AI Models now know when they’re being tested. And they fake compliance. The 2026 International AI Safety Report, chaired by Turing Award winner Yoshua Bengio, documents something every techno lawyer and AI Systems deployers, creators, importers should understand. Some frontier AI models can now distinguish between evaluation and deployment contexts and alter their behavior accordingly….
How the novel ‘Consent Manager’ framework under India’s DPDPA aims to centralize and simplify user data permissions, reducing repetitive requests. Current Reality: Decentralized & Overwhelming. Allow Cookies? Accept Terms & Conditions? Share Location Data? Marketing Opt-in Required Access Contacts? Enable Notifications? Track Activity? Data Principal Users are bombarded individually by every Data Fiduciary, leading to…
Introduction The discourse on Artificial Intelligence (“AI”) has moved decisively from the realm of capability to that of governance architecture. The White Paper released by the Office of the Principal Scientific Adviser, titled “Strengthening AI Governance Through Techno-Legal Frameworks,” depicts India as an adopter of AI but as a country that is seeking to build…
Under the Union Budget 2026–27, localisation of data through Indian data centres has clearly emerged as the central pillar for operationalising the DPDP Act. By aligning data localisation with fiscal and tax incentives for foreign companies setting up data centre operations in India, the Budget also signals that compliance and investment can go hand in…
Top 14 Insights from “Techno Legal Whitepaper on Strengthening AI Governance” by the Office of the Principal Scientific Adviser to the Government of India (Released on 23rd January, 2026) 1. Techno Legal Framework: It integrates legal instruments and rule-based conditioning directly into the technical architecture of an AI system by design. 2. Objectives : It…
In the age of Human-In-Loop (HIL) and Human-On-Loop (HOL), Moltbook is a social media for AI Agents to post, and Human can Observe!! Here is why it is a legal ticking time bomb in force? 1.You own what your AI bot says. If your agent leaks a trade secret or smears a competitor in a…
Most Indian boards think they have NOW full 15 months and few days, as of now, to comply with DPDPA. If MeitY compresses the runway from original 18 months to 12, transition will become a nightmare. Three uncomfortable truths I am seeing in the field: You are suffering from “Bandwidth Bankruptcy.” If your DPDPA lead…
The “Engine Room” of India’s AI Impact Revolution is No Longer a Secret in 𝟐𝟎𝟐𝟔! I always emphasise that 𝐭𝐡𝐢𝐧𝐤 𝐨𝐟 𝐭𝐡𝐞 𝐃𝐚𝐭𝐚 𝐏𝐫𝐢𝐯𝐚𝐜𝐲 𝐅𝐢𝐫𝐬𝐭 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐚𝐬 𝐭𝐡𝐞 “𝐞𝐧𝐠𝐢𝐧𝐞 𝐫𝐨𝐨𝐦”. It can be further summarised as under: India is architecting a “Privacy-First” infrastructure by embedding Privacy by Design principles under the DPDPA, which mandates that…
Introduction The operationalisation of the Payments Regulatory Board (“PRB”) in May 2025, in its inaugural meeting on January 5, 2026, represents a significant structural intervention in India’s financial governance. Replacing the erstwhile Board for Regulation and Supervision of Payment and Settlement Systems (“BPSS”), the PRB introduces a multi-stakeholder governance model that institutionalises the tension between…
A very interesting decision of 𝐇𝐢𝐠𝐡 𝐂𝐨𝐮𝐫𝐭 𝐨𝐟 𝐒𝐨𝐮𝐭𝐡 𝐀𝐟𝐫𝐢𝐜𝐚 in Zulu Nyala Game Ranch v Beukes where 𝐚 𝐟𝐨𝐫𝐦𝐞𝐫 𝐞𝐦𝐩𝐥𝐨𝐲𝐞𝐞 𝐰𝐚𝐥𝐤𝐞𝐝 𝐨𝐟𝐟 𝐰𝐢𝐭𝐡 𝐚 𝐜𝐮𝐬𝐭𝐨𝐦𝐞𝐫 𝐥𝐢𝐬𝐭 𝐭𝐨 𝐛𝐞𝐧𝐞𝐟𝐢𝐭 𝐚 𝐜𝐨𝐦𝐩𝐞𝐭𝐢𝐭𝐨𝐫. 𝐁𝐲 𝐭𝐫𝐞𝐚𝐭𝐢𝐧𝐠 𝐭𝐡𝐞 𝐝𝐢𝐬𝐭𝐢𝐧𝐜𝐭𝐢𝐨𝐧 𝐛𝐞𝐭𝐰𝐞𝐞𝐧 “𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐢𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧” 𝐚𝐧𝐝 “𝐜𝐨𝐧𝐟𝐢𝐝𝐞𝐧𝐭𝐢𝐚𝐥 𝐢𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧” 𝐚𝐬 𝐛𝐞𝐢𝐧𝐠 𝐨𝐟 𝐧𝐨 𝐬𝐢𝐠𝐧𝐢𝐟𝐢𝐜𝐚𝐧𝐜𝐞, 𝐭𝐡𝐞 𝐣𝐮𝐝𝐠𝐞 𝐞𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞𝐥𝐲 𝐮𝐬𝐞𝐝 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐨𝐟 𝐏𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐈𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 𝐀𝐜𝐭…
