Technology Law Analysis: 2025: The Year That Was in Technology, Media & Telecommunications Law and Policy in India

2025: The Year That Was in Technology, Media & Telecommunications Law and Policy in India

2025 was monumental year for the Technology, Media and Telecom (“TMT“) sector in India. From long-awaited legislative reforms to decisive policy interventions, the year reflected India’s intent to simultaneously strengthen digital rights, manage emerging risks and position itself as a leading technology and manufacturing hub.

Notably, India operationalized its long-awaited personal data protection regime. Nearly a decade after the landmark Supreme Court judgement¹ which held privacy to be a fundamental right under the Constitution of India, the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 together establish India’s first standalone framework governing the collection, use, sharing, retention and deletion of digital personal data. The regime represents a decisive move away from the fragmented protections under the Information Technology Act 2000, signalling a more mature, rights-oriented approach to data governance that aligns with global standards while retaining India-specific contours.

Another sector that saw a major change is the real-money gaming (“RMG”) sector, with a combined enterprise valuation of ₹2 trillion (approximately $23 billion), generating cumulative revenues of ₹310 billion (around $3.6 billion), and contributing ₹200 billion (roughly $2.29 billion) annually in direct and indirect taxes.² The sector faced a dramatic shutdown in 2025 following the enactment of the Promotion and Regulation of Online Gaming Act, 2025 which imposed a nationwide ban on online RMG formats, effectively wiping out the industry overnight, triggering investment write-offs exceeding $840 million in venture capital from prior years³ and operational suspensions or pivots by prominent overseas-backed players like Dream11, Mobile Premier League, Zupee, Gameskraft, and Probo⁴. In response, companies have shifted focus to non-RMG segments such as esports, in-app purchases, ad-driven casual gaming, with industry bodies advocating for self-regulation.

The Government has also been proactive about the concerns around AI development. Artificial intelligence governance emerged as another key policy theme. Rather than adopting a standalone AI legislation, the Government favoured adapting existing frameworks like the IT Rules 2021, RBI lending directives and SEBI’s reporting obligations for market participants using AI/ML systems, to address AI-related risks including bias, transparency, content labelling and data localisation. In parallel, 2025 saw a series of judicial interventions recognising and enforcing personality rights against the unauthorised use of AI-generated likenesses, voices and digital personas, particularly in cases involving deepfakes and synthetic endorsements, signalling the application of existing privacy, IP and intermediary liability frameworks to AI-driven harms. Complementary initiatives included the India AI Governance Guidelines, DPIIT’s working paper on generative AI and copyright, and the IndiaAI Mission’s ₹100 billion ($1.1 billion) investment in sovereign AI models and compute infrastructure.

The year also saw a shift in both public and regulatory approaches towards modernising asset ownership through tokenisation. While IFSCA released a draft consultation paper outlining a regulatory approach to tokenisation in IFSC⁵, RBI officials have reportedly discussed plans to launch a pilot for deposit tokenisation⁶, alongside a parliamentary push for a dedicated tokenisation bill⁷. To this effect, there have been trends of companies attempting to tokenise real estate, real world assets, intellectual property, gold, bonds, stocks and securities etc., collectively positioning tokenisation as the next wave of financial innovation.

Beyond regulation, 2025 reinforced India’s ambitions as a global technology and manufacturing hub. Several states rolled out policy frameworks to attract Global Capability Centres (“GCCs”) including Maharashtra⁸, Madhya Pradesh⁹ and Gujarat¹⁰, alongside central initiatives supporting deep-tech research, semiconductor manufacturing and strategic R&D financing, reflecting the growing convergence of technology policy and industrial strategy. Global technology and manufacturing leaders also strengthened their footprint in India. With Micron expanding semiconductor assembly and test operations and the Government approving a significant semiconductor joint venture between HCL and Foxconn for a new chip manufacturing unit¹¹, India’s role as a strategic hub in the global electronics and semiconductor supply chain is increasingly visible.

Against this backdrop, this wrap highlights the most significant legal, regulatory and policy developments that shaped India’s TMT landscape in 2025:

1. Introduction of the New Data Protection Law: In November 2025, the Ministry of Electronics and Information Technology (“MeitY”) notified the Digital Personal Data Protection Rules, 2025. The rules operationalise the Digital Personal Data Protection Act, 2023¹² (“Data Protection Act”), India’s first standalone personal data protection legislation, and set out detailed requirements relating to notice, consent, registration and obligations of consent managers, intimation of personal data breaches, rights of Data Principals, data retention periods, and the structure and functioning of the Data Protection Board of India (“DBP”). The implementation of the Data Protection Act and the rules will happen in a phased manner. Provisions relating to the DPB take effect immediately. Provisions governing registration and obligations of consent managers come into force 1 year from publication. The remaining provisions, including notice obligations, Data Principal rights, breach notification, data retention and obligations of Significant Data Fiduciaries, will become effective 18 months from publication, i.e. in May 2027. Correspondingly, the existing data protection regime under Section 43A of the Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 will stand repealed.

   Our detailed analysis of the new data protection framework is available here, and a recording of our webinar can be accessed here.

