The governance and regulation of Artificial Intelligence (AI) have garnered significant global attention over the past year. While the discourse has recently shifted from a focus on social safety, inclusivity, and human rights towards prioritising innovation and economic prosperity, only a few countries or regions have so far introduced laws to regulate AI. These include China, the European Union, Canada, Korea, Peru, and the U.S. (though U.S. President Donald Trump has now revoked former President Joe Biden’s Executive Order related to the utilisation of AI). Several countries, such as the U.K., Japan, Brazil, Costa Rica, Colombia, and Pakistan have draft Bills awaiting approval from their respective legislative assemblies.
A more common approach globally has been the publication of a policy or strategy document that outlines the country’s intentions, plans, budgets, and a road map for leveraging AI to foster socio-economic development, while ensuring that the resultant growth is inclusive, ethical, and sustainable. About 85 countries and the African Union have published some official (National) AI Strategy documents.
India’s approach
India, however, appears to have taken a different approach. It has neither an officially approved National AI Strategy document nor a law specifically regulating AI. Instead, it has focused its resources on a government mission designed to support the development and adoption of AI. The NITI Aayog document titled ‘National Strategy for Artificial Intelligence’ from 2018, while comprehensive and strong in its suggestions, remains a recommendation without formal endorsement from the Government of India or an implementation plan or budget. The IndiaAI mission, through its seven pillars, aims to foster an innovative, skilled, safe, and trustworthy AI ecosystem. Several initiatives, such as a foundational AI model, are in the pipeline. An advisory group of experts is currently working to develop recommendations for governance frameworks that could be suitable for India. But there is limited clarity regarding whether these recommendations will be adopted into official governance policies or integrated as internal mechanisms.
While there are several benefits to this approach — primarily the flexibility to adapt plans in response to the evolving nature of technologies, their adoption, geopolitics, economics, trade, and citizen sentiment — it also leaves a significant gap. Specifically, it does not provide a comprehensive view of India’s vision, priorities, capacity, achievements, planned milestones, initiatives, or accountability mechanisms. The initiatives remain reactive and may or may not follow a planned trajectory towards the envisioned goals. They also risk dependence on individual leadership.
AI development remains predominantly concentrated in the U.S., the EU, the U.K., and China, but India is experiencing a rapid and substantial rise in AI adoption. As AI usage expands, it is essential to ensure that its implementation does not lead to discrimination, exclusionary practices, unfair outcomes, cybersecurity threats, privacy breaches, or unequal opportunities. At present, the guardrails surrounding AI implementation are largely voluntary and lack clarity. There is little to no public awareness of algorithmic use, efficacy or evaluation metrics even in sectors that directly impact citizens’ everyday lives, such as banking, insurance, education, healthcare, and public administration. Subsequently, there is little civic discourse on important issues such as algorithmic alignment with societal values, model evaluation outcomes, data and content provenance, labour market disruptions, or the potential cybersecurity and privacy risks driven by AI. This lack of discussion is especially concerning in light of the fact that India has already experienced several instances of violence and social harm, largely fuelled by AI-generated content on social media platforms in recent years.
Lessons to be drawn
There are various approaches to AI governance and regulation, and valuable lessons can be drawn from how different countries worldwide have handled data regulation and policies. With the Digital Personal Data Protection (DPDP) Act, 2023, the Government of India has adopted an approach similar to the EU’s General Data Protection Regulation (GDPR) and China’s Personal Information Protection Law — cross-sectoral, centralised, and comprehensive. In contrast, the U.S. has taken a more decentralised and sector-specific approach to data protection and privacy. China has implemented focused laws for different types of AI (for instance, generative AI) or a use case (for example, deep synthesis). India could adopt any of these approaches or develop a hybrid model, building on the framework established by the centralised DPDP Act, 2023..
An AI policy could be a viable short-term goal for India. Such a policy would also allow the government to pilot enforcement tools before introducing formal legislation. Insights from the 85 AI policies worldwide suggest key areas that should be addressed in the official document. These include India’s vision for AI, strategies for building capacity and infrastructure to support AI development and adoption, the government authority responsible for policy implementation, ethical guidelines for responsible AI use, and priority sectors where AI can drive socio-economic growth. Public discussion on AI use need to be urgently initiated by the government too.
Tulika Avni Sinha, Senior Research Fellow (Data Governance, Privacy and AI), World Privacy Forum
Published – April 16, 2025 12:59 am IST