𝗧𝗵𝗲 “𝗕𝗹𝗮𝗰𝗸 𝗕𝗼𝘅” 𝗼𝗳 𝘀𝗺𝗮𝗿𝘁𝗽𝗵𝗼𝗻𝗲 𝗺𝗮𝗻𝘂𝗳𝗮𝗰𝘁𝘂𝗿𝗶𝗻𝗴 𝗶𝘀 𝗯𝗲𝗶𝗻𝗴 𝗽𝗿𝗶𝗲𝗱 𝗼𝗽𝗲𝗻! As per media reports, India’s draft proposal to mandate government access to source code and proprietary software updates represents a seismic shift in the doctrine of digital sovereignty. We are moving beyond standard compliance into a realm where the State acts not just as a…
𝐌𝐨𝐬𝐭 𝐀𝐈 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 𝐚𝐫𝐞 𝐧𝐨𝐭 “𝐡𝐢𝐠𝐡-𝐫𝐢𝐬𝐤” 𝐛𝐲 𝐝𝐞𝐬𝐢𝐠𝐧. Don’t be generic in risk assessment, rather the micro level dynamics of stack of an AI System needs to be focussed upon to have actual perspective of risk assessment. Hence, if not taken care of, they become high-risk by architecture. Traditional AI, Agentic AI, and Agentic RAG…
Introduction The enactment of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), followed by the notification of the Digital Personal Data Protection Rules, 2025, represents a shift in corporate governance operations. For nearly a quarter of a century, data protection in India was governed by the 43A and the SPDI Rules of 2011 under…
For a decade, Indian enterprises hoarded data like oil. We scraped numbers, bought lists, and treated CRMs as goldmines. Under DPDPA , “Legacy Data” sitting in your servers from 2020–2025 is no longer an asset. It is a Toxic Asset. “If you have concerns about the legacy data, you may wish to ask your HR…
Year 2026 will be Foundation Year of Trust with Consent Management Framework in place. 1. Notice & Consent Basics Visual flow: Data Fiduciary sends Notice to Data Principal; Data Principal provides Consent back. 2. Purpose Register & Data Mapping Visual flow: Mapping Personal Data to Purpose for the Data Principal. 3. Processor/Vendor Controls (Part A…
𝐀𝐈 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 : 𝐈𝐧𝐝𝐢𝐚 & 𝐆𝐥𝐨𝐛𝐚𝐥 𝐑𝐨𝐚𝐝𝐦𝐚𝐩,𝟐𝟎𝟐𝟔 AI governance is no longer a value statement, rather it is a proof statement. That is why the India 𝐀𝐈 𝐈𝐦𝐩𝐚𝐜𝐭 𝐒𝐮𝐦𝐦𝐢𝐭 𝟐𝟎𝟐𝟔 𝐢𝐧 𝐍𝐞𝐰 𝐃𝐞𝐥𝐡𝐢 𝐚𝐭 𝐁𝐡𝐚𝐫𝐚𝐭 𝐌𝐚𝐧𝐝𝐚𝐩𝐚𝐦 𝐨𝐧 𝟏𝟗 𝐚𝐧𝐝 𝟐𝟎 𝐅𝐞𝐛𝐫𝐮𝐚𝐫𝐲 𝟐𝟎𝟐𝟔 𝐦𝐚𝐭𝐭𝐞𝐫𝐬, because it is positioned around impact, not hype, and around what can…
𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 𝐝𝐨𝐧’𝐭 𝐞𝐧𝐬𝐮𝐫𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞. 𝐌𝐢𝐧𝐝𝐬𝐞𝐭𝐬 𝐝𝐨. 1. Accountability Data Fiduciary duty; demonstrate compliance 2. Purpose limitation Specified purpose; no incompatible processing 3. Data minimisation Only necessary personal data; reduce access 4. Notice to Data Principal Provide notice; clear, itemised information 5. Consent management Free, specific, informed; easy withdrawal 6. Data Principal rights Access; correction/erasure; nominate;…
𝐓𝐨𝐩 𝟏𝟎 𝐓𝐡𝐢𝐧𝐠𝐬 𝐭𝐨 𝐊𝐧𝐨𝐰 𝐢𝐧 𝐓𝐡𝐞 𝐀𝐫𝐭𝐢𝐟𝐢𝐜𝐢𝐚𝐥 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 (𝐄𝐭𝐡𝐢𝐜𝐬 𝐚𝐧𝐝 𝐀𝐜𝐜𝐨𝐮𝐧𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲) 𝐁𝐢𝐥𝐥, 𝟐𝟎𝟐𝟓. It will have an impact on DPDPA as well. It is a proposed Indian legislative framework designed to regulate the development and deployment of automated systems Creation of an Ethics Committee: The Bill establishes a dedicated Ethics Committee for Artificial Intelligence…
The Mandate of “Specified Purpose” Under the Digital Personal Data Protection Act, 2023, processing personal data is only permissible for a lawful purpose for which the Data Principal has given consent or for certain legitimate uses. A “Specified Purpose” is the fundamental anchor of every data interaction it is the explicit reason mentioned in the…
We are after roughly one month and ten days into the DPDPA implementation countdown. Since, the notification dropped in November, 𝐈 𝐡𝐚𝐯𝐞 𝐰𝐚𝐭𝐜𝐡𝐞𝐝 𝐦𝐚𝐧𝐲 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧𝐬 𝐭𝐫𝐞𝐚𝐭 𝐭𝐡𝐢𝐬 𝐩𝐞𝐫𝐢𝐨𝐝 𝐚𝐬 𝐚 𝐯𝐚𝐜𝐚𝐭𝐢𝐨𝐧 𝐫𝐚𝐭𝐡𝐞𝐫 𝐭𝐡𝐚𝐧 𝐚 𝐬𝐩𝐫𝐢𝐧𝐭. 𝐋𝐞𝐭’𝐬 𝐛𝐞 𝐩𝐫𝐞𝐜𝐢𝐬𝐞 𝐚𝐛𝐨𝐮𝐭 𝐰𝐡𝐚𝐭 𝐭𝐡𝐢𝐬 𝐬𝐢𝐥𝐞𝐧𝐜𝐞 𝐜𝐨𝐬𝐭𝐬 𝐲𝐨𝐮. The 12 Months Milestone (November 2026): This isn’t a ‘soft launch.’…