2. Revised Takedown Framework for Online Intermediaries: In October 2025, the Government amended the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021”) to revise the takedown framework, introducing clearer procedural safeguards, such as specification of authorised officer ranks, requirements for reasoned written directions, and periodic review. The amendments (i) clarified the specific ranks of the officers who may issue a takedown notice to the intermediaries, (ii) prescribed requirements for a written notice to be well reasoned, with information about specific legal provisions invoked, nature of the alleged unlawful act, precise identifiers to be removed and (iii) introduced a provision for periodic monthly review of all issued takedown notifications.

   Our analysis of the amendments can be accessed here.

3. Online Real Money Gaming Ban: The Promotion and Regulation of Online Gaming Act, 2025¹³ was notified in August 2025 and the Promotion and Regulation of Online Gaming Rules, 2025¹⁴ were subsequently published for consultation until October 31, 2025. The new regulation bans online money games¹⁵ (irrespective of whether they are skill-based or chance based) and seek to regulate ‘E-sports’ and ‘Online Social Games’. The Act and draft rules prohibit offering of online money games, facilitation of financial transactions towards such games, and advertising of such games. Further, the law has extraterritorial application and empowers authorities to issue blocking orders against foreign operators offering online money games in India. It also establishes the Online Gaming Authority of India, which is responsible to determine the categorization of each online money game, register e-sports (which registration is mandatory) and online social games (which registration is optional), respond to complaints on online games, and other prescribed functions. Penalties under the law is stringent with imprisonment of up to 3 years (5 years for repeat offences) and fines which may extend up to ₹ 10 million ($ 115,000) or ₹ 20 million ($ 230,000) for repeat offences.

   The new gaming law is currently under challenge before the Supreme Court of India on grounds that it is violative of the right to equality, right to practice profession or business, right to life and personal liberty, and that the law lacks legislative competence since it fails to differentiate between games of skill and chance.

   Our detailed analysis of the new Promotion and Regulation of Online Gaming Act, 2025 is available here and draft Promotion and Regulation of Online Gaming Rules, 2025 is available here, and a link to our webinar on the subject is accessible here.

4. Revised Guidelines on Regulation of Payment Aggregators:In September 2025, the Reserve Bank of India issued the Master Directions on Regulation of Payment Aggregators¹⁶, which came into effect immediately. The directions consolidate and rationalize the existing payment aggregator regulatory framework and introduced enhanced compliance and operational requirements. Under this new framework, businesses engaged in providing physical payment aggregation services (such as point-of-sale payment services) will require a license from RBI and must comply with the master directions. Cross border payment aggregators have also been brought under the purview of these master directions. The directions also mandate payment aggregators to undertake full merchant KYC checks as per the RBI Know Your Customer Direction, 2016 for all merchants, except for merchants whose domestic turnover or export turnover are lesser than the prescribed thresholds (in such cases a simpler diligence mechanism has been prescribed). Further, payment aggregators are permitted to offer services only to merchants with whom they have a contractual relationship. The master directions also introduce flexibility in settlement processes by allowing payment aggregators and merchants to mutually agree on settlement timelines contractually. Previously, the settlement timelines with merchants were linked to the specific dates (such as date of shipment / delivery / refund of the product / debit to the customer).
5. Crypto Tax Compliance: In February 2025, the Union Budget tightened India’s tax and compliance framework for virtual digital assets (“VDAs”). Income from VDAs was expressly brought within the scope of undisclosed income for search and seizure proceedings, exposing such income to higher tax consequences where not properly reported. A new provision, Section 285BAA of the Income-tax Act, 1961 was introduced to mandate transaction-level reporting by prescribed crypto reporting entities. The provision establishes a structured reporting regime, including timelines, a defect-rectification window of 30 days, obligations to self-report inaccuracies, and the possibility of enforcement notices for non-compliance. Further, Financial Intelligence Unit – India also issued two revisions to the VDA service provider registration circular to include additional documentation for registration.
6. Cryptocurrency Recognised as Property by High Court: In October 2025, the Madras High Court in Rhutikumari v. Zanmai Labs Pvt. Ltd.¹⁷ recognised cryptocurrency as “property”, holding that its intangible and digital nature does not preclude it from being owned, possessed, or held in trust. The judgment arose from a dispute over cryptocurrency holdings that were frozen on an exchange following a cyberattack, with interim relief sought under the Arbitration and Conciliation Act, 1996 to protect investor assets. The Madras High Court herein affirmed that virtual digital assets are capable of proprietary protection and can attract remedies akin to other forms of property, including preservation against unilateral freezing or redistribution. This ruling may have significant implications on how cryptocurrencies are treated vis the existing consumer protection framework, property laws and other legal frameworks.
7. Proposed Accessibility Guidelines: In October 2025, the Ministry of Information and Broadcasting (“MIB”) released the Draft Guidelines for Accessibility of Content on platforms of publishers of Online Curated Content (OTT Platforms) for Persons with Hearing and Visual Impairment¹⁸, for public consultation. The guidelines aim to ensure audio visual content on OTT platforms are accessible through features such as closed captioning, audio descriptions, and Indian Sign Language interpretation. The guidelines propose phased compliance timelines, requiring all new content to include at least one accessibility feature within 6 months of final notification. For legacy content, 30% of the library must incorporate accessibility features within 12 months, 60% of the library within 18 months, and 100% of the library within 24 months. In addition, OTT platforms must ensure their apps and websites are compatible with assistive technologies and that the relevant software is accessible to persons with disabilities. The draft guidelines also prescribe specifications for closed / open captions, audio descriptions and sign language interpretation. The draft guidelines also provide exemptions for live and deferred live content, audio content, and short form content.
8. Stronger Anti-Spam Measures: In February 2025, the Telecom Regulatory Authority of India issued the Telecom Commercial Communications Customer Preference (Second Amendment) Regulations, 2025, which further strengthens consumer protection against ‘Unsolicited Commercial Communications’. Salient features of the amendment include: (i) ease of reporting spam by increasing the time period to report spam (i.e., from 3 days to 7 days) and requiring fewer details to register a complaint; (ii) mandating fresh consent to be obtained for issue of promotional content after the completion of a service; (iii) reduction of time limit for access providers to take action against unregistered senders (i.e., from 30 days to 5 days); and (iv) requirement for message headers to carry identifiers to ensure customers can identify the nature of the message from the header.
9. Telcom Cyber Security Norms: The Department of Telecommunications notified the following:
   1. The Telecommunications (Standards, Conformity Assessment and Certification) Rules, in May 2025, to ensure that telecom equipment used in India meet safety, security, and performance standards. Key changes include: (i) the Telecommunication Engineering Centre and National Centre for Communication Security will notify and review standards every 5 years, and issue certification of conformity for compliant equipment; (ii) mandatory requirements for the Central Government to conduct regular inspections; (iii) prohibition on sale or use of non-certified equipment; (iv) introduction of digital portals for standards publication, certifications, and enforcement.
   2. The Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, in October 2025, which bring Telecommunication Identifier User Entities (“TIUE”) i.e., any service or business that uses mobile numbers to verify or deliver services to users such as banks and fintech, e-commerce platforms, ride hailing services etc., under the ambit of the rules. Key changes include: (i) establishment of a ‘Mobile Number Validation’ platform to validate whether telecom identifiers provided by TIUE customers correspond to subscriber records of a telecom licensee; (ii) TIUEs may be directed, or may seek permission to use the MNV platform; (iii) Government may direct telecom entities and TIUE’s to suspend the use of telecom identifiers in public interest; (iv) Government may issue directions prohibiting assignment of International Mobile Equipment Identity numbers already in use to new devices manufactured or imported into India.
10. SAHYOG Portal and Revised Takedown Framework: SAHYOG portal was conceptualised as a central technology platform launched by Ministry of Home Affairs to enable law enforcement to issue rapid takedown notices under Section 79(3)(b) of the IT Act to intermediaries. It was created to bring together government agencies and intermediaries on a single platform. The legality of this portal was challenged by X Corp arguing that this portal enables circumvention of the takedown process under Section 69A of the IT Act.

