India's Cyber Legal Framework Equipped to Tackle Online Harms, Cyber Crimes

India's cyber legal framework, backed by the IT Act, BNS, and institutions like GAC, CERT-In, and I4C, is well-equipped to tackle evolving online harms and cyber crimes, said Union Minister of State for Electronics and Information Technology Jitin Prasada. The government has established a comprehensive legal and institutional framework to combat deepfakes and ensure an open, safe, and accountable cyberspace. Several existing laws address various aspects of AI-generated harms, including the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023. Intermediaries are also advised to remove impersonation and deepfake content and label AI-generated content when outputs are potentially unreliable.

India's cyber legal framework, backed by the Information Technology Act (IT Act), Bharatiya Nyaya Sanhita (BNS), and institutions like the Grievance Appellate Committee (GAC), Cyber Emergency Response Team (CERT-In), and Indian Cyber Crime Coordination Centre (I4C), is well-equipped to tackle evolving online harms and cyber crimes, according to Union Minister of State for Electronics and Information Technology, Jitin Prasada. The government has established a comprehensive legal and institutional framework to combat deepfakes and ensure an open, safe, and accountable cyberspace.

Several existing laws address various aspects of AI-generated harms. The IT Act, 2000, criminalizes identity theft, impersonation, privacy violations, and the circulation of obscene content. It also empowers authorities to issue blocking orders (Section 69A) and takedown notices (Section 79) to intermediaries. Complementing this are the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, updated in 2022 and 2023, which mandate digital platforms to exercise due diligence, prevent the hosting of unlawful content, and ensure accountability.

The Digital Personal Data Protection Act, 2023 (DPDP Act), adds another layer by requiring data fiduciaries, including AI firms, to process personal data lawfully and with user consent. Deepfakes using personal data without consent can be penalized under this Act.

The Bharatiya Nyaya Sanhita, 2023 (BNS), addresses misinformation and organized cybercrimes through Sections 353 and 111. The government has also issued advisories in December 2023 and March 2024, directing intermediaries to remove impersonation and deepfake content, inform users about misleading content, and ensure timely compliance with GAC orders. Intermediaries are advised to label AI-generated content when outputs are potentially unreliable.

India's broader cyber ecosystem includes platforms like the Indian Cyber Crime Coordination Centre (I4C) and its SAHYOG Portal, which enable coordinated removal of unlawful content. Citizens can report incidents through the National Cyber Crime Reporting Portal or by calling the helpline 1930. CERT-In provides guidance on emerging AI threats, including deepfakes, and conducts public awareness campaigns through initiatives such as Cyber Jagrookta Diwas, National Cyber Security Awareness Month, and Safer Internet Day.

References:
[1] https://www.livemint.com/technology/tech-news/india-well-equipped-to-tackle-evolving-online-harms-cyber-crimes-govt-tells-parliament-11754716735830.html
[2] https://www.business-standard.com/india-news/govt-rules-out-changes-to-dpdp-act-faqs-to-address-concerns-soon-report-125080801842_1.html
[3] https://m.economictimes.com/news/india/india-well-equipped-to-tackle-evolving-online-harms-cyber-crimes-govt-tells-parliament/articleshow/123201351.cms