic content is defined, governed, and enforced.
For professionals, founders, legal teams, and platform leaders, the implications are immediate and operational.
A Legal Definition for Synthetic Media
For the first time, Indian law formally recognizes AI-generated or AI-manipulated content under a defined category: Synthetically Generated Information (SGI).
SGI includes audio, visual, or audiovisual content created or altered using algorithms in a way that makes it appear authentic. Deepfakes. Voice cloning. AI-altered videos. Fabricated speeches that look real.
The key detail is that the definition is outcome-based. The regulation does not target a specific tool or model. It focuses on content that appears real but is not. That makes the rule adaptable. As AI systems evolve, the legal definition does not become obsolete. For years, deepfakes operated in legal grey zones. That ambiguity has now narrowed considerably.
A Calibrated Approach, Not a Blanket Ban
Importantly, not all AI use falls under scrutiny. Routine, good-faith applications such as editing, color correction, accessibility transcripts, translation, and clarity enhancement are excluded. This signals a deliberate policy choice. The government is targeting deception, fraud, and harm, not innovation.
For AI startups and product teams, that distinction matters. It reduces the fear of overregulation while still drawing a firm boundary around misuse.
Platforms Are No Longer Passive Hosts
The most significant shift is operational. Intermediaries that host, enable, or disseminate SGI are now expected to act as active gatekeepers. Compliance is no longer limited to notice-and-takedown. Platforms must deploy technical detection systems, add visible labels and provenance markers, implement tamper-resistant metadata, and issue user-facing warnings when synthetic content is created.
In practice, this increases compliance costs and engineering complexity. But it also signals a higher standard of digital responsibility. The days of plausible deniability are ending.
The Three-Hour Takedown Mandate
The enforcement timelines are where the policy sharpens. Unlawful SGI must be removed within three hours of receiving notice. Non-consensual intimate deepfake content must be taken down within two hours.
This is a dramatic tightening compared to earlier timelines. It reflects a simple reality: digital harm spreads in minutes, not days. To comply, platforms will need rapid-response workflows, trained moderation teams, escalation matrices, and systems that function in real time.
Compliance will no longer be a back-office legal function. It will require operational muscle.
Safe Harbour Remains — With Conditions
Under Section 79 of the IT Act, intermediaries retain safe harbour protections when they act in compliance with the rules.
This is a critical reassurance.
It signals that proactive moderation, when aligned with statutory obligations, will not automatically expose platforms to liability. However, the phrase “appropriate technical measures” is likely to become a focal point in future disputes. What counts as adequate detection? What qualifies as timely action? Courts may soon define those standards more precisely.
Users Are Now Part of the Compliance Architecture
Another notable shift is preventive governance.
Platforms must notify users every three months about SGI rules and the consequences of violations. If users generate synthetic content, warning messages must be displayed. This builds awareness directly into the system. Governance is no longer purely reactive. It becomes educational and preventive.
Responsibility is shared.
The Broader Direction of AI Governance in India
When viewed together, five clear policy themes emerge:
- Intermediaries are moving from passive conduits to active custodians.
- Speed has become central to compliance.
- Transparency through labeling and traceability is non-negotiable.
- Innovation is permitted but bounded by harm prevention.
- Definitional clarity is replacing regulatory ambiguity.
India is positioning itself firmly in the global AI governance conversation, but with tighter response timelines and stronger operational expectations than many jurisdictions.
What Leaders Should Do Now
For founders, product leaders, and compliance teams, this is not a policy to casually monitor.
It requires action.
- Audit your exposure to synthetic content.
- Evaluate detection and labeling capabilities.
- Revisit grievance redressal workflows.
- Train moderation teams for rapid escalation.
- Document compliance systems thoroughly.
Deepfakes are no longer just a technological challenge. They are now a governance, reputational, and liability issue.
The IT Amendment Rules 2026 make one thing clear: AI innovation in India will move forward, but responsibility is no longer optional. It is built into the system.
The real question is not whether regulation has arrived.
It is whether your systems are ready for it.