    In September 2025, a single-judge bench of the Karnataka High Court upheld the legality of the Government’s SAHYOG portal, as a lawful administrative mechanism for issuing content takedown notices to intermediaries under Section 79(3)(b) of the IT Act.¹⁹ The Court rejected arguments that the portal impermissibly bypassed the procedural safeguards of the Section 69A blocking regime, noting that the portal functions as an efficiency-driven coordination tool rather than a parallel takedown framework. This ruling has been appealed by X Corp in the Karnataka High Court²⁰.

    As of December 2025, an RTI response reveals that a total of 94 companies so far have onboarded on SAHYOG portal, including a mix of social media companies, domain name registrars, cloud service providers, ecommerce companies etc²¹.

11. Draft Amendments to the IT Rules, 2021 on Synthetically Generated Information: In October 2025, MeitY released draft amendments to the IT Rules, 2021, proposing additional due diligence obligations for intermediaries in relation to SGI or AI-generated or modified content (“SGI”).²² The draft amendments seek to mandate prominent labelling or embedding of permanent identifiers for SGI created or modified using an intermediary’s computer resources and introduce enhanced obligations for Significant Social Media Intermediaries, including user declarations, deployment of verification tools, and clear labelling of such content.

    The proposed framework has raised concerns among stakeholders regarding the breadth of the definition of SGI, reliance on subjective standards, and the operational feasibility of uniform labelling requirements (such as the requirement to cover 10% of content). Additional concerns relate to the ambiguity around verification standards, intermediary liability, and potential impact on user experience.

    Our analysis of the draft amendments can be found here. Additionally, we have also submitted our comments to MeitY on the draft amendments.

12. Drone Bill, 2025: In September 2025, the Ministry of Civil Aviation released the draft Civil Drone (Promotion and Regulation) Bill, 2025²³, with an aim to consolidate the legislative framework for drones in India, replacing the existing rules-based regime administered under the Drone Rules, 2021. Key features include: (i) expanded applicability covering Indian and foreign entities across the entire drone supply chain and extending to registered drones irrespective of location of operation; (ii) mandatory registration of all drones and compliance obligations on manufacturers and sellers to ensure unique identification prior to sale; (iii) compulsory certification of all drone pilots, with no carve-outs in the proposed draft for hobbyist or non-commercial use; (iv) enhanced safety, security and insurance requirements, coupled with stricter penalties including fines and imprisonment; and (v) broad delegated powers to the Central Government to prescribe classifications, licensing, operational norms and economic regulations. The Drone Bill may increase compliance costs and regulatory burden, particularly for start-ups, R&D, and educational use, potentially impacting innovation. However, the final version of the proposed rules is currently awaited.

    Our detailed analysis of the Drone Bill 2025 can be accessed here.