Introduction The health technology ecosystem is expanding at a faster rate than any other segment within consumer and medical innovation. From smartwatches and continuous glucose monitors to cardiac telemetry patches, sleep monitoring bands, post-surgery recovery trackers and elder-care remote monitoring systems, the industry has shifted from occasional data collection to continuous and intimate surveillance of…
Are you stuck in the “No-Brain Data Discovery” tools trap? If your “data discovery” is an Excel chase send sheet, collect inputs, merge tabs then understand this plainly: You have an inventory. Not accountability. And under DPDPA, inventory won’t survive the first grievance or incident. If discovery doesn’t produce evidence, it produces liability. The one…
Introduction In India’s democracy few laws have been as empowering such as the Right to Information (“RTI”) Act, 2005. It acts like a tool in the hands of citizens to cut through the opacity of bureaucratic secrecy, thereby allowing citizens to hold power to account. However, this transparency is now threatened by a change made…
We click ‘Accept’ thousands of times a day, yet almost no one truly understands what they are agreeing to. Consent isn’t dead rather it never really lived.” A Realising Moment A Fortune 500 client’s consent form had approximately 12,000 words. I asked the concerned professional, “Have you read this fully?” And “Will your users?” Though…
Introduction India, a country which has become more and more digitalized over the years, faces critical issues like data security and privacy, especially with such a large population. The security of the data on mobile phones is more crucial than ever since they are becoming an essential part of both our personal and professional lives….
Evidence Based Compliance: The New Currency Under DPDPA The Digital Personal Data Protection Act, 2023 marks a decisive turn in how organisations will be evaluated. The future standard is clear: Compliance will be judged by evidence, not paperwork. Policies, notices, and contracts matter but they no longer determine regulatory outcomes. What matters is the organisation’s…
The Digital Personal Data Protection Act, 2023 (DPDPA) requires organisations that process digital personal data in India to provide a clear, accessible privacy notice before or at the time of collection. The form and manner are set by the Act and will be supplemented by rules under the Act. Earlier government communications indicated that formal…
OLD: Consent is a static checkbox exercise, sufficient for legal ‘satisfaction’. VIBE: Consent is a provable, real-time user journey, where every interaction is logged as irrefutable evidence of informed choice and ongoing intent. OLD: Compliance is an IT department’s operational burden, handled by technical staff. VIBE: Compliance is a C-Suite imperative, where proactive logging of…
How to Align Your Contracts for DPDPA Compliance? The implementation of Digital Personal Data Protection Act, 2023 (DPDPA) requires organisations to adopt structured contractual safeguards with all third-parties who process personal data. Updating contracts is one of the fastest and most effective ways to strengthen compliance and reduce risk exposure. 1. Identify All Data Handling…
Introduction The implementation of the Digital Personal Data Protection (hereinafter referred to as “DPDP”) Act, 2023, will be significantly transforming the landscape of data governance for Indian organizations, with a particular focus on safeguarding personal data in compliance with global standards. For procurement and legal teams, vendor due diligence has emerged as a strategic priority,…
Disclaimer & Confirmation
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
However, the user is advised to confirm the veracity of the same from independent and expert sources.