13. Sanchar Saathi App: In December 2025, the Department of Telecommunications (“DoT”) issued a directive which required smartphone manufacturers to pre-install the government-backed Sanchar Saathi application on devices sold in India.²⁴ The initiative was positioned as part of a broader effort to curb telecom misuse, with CERT-In reporting an increase in cyber incidents from approximately 1.59 million in 2023 to 2.04 million in 2024. The government mandated installation and potential non-removable nature of the application sparked major privacy concerns about state surveillance. Reportedly, the application requested excessive access permissions. Further, mandatory pre-installation of the application appeared to eliminate user agency. Following public and industry feedback, the DoT clarified and withdrew the requirement for mandatory pre-installation, reverting the application to a voluntary, user-initiated model.²⁵
14. New Digital Lending Directions: The RBI issued the Digital Lending Directions, 2025 (“Digital Lending Directions”) on May 8, 2025²⁶, consolidating the earlier digital lending framework with the objectives of strengthening borrower protection and enhancing regulatory oversight of digital lending platforms.²⁷ The Digital Lending Directions bring greater clarity to arrangements between Regulated Entities (“REs”) and Lending Service Providers (“LSPs”), particularly where multiple lenders operate on a single platform, by mandating a transparent display of all loan offers, consistent borrower–lender matching mechanisms and prohibiting manipulative design practices on Digital Lending Apps (“DLAs”). Key features of the Digital Lending Directions include:
    1. Establishing a central, RBI-maintained repository of all DLAs deployed or used by REs, allowing users to verify whether a lending app is legitimately linked to a regulated lender.
    2. Aligning data collection and consent requirements with the Data Protection Act, imposing detailed privacy and data retention obligations on REs, and introducing a calibrated relaxation of data localisation norms by permitting limited offshore data processing subject to strict timelines.
    3. Where illegal apps are identified, MeitY is empowered to block public access under Section 69A of the IT Act, following the prescribed legal process. In parallel, government agencies are engaging with app stores, internet intermediaries, and messaging platforms to curb the spread of unauthorised loan apps.

    The Indian Cyber Crime Coordination Centre continues to monitor and analyse DLAs, while citizens can report illegal loan activity through the National Cybercrime Reporting Portal or via the helpline number. Banks and regulators also facilitate complaints through the SACHET portal and State Level Coordination Committees, alongside sustained public awareness campaigns.

    Our analysis of the Digital Lending Directions can be accessed here.

15. Domain Name Registrars and Safe Harbour: In December 2025, the Delhi High Court in Dabur India Limited v. Ashok Kumar & Ors.²⁸ examined the role of Domain Name Registrars (“DNRs”) in cases of trademark infringement and online fraud arising from impersonating domain names. The Court held that DNRs cannot rely on intermediary safe-harbour protections where they facilitate or fail to act against infringing registrations, and issued standardised directions requiring disclosure of registrant details, restrictions on default privacy masking, permanent blocking and transfer of unlawful domains, and expanded application of dynamic injunctions. The judgment also directed coordination among DNRs, registry, banks, law-enforcement agencies, and government authorities.
16. Delhi High Court grants a ‘Superlative Injunction’: In May 2025, the Delhi High Court granted a superlative injunction in favour of Star India Pvt. Ltd. for a specified period.²⁹ Passed in the context of large-scale online piracy of live sports broadcasts, the order enabled Star to secure real-time blocking of newly identified rogue websites and mobile applications streaming its copyrighted content, without repeatedly approaching the Court during the summer vacation.

    The superlative injunction went beyond the dynamic injunctions (which permit existing blocking orders to be extended to mirror or redirect websites through the Joint Registrar) and dynamic+ injunctions (which allow rightsholders to directly approach intermediaries such as ISPs and domain registrars, subject to post-facto judicial filings) granted earlier. Unlike these earlier forms of relief, the superlative injunction did not require the submission of affidavits or supporting evidence to the Court for judicial oversight. The injunction applied irrespective of the mode of dissemination and could therefore be enforced against both rogue websites and mobile applications. The Delhi High Court’s order thus marks an expansion in the scope and effectiveness of the remedies against online piracy available to rightsholders against online piracy.

17. ANI v. OpenAI Copyright Dispute: The copyright dispute initiated by Asian News International (“ANI”) in late 2024 continued to gather momentum in 2025. In 2024, ANI had approached the Delhi High Court seeking interim relief against OpenAI, alleging unauthorised retention and use of its copyrighted news content for training large language models. In 2025, industry bodies such as the Digital News Publishers Association sought to intervene in the proceedings, contending that generative AI systems divert readership and advertising revenue away from news publishers. The case also attracted interventions from the music industry, with record labels and trade associations including T-Series, Saregama, Sony Music, and the Indian Music Industry contending that their copyrighted songs and lyrics had similarly been used by OpenAI for training its AI models without their consent. These interventions widened the subject matter of the dispute from news content to musical works as well. The proceedings are ongoing before the Delhi High Court, with the matter yet to be finally adjudicated.
18. India’s First Smell Trademark: In November 2025, the Controller General of Patents, Designs and Trademarks accepted for advertisement India’s first application for an olfactory (smell) trademark.³⁰ The application by Sumitomo Rubber Industries Ltd.  sought protection for a scent mark which is “floral fragrance / smell reminiscent of roses as applied to tyres” for goods falling in Class 12. This marks a landmark development, as the Trade Marks Act, 1999 does not expressly recognize smell marks, visually perceptible marks have been historically preferred, and applicants face challenges in providing a graphical representation required for application.  In this instance, the Controller accepted a scientific graphical representation in the form of a seven-dimensional vector model which mapped the scent across recognised olfactory parameters, wherein each dimension was defined as one of the 7 fundamental smells, namely floral, fruity, woody, nutty, pungent, sweet, and minty.
19. Withdrawal of the Digital Competition Bill: The Ministry of Corporate Affairs (“MCA”) had released the draft Digital Competition Bill in 2024³¹, proposing an ex-ante regulatory framework for entities providing specified “core digital services” that met certain thresholds and would be designated as Systemically Significant Digital Enterprises (“SSDEs”). These entities would have been subject to obligations such as data portability, interoperability and fair ranking. Following public consultation, the draft bill was withdrawn in August 2025³², due to concerns over over-inclusive and low quantitative thresholds for classification as SSDEs, subjective criteria, risk of regulatory overreach, and the burden of ex-ante compliance in the absence of proven anti-competitive conduct. Stakeholders also questioned whether a preventive regime was necessary or if existing competition law could be strengthened instead.

    Subsequently, the MCA issued a Request for Proposal to conduct a market study on identifying SSDEs and determining the scope of digital services under any future Digital Competition Bill.³³

20. CCPA Advisory on Dark Patterns: In June 2025, the Central Consumer Protection Authority (“CCPA”) issued an advisory under the Consumer Protection Act, 2019 urging all e-commerce platforms and online service providers in India to conduct self-audits within 3 months from the date of issue of the advisory³⁴ to detect and eliminate “dark patterns”³⁵ on their digital interfaces and ensure consumer-centric transparency.³⁶ The advisory builds on those 2023 guidelines and emphasizes that platforms should remedy identified dark patterns and, where appropriate, provide self-declarations confirming compliance, in order to foster a fair, ethical and consumer-centric digital ecosystem. The CCPA has also signalled enhanced monitoring and enforcement, having issued notices in some cases of guideline violations. In November, the CCPA released 18 dark pattern self-audit declarations by companies, which indicates that only some of the e-commerce platforms have undertaken the self-audits as required in the CCPA’s advisory.³⁷
21. Proposed Framework for Responsible Use of Artificial Intelligence and Machine Learning in Securities Markets: In June 2025, the Securities and Exchange Board of India (“SEBI”) released a consultation paper titled “Guidelines for Responsible Usage of AI/ML in Indian Securities Markets”³⁸, proposing a principle-based framework for the responsible use of artificial intelligence (“AI”) and machine learning (“ML”). This proposed framework reflects the underlying principles discussed in International Organisation of Securities Commission’s consultation report on use of AI/ ML by market intermediaries and asset managers, and other well-established global principles.

    SEBI has consistently released various reporting obligations for market participants using AI/ML systems³⁹, indicating its intent to regulate and promote the responsible use of AI/ ML systems in securities market. In the consultation paper, The proposed framework focuses on the five points, namely, model governance, investor protection and disclosures, testing frameworks, fairness and bias mitigation, and data privacy and cybersecurity.

22. AI Governance Guidelines: MeitY formed a drafting committee to create an AI governance framework that promotes inclusive development and global competitiveness while mitigating risks to individuals and society. After reviewing laws, global practices, literature, and public feedback, the committee released the India AI Governance Guidelines⁴⁰ in November 2025.

    The guidelines are built upon seven foundational principles (Sutras) designed to ensure AI development remains human-centric: (i) trust is the foundation (building reliability across the AI value chain), (ii) people first (prioritizing human oversight and empowerment, (iii) innovation over restraint (prioritizing responsible growth over cautionary bans), (iv) fairness & equity (actively mitigating algorithmic bias and discrimination), (v) accountability (establishing clear responsibility for developers and deployers), (vi) understandable by design (ensuring transparency and explainability in AI logic), (vii) safety, resilience & sustainability (developing robust, environmentally conscious systems).

    To operationalize these principles, the framework is structured around six core governance pillars: (i) infrastructure (expand access to data, compute, and digital public infrastructure to attract investments and enable scalable and inclusive AI adoption, (ii) policy & regulation (use agile, targeted amendments to existing laws to address AI risks, rather than broad new regulation), (iii) capacity building (invest in education, skilling, and awareness to build trust and preparedness around AI), (iv) risk mitigation (develop India-specific risk assessment frameworks, with higher safeguards for sensitive or high-risk AI uses), (v) accountability (introduce graded liability based on risk, function, and due diligence, supported by transparency across the AI value chain), (vi) institutions (adopt a whole-of-government model, with a dedicated AI Governance Group and a strengthened AI Safety Institute).

    The implementation roadmap is envisioned in three phases. In the short term, priorities include establishing key governance bodies, developing foundational risk frameworks, and promoting voluntary commitments by stakeholders. The medium term focuses on operationalization through the launch of regulatory sandboxes, the publication of common technical standards, and targeted amendments to existing sectoral laws such as those governing finance and healthcare. In the long term, the framework evaluates the need for a dedicated AI law, informed by the evolution of technologies and the emergence of new or heightened risks.

23. Introduction of the RDI Scheme for DeepTech: In July 2025, the Union Cabinet approved the Research, Development and Innovation (“RDI”) Scheme⁴¹, allocating ₹1 trillion ($11.68 billion) over six years to boost private sector investment in high-impact R&D projects, with ₹200 billion ($2.22 billion) earmarked for FY 2025-26. Managed by the Anusandhan National Research Foundation (“ANRF”) under the Department of Science and Technology (“DST”), the scheme provides concessional loans at low or nil interest rates, equity support for startups via a Deep-Tech Fund of Funds, and grants covering up to 50% of project costs for initiatives at Technology Readiness Levels (“TRLs”) 4 and above. It targets sunrise sectors such as AI, biotechnology, quantum computing, green energy, robotic and digital agriculture to foster Atmanirbhar Bharat, economic security, and global competitiveness. Governance includes an ANRF board chaired by the Prime Minister, an Executive Council, and an Empowered Group of Secretaries (“EGoS”) for approvals and oversight. Building on the momentum created by the RDI Scheme, industry stakeholders formed the India Deep Tech Alliance (“IDTA”) in September 2025, where members, comprising leading Indian and global venture capital firms, have collectively committed over ₹ 80 billion ($1 billion) in private capital for India-domiciled deep-tech startups and scale-ups, with most of this investment expected to be deployed over the next 5-10 years through direct fund commitments, mentorship, and ecosystem support aligned to national innovation priorities⁴². 

    Our explainer on the RDI Scheme and the IDTA can be accessed here. We serve as the global strategic legal advisor to the IDTA.⁴³

24. Working Paper on Generative AI and Copyright: The Department for Promotion of Industry and Internal Trade constituted a committee to examine emerging legal and policy issues related to artificial intelligence and copyright in April 2025. In December 2025, the committee released the “Working Paper on Generative AI and Copyright – Part I: One Nation, One License, One Payment”⁴⁴.

    The paper advances a hybrid model for lawful AI training on copyrighted works, combining: (i) a mandatory blanket licence and (ii) a statutory remuneration right administered via a central collecting entity (a Copyright Royalties Collective for AI Training) to set and distribute royalties to right holders. Under the mandatory blanket license approach, creators and copyright holders would not be able to block the use of their works for AI training; instead, they would be guaranteed fair compensation through a statutory remuneration right. The model is designed to ensure that AI developers have reliable access to large volumes of high-quality data while safeguarding the economic interests of rightsholders. To implement this framework, the proposal envisages a single, central collecting body, the Copyright Royalties Collective for AI Training (“CRCAT”), to be formed by rightsholders’ associations and designated by the Central Government under the Copyright Act, 1957. AI developers would be required to obtain lawful access to copyrighted works and would not be permitted to bypass paywalls or technological safeguards. Once lawful access is secured, no further permissions would be required for AI training. The CRCAT would collect royalties from AI developers and distribute them to rightsholders through a standardised mechanism, simplifying licensing, lowering compliance costs, and promoting a balanced and predictable ecosystem.

25. IFSCA Consultation Paper on Tokenisation of Real-World Assets: In February 2025, The International Financial Services Centres Authority (“IFSCA”) issued a draft consultation paper ‘Regulatory Approach towards Tokenization of Real-World Assets’ (“Consultation Paper”), to invite public feedback on key regulatory considerations regarding tokenization of real-world assets in IFSC⁴⁵.
    The Consultation Paper examines global best practises and highlights key regulatory concerns including interoperability, settlement cycles and risk management. The Consultation Paper intends to propose a regulatory approach keeping in mind issues in asset classification, issuance, trading mechanisms, risk management, and regulatory oversight, and sought input from industry participants and experts for a proposed regulatory framework that balances innovation with risk mitigation. There has been no regulatory update yet.

    Our research paper on real estate tokenization can be accessed here.

26. Revised Guidelines for Examination of Computer Related Inventions (CRIs), 2025: In July 2025, the Indian Patent Office released revised Guidelines for the Examination of Computer-Related Inventions, 2025, replacing the 2017 guidelines. The revised guidelines clarify the application of Section 3(k) of the Patents Act, 1970 (which excludes computer program ‘per se’ or algorithms from patentability) and seek to align patent examination practices with recent High Court decisions. They introduce structured tests for assessing patentability, place renewed emphasis on demonstrating a “technical effect,” and provide detailed guidance for emerging technologies such as AI and machine learning. While not legally binding, the guidelines are expected to have a significant impact on how software patent applications are examined and prosecuted in India.
27. MeitY’s SOP on Non-Consensual Intimate Imagery (NCII): In October 2025, MeitY issued a Standard Operating Procedure to address the growing problem of non-consensual intimate imagery online.⁴⁶ The SOP lays down a structured mechanism enabling individuals, or their authorised representatives, to seek swift removal or disabling of access to privacy-violating content hosted by intermediaries. Anchored in the IT Act, the IT Rules, 2021, the Indecent Representation of Women (Prohibition) Act, 1986, and the Bharatiya Nyaya Sanhita, 2023, the SOP mandates takedown of NCII content within 24 hours of reporting and clarifies the roles of intermediaries, government agencies, and law enforcement. The framework is widely seen as strengthening enforcement of Rule 3(2)(b) of the IT Rules and reinforcing state commitment to privacy, dignity, and online safety, particularly for women.
28. Draft GI Usage Guidelines: The DPIIT released draft guidelines to standardise the use of Geographical Indications (“GI”) names and logos. The draft expands eligibility to use GI identifiers beyond authorised producers to include intermediaries such as dealers, packagers, exporters, and traders acting with authorised-user consent, thereby widening the scope of GI usage under the existing statutory framework.
29. SHANTI Act: In December 2025, the Parliament passed the Sustainable Harnessing and Advancement of Nuclear Energy for Transforming India Act, 2025 (“SHANTI Act”), which has since received the assent of the President. The SHANTI Act amends Section 4 of the Patents Act 1970 to permit patents relating to the peaceful use of nuclear energy and radiation, subject to national security concerns.⁴⁷ This marks a departure from the blanket exclusion previously applicable on the patentability of atomic energy–related inventions under Section 4 of the Patents Act, 1970.⁴⁸ 

Technology Law Team
You can direct your queries or comments to the authors.

¹Justice K.S. Puttaswamy v Union of India WP (C) 494/2012

²India bans real-money gaming, threatening a $23 billion industry, available at https://techcrunch.com/2025/08/20/india-bans-real-money-gaming-threatening-a-23-billion-industry/ (last accessed on January 8, 2026).

³India real-money gaming sector writes down $840m in assets since August ban, available at https://igamingbusiness.com/gaming/online-casino/india-real-money-gaming-ban-industry-losses/ (last accessed on January 8, 2026).

⁴Online gaming bill 2025: What happens to wallet money; Dream 11, MPL, PokerBaazi, Zupee and other outline withdrawal process, available at https://timesofindia.indiatimes.com/technology/tech-news/online-gaming-bill-2025-what-happens-to-wallet-money-dream11-mpl-pokerbaazi-zupee-and-others-outline-withdrawal-process/articleshow/123501502.cms?utm_source=chatgpt.com (last accessed on January 10, 2026).

⁵‘Regulatory Approach Towards Tokenisation of Real-World Assets’, IFSCA, 26 February 2025. Available at: https://ifsca.gov.in/Document/ReportandPublication/ifsca-consultation-paper-on-regulatory-approach-towards-tokenization-of-real-world-assets03032025111644.pdf (last accessed 08 January, 2026).

⁶‘Indian Central Bank to Launch Pilot for Certificates of Deposit Tokenisation’, Reuters, October 11, 2025. Available at: https://www.reuters.com/world/india/indian-central-bank-launch-pilot-deposit-tokenisation-official-says-2025-10-07/ (last accessed January 08, 2026).

⁷‘Tokenisation can do for investments what UPI did for payments,’ says Raghav Chadha’, Economic Times, December 17, 2025. Available at: https://m.economictimes.com/news/india/tokenisation-can-do-for-investments-what-upi-did-for-payments-says-raghav-chadha/amp_videoshow/126030129.cms (last accessed January 08, 2026)

⁸See https://industry.maharashtra.gov.in/sites/default/files/2025-09/gcc-policy-paraesa-naota-english.pdf (last accessed on January 7, 2026).

⁹See https://invest.mp.gov.in/wp-content/uploads/2025/02/GCC-Policy-2025.pdf (last accessed on January 7, 2026).

¹⁰See https://dst.gujarat.gov.in/Home/GujaratGlobalCapabilityCenter (last accessed on January 7, 2026).

¹¹See https://www.pib.gov.in/PressReleasePage.aspx?PRID=2128604&reg=3&lang=2 (last accessed on January 8, 2026).

¹²Available at: https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf (last accessed on January 8, 2026).

¹³Available at: https://www.meity.gov.in/static/uploads/2025/08/4f673438a686e3fa81dd2d277b445f42.pdf (last accessed on January 7, 2026).

¹⁴Available at: https://www.meity.gov.in/static/uploads/2025/10/18bae7782749f36ebb062fdb0b2607ea.pdf (last accessed on January 7, 2026).

¹⁵Online money game means “…an online game, irrespective of whether such game is based on skill, chance, or both, played by a user by paying fees, depositing money or other stakes in expectation of winning which entails monetary and other enrichment in return of money or other stakes; but shall not include any e-sports…”

¹⁶Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12896 (last accessed on January 7, 2026).

¹⁷Rhutikumari v. Zanmai Labs, 2025 SCC OnLine Mad 9290

¹⁸Available at: https://mib.gov.in/sites/default/files/2025-11/draft-guidelines-2-1.pdf (last accessed on January 7, 2026).

¹⁹X-Corp v Union of India, Writ Petition No.7405 OF 2025 (GM – RES)

²⁰X Corp Moves Karnataka High Court in Appeal Against Ruling Upholding Centre’s Blocking Powers Through Sahyog Portal, LiveLaw. Available at: https://www.livelaw.in/high-court/karnataka-high-court/karnataka-high-court-hearing-x-corp-appeal-against-central-government-blocking-orders-310049 (last accessed, January 05 2026)

²¹Zoom, Quora on the List of 94 Companies Onboarded on the Sahyog Portal, Reveals RTI, Medianama. Available at https://www.medianama.com/2025/12/223-zoom-quora-list-companies-sahyog-portal-rti/ (last accessed, January 06 2026)

²²Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2025 (Available at: https://www.meity.gov.in/static/uploads/2025/10/9de47fb06522b9e40a61e4731bc7de51.pdf.)

²³Available at: https://www.civilaviation.gov.in/sites/default/files/2025-09/Draft%20Civil%20Drone%20%28Promotion%20and%20Regulation%29%20Bill%202025.pdf (last accessed on January 8, 2026).

²⁴Press Information Bureau, DoT Issues Directions for Pre-Installation of Sanchar Saathi App in Mobile Handsets to Verify the Genuineness of Mobile Handsets (Available at: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&reg=3&lang=2).

²⁵Press Information Bureau, Government Removes Mandatory Pre-Installation of Sanchar Saathi App (Available at: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&reg=3&lang=1).

²⁶The Reserve Bank of India (Digital Lending) Directions, 2025 have now been withdrawn and instead included in Chapter III of the Reserve Bank of India (Commercial Banks – Credit Facilities) Directions, 2025 issued in November 2025, available at https://rbidocs.rbi.org.in/rdocs/notification/PDFs/154MD.pdf (last accessed on January 7, 2026)..

²⁷Available at: https://www.pdicai.org/Docs/RBI-2025-26-36_125202512145948.pdf

²⁸Dabur India Limited v. Ashok Kumar & Ors, CS (COMM) 135/2022.

²⁹ Star India Pvt. Ltd. v. IPTV Smarter Pro & Ors., CS(COMM) 108/2025.

³⁰Controller General of Patents, Designs and Trade Marks, Order No. NO. TMR/DEL/SCH/2025/ in respect of Trademark Application No. 5860303  (November 21, 2025).

³¹Draft Digital Competition Bill, 2024, available in the Ministry of Corporate Affairs’ Report of the Committee on Digital Competition Law (2024), pp. 152-192 (Available at: https://www.mca.gov.in/bin/dms/getdocument?mds=gzGtvSkE3zIVhAuBe2pbow%253D%253D&type=open) (last accessed on January 7, 2026).

³²Financial Express, Govt to withdraw Draft Digital Competition Bill (August 10, 2025), (Available at: https://www.financialexpress.com/business/industry-govt-to-withdraw-draft-digital-competition-bill-3942328/).

³³Ministry of Corporate Affairs, Request for Proposal (RFP) to undertake a Market Study on “Qualitative

and Quantitative thresholds for Big Tech Companies and Core Digital Services (CDS) (03 November 2025) (Available at: https://www.medianama.com/wp-content/uploads/2025/11/RFP-20251104.pdf).

³⁴CCPA, Advisory in terms of Consumer Protection Act, 2019 on Self Audit by E-Commerce Platforms for detecting the Dark Patterns on their platforms to create a fair, ethical, and consumer-centric digital ecosystem (available at: https://doca.gov.in/ccpa/files/Advisory-7.pdf ).

³⁵Dark patterns are deceptive user interface or user experience (UI/UX) design practices that mislead, manipulate, or coerce consumers into actions they did not intend to take, such as false urgency cues, basket sneaking, confirm shaming, forced actions, subscription traps, interface interference, bait-and-switch tactics, drip pricing, disguised advertisements and other unfair trade practices identified in the CCPA’s Guidelines for Prevention and Regulation of Dark Patterns, 2023.

³⁶Available at: https://doca.gov.in/ccpa/files/The%20Guidelines%20for%20Prevention%20and%20Regulation%20of%20Dark%20Patterns,%202023_1732707717.pdf (last accessed on January 7, 2026).

³⁷Available at: https://doca.gov.in/ccpa/slef-audit-companies-dark-pattern.php (last accessed on January 7, 2026).

³⁸Available at: https://www.pib.gov.in/PressReleasePage.aspx?PRID=1988370&reg=3&lang=2#:~:text=The%20Minister%20further%20stated%20that,2023 (last accessed on January 7, 2026).

³⁹SEBI Reporting for AI/ ML Systems by market participants available here, here and here (last accessed on January 6, 2026).

⁴⁰Available at: https://static.pib.gov.in/WriteReadData/specificdocs/documents/2025/nov/doc2025115685601.pdf (last accessed on January 7, 2025)

⁴¹Details available at: https://rdifund.anrf.gov.in/ (last accessed on January 8, 2026).

⁴²See https://idtalliance.org/ (last accessed on January 8, 2026).

⁴³Nishith Desai steers $1 billion U.S-India Deep Tech Alliance, available at https://legal.economictimes.indiatimes.com/news/industry/nishith-desai-steers-1b-u-s-india-deep-tech-alliance/123670582 (last accessed on January 10, 2025).

⁴⁴Available at: https://www.dpiit.gov.in/static/uploads/2025/12/ff266bbeed10c48e3479c941484f3525.pdf (last accessed on January 7, 2026).

⁴⁵‘Regulatory Approach Towards Tokenisation of Real-World Assets’, IFSCA, 26 February 2025. Available at: https://ifsca.gov.in/Document/ReportandPublication/ifsca-consultation-paper-on-regulatory-approach-towards-tokenization-of-real-world-assets03032025111644.pdf (last accessed 08 January, 2026)

⁴⁶Available at: https://www.meity.gov.in/static/uploads/2025/11/a2c9500ef5f8b62a43bfc68747de592d.pdf (last accessed on January 7, 2026).

⁴⁷Section 38 read with Section 89 and the Third Schedule, SHANTI Act.

⁴⁸Section 4, The Patents Act, 1970.